diff --git a/.github/workflows/__build-workflow.yaml b/.github/workflows/__build-workflow.yaml index 9b3b0ca1..a3cedf5c 100644 --- a/.github/workflows/__build-workflow.yaml +++ b/.github/workflows/__build-workflow.yaml @@ -70,8 +70,6 @@ on: value: ${{ jobs.build.outputs.tags }} version: value: ${{ jobs.build.outputs.version }} - artifact: - value: ${{ jobs.build.outputs.artifact }} jobs: semver: @@ -99,7 +97,7 @@ jobs: run: exit 1 - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 @@ -132,7 +130,7 @@ jobs: version: ${{ steps.meta.outputs.version }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies) run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" @@ -159,17 +157,21 @@ jobs: - name: Add standard tags if: ${{ inputs.tag != '' }} run: | - echo 'TAGS_STANDARD<> $GITHUB_ENV - echo 'type=raw,value=${{ needs.semver.outputs.fullversion }}' >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV + ( + echo 'TAGS_STANDARD<> $GITHUB_ENV - name: Add major.minor tag if: ${{ inputs.tag != '' && needs.semver.outputs.prerelease == '' }} run: | - echo 'TAGS_SUPPLEMENTAL<> $GITHUB_ENV - echo "" >> $GITHUB_ENV - echo 'type=raw,value=${{ needs.semver.outputs.major }}.${{ needs.semver.outputs.minor }}' >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV + ( + echo 'TAGS_SUPPLEMENTAL<> $GITHUB_ENV - name: Docker meta id: meta @@ -251,7 +253,7 @@ jobs: ${{ inputs.image-name }}:${{ steps.meta.outputs.version }} -version | ${{ inputs.verify-image-script }} ${{ github.repository }} - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: image-${{ matrix.os }}-${{ matrix.arch }} path: /tmp/image.tar @@ -269,7 +271,7 @@ jobs: - build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies) run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" @@ -279,17 +281,21 @@ jobs: - name: Add standard tags if: ${{ inputs.tag != '' }} run: | - echo 'TAGS_STANDARD<> $GITHUB_ENV - echo 'type=raw,value=${{ needs.semver.outputs.fullversion }}' >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV + ( + echo 'TAGS_STANDARD<> $GITHUB_ENV - name: Add major.minor tag if: ${{ inputs.tag != '' && needs.semver.outputs.prerelease == '' }} run: | - echo 'TAGS_SUPPLEMENTAL<> $GITHUB_ENV - echo "" >> $GITHUB_ENV - echo 'type=raw,value=${{ needs.semver.outputs.major }}.${{ needs.semver.outputs.minor }}' >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV + ( + echo 'TAGS_SUPPLEMENTAL<> $GITHUB_ENV - name: Docker metadata id: meta diff --git a/.github/workflows/__release-workflow.yaml b/.github/workflows/__release-workflow.yaml index 06c382ca..096bb156 100644 --- a/.github/workflows/__release-workflow.yaml +++ b/.github/workflows/__release-workflow.yaml @@ -43,7 +43,6 @@ on: release-type: description: Whether to make a created release a pre-release required: true - default: 'prerelease' # Reusable workflows do not support choice type, so we use string instead. # Allowed values: prerelease, release. type: string @@ -139,7 +138,7 @@ jobs: run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" - name: Setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -176,7 +175,7 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: diagnostics-integration-webhook-enabled-${{ matrix.webhook-enabled }} path: /tmp/ktf-diag* @@ -197,7 +196,7 @@ jobs: run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" - name: Setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -234,7 +233,7 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: diagnostics-e2e path: /tmp/ktf-diag* @@ -273,7 +272,7 @@ jobs: - name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies) run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod diff --git a/.github/workflows/release-bot.yaml b/.github/workflows/release-bot.yaml index 2eeb610f..266f265b 100644 --- a/.github/workflows/release-bot.yaml +++ b/.github/workflows/release-bot.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: search for release command in commit message id: commit_parser @@ -55,7 +55,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Read version from VERSION file run: | @@ -73,7 +73,7 @@ jobs: uses: mukunku/tag-exists-action@bdad1eaa119ce71b150b952c97351c75025c06a9 # v1.6.0 id: tag_exists with: - tag: ${{ steps.commit_parser.outputs.release_version }} + tag: ${{ env.VERSION }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -134,7 +134,7 @@ jobs: if: ${{ needs.look_for_release.outputs.release_found == 'true' && needs.semver.outputs.patch != '0' && needs.semver.outputs.prerelease == '' && needs.look_for_release.outputs.release_latest == 'true' && github.ref_name != 'main' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: carloscastrojumo/github-cherry-pick-action@503773289f4a459069c832dc628826685b75b4b3 # v1.0.10 with: diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 05b280f5..4abc3fce 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -163,16 +163,16 @@ jobs: GOTESTSUM_JUNITFILE: "unit-tests.xml" - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: coverage + name: coverage-unit-tests path: coverage.unit.out - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: tests-report + name: tests-report-unit-tests path: unit-tests.xml envtest-tests: @@ -196,16 +196,16 @@ jobs: GOTESTSUM_JUNITFILE: "envtest-tests.xml" - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: coverage-envtest path: coverage.envtest.out - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: tests-report + name: tests-report-envtest-tests path: envtest-tests.xml conformance-tests: @@ -240,21 +240,21 @@ jobs: - name: upload diagnostics if: ${{ always() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: diagnostics-conformance + name: diagnostics-conformance-${{ matrix.router-flavor }} path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: tests-report + name: tests-report-conformance-${{ matrix.router-flavor }} path: conformance-tests-${{ matrix.router-flavor }}.xml - name: collect conformance report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: conformance-report-${{ matrix.router-flavor }} path: standard-*-report.yaml @@ -295,23 +295,23 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: diagnostics-integration-webhook-enabled-${{ matrix.webhook-enabled }} path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: coverage + name: coverage-integration-webhook-enabled-${{ matrix.webhook-enabled }} path: coverage.integration.out - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: tests-report + name: tests-report-integration-webhook-enabled-${{ matrix.webhook-enabled }} path: integration-tests-webhook-enabled-${{ matrix.webhook-enabled }}.xml integration-tests-bluegreen: @@ -347,23 +347,23 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: diagnostics-integration-bluegreen-webhook-enabled-${{ matrix.webhook-enabled }} path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: coverage + name: coverage-integration-bluegreen-webhook-enabled-${{ matrix.webhook-enabled }} path: coverage.integration-bluegreen.out - name: collect test report if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: tests-report + name: tests-report-integration-bluegreen-webhook-enabled-${{ matrix.webhook-enabled }} path: integration-tests-bluegreen-webhook-enabled-${{ matrix.webhook-enabled }}.xml # Test reconciling Gateway with provisioning DataPlane failures. @@ -397,24 +397,24 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: diagnostics-integration-provision-fail-webhook-enabled-${{ matrix.webhook-enabled }} + name: diagnostics-integration-provision-fail path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: coverage + name: coverage-integration-tests-provision-fail path: coverage.integration-provision-dataplane-fail.out - name: collect test report if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: tests-report - path: integration-tests-provision-dataplane-fai.xml + name: tests-report-integration-tests-provision-fail + path: integration-tests-provision-dataplane-fail.xml e2e-tests: runs-on: ubuntu-latest @@ -449,7 +449,7 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: diagnostics-e2e path: /tmp/ktf-diag* @@ -457,9 +457,9 @@ jobs: - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: - name: tests-report + name: tests-report-e2e path: e2e-tests.xml buildpulse-report: @@ -477,10 +477,11 @@ jobs: - name: download tests report id: download-coverage - uses: actions/download-artifact@v3 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: - name: tests-report + pattern: tests-report* path: report + merge-multiple: true - name: Upload test results to BuildPulse for flaky test detection if: ${{ !cancelled() }} diff --git a/.tools_versions.yaml b/.tools_versions.yaml index e4485dde..1bdfba20 100644 --- a/.tools_versions.yaml +++ b/.tools_versions.yaml @@ -18,3 +18,7 @@ crd-ref-docs: "0.1.0" mockery: "2.50.4" # renovate: datasource=github-releases depName=kubernetes-sigs/controller-runtime setup-envtest: "0.19.4" +# renovate: datasource=github-releases depName=rhysd/actionlint +actionlint: "1.7.4" +# renovate: datasource=github-releases depName=koalaman/shellcheck +shellcheck: "0.10.0" diff --git a/Makefile b/Makefile index c4abfb5b..43a71466 100644 --- a/Makefile +++ b/Makefile @@ -143,6 +143,20 @@ setup-envtest: mise ## Download setup-envtest locally if necessary. @$(MAKE) mise-plugin-install DEP=setup-envtest URL=https://github.com/pmalek/mise-setup-envtest.git @$(MISE) install setup-envtest@$(SETUP_ENVTEST_VERSION) +ACTIONLINT_VERSION = $(shell $(YQ) -r '.actionlint' < $(TOOLS_VERSIONS_FILE)) +ACTIONLINT = $(PROJECT_DIR)/bin/installs/actionlint/$(ACTIONLINT_VERSION)/bin/actionlint +.PHONY: download.actionlint +download.actionlint: mise yq ## Download actionlint locally if necessary. + @$(MISE) plugin install --yes -q actionlint + @$(MISE) install -q actionlint@$(ACTIONLINT_VERSION) + +SHELLCHECK_VERSION = $(shell $(YQ) -r '.shellcheck' < $(TOOLS_VERSIONS_FILE)) +SHELLCHECK = $(PROJECT_DIR)/bin/installs/shellcheck/$(SHELLCHECK_VERSION)/bin/shellcheck +.PHONY: download.shellcheck +download.shellcheck: mise yq ## Download shellcheck locally if necessary. + @$(MISE) plugin install --yes -q shellcheck + @$(MISE) install -q shellcheck@$(SHELLCHECK_VERSION) + .PHONY: use-setup-envtest use-setup-envtest: $(SETUP_ENVTEST) use @@ -188,6 +202,13 @@ GOLANGCI_LINT_CONFIG ?= $(PROJECT_DIR)/.golangci.yaml lint: golangci-lint $(GOLANGCI_LINT) run -v --config $(GOLANGCI_LINT_CONFIG) $(GOLANGCI_LINT_FLAGS) +.PHONY: lint.actions +lint.actions: download.actionlint download.shellcheck +# TODO: add more files to be checked + SHELLCHECK_OPTS='--exclude=SC2086,SC2155,SC2046' \ + $(ACTIONLINT) -shellcheck $(SHELLCHECK) \ + ./.github/workflows/* + .PHONY: verify verify: verify.manifests verify.generators