Flip the "manager" relation in citadel and acmecorp #1220

Summary
Jobs
- test
- push
- release
- msi
Run details
- Usage
- Workflow file

Workflow file for this run

	name: ci

	on:
	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:
	push:
	# Publish `main` as Docker `latest` image.
	branches:
	- main
	- dev
	- dev-*
	- release-*
	# Publish `v1.2.3` tags as releases.
	tags:
	- v*
	# Run tests for all PRs
	pull_request:

	env:
	VAULT_ADDR: https://vault.eng.aserto.com/
	PRE_RELEASE: ${{ github.ref == 'refs/heads/main' && 'main' \|\| '' }}
	GO_VERSION: "1.20"
	GO_RELEASER_VERSION: "v1.20.0"
	GO_LANGCI_LINT_VERSION: "v1.53.3"
	GO_TESTSUM_VERSION: "1.10.1"

	jobs:
	test:
	runs-on: ubuntu-latest
	steps:
	-
	uses: actions/checkout@v4
	-
	name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}
	-
	name: Build
	uses: goreleaser/goreleaser-action@v5
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	distribution: goreleaser
	version: ${{ env.GO_RELEASER_VERSION }}
	args: build --clean --snapshot --single-target
	-
	name: Lint
	uses: golangci/golangci-lint-action@v4
	with:
	version: ${{ env.GO_LANGCI_LINT_VERSION }}
	args: --timeout=30m
	-
	name: Test Setup
	uses: autero1/action-gotestsum@v2.0.0
	with:
	gotestsum_version: ${{ env.GO_TESTSUM_VERSION }}
	-
	name: Test
	run: \|
	gotestsum --format short-verbose -- -count=1 -parallel=1 -v -timeout=240s -coverprofile=cover.out -coverpkg=./... ./...
	-
	name: Upload code coverage
	uses: shogo82148/actions-goveralls@v1
	continue-on-error: true
	with:
	path-to-profile: cover.out

	push:
	runs-on: ubuntu-latest
	# when on a branch only push if the branch is main
	# always push when ref is a tag
	if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/heads/release-') \|\| startsWith(github.ref, 'refs/heads/dev-') \|\| startsWith(github.ref, 'refs/tags/v') )
	steps:
	-
	name: Read Configuration
	uses: hashicorp/vault-action@v3
	id: vault
	with:
	url: https://vault.eng.aserto.com/
	token: ${{ secrets.VAULT_TOKEN }}
	secrets: \|
	kv/data/github "SSH_PRIVATE_KEY" \| SSH_PRIVATE_KEY;
	kv/data/github "USERNAME" \| DOCKER_USERNAME;
	kv/data/github "DOCKER_PUSH_TOKEN" \| DOCKER_PASSWORD;
	kv/data/github "READ_WRITE_TOKEN" \| READ_WRITE_TOKEN;
	-
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	-
	name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}
	-
	name: Setup QEMU
	uses: docker/setup-qemu-action@v3
	-
	name: Login to GitHub Packages Docker Registry
	uses: docker/login-action@v3
	with:
	registry: https://ghcr.io
	username: ${{ env.DOCKER_USERNAME }}
	password: ${{ env.DOCKER_PASSWORD }}
	-
	name: Docker SSH Setup
	run: \|
	mkdir -p $HOME/.ssh
	umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
	ssh-keyscan github.com >> $HOME/.ssh/known_hosts
	git config --global url."git@github.com:".insteadOf https://github.com/
	git config --global user.email "github-bot@aserto.com"
	git config --global user.name "Aserto Bot"
	eval `ssh-agent`
	ssh-add $HOME/.ssh/id_rsa
	-
	name: Wait for tests to succeed
	uses: fountainhead/action-wait-for-check@v1.1.0
	id: wait-for-tests
	with:
	token: ${{ env.READ_WRITE_TOKEN }}
	checkName: test
	ref: ${{ github.event.pull_request.head.sha \|\| github.sha }}
	-
	name: Stop if tests fail
	if: steps.wait-for-tests.outputs.conclusion != 'success'
	run: exit 1
	-
	name: Push image to GitHub Container Registry
	uses: goreleaser/goreleaser-action@v5
	with:
	distribution: goreleaser
	version: ${{ env.GO_RELEASER_VERSION }}
	args: release --clean --snapshot
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	release:
	needs: [test, push]
	runs-on: ubuntu-latest
	# Only release when ref is a tag
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
	steps:
	-
	name: Read Configuration
	uses: hashicorp/vault-action@v3
	id: vault
	with:
	url: https://vault.eng.aserto.com/
	token: ${{ secrets.VAULT_TOKEN }}
	secrets: \|
	kv/data/github "SSH_PRIVATE_KEY" \| SSH_PRIVATE_KEY;
	kv/data/github "USERNAME" \| DOCKER_USERNAME;
	kv/data/github "DOCKER_PUSH_TOKEN" \| DOCKER_PASSWORD;
	kv/data/github "READ_WRITE_TOKEN" \| READ_WRITE_TOKEN;
	kv/data/github "ASERTO_TAP" \| ASERTO_TAP;
	kv/data/gcp "SERVICE_ACCOUNT_GITHUB_ACTIONS_RELEASE" \| SERVICE_ACCOUNT_GITHUB_ACTIONS_RELEASE;
	-
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	-
	name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}
	-
	name: Setup QEMU
	uses: docker/setup-qemu-action@v3
	-
	name: Login to GitHub Packages Docker Registry
	uses: docker/login-action@v3
	with:
	registry: https://ghcr.io
	username: ${{ env.DOCKER_USERNAME }}
	password: ${{ env.DOCKER_PASSWORD }}
	-
	name: Docker SSH Setup
	run: \|
	mkdir -p $HOME/.ssh
	umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
	ssh-keyscan github.com >> $HOME/.ssh/known_hosts
	git config --global url."git@github.com:".insteadOf https://github.com/
	git config --global user.email "github-bot@aserto.com"
	git config --global user.name "Aserto Bot"
	eval `ssh-agent`
	ssh-add $HOME/.ssh/id_rsa
	-
	name: GCS Application Credentials
	run: \|
	echo "${SERVICE_ACCOUNT_GITHUB_ACTIONS_RELEASE}" > /tmp/gs.json
	-
	name: Write Version Info
	run: \|
	git describe --tags > VERSION.txt
	-
	name: Release
	uses: goreleaser/goreleaser-action@v5
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	HOMEBREW_TAP: ${{ secrets.GITHUB_TOKEN }}
	GOOGLE_APPLICATION_CREDENTIALS: /tmp/gs.json
	with:
	distribution: goreleaser
	version: ${{ env.GO_RELEASER_VERSION }}
	args: release --clean
	-
	name: Archive deployment examples
	run: \|
	cd docs/deployments/sidecar-deployment && zip topaz_deployment_examples.zip *.yaml
	-
	name: Upload deployment examples
	uses: svenstaro/upload-release-action@v2
	with:
	repo_token: ${{ secrets.GITHUB_TOKEN }}
	file: docs/deployments/sidecar-deployment
	asset_name: topaz_deployment_examples.zip
	tag: ${{ github.ref }}
	overwrite: false

	msi:
	needs: release
	runs-on: windows-latest
	steps:
	-
	name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	-
	name: Read Configuration
	uses: hashicorp/vault-action@v3
	id: vault
	with:
	url: ${{ env.VAULT_ADDR }}
	token: ${{ secrets.VAULT_TOKEN }}
	secrets: \|
	kv/data/github "ROOT_TOKEN" \| ROOT_TOKEN;
	-
	name: Download exe
	id: download_exe
	shell: bash
	run: \|
	gh release download "${GITHUB_REF#refs/tags/}" -p "topaz_windows_x86_64.zip"
	printf "zip=%s\n" *.zip >> $GITHUB_OUTPUT
	unzip -o .zip && rm -v .zip
	env:
	GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }}
	-
	name: Install go-msi
	run: choco install -y "go-msi"
	-
	name: Prepare PATH
	shell: bash
	run: \|
	echo "$WIX\\bin" >> $GITHUB_PATH
	echo "C:\\Program Files\\go-msi" >> $GITHUB_PATH
	-
	name: Build MSI
	id: buildmsi
	shell: bash
	env:
	ZIP_FILE: ${{ steps.download_exe.outputs.zip }}
	run: \|
	mkdir -p build
	msi="$(basename "$ZIP_FILE" ".zip").msi"
	printf "msi=${msi}" >> $GITHUB_OUTPUT
	go-msi make --arch amd64 --msi "$PWD/$msi" --out "$PWD/build" --version "${GITHUB_REF#refs/tags/}"
	-
	name: Upload MSI
	shell: bash
	run: \|
	tag_name="${GITHUB_REF#refs/tags/}"
	gh release upload "$tag_name" "$MSI_FILE" --repo aserto-dev/topaz --clobber
	env:
	MSI_FILE: ${{ steps.buildmsi.outputs.msi }}
	GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Flip the "manager" relation in citadel and acmecorp #1220

Workflow file

Flip the "manager" relation in citadel and acmecorp #1220

Jobs

Run details

Workflow file for this run