build(deps): bump github/codeql-action from 3 to 4 (#12) #141
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| GO_VERSION: "1.25" | |
| jobs: | |
| lint: | |
| name: Quality Gates (Lint + Secrets) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Run lint checks (golangci-lint + gosec) | |
| uses: golangci/golangci-lint-action@v9 | |
| with: | |
| version: v2.8.0 | |
| - name: Verify generated manifests are committed | |
| run: | | |
| make manifests | |
| git diff --exit-code | |
| - name: Install gitleaks CLI | |
| run: | | |
| curl -sSfL https://github.com/gitleaks/gitleaks/releases/download/v8.24.2/gitleaks_8.24.2_linux_x64.tar.gz -o /tmp/gitleaks.tar.gz | |
| tar -xzf /tmp/gitleaks.tar.gz -C /tmp | |
| sudo install -m 0755 /tmp/gitleaks /usr/local/bin/gitleaks | |
| - name: Scan repository for secrets (gitleaks) | |
| run: gitleaks git --redact --verbose | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.x" | |
| - name: Commit message convention check | |
| if: ${{ !(startsWith(github.head_ref, 'dependabot/') || startsWith(github.ref_name, 'dependabot/')) }} | |
| run: | | |
| python -m pip install --upgrade pip commitizen | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| RANGE="${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}" | |
| else | |
| BEFORE="${{ github.event.before }}" | |
| AFTER="${{ github.sha }}" | |
| if [ -n "${BEFORE}" ] && [ "${BEFORE}" != "0000000000000000000000000000000000000000" ] && git cat-file -e "${BEFORE}^{commit}" 2>/dev/null; then | |
| RANGE="${BEFORE}..${AFTER}" | |
| elif git rev-parse --verify "${AFTER}^" >/dev/null 2>&1; then | |
| RANGE="${AFTER}^..${AFTER}" | |
| else | |
| RANGE="${AFTER}..${AFTER}" | |
| fi | |
| fi | |
| echo "Checking commit messages in range: ${RANGE}" | |
| cz check --rev-range "${RANGE}" | |
| build: | |
| name: Build Binaries (${{ matrix.arch }}) | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| strategy: | |
| matrix: | |
| arch: [amd64, arm64] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Build operator binary | |
| env: | |
| GOARCH: ${{ matrix.arch }} | |
| CGO_ENABLED: "0" | |
| run: go build ./cmd/operator/... | |
| - name: Build node agent binary | |
| env: | |
| GOARCH: ${{ matrix.arch }} | |
| CGO_ENABLED: "0" | |
| run: go build ./cmd/agent/... | |
| test: | |
| name: Unit and Integration Tests | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install envtest tooling | |
| run: | | |
| go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest | |
| echo "$(go env GOPATH)/bin" >> $GITHUB_PATH | |
| - name: Run unit/integration tests (non-E2E) | |
| run: | | |
| KUBEBUILDER_ASSETS=$(setup-envtest use -p path) \ | |
| go test -race -coverprofile=coverage.out ./... | |
| - name: Upload coverage report | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| files: coverage.out | |
| e2e: | |
| name: E2E (Talos) | |
| if: vars.E2E_RUNNER_LABEL != '' | |
| runs-on: ${{ vars.E2E_RUNNER_LABEL }} | |
| needs: test | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Create Talos E2E cluster | |
| run: talosctl cluster create --provisioner docker --name imp-e2e | |
| - name: Apply CRDs | |
| run: kubectl apply -f config/crd/bases/ | |
| - name: Run E2E suite | |
| run: go test -v -tags e2e ./test/e2e/... | |
| - name: Destroy Talos E2E cluster | |
| if: always() | |
| run: talosctl cluster destroy --name imp-e2e | |
| e2e-kind: | |
| name: E2E Smoke (Kind) | |
| runs-on: ubuntu-latest | |
| needs: [lint, build] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Create Kind cluster | |
| uses: helm/kind-action@v1 | |
| with: | |
| cluster_name: imp-e2e | |
| - name: Install Helm CLI | |
| uses: azure/setup-helm@v4 | |
| - name: Build local E2E images | |
| run: | | |
| docker build -f Dockerfile.operator -t local/imp-operator:e2e . | |
| docker build -f Dockerfile.agent -t local/imp-agent:e2e . | |
| - name: Load local E2E images into Kind | |
| run: | | |
| kind load docker-image local/imp-operator:e2e --name imp-e2e | |
| kind load docker-image local/imp-agent:e2e --name imp-e2e | |
| - name: Run smoke E2E suite | |
| run: go test -tags e2e ./test/e2e/... -v -timeout 15m -ginkgo.label-filter="smoke" |