Skip to content

Commit

Permalink
update CI and .manifest (#164)
Browse files Browse the repository at this point in the history 
* update CI and .manifest

* fix linter issue

* add ds.relations

* Bump runtime to v0.62.1 (#165)

* remove docker from rc.goreleaser-pre.yml

---------

Co-authored-by: carabasdaniel <[email protected]>
  • Loading branch information
@gertd @carabasdaniel
gertd and carabasdaniel authored Mar 21, 2024
1 parent 2e5359b commit 1bbd36f
Show file tree
Hide file tree
Showing 20 changed files with 644 additions and 1,382 deletions.
4 changes: 4 additions & 0 deletions .dockerignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#
/.vscode
/.dev
/.ext
188 changes: 117 additions & 71 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,128 +18,170 @@ on:
- release-*
env:
PRE_RELEASE: ${{ github.ref == 'refs/heads/main' && 'development' || '' }}
GO_VERSION: "1.19"
GO_VERSION: "1.22"
GO_RELEASER_VERSION: "v1.24.0"
GO_LANGCI_LINT_VERSION: "v1.56.2"
GO_TESTSUM_VERSION: "1.11.0"

jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Go
uses: actions/setup-go@v3
-
uses: actions/checkout@v4
-
name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Setup caching
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Lint and test
-
name: Build
uses: goreleaser/goreleaser-action@v5
env:
VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: build --clean --snapshot --single-target
-
name: Lint
uses: golangci/golangci-lint-action@v4
with:
version: ${{ env.GO_LANGCI_LINT_VERSION }}
args: --timeout=30m
-
name: Test Setup
uses: autero1/[email protected]
with:
gotestsum_version: ${{ env.GO_TESTSUM_VERSION }}
-
name: Test
run: |
git config --global url."[email protected]:".insteadOf https://github.com/
git config --global user.email "[email protected]"
git config --global user.name "Aserto Bot"
go run mage.go deps lint test
#- name: Upload code coverage
# uses: shogo82148/actions-goveralls@v1
# with:
# path-to-profile: cover.out

gotestsum --format short-verbose -- -count=1 -parallel=1 -v -timeout=240s -coverprofile=cover.out -coverpkg=./... ./...
-
name: Upload code coverage
uses: shogo82148/actions-goveralls@v1
continue-on-error: true
with:
path-to-profile: cover.out

push:
needs: test
runs-on: ubuntu-latest
# when on a branch only push if the branch is main
# always push when ref is a tag
if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') )
steps:
- uses: actions/checkout@v3
-
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v3
-
name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Setup caching
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v2
-
name: Setup QEMU
uses: docker/setup-qemu-action@v3
-
name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v3
with:
registry: https://ghcr.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push image
-
name: Docker SSH Setup
run: |
mkdir -p $HOME/.ssh
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
git config --global url."[email protected]:".insteadOf https://github.com/
git config --global user.email "[email protected]"
git config --global user.name "Aserto Bot"
eval `ssh-agent`
go run mage.go deps dockerImage
go run mage.go dockerPush ghcr.io "opcr-io"
ssh-add $HOME/.ssh/id_rsa
-
name: Push image to GitHub Container Registry
uses: goreleaser/goreleaser-action@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: release --clean --snapshot

release:
needs: push
needs: [test, push]
runs-on: ubuntu-latest
# Only release when ref is a tag
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v3
-
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v3
-
name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Setup caching
uses: actions/cache@v3
-
name: Setup QEMU
uses: docker/setup-qemu-action@v3
-
name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Pre-release
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '-rc')
env:
GITHUB_TOKEN: ${{ secrets.GH_ROOT_TOKEN }}
ASERTO_TAP: ${{ secrets.GH_ASERTO_TAP_TOKEN }}
registry: https://ghcr.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
-
name: Docker SSH Setup
run: |
mkdir -p $HOME/.ssh
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
git config --global url."[email protected]:".insteadOf https://github.com/
git config --global user.email "[email protected]"
git config --global user.name "Aserto Bot"
go run mage.go deps release $PWD/.goreleaser-pre.yml
- name: Release
eval `ssh-agent`
ssh-add $HOME/.ssh/id_rsa
-
name: Pre-release
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '-rc')
uses: goreleaser/goreleaser-action@v5
env:
GITHUB_TOKEN: ${{ secrets.GH_ROOT_TOKEN }}
ASERTO_TAP: ${{ secrets.GH_ASERTO_TAP_TOKEN }}
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: release --clean --config $PWD/.goreleaser-pre.yml
-
name: Release
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-rc')
uses: goreleaser/goreleaser-action@v5
env:
GITHUB_TOKEN: ${{ secrets.GH_ROOT_TOKEN }}
ASERTO_TAP: ${{ secrets.GH_ASERTO_TAP_TOKEN }}
run: |
git config --global url."[email protected]:".insteadOf https://github.com/
git config --global user.email "[email protected]"
git config --global user.name "Aserto Bot"
go run mage.go deps release ""
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: release --clean

msi:
needs: release
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@v3
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download exe
-
name: Download exe
id: download_exe
shell: bash
run: |
Expand All @@ -148,14 +190,17 @@ jobs:
unzip -o *.zip && rm -v *.zip
env:
GITHUB_TOKEN: ${{ secrets.GH_ROOT_TOKEN }}
- name: Install go-msi
-
name: Install go-msi
run: choco install -y "go-msi"
- name: Prepare PATH
-
name: Prepare PATH
shell: bash
run: |
echo "$WIX\\bin" >> $GITHUB_PATH
echo "C:\\Program Files\\go-msi" >> $GITHUB_PATH
- name: Build MSI
-
name: Build MSI
id: buildmsi
shell: bash
env:
Expand All @@ -165,7 +210,8 @@ jobs:
msi="$(basename "$ZIP_FILE" ".zip").msi"
printf "msi=${msi}" >> $GITHUB_OUTPUT
go-msi make --arch amd64 --msi "$PWD/$msi" --out "$PWD/build" --version "${GITHUB_REF#refs/tags/}"
- name: Upload MSI
-
name: Upload MSI
shell: bash
run: |
tag_name="${GITHUB_REF#refs/tags/}"
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/gitleaks-check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
-
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: gitleaks-check
-
name: gitleaks-check
uses: aserto-dev/gitleaks-action@master
54 changes: 37 additions & 17 deletions .goreleaser-pre.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,19 @@
project_name: policy

env:
# https://goreleaser.com/customization/env/
- REGISTRY=ghcr.io
- ORG=opcr-io
- REPO=policy
- DESCRIPTION="Policy CLI"
- LICENSE=Apache-2.0

before:
# https://goreleaser.com/customization/hooks/
hooks:

builds:
# https://goreleaser.com/customization/build/
- id: build
main: ./cmd/policy
binary: policy
Expand All @@ -20,60 +32,68 @@ builds:
ldflags:
- -s
- -w
- -X github.com/opcr-io/policy/pkg/version.ver={{.Version}}
- -X github.com/opcr-io/policy/pkg/version.commit={{.ShortCommit}}
- -X github.com/opcr-io/policy/pkg/version.date={{.Date}}
- -X github.com/{{ .Env.ORG }}/{{ .Env.REPO }}/pkg/version.ver={{.Version}}
- -X github.com/{{ .Env.ORG }}/{{ .Env.REPO }}/pkg/version.commit={{.ShortCommit}}
- -X github.com/{{ .Env.ORG }}/{{ .Env.REPO }}/pkg/version.date={{.Date}}
mod_timestamp: "{{ .CommitTimestamp }}"

archives:
# https://goreleaser.com/customization/archive/
- format: zip
replacements:
darwin: darwin
linux: linux
windows: windows
amd64: x86_64
builds:
- policy
files:
- LICENSE
- README.md
name_template: "policy{{ .Version }}_{{ .Os }}_{{ .Arch }}"
name_template: >-
policy{{ .Version }}_{{ .Os }}_{{- if eq .Arch "amd64" }}x86_64{{- else }}{{ .Arch }}{{ end }}
checksum:
# https://goreleaser.com/customization/checksum/
name_template: "checksums.txt"

snapshot:
# https://goreleaser.com/customization/snapshots/
name_template: "{{ .Tag }}"

source:
# https://goreleaser.com/customization/source/
enabled: false

changelog:
# https://goreleaser.com/customization/changelog/
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"

release:
# https://goreleaser.com/customization/release/
github:
owner: opcr-io
name: policy
owner: "{{ .Env.ORG }}"
name: "{{ .Env.REPO }}"

draft: false
prerelease: auto
name_template: "policy {{.Tag}}"
name_template: "{{.ProjectName}} {{.Tag}}"

brews:
- name: policy-rc
# https://goreleaser.com/customization/homebrew/
- name: policy

tap:
owner: opcr-io
repository:
owner: "{{ .Env.ORG }}"
name: homebrew-tap
token: "{{ .Env.ASERTO_TAP }}"

url_template: "https://github.com/opcr-io/policy/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
url_template: "https://github.com/{{ .Env.ORG }}/{{ .Env.REPO}}/releases/download/{{ .Tag }}/{{ .ArtifactName }}"

commit_author:
name: Aserto Bot
email: [email protected]

homepage: "https://aserto.com/"
homepage: "https://opcr.io/"

description: "policy CLI for building and managing authorization policies"

Expand Down
Loading

0 comments on commit 1bbd36f

Please sign in to comment.