Remove GITHUB_TOKEN #554
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2025 Intel Corporation | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Lint, Test, Build, and Publish | |
| on: | |
| # Allow manually triggering the workflow | |
| workflow_dispatch: {} | |
| # Run on all commits that are pushed to the main branch | |
| push: | |
| branches: | |
| - main | |
| # Trigger workflow on PRs to all branches | |
| pull_request: | |
| branches: | |
| - "*" | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| # Trigger workflow when enqueued to a merge group | |
| merge_group: | |
| # Only run at most 1 workflow concurrently per PR or per branch to keep costs down | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint-go: | |
| name: Lint Go | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Setup asdf and install dependencies | |
| uses: ./.github/actions/setup-asdf | |
| - uses: actions/cache@v4.2.3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules recursively | |
| run: find . -name "go.mod" -execdir go mod download -x \; | |
| - name: Run lint | |
| run: mage lint:golang | |
| lint-helm: | |
| name: Lint Helm Charts | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Setup asdf and install dependencies | |
| uses: ./.github/actions/setup-asdf | |
| - name: Run lint | |
| run: mage lint:helm | |
| lint-yaml: | |
| name: Lint YAML | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Setup asdf and install dependencies | |
| uses: ./.github/actions/setup-asdf | |
| - name: Run lint | |
| run: mage lint:yaml | |
| lint-dockerfile: | |
| name: Lint Dockerfiles | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Setup asdf and install dependencies | |
| uses: ./.github/actions/setup-asdf | |
| - name: Lint Dockerfiles using hadolint | |
| run: mage lint:dockerfiles | |
| check-license: | |
| name: Check License | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| - name: REUSE Compliance Check | |
| uses: fsfe/reuse-action@v5.0.0 | |
| version-check: | |
| name: Version Check | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| env: | |
| BASEDIR: . | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Checkout action repository | |
| uses: actions/checkout@v4.2.2 | |
| with: | |
| repository: open-edge-platform/orch-ci | |
| path: ci | |
| ref: main | |
| token: ${{ secrets.SYS_ORCH_GITHUB }} | |
| - name: Run Version Check | |
| shell: bash | |
| run: | | |
| ./ci/scripts/version-check.sh | |
| version-tag: | |
| name: Version Tag | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: | |
| - build-containers | |
| - build-helm-charts | |
| env: | |
| BASEDIR: . | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| with: | |
| fetch-tags: true | |
| fetch-depth: 0 | |
| - name: Checkout action repository | |
| uses: actions/checkout@v4.2.2 | |
| with: | |
| repository: open-edge-platform/orch-ci | |
| path: ci | |
| ref: main | |
| token: ${{ secrets.SYS_ORCH_GITHUB }} | |
| - name: Setup asdf and install dependencies | |
| uses: ./.github/actions/setup-asdf | |
| # TODO: This is a temporary solution for buildall script | |
| # We need to find a long term solution that leverages orch-ci workflow | |
| - name: Run Version Tag | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.SYS_ORCH_GITHUB }} | |
| shell: bash | |
| run: | | |
| # Tag the helm charts | |
| pushd charts | |
| for chart in *; do | |
| echo $chart | |
| if [ -d "$chart" ]; then | |
| pushd "$chart" | |
| name=$(yq .name Chart.yaml) | |
| "$GITHUB_WORKSPACE"/ci/scripts/version-tag-param.sh "chart/${name}/v" | |
| popd | |
| fi | |
| done | |
| popd | |
| # Tag the containers | |
| containers=( $(mage listTaggedContainers | yq -r '.images | keys | .[]') ) | |
| for container in "${containers[@]}"; do | |
| version=$(yq .appVersion charts/${container}/Chart.yaml) | |
| tag="${container}/v${version}" | |
| if git ls-remote --exit-code --tags origin $tag > /dev/null; then | |
| echo "Tag $tag already exists in remote, skipping." | |
| else | |
| git tag $tag | |
| git push origin $tag | |
| fi | |
| done | |
| test-go: | |
| name: Test Go | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| needs: | |
| - lint-go | |
| - check-license | |
| - version-check | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Setup asdf and install dependencies | |
| uses: ./.github/actions/setup-asdf | |
| - uses: actions/cache@v4.2.3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules recursively | |
| run: find . -name "go.mod" -execdir go mod download -x \; | |
| - name: Run tests | |
| run: mage test:golang | |
| build-containers: | |
| name: Build and publish containers | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| strategy: | |
| matrix: | |
| version: | |
| [ | |
| authService, | |
| awsSmProxy, | |
| certSynchronizer, | |
| secretsConfig, | |
| squidProxy, | |
| tokenFS, | |
| tenancyAPIMapping, | |
| tenancyManager, | |
| tenancyDatamodel, | |
| nexusAPIGateway, | |
| keycloakTenantController, | |
| nexusCompiler, | |
| openAPIGenerator, | |
| ] | |
| needs: | |
| - lint-yaml | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Setup asdf and install dependencies | |
| uses: ./.github/actions/setup-asdf | |
| - uses: actions/cache@v4.2.3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules recursively | |
| run: find . -name "go.mod" -execdir go mod download -x \; | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3.10.0 | |
| with: | |
| install: true | |
| - name: Build container artifacts | |
| run: | | |
| mage build:${{ matrix.version }} | |
| - name: Configure AWS credentials | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| uses: aws-actions/configure-aws-credentials@v4.1.0 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: Login to ECR | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| uses: docker/login-action@v3.4.0 | |
| with: | |
| registry: 080137407410.dkr.ecr.us-west-2.amazonaws.com | |
| - name: Push container artifacts to ECR | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| run: | | |
| # Images that already exist in the registry will be skipped | |
| mage push:${{ matrix.version }} | |
| build-helm-charts: | |
| name: Build and publish Helm charts | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: | |
| - lint-helm | |
| - lint-yaml | |
| - check-license | |
| - version-check | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Setup asdf and install dependencies | |
| uses: ./.github/actions/setup-asdf | |
| - name: Build Helm charts | |
| run: mage ChartsBuild | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4.1.0 | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: Login to Amazon ECR | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: "080137407410" | |
| - name: Push Helm chart artifacts to ECR | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| run: | | |
| # Charts that already exist in the registry will be skipped | |
| mage push:charts |