From dd894b23518a1cad9bc1c1796163775dd231edbe Mon Sep 17 00:00:00 2001 From: MichalKalke Date: Fri, 9 Aug 2024 08:40:07 +0200 Subject: [PATCH 1/7] Cherry pick: https://github.com/kyma-project/serverless/pull/1079 --- .github/workflows/build-pull.yaml | 1 + .github/workflows/build-push-release.yaml | 1 + .github/workflows/gitleaks.yaml | 1 + .github/workflows/integration-tests-pull.yaml | 1 + .github/workflows/integration-tests-push.yaml | 1 + .github/workflows/pull.yaml | 9 +++++++++ .github/workflows/unit-tests.yaml | 1 + .github/workflows/upgrade-test.yaml | 1 + 8 files changed, 16 insertions(+) create mode 100644 .github/workflows/pull.yaml diff --git a/.github/workflows/build-pull.yaml b/.github/workflows/build-pull.yaml index 49666313..5bffbe76 100644 --- a/.github/workflows/build-pull.yaml +++ b/.github/workflows/build-pull.yaml @@ -1,6 +1,7 @@ name: warden build (pull) on: + workflow_call: pull_request_target: paths-ignore: - "docs/**" diff --git a/.github/workflows/build-push-release.yaml b/.github/workflows/build-push-release.yaml index b1c2442b..975c587a 100644 --- a/.github/workflows/build-push-release.yaml +++ b/.github/workflows/build-push-release.yaml @@ -1,5 +1,6 @@ name: warden bbuild (push) on: + workflow_call: push: branches: ["main", "release-*"] tags: diff --git a/.github/workflows/gitleaks.yaml b/.github/workflows/gitleaks.yaml index 45b6648c..21f2374d 100644 --- a/.github/workflows/gitleaks.yaml +++ b/.github/workflows/gitleaks.yaml @@ -1,5 +1,6 @@ name: gitleaks on: + workflow_call: pull_request: types: [opened, edited, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/integration-tests-pull.yaml b/.github/workflows/integration-tests-pull.yaml index 820b92ee..bdcb539d 100644 --- a/.github/workflows/integration-tests-pull.yaml +++ b/.github/workflows/integration-tests-pull.yaml @@ -1,6 +1,7 @@ name: integration tests (pull) on: + workflow_call: pull_request: paths-ignore: - '**.md' diff --git a/.github/workflows/integration-tests-push.yaml b/.github/workflows/integration-tests-push.yaml index 08d90c07..4cf7971f 100644 --- a/.github/workflows/integration-tests-push.yaml +++ b/.github/workflows/integration-tests-push.yaml @@ -1,6 +1,7 @@ name: integration tests (push) on: + workflow_call: push: branches: [ "main", "release-*" ] paths-ignore: diff --git a/.github/workflows/pull.yaml b/.github/workflows/pull.yaml new file mode 100644 index 00000000..751d096b --- /dev/null +++ b/.github/workflows/pull.yaml @@ -0,0 +1,9 @@ +name: pull + +on: + pull_request_target: + types: [ opened, edited, synchronize, reopened, ready_for_review ] + +jobs: + unit-tests: + uses: ./.github/workflows/unit-tests.yaml \ No newline at end of file diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml index f5a38f05..b08757da 100644 --- a/.github/workflows/unit-tests.yaml +++ b/.github/workflows/unit-tests.yaml @@ -1,6 +1,7 @@ name: unit tests on: + workflow_call: pull_request: paths-ignore: - '**.md' diff --git a/.github/workflows/upgrade-test.yaml b/.github/workflows/upgrade-test.yaml index 4d5216c4..d1acf17c 100644 --- a/.github/workflows/upgrade-test.yaml +++ b/.github/workflows/upgrade-test.yaml @@ -1,6 +1,7 @@ name: upgrade test on: + workflow_call: push: branches: [ "main" ] From 54b3b23aa6c9bb0dc49568f59c55c0052df0960c Mon Sep 17 00:00:00 2001 From: MichalKalke Date: Fri, 9 Aug 2024 08:50:50 +0200 Subject: [PATCH 2/7] Cherry pick: https://github.com/kyma-project/serverless/pull/1080 --- .github/workflows/pull.yaml | 13 ++++++++++++- .github/workflows/push.yaml | 17 +++++++++++++++++ .github/workflows/release.yaml | 10 ++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/push.yaml create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/pull.yaml b/.github/workflows/pull.yaml index 751d096b..a9bd3147 100644 --- a/.github/workflows/pull.yaml +++ b/.github/workflows/pull.yaml @@ -6,4 +6,15 @@ on: jobs: unit-tests: - uses: ./.github/workflows/unit-tests.yaml \ No newline at end of file + uses: ./.github/workflows/unit-tests.yaml + + gitleaks: + uses: ./.github/workflows/gitleaks.yaml + + builds: + needs: [unit-tests, gitleaks] + uses: ./.github/workflows/build-pull.yaml + + integrations: + needs: builds + uses: ./.github/workflows/integration-tests-pull.yaml diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml new file mode 100644 index 00000000..5632d743 --- /dev/null +++ b/.github/workflows/push.yaml @@ -0,0 +1,17 @@ +name: push + +on: + push: + branches: [ "main", "release-*" ] + +jobs: + builds: + uses: ./.github/workflows/build-push-release.yaml + + integrations: + needs: builds + uses: ./.github/workflows/integration-tests-push.yaml + + upgrades: + needs: builds + uses: ./.github/workflows/upgrade-tests.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..6c6aad60 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,10 @@ +name: release + +on: + push: + tags: + - '^v?\d+\.\d+\.\d+(?:-.*)?$' + +jobs: + builds: + uses: ./.github/workflows/build-push-release.yaml From 48a47e8a3e0482825bd1680a12b19f60de403926 Mon Sep 17 00:00:00 2001 From: MichalKalke Date: Fri, 9 Aug 2024 08:56:05 +0200 Subject: [PATCH 3/7] Cherry pick: https://github.com/kyma-project/serverless/pull/1081 --- .../workflows/{build-pull.yaml => _build-pull.yaml} | 11 +---------- ...ild-push-release.yaml => _build-push-release.yaml} | 9 +-------- .github/workflows/{gitleaks.yaml => _gitleaks.yaml} | 2 -- ...n-tests-pull.yaml => _integration-tests-pull.yaml} | 4 ---- ...n-tests-push.yaml => _integration-tests-push.yaml} | 4 ---- .../workflows/{unit-tests.yaml => _unit-tests.yaml} | 4 ---- .../{upgrade-test.yaml => _upgrade-test.yaml} | 2 -- .github/workflows/pull.yaml | 8 ++++---- .github/workflows/push.yaml | 4 ++-- .github/workflows/release.yaml | 2 +- 10 files changed, 9 insertions(+), 41 deletions(-) rename .github/workflows/{build-pull.yaml => _build-pull.yaml} (63%) rename .github/workflows/{build-push-release.yaml => _build-push-release.yaml} (81%) rename .github/workflows/{gitleaks.yaml => _gitleaks.yaml} (90%) rename .github/workflows/{integration-tests-pull.yaml => _integration-tests-pull.yaml} (82%) rename .github/workflows/{integration-tests-push.yaml => _integration-tests-push.yaml} (87%) rename .github/workflows/{unit-tests.yaml => _unit-tests.yaml} (67%) rename .github/workflows/{upgrade-test.yaml => _upgrade-test.yaml} (95%) diff --git a/.github/workflows/build-pull.yaml b/.github/workflows/_build-pull.yaml similarity index 63% rename from .github/workflows/build-pull.yaml rename to .github/workflows/_build-pull.yaml index 5bffbe76..d11cc51a 100644 --- a/.github/workflows/build-pull.yaml +++ b/.github/workflows/_build-pull.yaml @@ -1,16 +1,7 @@ -name: warden build (pull) +name: build (pull) on: workflow_call: - pull_request_target: - paths-ignore: - - "docs/**" - - "examples/**" - types: [opened, edited, synchronize, reopened, ready_for_review] - -permissions: - id-token: write # This is required for requesting the JWT token - contents: read # This is required for actions/checkout jobs: build-warden-admission: diff --git a/.github/workflows/build-push-release.yaml b/.github/workflows/_build-push-release.yaml similarity index 81% rename from .github/workflows/build-push-release.yaml rename to .github/workflows/_build-push-release.yaml index 975c587a..eb7b66b8 100644 --- a/.github/workflows/build-push-release.yaml +++ b/.github/workflows/_build-push-release.yaml @@ -1,13 +1,6 @@ -name: warden bbuild (push) +name: build (push) on: workflow_call: - push: - branches: ["main", "release-*"] - tags: - - '^v?\d+\.\d+\.\d+(?:-.*)?$' -permissions: - id-token: write # This is required for requesting the JWT token - contents: read # This is required for actions/checkout jobs: compute-tags: diff --git a/.github/workflows/gitleaks.yaml b/.github/workflows/_gitleaks.yaml similarity index 90% rename from .github/workflows/gitleaks.yaml rename to .github/workflows/_gitleaks.yaml index 21f2374d..05083475 100644 --- a/.github/workflows/gitleaks.yaml +++ b/.github/workflows/_gitleaks.yaml @@ -1,8 +1,6 @@ name: gitleaks on: workflow_call: - pull_request: - types: [opened, edited, synchronize, reopened, ready_for_review] env: GITLEAKS_VERSION: 8.18.2 diff --git a/.github/workflows/integration-tests-pull.yaml b/.github/workflows/_integration-tests-pull.yaml similarity index 82% rename from .github/workflows/integration-tests-pull.yaml rename to .github/workflows/_integration-tests-pull.yaml index bdcb539d..ce1fcc14 100644 --- a/.github/workflows/integration-tests-pull.yaml +++ b/.github/workflows/_integration-tests-pull.yaml @@ -2,10 +2,6 @@ name: integration tests (pull) on: workflow_call: - pull_request: - paths-ignore: - - '**.md' - types: [opened, reopened, synchronize, ready_for_review, converted_to_draft] jobs: integration-test: diff --git a/.github/workflows/integration-tests-push.yaml b/.github/workflows/_integration-tests-push.yaml similarity index 87% rename from .github/workflows/integration-tests-push.yaml rename to .github/workflows/_integration-tests-push.yaml index 4cf7971f..e55d7193 100644 --- a/.github/workflows/integration-tests-push.yaml +++ b/.github/workflows/_integration-tests-push.yaml @@ -2,10 +2,6 @@ name: integration tests (push) on: workflow_call: - push: - branches: [ "main", "release-*" ] - paths-ignore: - - '**.md' jobs: integration-test: diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/_unit-tests.yaml similarity index 67% rename from .github/workflows/unit-tests.yaml rename to .github/workflows/_unit-tests.yaml index b08757da..5b6af0ef 100644 --- a/.github/workflows/unit-tests.yaml +++ b/.github/workflows/_unit-tests.yaml @@ -2,10 +2,6 @@ name: unit tests on: workflow_call: - pull_request: - paths-ignore: - - '**.md' - types: [opened, reopened, synchronize, ready_for_review, converted_to_draft] jobs: unit-tests: diff --git a/.github/workflows/upgrade-test.yaml b/.github/workflows/_upgrade-test.yaml similarity index 95% rename from .github/workflows/upgrade-test.yaml rename to .github/workflows/_upgrade-test.yaml index d1acf17c..dd4a5fc9 100644 --- a/.github/workflows/upgrade-test.yaml +++ b/.github/workflows/_upgrade-test.yaml @@ -2,8 +2,6 @@ name: upgrade test on: workflow_call: - push: - branches: [ "main" ] jobs: upgrade-test: diff --git a/.github/workflows/pull.yaml b/.github/workflows/pull.yaml index a9bd3147..fac4d6cd 100644 --- a/.github/workflows/pull.yaml +++ b/.github/workflows/pull.yaml @@ -6,15 +6,15 @@ on: jobs: unit-tests: - uses: ./.github/workflows/unit-tests.yaml + uses: ./.github/workflows/_unit-tests.yaml gitleaks: - uses: ./.github/workflows/gitleaks.yaml + uses: ./.github/workflows/_gitleaks.yaml builds: needs: [unit-tests, gitleaks] - uses: ./.github/workflows/build-pull.yaml + uses: ./.github/workflows/_build-pull.yaml integrations: needs: builds - uses: ./.github/workflows/integration-tests-pull.yaml + uses: ./.github/workflows/_integration-tests-pull.yaml diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 5632d743..6ba144c4 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -6,11 +6,11 @@ on: jobs: builds: - uses: ./.github/workflows/build-push-release.yaml + uses: ./.github/workflows/_build-push-release.yaml integrations: needs: builds - uses: ./.github/workflows/integration-tests-push.yaml + uses: ./.github/workflows/_integration-tests-push.yaml upgrades: needs: builds diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6c6aad60..01357fbd 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,4 +7,4 @@ on: jobs: builds: - uses: ./.github/workflows/build-push-release.yaml + uses: ./.github/workflows/_build-push-release.yaml From 0e81ec5f63363cbe1da7330e2063a277e9cfa133 Mon Sep 17 00:00:00 2001 From: MichalKalke Date: Fri, 9 Aug 2024 09:03:50 +0200 Subject: [PATCH 4/7] Cherry pick: https://github.com/kyma-project/serverless/pull/1086 --- .../workflows/_integration-tests-pull.yaml | 22 ------------------- ...ests-push.yaml => _integration-tests.yaml} | 8 ++++++- .github/workflows/pull.yaml | 4 +++- .github/workflows/push.yaml | 2 +- 4 files changed, 11 insertions(+), 25 deletions(-) delete mode 100644 .github/workflows/_integration-tests-pull.yaml rename .github/workflows/{_integration-tests-push.yaml => _integration-tests.yaml} (74%) diff --git a/.github/workflows/_integration-tests-pull.yaml b/.github/workflows/_integration-tests-pull.yaml deleted file mode 100644 index ce1fcc14..00000000 --- a/.github/workflows/_integration-tests-pull.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: integration tests (pull) - -on: - workflow_call: - -jobs: - integration-test: - if: github.event.pull_request.draft == false - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: ./.github/actions/rebase - - uses: ./.github/actions/create-k3d-cluster - - uses: ./.github/actions/setup-go - - name: run test - run: make verify-on-cluster - env: - IMG_DIRECTORY: dev - IMG_VERSION: PR-${{ github.event.number }} - - name: show warden logs - if: failure() - run: kubectl logs -l app=warden -n kyma-system --prefix=true; diff --git a/.github/workflows/_integration-tests-push.yaml b/.github/workflows/_integration-tests.yaml similarity index 74% rename from .github/workflows/_integration-tests-push.yaml rename to .github/workflows/_integration-tests.yaml index e55d7193..65fe9915 100644 --- a/.github/workflows/_integration-tests-push.yaml +++ b/.github/workflows/_integration-tests.yaml @@ -1,10 +1,16 @@ -name: integration tests (push) +name: integration tests on: workflow_call: + inputs: + image: + description: 'The image to test' + required: true + type: string jobs: integration-test: + if: ${{ github.event_name == 'push'}} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/pull.yaml b/.github/workflows/pull.yaml index fac4d6cd..4b57e96c 100644 --- a/.github/workflows/pull.yaml +++ b/.github/workflows/pull.yaml @@ -17,4 +17,6 @@ jobs: integrations: needs: builds - uses: ./.github/workflows/_integration-tests-pull.yaml + uses: ./.github/workflows/_integration-tests.yaml + with: + image: europe-docker.pkg.dev/kyma-project/dev/warden:PR-${{ github.event.number }} diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 6ba144c4..46a93acf 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -10,7 +10,7 @@ jobs: integrations: needs: builds - uses: ./.github/workflows/_integration-tests-push.yaml + uses: ./.github/workflows/_integration-tests.yaml upgrades: needs: builds From de0788fe6c2cc98765e13fb24774c28f6c4c9c4b Mon Sep 17 00:00:00 2001 From: MichalKalke Date: Fri, 9 Aug 2024 09:17:45 +0200 Subject: [PATCH 5/7] Cherry pick: https://github.com/kyma-project/serverless/pull/1087 --- .github/workflows/_build-pull.yaml | 16 ---------------- .../{_build-push-release.yaml => _build.yaml} | 5 +++-- .github/workflows/_integration-tests.yaml | 2 +- .github/workflows/pull.yaml | 2 +- .github/workflows/push.yaml | 2 +- .github/workflows/release.yaml | 2 +- 6 files changed, 7 insertions(+), 22 deletions(-) delete mode 100644 .github/workflows/_build-pull.yaml rename .github/workflows/{_build-push-release.yaml => _build.yaml} (92%) diff --git a/.github/workflows/_build-pull.yaml b/.github/workflows/_build-pull.yaml deleted file mode 100644 index d11cc51a..00000000 --- a/.github/workflows/_build-pull.yaml +++ /dev/null @@ -1,16 +0,0 @@ -name: build (pull) - -on: - workflow_call: - -jobs: - build-warden-admission: - uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main - with: - name: warden/admission - dockerfile: docker/admission/Dockerfile - build-warden-operator: - uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main - with: - name: warden/operator - dockerfile: docker/operator/Dockerfile diff --git a/.github/workflows/_build-push-release.yaml b/.github/workflows/_build.yaml similarity index 92% rename from .github/workflows/_build-push-release.yaml rename to .github/workflows/_build.yaml index eb7b66b8..7236d22a 100644 --- a/.github/workflows/_build-push-release.yaml +++ b/.github/workflows/_build.yaml @@ -1,4 +1,4 @@ -name: build (push) +name: build on: workflow_call: @@ -10,7 +10,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - name: Get the latest tag + - if: ${{ github.event_name == 'push' }} + name: Get the latest tag id: get_tag run: | { diff --git a/.github/workflows/_integration-tests.yaml b/.github/workflows/_integration-tests.yaml index 65fe9915..c1af8eff 100644 --- a/.github/workflows/_integration-tests.yaml +++ b/.github/workflows/_integration-tests.yaml @@ -10,7 +10,7 @@ on: jobs: integration-test: - if: ${{ github.event_name == 'push'}} + if: ${{ github.event_name == 'push' || github.event.pull_request.draft == false}} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/pull.yaml b/.github/workflows/pull.yaml index 4b57e96c..42c470d4 100644 --- a/.github/workflows/pull.yaml +++ b/.github/workflows/pull.yaml @@ -13,7 +13,7 @@ jobs: builds: needs: [unit-tests, gitleaks] - uses: ./.github/workflows/_build-pull.yaml + uses: ./.github/workflows/_build.yaml integrations: needs: builds diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 46a93acf..add26ba5 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -6,7 +6,7 @@ on: jobs: builds: - uses: ./.github/workflows/_build-push-release.yaml + uses: ./.github/workflows/_build.yaml integrations: needs: builds diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 01357fbd..aebcff26 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,4 +7,4 @@ on: jobs: builds: - uses: ./.github/workflows/_build-push-release.yaml + uses: ./.github/workflows/_build.yaml From 61b680832c371be833e45bcf1de31d81f346dd8c Mon Sep 17 00:00:00 2001 From: MichalKalke Date: Fri, 9 Aug 2024 10:00:16 +0200 Subject: [PATCH 6/7] Adjust integration test GA for Warden --- .github/workflows/_integration-tests.yaml | 12 ++++++++---- .github/workflows/pull.yaml | 3 ++- .github/workflows/push.yaml | 3 +++ 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/_integration-tests.yaml b/.github/workflows/_integration-tests.yaml index c1af8eff..5a789ac7 100644 --- a/.github/workflows/_integration-tests.yaml +++ b/.github/workflows/_integration-tests.yaml @@ -3,8 +3,12 @@ name: integration tests on: workflow_call: inputs: - image: - description: 'The image to test' + directory-version: + description: 'The image directory to test' + required: true + type: string + image-version: + description: 'The image version to test' required: true type: string @@ -20,8 +24,8 @@ jobs: - name: run test run: make verify-on-cluster env: - IMG_DIRECTORY: prod - IMG_VERSION: ${{github.sha}} + IMG_DIRECTORY: ${{inputs.directory-version}} + IMG_VERSION: ${{inputs.image-version}} - name: show warden logs if: failure() run: kubectl logs -l app=warden -n kyma-system --prefix=true; diff --git a/.github/workflows/pull.yaml b/.github/workflows/pull.yaml index 42c470d4..a734354d 100644 --- a/.github/workflows/pull.yaml +++ b/.github/workflows/pull.yaml @@ -19,4 +19,5 @@ jobs: needs: builds uses: ./.github/workflows/_integration-tests.yaml with: - image: europe-docker.pkg.dev/kyma-project/dev/warden:PR-${{ github.event.number }} + directory-version: dev + image-version: ${{ github.event.number }} diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index add26ba5..abf3ee29 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -11,6 +11,9 @@ jobs: integrations: needs: builds uses: ./.github/workflows/_integration-tests.yaml + with: + directory-version: prod + image-version: ${{ github.sha }} upgrades: needs: builds From 0f7706bc141b85b28696ad64ebc43b186f2a3fe2 Mon Sep 17 00:00:00 2001 From: MichalKalke Date: Fri, 9 Aug 2024 10:08:16 +0200 Subject: [PATCH 7/7] Add missing permissions for build workflow --- .github/workflows/pull.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pull.yaml b/.github/workflows/pull.yaml index a734354d..bc07a5c0 100644 --- a/.github/workflows/pull.yaml +++ b/.github/workflows/pull.yaml @@ -4,6 +4,10 @@ on: pull_request_target: types: [ opened, edited, synchronize, reopened, ready_for_review ] +permissions: + id-token: write # This is required for requesting the JWT token + contents: read # This is required for actions/checkout + jobs: unit-tests: uses: ./.github/workflows/_unit-tests.yaml