public_git
/
helmfile
mirror of https://github.com/helmfile/helmfile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update workflows (#998) 

* Add IPC_LOCK capability to vault containers

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Add github-actions to dependabot config

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Use one goreleaser workflow

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Update actions

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Update and move lint job to ci workflow

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Remove cache task, get go version from go.mod

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Reformat ci.yaml

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Update goreleaser changelog config

Signed-off-by: Dmytro Bondar <git@bonddim.com>

* Add workflow to cleanup PR caches

Signed-off-by: Dmytro Bondar <git@bonddim.com>

---------

Signed-off-by: Dmytro Bondar <git@bonddim.com>
This commit is contained in:
Dmytro Bondar 2023-09-04 13:37:21 +02:00 committed by GitHub
parent 8aa4389fe9
commit d72fdcaa7b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 195 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/dependabot.yml vendored
View File

@ -9,3 +9,7 @@ updates:
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"

4
.github/workflows/Makefile vendored
View File

@ -57,8 +57,8 @@ minikube:
vault:
docker kill $$(docker ps -a --filter "name=vault" -q) || true
docker run -d -p8200:8200 --rm --name vault vault:1.2.0 server -dev -dev-root-token-id=toor
docker run --rm --network="host" -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 secrets enable -path=sops transit
docker run --rm --network="host" -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 write sops/keys/key type=rsa-4096
docker run --rm --network="host" --cap-add IPC_LOCK -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 secrets enable -path=sops transit
docker run --rm --network="host" --cap-add IPC_LOCK -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 write sops/keys/key type=rsa-4096
.PHONY: vault
sops:

26
.github/workflows/cache.yaml vendored Normal file
View File

@ -0,0 +1,26 @@
name: Cleanup cache
on:
pull_request:
types:
- closed
jobs:
cleanup-cache:
runs-on: ubuntu-latest
steps:
- run: |
gh extension install actions/gh-actions-cache
echo "Fetching list of cache keys"
cacheKeys=$(gh actions-cache list -R $GITHUB_REPOSITORY -B $BRANCH | cut -f 1 )
echo "Deleting caches..."
for cacheKey in $cacheKeys; do
gh actions-cache delete $cacheKey -R $GITHUB_REPOSITORY -B $BRANCH --confirm
done
shell: bash
continue-on-error: true
env:
GH_TOKEN: ${{ github.token }}
BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge

241
.github/workflows/ci.yaml vendored
View File

@ -9,144 +9,125 @@ on:
paths-ignore: [ '**.md', '**/docs/**' ]
jobs:
lint:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version-file: go.mod
- uses: golangci/golangci-lint-action@v3
with:
version: v1.54.2
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache libraries
uses: actions/cache@v2
env:
cache-name: cache-go
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.21'
- name: Env
run: go env
- name: Build
run: make build build-test-tools
- name: Test
run: make check test
- name: Prepare tar to upload built binaries
run: tar -cvf built-binaries.tar helmfile diff-yamls dyff
- name: Upload built binaries
uses: actions/upload-artifact@v2
with:
name: built-binaries-${{ github.run_id }}
path: built-binaries.tar
retention-days: 1
- name: Display built binaries
run: ls -l helmfile diff-yamls dyff
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version-file: go.mod
- name: Build
run: make build build-test-tools
- name: Test
run: make check test
- name: Archive built binaries
run: tar -cvf built-binaries.tar helmfile diff-yamls dyff
- uses: actions/upload-artifact@v3
with:
name: built-binaries-${{ github.run_id }}
path: built-binaries.tar
retention-days: 1
- name: Display built binaries
run: ls -l helmfile diff-yamls dyff
integration_tests:
needs: tests
runs-on: ubuntu-latest
strategy:
matrix:
include:
# Helm maintains the latest minor version only and therefore each Helmfile version supports 2 Helm minor versions.
# That's why we cover only 2 Helm minor versions in this matrix.
# See https://github.com/helmfile/helmfile/pull/286#issuecomment-1250161182 for more context.
- helm-version: v3.11.3
kustomize-version: v4.4.1
plugin-secrets-version: 3.15.0
plugin-diff-version: 3.7.0
extra-helmfile-flags:
v1mode:
- helm-version: v3.11.3
kustomize-version: v4.5.7
# We assume that the helm-secrets plugin is supposed to
# work with the two most recent helm minor versions.
# Once it turned out to be not practically true,
# we will mark this combination as failable,
# and instruct users to upgrade helm and helm-secrets at once.
plugin-secrets-version: 4.0.0
plugin-diff-version: 3.8.1
extra-helmfile-flags:
v1mode:
- helm-version: v3.12.3
kustomize-version: v4.4.1
plugin-secrets-version: 3.15.0
plugin-diff-version: 3.7.0
extra-helmfile-flags:
v1mode:
- helm-version: v3.12.3
kustomize-version: v4.5.7
plugin-secrets-version: 4.0.0
plugin-diff-version: 3.8.1
extra-helmfile-flags:
v1mode:
# Helmfile v1
- helm-version: v3.12.3
kustomize-version: v4.5.7
plugin-secrets-version: 4.0.0
plugin-diff-version: 3.8.1
extra-helmfile-flags:
v1mode: "true"
# In case you need to test some optional helmfile features,
# enable it via extra-helmfile-flags below.
- helm-version: v3.12.3
kustomize-version: v4.5.7
plugin-secrets-version: 4.0.0
plugin-diff-version: 3.8.1
extra-helmfile-flags: "--enable-live-output"
v1mode:
include:
# Helm maintains the latest minor version only and therefore each Helmfile version supports 2 Helm minor versions.
# That's why we cover only 2 Helm minor versions in this matrix.
# See https://github.com/helmfile/helmfile/pull/286#issuecomment-1250161182 for more context.
- helm-version: v3.11.3
kustomize-version: v4.4.1
plugin-secrets-version: 3.15.0
plugin-diff-version: 3.7.0
extra-helmfile-flags: ''
v1mode: ''
- helm-version: v3.11.3
kustomize-version: v4.5.7
# We assume that the helm-secrets plugin is supposed to
# work with the two most recent helm minor versions.
# Once it turned out to be not practically true,
# we will mark this combination as failable,
# and instruct users to upgrade helm and helm-secrets at once.
plugin-secrets-version: 4.0.0
plugin-diff-version: 3.8.1
extra-helmfile-flags: ''
v1mode: ''
- helm-version: v3.12.3
kustomize-version: v4.4.1
plugin-secrets-version: 3.15.0
plugin-diff-version: 3.7.0
extra-helmfile-flags: ''
v1mode: ''
- helm-version: v3.12.3
kustomize-version: v4.5.7
plugin-secrets-version: 4.0.0
plugin-diff-version: 3.8.1
extra-helmfile-flags: ''
v1mode: ''
# Helmfile v1
- helm-version: v3.12.3
kustomize-version: v4.5.7
plugin-secrets-version: 4.0.0
plugin-diff-version: 3.8.1
extra-helmfile-flags: ''
v1mode: 'true'
# In case you need to test some optional helmfile features,
# enable it via extra-helmfile-flags below.
- helm-version: v3.12.3
kustomize-version: v4.5.7
plugin-secrets-version: 4.0.0
plugin-diff-version: 3.8.1
extra-helmfile-flags: '--enable-live-output'
v1mode: ''
steps:
- uses: actions/checkout@v2
- name: Cache libraries
uses: actions/cache@v2
env:
cache-name: cache-go
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.21'
- name: Env
run: go env
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version-file: go.mod
- name: Download built binaries
uses: actions/download-artifact@v2
with:
name: built-binaries-${{ github.run_id }}
- name: Extract tar to get built binaries
run: tar -xvf built-binaries.tar
- name: Display built binaries
run: ls -l helmfile diff-yamls dyff
- uses: actions/download-artifact@v3
with:
name: built-binaries-${{ github.run_id }}
- name: Extract tar to get built binaries
run: tar -xvf built-binaries.tar
- name: Display built binaries
run: ls -l helmfile diff-yamls dyff
- name: Install test dependencies
env:
HELM_VERSION: ${{ matrix.helm-version }}
KUSTOMIZE_VERSION: ${{ matrix.kustomize-version }}
run: make -C .github/workflows helm vault sops kustomize
- name: Start minikube
uses: medyagh/setup-minikube@latest
- name: Execute integration tests
run: make integration
env:
HELM_SECRETS_VERSION: ${{ matrix.plugin-secrets-version }}
HELM_DIFF_VERSION: ${{ matrix.plugin-diff-version }}
HELMFILE_HELM3: 1
TERM: xterm
EXTRA_HELMFILE_FLAGS: ${{ matrix.extra-helmfile-flags }}
HELMFILE_V1MODE: ${{ matrix.v1mode }}
- name: Install test dependencies
env:
HELM_VERSION: ${{ matrix.helm-version }}
KUSTOMIZE_VERSION: ${{ matrix.kustomize-version }}
run: make -C .github/workflows helm vault sops kustomize
- name: Start minikube
uses: medyagh/setup-minikube@latest
- name: Execute integration tests
env:
HELM_SECRETS_VERSION: ${{ matrix.plugin-secrets-version }}
HELM_DIFF_VERSION: ${{ matrix.plugin-diff-version }}
HELMFILE_HELM3: 1
TERM: xterm
EXTRA_HELMFILE_FLAGS: ${{ matrix.extra-helmfile-flags }}
HELMFILE_V1MODE: ${{ matrix.v1mode }}
run: make integration
e2e_tests:
needs: tests
runs-on: ubuntu-latest
@ -154,18 +135,16 @@ jobs:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install package
run: |
sudo apt-get -y install expect
- name: Download built binaries
uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: built-binaries-${{ github.run_id }}
- name: Extract tar to get built binaries
run: tar -xvf built-binaries.tar
- name: Display built binaries
run: ls -l helmfile diff-yamls dyff
- name: Install package
run: sudo apt-get -y install expect
- name: Run helmfile init
run: bash test/e2e/helmfile-init/init_linux.sh
env:
TERM: xterm
run: bash test/e2e/helmfile-init/init_linux.sh

4
.github/workflows/images.yaml vendored
View File

@ -64,14 +64,14 @@ jobs:
type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build / Push
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
context: .
file: ${{ matrix.image.dockerfile }}

30
.github/workflows/lint.yaml vendored
View File

@ -1,30 +0,0 @@
name: Lint
on:
push:
branches: [ main ]
paths-ignore: [ '**.md', '**/docs/**' ]
pull_request:
branches: [ main ]
paths-ignore: [ '**.md', '**/docs/**' ]
env:
GO_VERSION: 1.21
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/setup-go@v3
with:
go-version: '1.21'
- name: Checkout code
uses: actions/checkout@v3
- name: Golangci lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.54.1

2
.github/workflows/lock.yaml vendored
View File

@ -21,7 +21,7 @@ jobs:
lock:
runs-on: 'ubuntu-latest'
steps:
- uses: 'dessant/lock-threads@v2'
- uses: 'dessant/lock-threads@v4'
with:
github-token: '${{ github.token }}'
issue-lock-inactive-days: 1

29
.github/workflows/publish_binaries.yaml vendored
View File

@ -1,29 +0,0 @@
name: Publish v0.x Binaries
on:
push:
branches:
- "!*"
tags:
- "v0*"
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v1
-
name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.21'
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v1
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

33
.github/workflows/publish_v1_binaries.yml vendored
View File

@ -1,33 +0,0 @@
name: Publish v1.x Binaries
on:
push:
branches:
- "!*"
tags:
- "v1*"
env:
# This is referenced from .goreleaser.yml
HELMFILE_V1MODE: "true"
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v1
-
name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.21'
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v1
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

35
.github/workflows/releaser.yaml vendored Normal file
View File

@ -0,0 +1,35 @@
name: GoReleaser
on:
push:
tags:
- 'v0*'
- 'v1*'
branches:
- 'main'
pull_request:
branches:
- 'main'
permissions:
contents: write
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HELMFILE_V1MODE: ${{ startsWith(github.ref, 'refs/tags/v1') }}
SNAPSHOT: ${{ !startsWith(github.ref, 'refs/tags/v') && '--snapshot' || '' }}
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version-file: go.mod
- uses: goreleaser/goreleaser-action@v4
with:
version: latest
args: release --clean ${{ env.SNAPSHOT }}

26
.github/workflows/test_binary_builds.yaml vendored
View File

@ -1,26 +0,0 @@
name: Test Binary Builds
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v1
-
name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.21'
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v1
with:
version: latest
args: release --rm-dist --snapshot

16
.goreleaser.yml
View File

@ -23,5 +23,19 @@ builds:
- amd64
- arm64
- "386"
changelog:
use: github-native
use: github
sort: asc
groups:
- title: Features
regexp: '^.*[Ff]eat[(\\w)]*:+.*$'
order: 0
- title: "Fixes"
regexp: '^.*fix[(\\w)]*.*$'
order: 1
- title: "Dependencies"
regexp: '^.*(deps|bump)[(\\w)]*.*$'
order: 2
- title: Others
order: 999