ci: Add codecov support #761
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| - push | |
| - pull_request | |
| - workflow_call | |
| name: Continuous integration | |
| # Declare default permissions as read only. | |
| permissions: read-all | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| check: | |
| name: Cargo check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
| with: | |
| command: check | |
| version-check: | |
| name: Check Cargo.toml version | |
| if: github.ref_type == 'tag' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download source code | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Check cargo file version | |
| run: | | |
| CARGO_VERSION=$(sed -n 's,^version = \"\(.*\)\",\1,p' Cargo.toml) | |
| TAG_VERSION=$(echo ${{ github.ref_name }} | sed 's/v//') | |
| if [ "$CARGO_VERSION" != "$TAG_VERSION" ];then | |
| echo "::error title=Invalid Cargo.toml version::Cargo.toml version does not match the tag version" | |
| exit 1 | |
| fi | |
| test: | |
| name: Unit tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
| with: | |
| command: test | |
| args: --workspace --bins | |
| e2e-tests: | |
| name: E2E tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 | |
| - name: run e2e tests | |
| run: make e2e-tests | |
| coverage: | |
| name: coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0 | |
| - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| - uses: taiki-e/install-action@5794068c211bc8f5f4514b7c3f03d6adbe66f1b7 # v2.26.18 | |
| with: | |
| tool: cargo-tarpaulin | |
| - name: Generate unit-tests coverage | |
| run: make coverage-unit-tests | |
| - name: Upload unit-tests coverage to Codecov | |
| uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_ORG_TOKEN }} | |
| with: | |
| name: unit-tests | |
| directory: coverage/unit-tests | |
| flags: unit-tests | |
| verbose: true | |
| - name: Generate e2e-tests coverage | |
| run: make coverage-integration-tests | |
| - name: Upload e2e-tests coverage to Codecov | |
| uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_ORG_TOKEN }} | |
| with: | |
| name: e2e-tests | |
| directory: coverage/e2e-tests | |
| flags: e2e-tests | |
| verbose: true | |
| fmt: | |
| name: Rustfmt | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| - run: rustup component add rustfmt | |
| - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
| with: | |
| command: fmt | |
| args: --all -- --check | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| - run: rustup component add clippy | |
| - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
| with: | |
| command: clippy | |
| args: -- -D warnings | |
| shellcheck: | |
| name: Shellcheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - run: shellcheck $(find scripts/ -name '*.sh') | |
| airgap-e2e-test: | |
| name: Airgap E2E test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Run registry | |
| run: | | |
| export CONTAINER_ID=$(docker run -d -p 5000:5000 --name registry registry:2) | |
| echo "CONTAINER_ID=${CONTAINER_ID}" >> $GITHUB_ENV | |
| - name: Install kwctl | |
| run: cargo install --path . | |
| - name: Save policies | |
| run: ./scripts/kubewarden-save-policies.sh --policies-list tests/data/airgap/policies.txt --policies policies.tar.gz | |
| - name: Remove policies from store | |
| run: | | |
| kwctl rm registry://ghcr.io/kubewarden/tests/pod-privileged:v0.1.9 | |
| kwctl rm https://github.com/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm | |
| - name: Load policies | |
| run: | | |
| ./scripts/kubewarden-load-policies.sh \ | |
| --policies policies.tar.gz \ | |
| --policies-list tests/data/airgap/policies.txt \ | |
| --registry localhost:5000 \ | |
| --sources-path tests/data/airgap/insecure.yml | |
| - name: Verify policies in local registry | |
| run: | | |
| kwctl pull registry://localhost:5000/kubewarden/tests/pod-privileged:v0.1.9 \ | |
| --sources-path tests/data/airgap/insecure.yml | |
| kwctl pull registry://localhost:5000/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm \ | |
| --sources-path tests/data/airgap/insecure.yml | |
| - name: Clean up - delete registry | |
| if: always() | |
| run: | | |
| docker rm -f ${{ env.CONTAINER_ID }} |