Skip to content

update vuln attestation to (opiniatedly) follow intoto/vulns v0.1 spe… #18

update vuln attestation to (opiniatedly) follow intoto/vulns v0.1 spe…

update vuln attestation to (opiniatedly) follow intoto/vulns v0.1 spe… #18

Workflow file for this run

#
# Copyright 2022 The GUAC Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: ci
on:
workflow_dispatch: # testing only, trigger manually to test it works
push:
branches:
- main
pull_request:
branches:
- main
types:
- opened
- synchronize
- reopened
permissions:
contents: read
jobs:
test-integration:
runs-on: ubuntu-latest
name: CI for integration tests
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3
- name: setup-go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # tag=v3.2.1
with:
go-version: '1.21'
- uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: Install atlas
uses: ariga/setup-atlas@v0
- name: Setup the project
run: go mod download
- name: Run backends
shell: bash
run: |
set -euo pipefail
cd internal/testing/backend
docker compose up -d
sleep 10
echo "backends started"
- name: Run integration tests
env:
ENT_TEST_DATABASE_URL: 'postgresql://guac:guac@localhost/guac?sslmode=disable'
run: make integration-test
test-unit:
runs-on: ubuntu-latest
name: CI for unit tests
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3
- name: setup-go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # tag=v3.2.1
with:
go-version: '1.21'
- uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: Install atlas
uses: ariga/setup-atlas@v0
- name: Setup the project
run: go mod download
- name: Run tests
run: make test
static-analysis:
name: Static Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3
- name: setup-go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # tag=v3.2.1
with:
go-version: '1.21'
- name: Install atlas
uses: ariga/setup-atlas@v0
- name: Install formatter
run: go install golang.org/x/tools/cmd/goimports@latest
- name: Check format
run: make fmt
- name: Check that all generated code is up to date
run: make generated_up_to_date
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3
- name: setup-go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # tag=v5.0.2
with:
go-version: '1.21'
- name: Install atlas
uses: ariga/setup-atlas@v0
- name: golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # tag=v3.2.0
with:
only-new-issues: true
skip-cache: true
- name: Check markdown format
run: make format
- name: Check that all linted text is up to date
run: make generated_up_to_date
- name: Run atlas Lint
run: make atlas-lint
end-to-end:
name: E2E
runs-on: ubuntu-latest
services:
postgres:
image: postgres:15
env:
POSTGRES_USER: guac
POSTGRES_PASSWORD: guac
POSTGRES_DB: guac
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U guac -d guac"
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version: '~1.21'
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
with:
python-version: '3.10'
- name: Install PostgreSQL client tools
run: |
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install -y postgresql-client-15
- name: Set up NATS Server with JetStream
run: |
docker run -d --name nats-server -p 4222:4222 -p 8222:8222 nats:2.9.17 -js
- name: Wait for PostgreSQL to be ready
run: |
until pg_isready -h localhost -p 5432 -U guac -d guac; do
echo "Waiting for PostgreSQL to be ready..."
sleep 5
done
- name: Run e2e tests
run: |
./internal/testing/e2e/e2e
env:
POSTGRES_USER: guac
POSTGRES_PASSWORD: guac
POSTGRES_DB: guac
POSTGRES_HOST: localhost
POSTGRES_PORT: 5432
PGPASSWORD: guac
GUAC_DIR: /home/runner/work/guac/guac
tilt-ci:
name: Run 'tilt ci'
runs-on:
labels: ubuntu-latest
timeout-minutes: 30
steps:
- name: Install tools
shell: bash
run: |
sudo apt-get install -y git uuid-runtime
# tilt -- https://raw.githubusercontent.com/tilt-dev/tilt/master/scripts/install.sh
case $(uname -m) in
aarch64) ARCH=arm64;;
armv7l) ARCH=arm;;
*) ARCH=$(uname -m);;
esac
VERSION=0.32.0
curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v$VERSION/tilt.$VERSION.linux.$ARCH.tar.gz | tar -xzvC /usr/local/bin tilt
# helm
case $(uname -m) in
aarch64) ARCH=arm64;;
armv7l) ARCH=arm;;
x86_64) ARCH=amd64;;
*) ARCH=$(uname -m);;
esac
VERSION=3.12.0
curl -fsSL https://get.helm.sh/helm-v$VERSION-linux-$ARCH.tar.gz | tar --strip-components=1 -xzvC /usr/local/bin linux-$ARCH/helm
# ctlptl - https://github.com/tilt-dev/ctlptl/blob/main/INSTALL.md
CTLPTL_VERSION="0.8.19"
curl -fsSL https://github.com/tilt-dev/ctlptl/releases/download/v$CTLPTL_VERSION/ctlptl.$CTLPTL_VERSION.linux.x86_64.tar.gz | sudo tar -xzv -C /usr/local/bin ctlptl
# kind - https://kind.sigs.k8s.io/docs/user/quick-start/#installing-from-release-binaries
# For AMD64 / x86_64
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.19.0/kind-linux-amd64
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.19.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
with:
install-only: true
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3
- name: setup-go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # tag=v3.2.1
with:
go-version: '1.21'
- uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: Setup the project
run: go mod download
- name: Setup kind cluster
shell: bash
run: |
ctlptl create cluster kind --registry=ctlptl-registry
- name: Run 'tilt ci'
shell: bash
run: |
tilt ci
- name: Diag after failure
if: ${{ failure() }}
shell: bash
run: |
echo "K8S CLUSTER STATUS"
kubectl get all
echo ""
for pod in $(kubectl get pod | awk '$1 != "NAME" { print $1; }')
do
echo ""
echo "=== DIAG POD ${pod} ==="
echo ""
kubectl describe "pod/${pod#pod/}" | sed 's,^, ,'
done