diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 550d7ebdc..fe4c474a8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -19,11 +19,26 @@ env: DOCKERFILE_PATH: "**/Dockerfile" jobs: - gotest: - name: Go Test + lint: runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOLANG_VERSION }} + cache: false + + - name: Run GolangCI-Lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.54.0 + + gotest: needs: - lint + name: Go Test + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Go @@ -41,20 +56,84 @@ jobs: fail_ci_if_error: false verbose: true - lint: + helm_docs_test: + needs: [lint] + name: Helm Docs Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v5 + - name: Checkout + uses: actions/checkout@v3 with: - go-version: ${{ env.GOLANG_VERSION }} - cache: false + ref: ${{ github.event.pull_request.head.sha }} - - name: Run GolangCI-Lint - uses: golangci/golangci-lint-action@v6 + - name: Ensure documentation is updated + uses: docker://jnorwood/helm-docs:latest + + - name: Check for changes + run: | + if git diff --exit-code; then + echo -e "\n####### Helm docs are up-to-date! #######\n" + else + git status + echo -e "\n####### Helm docs are not up-to-date! Please run generate helm docs locally and push the changes #######\n" + exit 1 + fi + + validate_examples: + needs: [gotest, helm_docs_test] + name: Validate Examples + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install yamllint + run: sudo apt-get install -y yamllint + + - name: Lint YAML files + run: yamllint --strict ./example + + - name: Install kubectl + run: | + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + sudo mv kubectl /usr/local/bin/ + + - name: Create k8s Kind Cluster + uses: helm/kind-action@v1.10.0 with: - version: v1.54.0 + cluster_name: kind + + - name: Apply CRD + run: | + for crd in $(find ./config/crd/bases -type f -name '*.yaml'); do + kubectl create -f $crd + done + + - name: Validate CRD Installation + run: | + CRDs=("redis" "redissentinels" "redisclusters" "redisreplications") + for crd in "${CRDs[@]}"; do + kubectl get crd $crd.redis.redis.opstreelabs.in || exit 1 + done + + - name: Validate CR + run: | + for example in $(find ./example -type f -name '*.yaml'); do + kubectl apply --dry-run=server -f $example + done + + validate_yaml: + needs: [validate_examples] + name: Validate YAML + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install yamllint + run: sudo apt-get install -y yamllint + - name: Lint YAML files + run: yamllint --strict ./tests/ container_quality_dockerfile_lint: runs-on: ubuntu-latest @@ -89,6 +168,7 @@ jobs: run: | mkdir -p ${{ github.workspace }}/compiled/${{ matrix.arch }} zip ${{ github.workspace }}/compiled/${{ matrix.arch }}/${{ env.APPLICATION_NAME }}-${{ matrix.arch }}.zip ${{ github.workspace }}/${{ env.APPLICATION_NAME }} + build_scan_container_image: needs: [container_quality_dockerfile_lint] runs-on: ubuntu-latest @@ -121,21 +201,8 @@ jobs: GOSEC_OUTPUT: "junit-xml:/github/workspace/gosec-results.xml" - validate-yaml: - name: Validate YAML - runs-on: ubuntu-latest - needs: - - gotest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Install yamllint - run: sudo apt-get install -y yamllint - - name: Lint YAML files - run: yamllint --strict ./tests/ - - e2e-test: - needs: [validate-yaml] + e2e_test: + needs: [validate_yaml] name: ${{ matrix.testpath }} runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/publish-image.yaml b/.github/workflows/publish-image.yaml index eb0e4c14f..d65008f35 100644 --- a/.github/workflows/publish-image.yaml +++ b/.github/workflows/publish-image.yaml @@ -42,4 +42,78 @@ jobs: tags: | ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/redis-operator:${{ env.TAG }} ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/redis-operator:latest - platforms: linux/amd64,linux/arm64 \ No newline at end of file + platforms: linux/amd64,linux/arm64 + +# name: Release container images +# on: +# pull_request: +# types: [closed] +# branches: +# - master + +# env: +# APPLICATION_NAME: redis-operator +# QuayImageName: quay.io/opstree/redis-operator +# APP_VERSION: "v0.15.2" +# DOCKERFILE_PATH: './Dockerfile' + +# jobs: +# release_image: +# if: github.event.pull_request.merged == true +# runs-on: ubuntu-latest +# environment: release-image +# steps: +# - name: Checkout +# uses: actions/checkout@v2 + +# - name: Set up Docker Buildx +# uses: docker/setup-buildx-action@v2 + +# - name: Set up QEMU +# uses: docker/setup-qemu-action@v3 + +# - name: Login to Quay.io +# uses: docker/login-action@v3 +# with: +# registry: quay.io +# username: ${{ secrets.QUAY_USERNAME }} +# password: ${{ secrets.QUAY_PASSWORD }} + +# - name: Build and push multi-arch latest image +# uses: docker/build-push-action@v2 +# with: +# context: . +# file: ${{ env.DOCKERFILE_PATH }} +# platforms: linux/amd64,linux/arm64 +# push: true +# tags: ${{ env.QuayImageName }}:${{ env.APP_VERSION }}, ${{ env.QuayImageName }}:latest + +# trivy_scan: +# needs: [release_image] +# runs-on: ubuntu-latest +# steps: +# - name: Checkout +# uses: actions/checkout@v2 +# - name: Run Trivy vulnerability scanner for arm64 image +# uses: aquasecurity/trivy-action@master + +# - name: Run Trivy vulnerability scanner for multi-arch image +# uses: aquasecurity/trivy-action@master +# with: +# image-ref: ${{ env.QuayImageName }}:${{ env.APP_VERSION }} +# format: 'template' +# template: '@/contrib/sarif.tpl' +# output: 'trivy-results-latest.sarif' +# exit-code: '1' +# ignore-unfixed: true +# severity: 'CRITICAL,HIGH' +# - name: Run Trivy vulnerability scanner for latest image +# uses: aquasecurity/trivy-action@master +# with: +# image-ref: ${{ env.QuayImageName }}:latest +# format: 'template' +# template: '@/contrib/sarif.tpl' +# output: 'trivy-results-latest.sarif' +# exit-code: '1' +# ignore-unfixed: true +# severity: 'CRITICAL,HIGH' \ No newline at end of file diff --git a/.github/workflows/release-images.yaml b/.github/workflows/release-images.yaml deleted file mode 100644 index d956d2cb7..000000000 --- a/.github/workflows/release-images.yaml +++ /dev/null @@ -1,73 +0,0 @@ -# name: Release container images -# on: -# pull_request: -# types: [closed] -# branches: -# - master - -# env: -# APPLICATION_NAME: redis-operator -# QuayImageName: quay.io/opstree/redis-operator -# APP_VERSION: "v0.15.2" -# DOCKERFILE_PATH: './Dockerfile' - -# jobs: -# release_image: -# if: github.event.pull_request.merged == true -# runs-on: ubuntu-latest -# environment: release-image -# steps: -# - name: Checkout -# uses: actions/checkout@v2 - -# - name: Set up Docker Buildx -# uses: docker/setup-buildx-action@v2 - -# - name: Set up QEMU -# uses: docker/setup-qemu-action@v3 - -# - name: Login to Quay.io -# uses: docker/login-action@v3 -# with: -# registry: quay.io -# username: ${{ secrets.QUAY_USERNAME }} -# password: ${{ secrets.QUAY_PASSWORD }} - -# - name: Build and push multi-arch latest image -# uses: docker/build-push-action@v2 -# with: -# context: . -# file: ${{ env.DOCKERFILE_PATH }} -# platforms: linux/amd64,linux/arm64 -# push: true -# tags: ${{ env.QuayImageName }}:${{ env.APP_VERSION }}, ${{ env.QuayImageName }}:latest - -# trivy_scan: -# needs: [release_image] -# runs-on: ubuntu-latest -# steps: -# - name: Checkout -# uses: actions/checkout@v2 -# - name: Run Trivy vulnerability scanner for arm64 image -# uses: aquasecurity/trivy-action@master - -# - name: Run Trivy vulnerability scanner for multi-arch image -# uses: aquasecurity/trivy-action@master -# with: -# image-ref: ${{ env.QuayImageName }}:${{ env.APP_VERSION }} -# format: 'template' -# template: '@/contrib/sarif.tpl' -# output: 'trivy-results-latest.sarif' -# exit-code: '1' -# ignore-unfixed: true -# severity: 'CRITICAL,HIGH' -# - name: Run Trivy vulnerability scanner for latest image -# uses: aquasecurity/trivy-action@master -# with: -# image-ref: ${{ env.QuayImageName }}:latest -# format: 'template' -# template: '@/contrib/sarif.tpl' -# output: 'trivy-results-latest.sarif' -# exit-code: '1' -# ignore-unfixed: true -# severity: 'CRITICAL,HIGH' \ No newline at end of file diff --git a/.github/workflows/validate-example.yaml b/.github/workflows/validate-example.yaml deleted file mode 100644 index 2bfba3120..000000000 --- a/.github/workflows/validate-example.yaml +++ /dev/null @@ -1,52 +0,0 @@ -name: Validate Examples - -on: - pull_request: - branches: - - master - push: - branches: - - master - -jobs: - validate-examples: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Install yamllint - run: sudo apt-get install -y yamllint - - - name: Lint YAML files - run: yamllint --strict ./example - - - name: Install kubectl - run: | - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - chmod +x kubectl - sudo mv kubectl /usr/local/bin/ - - - name: Create k8s Kind Cluster - uses: helm/kind-action@v1.10.0 - with: - cluster_name: kind - - - name: Apply CRD - run: | - for crd in $(find ./config/crd/bases -type f -name '*.yaml'); do - kubectl create -f $crd - done - - - name: Validate CRD Installation - run: | - CRDs=("redis" "redissentinels" "redisclusters" "redisreplications") - for crd in "${CRDs[@]}"; do - kubectl get crd $crd.redis.redis.opstreelabs.in || exit 1 - done - - - name: Validate CR - run: | - for example in $(find ./example -type f -name '*.yaml'); do - kubectl apply --dry-run=server -f $example - done \ No newline at end of file diff --git a/charts/redis-operator/README.md b/charts/redis-operator/README.md index 27e9a019f..23d0c0ea6 100644 --- a/charts/redis-operator/README.md +++ b/charts/redis-operator/README.md @@ -108,6 +108,7 @@ kubectl create secret tls --key tls.key --cert tls.crt -n | redisOperator.extraArgs | list | `[]` | | | redisOperator.imageName | string | `"ghcr.io/ot-container-kit/redis-operator/redis-operator"` | | | redisOperator.imagePullPolicy | string | `"Always"` | | +| redisOperator.imagePullSecrets | list | `[]` | | | redisOperator.imageTag | string | `""` | | | redisOperator.name | string | `"redis-operator"` | | | redisOperator.podAnnotations | object | `{}` | |