CI #24675

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	- release-*
	pull_request:
	branches:
	- "*"
	merge_group:
	types: [checks_requested]

	permissions:
	contents: read

	env:
	BRANCH: ${{ github.head_ref \|\| github.ref_name }}
	IMAGE_REGISTRY: ghcr.io
	IMAGE_NAME: dynatrace/dynatrace-operator
	PLATFORMS: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
	PR_PLATFORMS: linux/amd64,linux/arm64

	jobs:
	detect-changes:
	name: Detect Changes
	runs-on: ubuntu-24.04
	outputs:
	go_changed: ${{ steps.go-files.outputs.any_changed == 'true' && 'true' \|\| '' }}
	docker_changed: ${{ steps.dockerfile.outputs.any_changed == 'true' && 'true' \|\| '' }}
	helm_changed: ${{ steps.helm.outputs.any_changed == 'true' && 'true' \|\| '' }}
	prerequisites_changed: ${{ steps.prerequisites.outputs.any_changed == 'true' && 'true' \|\| '' }}
	ci_changed: ${{ steps.ci.outputs.any_changed == 'true' && 'true' \|\| '' }}
	is_protected_branch: ${{ steps.is-protected-branch.outputs.is_protected_branch == 'true' && 'true' \|\| '' }}
	is_snyk_authorized: ${{ steps.is-snyk-authorized.outputs.is_authorized == 'true' && 'true' \|\| '' }}
	is_docker_authorized: ${{ steps.is-docker-authorized.outputs.is_authorized == 'true' && 'true' \|\| '' }}
	markdown_changed: ${{ steps.markdown.outputs.any_changed == 'true' && 'true' \|\| '' }}
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: ${{ github.event_name == 'merge_group' && 0 \|\| 2 }}
	ref: ${{ github.event.pull_request.head.sha \|\| github.event.merge_group.head_sha \|\| github.sha }}
	- name: Check if it is a protected branch
	id: is-protected-branch
	run: \|
	if [[ "$GITHUB_REF" == "refs/heads/main" \|\| "$GITHUB_REF" == refs/heads/release-* \|\| "$GITHUB_EVENT_NAME" == "merge_group" ]]; then
	echo "is_protected_branch=true" >> "$GITHUB_OUTPUT"
	else
	echo "is_protected_branch=false" >> "$GITHUB_OUTPUT"
	fi
	- name: Check if synk credentials are present
	id: is-snyk-authorized
	run: \|
	echo "is_authorized=${{ secrets.SNYK_API_TOKEN != '' }}" >> $GITHUB_OUTPUT
	- name: Check if docker credentials are present
	id: is-docker-authorized
	run: \|
	echo "is_authorized=${{ secrets.QUAY_USERNAME != '' && secrets.QUAY_PASSWORD != '' }}" >> $GITHUB_OUTPUT
	- name: Detect CI file changes
	uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
	id: ci
	with:
	files: \|
	.github/workflows/**
	.github/actions/**
	base_sha: ${{ github.event.pull_request.base.sha \|\| github.event.merge_group.head_sha \|\| github.event.before }}
	- name: Detect Go file changes
	uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
	id: go-files
	with:
	files: \|
	*/.go
	go.mod
	base_sha: ${{ github.event.pull_request.base.sha \|\| github.event.merge_group.head_sha \|\| github.event.before }}
	- name: Detect Dockerfile changes
	uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
	id: dockerfile
	with:
	files: \|
	Dockerfile
	base_sha: ${{ github.event.pull_request.base.sha \|\| github.event.merge_group.head_sha \|\| github.event.before }}
	- name: Detect Helm config changes
	uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
	id: helm
	with:
	files: \|
	config/**
	base_sha: ${{ github.event.pull_request.base.sha \|\| github.event.merge_group.head_sha \|\| github.event.before }}
	- name: Detect prerequisites.mk changes
	uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
	id: prerequisites
	with:
	files: \|
	hack/make/prerequisites.mk
	base_sha: ${{ github.event.pull_request.base.sha \|\| github.event.merge_group.head_sha \|\| github.event.before }}
	- name: Detect markdown changes
	uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
	id: markdown
	with:
	files: \|
	*/.md
	base_sha: ${{ github.event.pull_request.base.sha \|\| github.event.merge_group.head_sha \|\| github.event.before }}
	- name: List Changed Files
	run: \|
	echo "CI changed: ${CHANGED_CI_FILES}"
	echo "Go changed: ${CHANGED_GO_FILES}"
	echo "Dockerfile changed: ${CHANGED_DOCKERFILE}"
	echo "Helm changed: ${CHANGED_HELM_CONFIG_FILES}"
	echo "Prerequisites changed: ${CHANGED_PREREQUISITES_MK_FILE}"
	echo "Markdown changed: ${CHANGED_MARKDOWN_FILES}"
	env:
	CHANGED_CI_FILES: ${{ steps.ci.outputs.all_changed_files }}
	CHANGED_DOCKERFILE: ${{ steps.dockerfile.outputs.all_changed_files }}
	CHANGED_GO_FILES: ${{ steps.go-files.outputs.all_changed_files }}
	CHANGED_HELM_CONFIG_FILES: ${{ steps.helm.outputs.all_changed_files }}
	CHANGED_MARKDOWN_FILES: ${{ steps.markdown.outputs.all_changed_files }}
	CHANGED_PREREQUISITES_MK_FILE: ${{ steps.prerequisites.outputs.all_changed_files }}

	helm-test:
	needs: [detect-changes]
	if: needs.detect-changes.outputs.is_protected_branch \|\| needs.detect-changes.outputs.helm_changed \|\| needs.detect-changes.outputs.prerequisites_changed \|\| needs.detect-changes.outputs.ci_changed
	name: Run helm unit tests
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Set up Helm
	uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
	with:
	# renovate datasource=github-releases depName=helm/helm
	version: v4.1.0
	- name: Run Unit tests
	id: helm-unittest
	run: \|
	make test/helm/unit

	helm-lint:
	needs: [detect-changes]
	if: needs.detect-changes.outputs.is_protected_branch \|\| needs.detect-changes.outputs.helm_changed \|\| needs.detect-changes.outputs.prerequisites_changed \|\| needs.detect-changes.outputs.ci_changed
	name: Run helm linting
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Set up Helm
	uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
	with:
	# renovate datasource=github-releases depName=helm/helm
	version: v4.1.0
	- name: Run Linting
	id: helm-linting
	run: \|
	make test/helm/lint

	tests:
	needs: [detect-changes]
	if: needs.detect-changes.outputs.is_protected_branch \|\| needs.detect-changes.outputs.go_changed \|\| needs.detect-changes.outputs.prerequisites_changed \|\| needs.detect-changes.outputs.ci_changed
	name: Run unit tests
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Setup Golang
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version: 'stable' # Latest stable version
	cache: false
	- name: Run Unit tests and Integration tests
	id: unittest
	run: \|
	make go/test
	make go/integration_test
	- name: Check test coverage
	id: check-code-coverage
	run: \|
	make go/check-coverage

	linting:
	needs: [detect-changes]
	if: needs.detect-changes.outputs.is_protected_branch \|\| needs.detect-changes.outputs.go_changed \|\| needs.detect-changes.outputs.prerequisites_changed \|\| needs.detect-changes.outputs.ci_changed
	name: Run linting
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version: 'stable' # Latest stable version
	cache: false
	- name: Run lint
	run: \|
	make go/lint

	generated-files:
	name: Check generated files
	needs: [detect-changes]
	if: needs.detect-changes.outputs.is_protected_branch \|\| needs.detect-changes.outputs.go_changed \|\| needs.detect-changes.outputs.prerequisites_changed \|\| needs.detect-changes.outputs.ci_changed
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version: 'stable' # Latest stable version
	cache: false
	- name: Set up Helm
	uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
	with:
	# usually we use latest, but 3.18.0 has bug https://github.com/helm/helm/issues/30890
	version: v3.17.3
	- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
	- name: Check deepcopy files are up-to-date
	id: deepcopy
	run: \|
	make manifests/deepcopy
	git diff --exit-code
	- name: Check automatic generated docs are up-to-date
	id: doc
	run: \|
	make doc
	git diff --exit-code
	- name: Check mocks are up-to-date
	id: mockery
	run: \|
	make prerequisites/mockery
	make go/gen_mocks
	git diff --exit-code

	security:
	needs: [detect-changes]
	if: >
	needs.detect-changes.outputs.is_snyk_authorized &&
	(needs.detect-changes.outputs.is_protected_branch \|\| needs.detect-changes.outputs.go_changed \|\| needs.detect-changes.outputs.docker_changed \|\| needs.detect-changes.outputs.ci_changed)
	name: Code security scanning alerts
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Run Snyk to check for vulnerabilities
	uses: snyk/actions/golang@9adf32b1121593767fc3c057af55b55db032dc04 # v1.0.0
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }}
	with:
	args: --severity-threshold=high

	govulncheck:
	needs: [detect-changes]
	if: >
	!needs.detect-changes.outputs.is_snyk_authorized &&
	(needs.detect-changes.outputs.is_protected_branch \|\| needs.detect-changes.outputs.go_changed \|\| needs.detect-changes.outputs.docker_changed \|\| needs.detect-changes.outputs.ci_changed)
	name: Govulncheck
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Run govulncheck
	uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
	with:
	go-version-file: "${{ github.workspace }}/go.mod"
	check-latest: true # Always check for the latest patch release
	repo-checkout: false

	markdown-lint:
	needs: [detect-changes]
	if: needs.detect-changes.outputs.markdown_changed
	name: Lint markdown files
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Lint markdown files
	run: make markdown/lint
	- name: Check markdown links
	run: make markdown/link-check

	build-push:
	needs: [detect-changes]
	if: needs.detect-changes.outputs.is_docker_authorized && (needs.detect-changes.outputs.is_protected_branch \|\| needs.detect-changes.outputs.go_changed \|\| needs.detect-changes.outputs.docker_changed \|\| needs.detect-changes.outputs.ci_changed)
	name: Build images
	runs-on: ubuntu-24.04
	permissions:
	packages: write
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Login to Registry
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: ${{ env.IMAGE_REGISTRY }}
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Build image
	uses: ./.github/actions/build-push-image
	with:
	platforms: ${{github.ref_protected && env.PLATFORMS \|\| env.PR_PLATFORMS }}
	images: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}

	run-preflight:
	name: Run preflight on ghcr.io without submitting results when merging to main
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	environment: Release
	needs: [build-push]
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Run preflight
	uses: ./.github/actions/preflight
	with:
	platforms: ${{github.ref_protected && env.PLATFORMS \|\| env.PR_PLATFORMS }}
	images: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}
	report-name: "preflight.json"
	should-submit: "false"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI #24675

Workflow file

CI #24675

Uh oh!

Workflow file for this run