build(deps): bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 (#6… #8975
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test Pull Request | |
# Trigger the workflow on push or pull request | |
on: | |
push: | |
branches-ignore: | |
- "dependabot/**" | |
pull_request: | |
types: [opened, synchronize] | |
env: | |
GOPROXY: https://proxy.golang.org/ | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
GO_VERSION: 1.21.3 | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- uses: actions/checkout@v4 | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: v1.55.2 | |
# TODO: re-enable linting tools package once https://github.com/projectcontour/contour/issues/5077 | |
# is resolved | |
args: --build-tags=e2e,conformance,gcp,oidc,none | |
- uses: act10ns/slack@v2 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
channel: '#contour-ci-notifications' | |
if: ${{ failure() && github.ref == 'refs/heads/main' }} | |
codespell: | |
name: Codespell | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Codespell | |
uses: codespell-project/actions-codespell@v2.0 | |
with: | |
skip: .git,*.png,*.woff,*.woff2,*.eot,*.ttf,*.jpg,*.ico,*.svg,./site/themes/contour/static/fonts/README.md,./vendor,./site/public,./hack/actions/check-changefile-exists.go,go.mod,go.sum | |
ignore_words_file: './.codespell.ignorewords' | |
check_filenames: true | |
check_hidden: true | |
- uses: act10ns/slack@v2 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
channel: '#contour-ci-notifications' | |
if: ${{ failure() && github.ref == 'refs/heads/main' }} | |
codegen: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: generate | |
run: | | |
make generate lint-yamllint lint-flags | |
./hack/actions/check-uncommitted-codegen.sh | |
- uses: act10ns/slack@v2 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
channel: '#contour-ci-notifications' | |
if: ${{ failure() && github.ref == 'refs/heads/main' }} | |
build-image: | |
needs: | |
- lint | |
- codespell | |
- codegen | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
version: latest | |
- name: Build image | |
env: | |
TAG_LATEST: "false" | |
run: | | |
make multiarch-build | |
- name: Upload image | |
uses: actions/upload-artifact@v3 | |
with: | |
name: image | |
path: image/contour-*.tar | |
- uses: act10ns/slack@v2 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
channel: '#contour-ci-notifications' | |
if: ${{ failure() && github.ref == 'refs/heads/main' }} | |
e2e: | |
runs-on: ubuntu-latest | |
needs: [build-image] | |
strategy: | |
matrix: | |
# use stable kubernetes_version values since they're included | |
# in the name of the GitHub Actions job, and we don't want to | |
# have to update branch protection rules every time we change | |
# a Kubernetes version number. | |
kubernetes_version: ["kubernetes:latest", "kubernetes:n-1", "kubernetes:n-2"] | |
# run tests using the configuration crd as well as without | |
config_type: ["ConfigmapConfiguration", "ContourConfiguration"] | |
# include defines an additional variable (the specific node | |
# image to use) for each kubernetes_version value. | |
include: | |
- kubernetes_version: "kubernetes:latest" | |
node_image: "docker.io/kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31" | |
- kubernetes_version: "kubernetes:n-1" | |
node_image: "docker.io/kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72" | |
- kubernetes_version: "kubernetes:n-2" | |
node_image: "docker.io/kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb" | |
- config_type: "ConfigmapConfiguration" | |
use_config_crd: "false" | |
- config_type: "ContourConfiguration" | |
use_config_crd: "true" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download image | |
uses: actions/download-artifact@v3 | |
with: | |
name: image | |
path: image | |
- uses: actions/cache@v3 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: e2e tests | |
env: | |
NODEIMAGE: ${{ matrix.node_image }} | |
LOAD_PREBUILT_IMAGE: "true" | |
USE_CONTOUR_CONFIGURATION_CRD: ${{ matrix.use_config_crd }} | |
run: | | |
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(ls ./image/contour-*.tar | sed -E 's/.*contour-(.*).tar/\1/')" | |
make e2e | |
- uses: act10ns/slack@v2 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
channel: '#contour-ci-notifications' | |
if: ${{ failure() && github.ref == 'refs/heads/main' }} | |
upgrade: | |
runs-on: ubuntu-latest | |
needs: [build-image] | |
strategy: | |
matrix: | |
# use stable kubernetes_version values since they're included | |
# in the name of the GitHub Actions job, and we don't want to | |
# have to update branch protection rules every time we change | |
# a Kubernetes version number. | |
kubernetes_version: ["kubernetes:latest", "kubernetes:n-1", "kubernetes:n-2"] | |
# include defines an additional variable (the specific node | |
# image to use) for each kubernetes_version value. | |
include: | |
- kubernetes_version: "kubernetes:latest" | |
node_image: "docker.io/kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31" | |
- kubernetes_version: "kubernetes:n-1" | |
node_image: "docker.io/kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72" | |
- kubernetes_version: "kubernetes:n-2" | |
node_image: "docker.io/kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Fetch history for all tags and branches so we can figure out most | |
# recent release tag. | |
fetch-depth: 0 | |
- name: Download image | |
uses: actions/download-artifact@v3 | |
with: | |
name: image | |
path: image | |
- uses: actions/cache@v3 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: upgrade tests | |
env: | |
NODEIMAGE: ${{ matrix.node_image }} | |
MULTINODE_CLUSTER: "true" | |
LOAD_PREBUILT_IMAGE: "true" | |
SKIP_GATEWAY_API_INSTALL: "true" | |
run: | | |
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(ls ./image/contour-*.tar | sed -E 's/.*contour-(.*).tar/\1/')" | |
make upgrade | |
- uses: act10ns/slack@v2 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
channel: '#contour-ci-notifications' | |
if: ${{ failure() && github.ref == 'refs/heads/main' }} | |
# TODO: re-enable once Ingress v1 support is complete | |
# ingress-conformance: | |
# runs-on: ubuntu-latest | |
# steps: | |
# - uses: actions/checkout@v4 | |
# - name: add deps to path | |
# run: | | |
# ./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
# echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
# - name: ingress conformance tests | |
# run: | | |
# make check-ingress-conformance | |
test-linux: | |
needs: | |
- lint | |
- codespell | |
- codegen | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: test | |
run: | | |
make install | |
make check-coverage | |
- name: codeCoverage | |
if: ${{ success() }} | |
uses: codecov/codecov-action@v3 | |
with: | |
files: coverage.out | |
- uses: act10ns/slack@v2 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
channel: '#contour-ci-notifications' | |
if: ${{ failure() && github.ref == 'refs/heads/main' }} | |
test-osx: | |
needs: | |
- lint | |
- codespell | |
- codegen | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
# * Module download cache | |
# * Build cache (Windows) | |
path: | | |
~/go/pkg/mod | |
~/Library/Caches/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: test | |
run: | | |
make install | |
make check-coverage | |
- uses: act10ns/slack@v2 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
channel: '#contour-ci-notifications' | |
if: ${{ failure() && github.ref == 'refs/heads/main' }} | |
gateway-conformance: | |
runs-on: ubuntu-latest | |
needs: [build-image] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download image | |
uses: actions/download-artifact@v3 | |
with: | |
name: image | |
path: image | |
- uses: actions/cache@v3 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: Gateway API conformance tests | |
env: | |
LOAD_PREBUILT_IMAGE: "true" | |
run: | | |
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(ls ./image/contour-*.tar | sed -E 's/.*contour-(.*).tar/\1/')" | |
make gateway-conformance | |
- uses: act10ns/slack@v2 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
channel: '#contour-ci-notifications' | |
if: ${{ failure() && github.ref == 'refs/heads/main' }} |