Skip to content

Flip the "manager" relation in citadel and acmecorp #1220

Flip the "manager" relation in citadel and acmecorp

Flip the "manager" relation in citadel and acmecorp #1220

Workflow file for this run

name: ci
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
push:
# Publish `main` as Docker `latest` image.
branches:
- main
- dev
- dev-*
- release-*
# Publish `v1.2.3` tags as releases.
tags:
- v*
# Run tests for all PRs
pull_request:
env:
VAULT_ADDR: https://vault.eng.aserto.com/
PRE_RELEASE: ${{ github.ref == 'refs/heads/main' && 'main' || '' }}
GO_VERSION: "1.20"
GO_RELEASER_VERSION: "v1.20.0"
GO_LANGCI_LINT_VERSION: "v1.53.3"
GO_TESTSUM_VERSION: "1.10.1"
jobs:
test:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v4
-
name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Build
uses: goreleaser/goreleaser-action@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: build --clean --snapshot --single-target
-
name: Lint
uses: golangci/golangci-lint-action@v4
with:
version: ${{ env.GO_LANGCI_LINT_VERSION }}
args: --timeout=30m
-
name: Test Setup
uses: autero1/action-gotestsum@v2.0.0
with:
gotestsum_version: ${{ env.GO_TESTSUM_VERSION }}
-
name: Test
run: |
gotestsum --format short-verbose -- -count=1 -parallel=1 -v -timeout=240s -coverprofile=cover.out -coverpkg=./... ./...
-
name: Upload code coverage
uses: shogo82148/actions-goveralls@v1
continue-on-error: true
with:
path-to-profile: cover.out
push:
runs-on: ubuntu-latest
# when on a branch only push if the branch is main
# always push when ref is a tag
if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-') || startsWith(github.ref, 'refs/heads/dev-') || startsWith(github.ref, 'refs/tags/v') )
steps:
-
name: Read Configuration
uses: hashicorp/vault-action@v3
id: vault
with:
url: https://vault.eng.aserto.com/
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY;
kv/data/github "USERNAME" | DOCKER_USERNAME;
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD;
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN;
-
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Setup QEMU
uses: docker/setup-qemu-action@v3
-
name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v3
with:
registry: https://ghcr.io
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
-
name: Docker SSH Setup
run: |
mkdir -p $HOME/.ssh
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
git config --global url."git@github.com:".insteadOf https://github.com/
git config --global user.email "github-bot@aserto.com"
git config --global user.name "Aserto Bot"
eval `ssh-agent`
ssh-add $HOME/.ssh/id_rsa
-
name: Wait for tests to succeed
uses: fountainhead/action-wait-for-check@v1.1.0
id: wait-for-tests
with:
token: ${{ env.READ_WRITE_TOKEN }}
checkName: test
ref: ${{ github.event.pull_request.head.sha || github.sha }}
-
name: Stop if tests fail
if: steps.wait-for-tests.outputs.conclusion != 'success'
run: exit 1
-
name: Push image to GitHub Container Registry
uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: release --clean --snapshot
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release:
needs: [test, push]
runs-on: ubuntu-latest
# Only release when ref is a tag
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
steps:
-
name: Read Configuration
uses: hashicorp/vault-action@v3
id: vault
with:
url: https://vault.eng.aserto.com/
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY;
kv/data/github "USERNAME" | DOCKER_USERNAME;
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD;
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN;
kv/data/github "ASERTO_TAP" | ASERTO_TAP;
kv/data/gcp "SERVICE_ACCOUNT_GITHUB_ACTIONS_RELEASE" | SERVICE_ACCOUNT_GITHUB_ACTIONS_RELEASE;
-
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Setup QEMU
uses: docker/setup-qemu-action@v3
-
name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v3
with:
registry: https://ghcr.io
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
-
name: Docker SSH Setup
run: |
mkdir -p $HOME/.ssh
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
git config --global url."git@github.com:".insteadOf https://github.com/
git config --global user.email "github-bot@aserto.com"
git config --global user.name "Aserto Bot"
eval `ssh-agent`
ssh-add $HOME/.ssh/id_rsa
-
name: GCS Application Credentials
run: |
echo "${SERVICE_ACCOUNT_GITHUB_ACTIONS_RELEASE}" > /tmp/gs.json
-
name: Write Version Info
run: |
git describe --tags > VERSION.txt
-
name: Release
uses: goreleaser/goreleaser-action@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_APPLICATION_CREDENTIALS: /tmp/gs.json
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: release --clean
-
name: Archive deployment examples
run: |
cd docs/deployments/sidecar-deployment && zip topaz_deployment_examples.zip *.yaml
-
name: Upload deployment examples
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: docs/deployments/sidecar-deployment
asset_name: topaz_deployment_examples.zip
tag: ${{ github.ref }}
overwrite: false
msi:
needs: release
runs-on: windows-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Read Configuration
uses: hashicorp/vault-action@v3
id: vault
with:
url: ${{ env.VAULT_ADDR }}
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
kv/data/github "ROOT_TOKEN" | ROOT_TOKEN;
-
name: Download exe
id: download_exe
shell: bash
run: |
gh release download "${GITHUB_REF#refs/tags/}" -p "topaz_windows_x86_64.zip"
printf "zip=%s\n" *.zip >> $GITHUB_OUTPUT
unzip -o *.zip && rm -v *.zip
env:
GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }}
-
name: Install go-msi
run: choco install -y "go-msi"
-
name: Prepare PATH
shell: bash
run: |
echo "$WIX\\bin" >> $GITHUB_PATH
echo "C:\\Program Files\\go-msi" >> $GITHUB_PATH
-
name: Build MSI
id: buildmsi
shell: bash
env:
ZIP_FILE: ${{ steps.download_exe.outputs.zip }}
run: |
mkdir -p build
msi="$(basename "$ZIP_FILE" ".zip").msi"
printf "msi=${msi}" >> $GITHUB_OUTPUT
go-msi make --arch amd64 --msi "$PWD/$msi" --out "$PWD/build" --version "${GITHUB_REF#refs/tags/}"
-
name: Upload MSI
shell: bash
run: |
tag_name="${GITHUB_REF#refs/tags/}"
gh release upload "$tag_name" "$MSI_FILE" --repo aserto-dev/topaz --clobber
env:
MSI_FILE: ${{ steps.buildmsi.outputs.msi }}
GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }}