Add support for external traffic network policies that are restricted to only allow the Ingress controller, rather than all traffic #1862
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| concurrency: | |
| group: "${{ github.repository }}${{ github.ref }}" | |
| cancel-in-progress: true | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| push: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize | |
| jobs: | |
| build: | |
| if: (github.event_name == 'push' && github.repository == 'otterize/intents-operator') || github.event.pull_request.head.repo.full_name == 'otterize/intents-operator' | |
| name: Build | |
| runs-on: ubuntu-latest | |
| outputs: | |
| registry: ${{ steps.registry.outputs.registry }} # workaround since env is not available outside of steps, i.e. in calling external workflows like we later do in e2e-test | |
| strategy: | |
| matrix: | |
| service: | |
| - intents-operator | |
| steps: | |
| - id: registry | |
| run: echo "registry=${{ env.REGISTRY }}" >> "$GITHUB_OUTPUT" | |
| - name: Check out the code | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/setup-go@v3 | |
| with: | |
| # Upgraded Go version? Make sure to upgrade it in the GitHub Actions setup, the Dockerfile and the go.mod as well, so the linter and tests run the same version. | |
| go-version: 1.21 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@master | |
| with: | |
| driver-opts: network=host | |
| - name: Login to GCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: _json_key_base64 | |
| password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}} | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v1 | |
| with: | |
| username: otterize | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Test | |
| run: |- | |
| cd ./src/operator | |
| go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest | |
| make test | |
| - name: Build | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: src/ | |
| file: src/${{ matrix.service }}.Dockerfile | |
| tags: ${{ env.REGISTRY }}/${{ matrix.service }}:${{ github.sha }} | |
| push: true | |
| network: host | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| "VERSION=0.0.${{ github.run_id }}" | |
| netpol-e2e-test: | |
| uses: ./.github/workflows/netpol-e2e-test.yaml | |
| name: Trigger e2e tests | |
| # Must pass the secrets as the called workflow does not have access to the same context | |
| secrets: | |
| B64_GCLOUD_SERVICE_ACCOUNT_JSON: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }} | |
| with: | |
| registry: ${{ needs.build.outputs.registry }} | |
| operator-tag: ${{ github.sha }} | |
| operator-image: intents-operator | |
| needs: | |
| - build | |
| helm-e2e-test: | |
| uses: otterize/helm-charts/.github/workflows/e2e-test.yaml@main | |
| name: Trigger e2e tests from helm charts repo | |
| secrets: inherit | |
| with: | |
| gcr-registry: ${{ needs.build.outputs.registry }} | |
| intents-operator-tag: ${{ github.sha }} | |
| needs: | |
| - build | |
| tag-latest-dev: | |
| name: Tag latest | |
| if: github.ref == 'refs/heads/main' | |
| needs: | |
| - build | |
| - netpol-e2e-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: GCP auth | |
| uses: 'google-github-actions/auth@v1' | |
| with: | |
| credentials_json: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }} | |
| - name: Set up Cloud SDK | |
| uses: 'google-github-actions/setup-gcloud@v1' | |
| # Push the Docker image to AWS ECR | |
| - name: Tag Images as latest | |
| run: |- | |
| retag_image_as_latest() { if [[ $(gcloud container images add-tag "${{ env.REGISTRY }}/$1:${{ github.sha }}" "${{ env.REGISTRY }}/$1:latest" --quiet) ]]; then echo "Failed tagging $1 as latest"; exit 1; fi } # using --quiet to avoid prompt | |
| retag_image_as_latest intents-operator |