Stop preparing a new authority before tainting #801
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Build | |
on: | |
pull_request: {} | |
workflow_dispatch: {} | |
merge_group: | |
types: | |
- checks_requested | |
permissions: | |
contents: read | |
jobs: | |
cache-deps: | |
name: cache-deps (linux) | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 30 | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Setup dep cache | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Pull go deps | |
run: go mod download | |
lint: | |
name: lint (linux) | |
runs-on: ubuntu-22.04 | |
needs: cache-deps | |
timeout-minutes: 30 | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Setup build tool cache | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: .build | |
key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} | |
- name: Lint | |
run: make lint | |
- name: Tidy check | |
run: make tidy-check | |
- name: Generate check | |
run: make generate-check | |
- name: Shell check | |
run: shellcheck .github/workflows/scripts/*.sh | |
unit-test: | |
strategy: | |
matrix: | |
OS: [ubuntu-22.04, macos-latest] | |
runs-on: ${{ matrix.OS }} | |
needs: cache-deps | |
timeout-minutes: 30 | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Run unit tests | |
run: ./.github/workflows/scripts/run_unit_tests.sh | |
unit-test-race-detector: | |
name: unit-test (linux with race detection) | |
runs-on: ubuntu-22.04 | |
needs: cache-deps | |
timeout-minutes: 30 | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Run unit tests | |
run: ./.github/workflows/scripts/run_unit_tests_under_race_detector.sh | |
artifacts: | |
name: artifacts (linux) | |
runs-on: ubuntu-22.04 | |
needs: [cache-deps, images] | |
timeout-minutes: 30 | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Install regctl | |
uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main | |
- name: Download archived images | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: images | |
path: . | |
- name: Expand archived images | |
run: | | |
tar xvf images.tar.gz | |
- name: Build artifacts | |
run: ./.github/workflows/scripts/build_artifacts.sh ${{ runner.os }} | |
- name: Archive artifacts | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 | |
with: | |
name: binaries-linux | |
path: ./artifacts/ | |
images: | |
name: images (linux) | |
runs-on: ubuntu-22.04 | |
needs: [cache-deps] | |
timeout-minutes: 30 | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Load cached build tools | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: .build | |
key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
- name: Build images | |
run: make images-no-load | |
- name: Export images | |
run: tar -czvf images.tar.gz *-image.tar | |
- name: Archive images | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 | |
with: | |
name: images | |
path: images.tar.gz | |
images-windows: | |
name: images (windows) | |
runs-on: windows-2022 | |
needs: artifacts-windows | |
timeout-minutes: 45 | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Load cached executables | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ./bin/ | |
key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} | |
- name: Build images | |
run: make images-windows | |
- name: Export images | |
run: | | |
docker save spire-server-windows:latest-local spire-agent-windows:latest-local oidc-discovery-provider-windows:latest-local -o images-windows.tar | |
gzip images-windows.tar | |
- name: Archive images | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 | |
with: | |
name: images-windows | |
path: images-windows.tar.gz | |
build-matrix: | |
name: Build matrix | |
runs-on: ubuntu-22.04 | |
needs: [cache-deps] | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- id: set-matrix | |
name: Collect versions | |
run: | | |
json_array=$(bash ./.github/workflows/scripts/find_k8s.sh) | |
echo "test=$json_array" >> $GITHUB_OUTPUT | |
echo "Collected tests: $json_array" | |
outputs: | |
test: ${{ steps.set-matrix.outputs.test }} | |
integration: | |
name: integration (linux) | |
runs-on: ubuntu-22.04 | |
needs: [cache-deps, images] | |
timeout-minutes: 45 | |
permissions: | |
contents: read | |
strategy: | |
fail-fast: false | |
matrix: | |
num_runners: [5] | |
runner_id: [1, 2, 3, 4, 5] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
# The "upgrade" integration test needs the history to ensure | |
# that the version number in the source code has been bumped as | |
# expected. This action does not fetch tags unless we supply a | |
# fetch depth of zero. | |
fetch-depth: 0 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Install regctl | |
uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Load cached build tools | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: .build | |
key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} | |
- name: Download archived images | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: images | |
path: . | |
- name: Load archived images | |
run: | | |
tar xvf images.tar.gz | |
make load-images | |
- name: Run integration tests | |
env: | |
NUM_RUNNERS: ${{ matrix.num_runners }} | |
THIS_RUNNER: ${{ matrix.runner_id }} | |
TERM: dumb | |
CICD_TARGET_BRANCH: ${{ github.event.pull_request.base.ref }} | |
run: ./.github/workflows/scripts/split.sh | xargs ./test/integration/test.sh | |
integration-k8s: | |
name: integration-k8s | |
runs-on: ubuntu-22.04 | |
needs: [cache-deps, images, build-matrix] | |
timeout-minutes: 45 | |
permissions: | |
contents: read | |
strategy: | |
fail-fast: false | |
matrix: | |
num_runners: [1] | |
runner_id: [1] | |
#Test elements should be added as [KubeCTLVersion, K8s-image, KindVersion] | |
test: ${{ fromJson(needs.build-matrix.outputs.test) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
# The "upgrade" integration test needs the history to ensure | |
# that the version number in the source code has been bumped as | |
# expected. This action does not fetch tags unless we supply a | |
# fetch depth of zero. | |
fetch-depth: 0 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Install regctl | |
uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Load cached build tools | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: .build | |
key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} | |
- name: Download archived images | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: images | |
path: . | |
- name: Load archived images | |
run: | | |
tar xvf images.tar.gz | |
make load-images | |
- name: Run k8s integration | |
env: | |
NUM_RUNNERS: ${{ matrix.num_runners }} | |
THIS_RUNNER: ${{ matrix.runner_id }} | |
KUBECTLVERSION: ${{ matrix.test[0] }} | |
K8SIMAGE: ${{ matrix.test[1] }} | |
KINDVERSION: ${{ matrix.test[2] }} | |
TERM: dumb | |
CICD_TARGET_BRANCH: ${{ github.event.pull_request.base.ref }} | |
run: ./.github/workflows/scripts/split_k8s.sh | xargs ./test/integration/test-k8s.sh | |
integration-windows: | |
name: integration (windows) | |
runs-on: windows-2022 | |
needs: images-windows | |
timeout-minutes: 45 | |
env: | |
GOPATH: 'D:\golang\go' | |
GOCACHE: 'D:\golang\cache' | |
GOMODCACHE: 'D:\golang\modcache' | |
permissions: | |
contents: read | |
defaults: | |
run: | |
shell: msys2 {0} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
cache: true | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Load cached build tools | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: .build | |
key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} | |
- name: Install msys2 | |
uses: msys2/setup-msys2@ddf331adaebd714795f1042345e6ca57bd66cea8 # v2.24.1 | |
with: | |
msystem: MINGW64 | |
update: true | |
path-type: inherit | |
install: >- | |
git base-devel mingw-w64-x86_64-toolchain unzip | |
- name: Download archived images | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: images-windows | |
path: . | |
- name: Load archived images | |
run: docker load -i images-windows.tar.gz | |
- name: Run integration tests | |
# Run all tests for now | |
run: make integration-windows | |
cache-deps-windows: | |
name: cache-deps (windows) | |
runs-on: windows-2022 | |
timeout-minutes: 45 | |
env: | |
GOPATH: 'D:\golang\go' | |
GOCACHE: 'D:\golang\cache' | |
GOMODCACHE: 'D:\golang\modcache' | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
cache: true | |
- name: Setup dep cache | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Pull go deps | |
run: go mod download | |
lint-windows: | |
name: lint (windows) | |
runs-on: windows-2022 | |
needs: cache-deps-windows | |
timeout-minutes: 45 | |
env: | |
GOPATH: 'D:\golang\go' | |
GOCACHE: 'D:\golang\cache' | |
GOMODCACHE: 'D:\golang\modcache' | |
permissions: | |
contents: read | |
defaults: | |
run: | |
shell: msys2 {0} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
cache: true | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Setup build tool cache | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: .build | |
key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} | |
- name: Install msys2 | |
uses: msys2/setup-msys2@ddf331adaebd714795f1042345e6ca57bd66cea8 # v2.24.1 | |
with: | |
msystem: MINGW64 | |
update: true | |
install: >- | |
git base-devel mingw-w64-x86_64-toolchain unzip | |
- name: Lint | |
run: make lint-code | |
- name: Tidy check | |
run: make tidy-check | |
- name: Generate check | |
run: make generate-check | |
unit-test-windows: | |
name: unit-test (windows) | |
runs-on: windows-2022 | |
needs: cache-deps-windows | |
timeout-minutes: 45 | |
env: | |
GOPATH: 'D:\golang\go' | |
GOCACHE: 'D:\golang\cache' | |
GOMODCACHE: 'D:\golang\modcache' | |
permissions: | |
contents: read | |
defaults: | |
run: | |
shell: msys2 {0} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
cache: true | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Install msys2 | |
uses: msys2/setup-msys2@ddf331adaebd714795f1042345e6ca57bd66cea8 # v2.24.1 | |
with: | |
msystem: MINGW64 | |
update: true | |
install: >- | |
git base-devel mingw-w64-x86_64-toolchain unzip | |
- name: Run unit tests | |
run: ./.github/workflows/scripts/run_unit_tests.sh | |
artifacts-windows: | |
name: artifacts (windows) | |
runs-on: windows-2022 | |
needs: cache-deps-windows | |
timeout-minutes: 45 | |
env: | |
GOPATH: 'D:\golang\go' | |
GOCACHE: 'D:\golang\cache' | |
GOMODCACHE: 'D:\golang\modcache' | |
permissions: | |
contents: read | |
defaults: | |
run: | |
shell: msys2 {0} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
cache: true | |
- name: Load cached deps | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
- name: Load cached build tools | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: .build | |
key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} | |
- name: Install msys2 | |
uses: msys2/setup-msys2@ddf331adaebd714795f1042345e6ca57bd66cea8 # v2.24.1 | |
with: | |
msystem: MINGW64 | |
update: true | |
install: >- | |
git base-devel mingw-w64-x86_64-toolchain zip unzip | |
- name: Build binaries | |
run: make build | |
- name: Setup executables cache | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ./bin/ | |
key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} | |
- name: Build artifacts | |
run: ./.github/workflows/scripts/build_artifacts.sh ${{ runner.os }} | |
- name: Archive artifacts | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 | |
with: | |
name: binaries-windows | |
path: ./artifacts/ | |
success: | |
runs-on: ubuntu-22.04 | |
needs: [lint, unit-test, unit-test-race-detector, artifacts, integration, lint-windows, unit-test-windows, artifacts-windows, integration-windows] | |
timeout-minutes: 30 | |
permissions: | |
contents: read | |
steps: | |
- name: Declare victory! | |
run: echo "# Successful" >> $GITHUB_STEP_SUMMARY |