build(deps): bump k8s.io/api from 0.36.0 to 0.36.1 #147
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: | |
| - "**" | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - "*.*.*" | |
| - "v*.*.*" | |
| workflow_dispatch: | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6.0.2 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v9.2.0 | |
| with: | |
| version: v2.11.1 | |
| args: --timeout=10m | |
| test-coverage: | |
| name: Test coverage | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6.0.2 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Run tests with coverage | |
| run: go test -coverprofile=coverage.out -covermode=atomic ./... | |
| - name: Upload to Codecov | |
| uses: codecov/codecov-action@v6.0.1 | |
| with: | |
| files: coverage.out | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| govulncheck: | |
| name: Vulnerability check | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6.0.2 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Run govulncheck | |
| uses: golang/govulncheck-action@v1.0.4 | |
| with: | |
| go-package: ./... | |
| repo-checkout: false | |
| release: | |
| name: Release binaries | |
| runs-on: ubuntu-latest | |
| needs: [lint, test-coverage, govulncheck] | |
| if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || github.actor == 'nektos/act' | |
| timeout-minutes: 20 | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Release binaries | |
| if: github.actor != 'nektos/act' | |
| uses: goreleaser/goreleaser-action@v7.2.1 | |
| with: | |
| distribution: goreleaser | |
| version: "~> v2" | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| build-and-push: | |
| name: Build ${{ matrix.arch }} image | |
| runs-on: ubuntu-latest | |
| needs: release | |
| if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || github.actor == 'nektos/act' | |
| timeout-minutes: 20 | |
| strategy: | |
| matrix: | |
| arch: [amd64, arm64] | |
| permissions: | |
| actions: write | |
| contents: read | |
| packages: write | |
| outputs: | |
| image_ref: ${{ steps.image.outputs.image_ref }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6.0.2 | |
| - name: Set up Go | |
| if: github.actor == 'nektos/act' | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Build release binary (local) | |
| if: github.actor == 'nektos/act' | |
| run: | | |
| mkdir -p dist | |
| CGO_ENABLED=0 GOOS=linux GOARCH=${{ matrix.arch }} go build -o "dist/k8s-mongo-labeler-sidecar-linux-${{ matrix.arch }}" ./ | |
| - name: Download release binary | |
| if: github.actor != 'nektos/act' | |
| run: | | |
| mkdir -p dist | |
| TAG="${GITHUB_REF#refs/tags/}" | |
| gh release download "${TAG}" --pattern "k8s-mongo-labeler-sidecar_*_linux_${{ matrix.arch }}.tar.gz" --dir /tmp | |
| tar -xzf /tmp/k8s-mongo-labeler-sidecar_*_linux_${{ matrix.arch }}.tar.gz -C dist/ | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| if: matrix.arch != 'amd64' | |
| uses: docker/setup-qemu-action@v4.0.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4.0.0 | |
| - name: Log in to GitHub Container Registry | |
| if: github.actor != 'nektos/act' | |
| uses: docker/login-action@v4.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set integration image ref | |
| id: image | |
| run: | | |
| if [[ "${GITHUB_ACTOR}" == "nektos/act" ]]; then | |
| echo "image_ref=mongo-labeler:ci-local" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "image_ref=ghcr.io/${GITHUB_REPOSITORY,,}:sha-${GITHUB_SHA}-amd64" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Extract Docker metadata | |
| if: github.actor != 'nektos/act' | |
| id: meta | |
| uses: docker/metadata-action@v6.0.0 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=tag,suffix=-${{ matrix.arch }} | |
| type=sha,prefix=sha-,format=long,suffix=-${{ matrix.arch }} | |
| annotations: | | |
| org.opencontainers.image.description=Kubernetes sidecar that detects MongoDB replica set primary and labels the pod with primary=true for service selection. | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v7.1.0 | |
| with: | |
| context: . | |
| file: ./Dockerfile.dist | |
| platforms: linux/${{ matrix.arch }} | |
| push: ${{ github.actor != 'nektos/act' }} | |
| load: ${{ github.actor == 'nektos/act' && matrix.arch == 'amd64' }} | |
| tags: ${{ github.actor == 'nektos/act' && steps.image.outputs.image_ref || steps.meta.outputs.tags }} | |
| labels: ${{ github.actor != 'nektos/act' && steps.meta.outputs.labels || '' }} | |
| annotations: ${{ github.actor != 'nektos/act' && steps.meta.outputs.annotations || '' }} | |
| manifest: | |
| name: Create manifest list | |
| runs-on: ubuntu-latest | |
| needs: build-and-push | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
| timeout-minutes: 10 | |
| permissions: | |
| packages: write | |
| steps: | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v4.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create manifest lists | |
| run: | | |
| IMAGE="ghcr.io/${GITHUB_REPOSITORY,,}" | |
| SHA="sha-${GITHUB_SHA}" | |
| TAG="${GITHUB_REF#refs/tags/}" | |
| # Create :sha-<commit> manifest | |
| docker buildx imagetools create -t "${IMAGE}:${SHA}" \ | |
| "${IMAGE}:${SHA}-amd64" "${IMAGE}:${SHA}-arm64" | |
| # Create :<tag> manifest | |
| docker buildx imagetools create -t "${IMAGE}:${TAG}" \ | |
| "${IMAGE}:${TAG}-amd64" "${IMAGE}:${TAG}-arm64" | |
| integration-test: | |
| name: Integration test | |
| runs-on: ubuntu-latest | |
| needs: build-and-push | |
| if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || github.actor == 'nektos/act' | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: read | |
| packages: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6.0.2 | |
| - name: Log in to GitHub Container Registry | |
| if: github.actor != 'nektos/act' | |
| uses: docker/login-action@v4.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Pull CI image | |
| if: github.actor != 'nektos/act' | |
| run: docker pull "${{ needs.build-and-push.outputs.image_ref }}" | |
| - name: Set up kubectl | |
| uses: azure/setup-kubectl@v5.1.0 | |
| - name: Set up kind | |
| uses: helm/kind-action@v1.14.0 | |
| with: | |
| cluster_name: kind-mongo-labeler | |
| version: v0.31.0 | |
| install_only: true | |
| - name: Run integration test | |
| env: | |
| LABELER_IMAGE: ${{ needs.build-and-push.outputs.image_ref }} | |
| USE_PREBUILT_IMAGE: "true" | |
| run: ./test/integration/run.sh |