Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.39 to 1.17.41 #1214
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Test Incoming Changes | |
| 'on': | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| env: | |
| COLLECTOR_CONTAINER_NAME: tnf-collector | |
| REGISTRY: quay.io | |
| COLLECTOR_IMAGE_NAME: redhat-best-practices-for-k8s/collector | |
| COLLECTOR_IMAGE_TAG: unstable | |
| COLLECTOR_IMAGE_NAME_LEGACY: testnetworkfunction/collector | |
| CERTSUITE_IMAGE_NAME: redhat-best-practices-for-k8s/certsuite | |
| CERTSUITE_CONFIG_DIR: /tmp/certsuite/config | |
| CERTSUITE_OUTPUT_DIR: /tmp/certsuite/output | |
| SMOKE_TESTS_LABELS_FILTER: all | |
| jobs: | |
| lint: | |
| name: Run Linter and Vet | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-22.04] | |
| env: | |
| SHELL: /bin/bash | |
| CM_BIN: /usr/local/bin/checkmake | |
| CM_URL_LINUX: https://github.com/mrtazz/checkmake/releases/download/0.2.2/checkmake-0.2.2.linux.amd64 # yamllint disable-line | |
| steps: | |
| - name: Set up Go 1.23 | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.23.2 | |
| - name: Disable default go problem matcher | |
| run: echo "::remove-matcher owner=go::" | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.sha }} | |
| - name: Extract dependent Pull Requests | |
| uses: depends-on/depends-on-action@main | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install checkmake | |
| run: | | |
| curl --location --output $CM_BIN --silent $CM_URL_LINUX | |
| chmod +x $CM_BIN | |
| - name: Install Shfmt | |
| uses: mfinelli/setup-shfmt@v3 | |
| - name: Golangci-lint | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: v1.60 | |
| args: --timeout 10m0s | |
| - name: Checkmake | |
| run: checkmake --config=.checkmake Makefile | |
| if: runner.os == 'Linux' | |
| - name: Hadolint | |
| uses: hadolint/[email protected] | |
| with: | |
| dockerfile: Dockerfile | |
| recursive: true | |
| if: runner.os == 'Linux' | |
| - name: Shfmt | |
| run: shfmt -d scripts/*.sh | |
| - name: Markdownlint | |
| uses: nosborn/[email protected] | |
| with: | |
| files: . | |
| if: runner.os == 'Linux' | |
| - name: ShellCheck | |
| uses: ludeeus/action-shellcheck@master | |
| # Temporarily disabled due to issues with the action | |
| # - name: Typos | |
| # uses: crate-ci/typos@master | |
| # if: runner.os == 'Linux' | |
| - name: Yamllint | |
| uses: ibiqlik/action-yamllint@v3 | |
| with: | |
| config_file: .yamllint.yml | |
| file_or_dir: .github/*.yml .github/workflows/*.yaml .yamllint.yml | |
| strict: true | |
| - name: make vet | |
| run: make vet | |
| build-and-push-image: | |
| name: "Build and Push Image" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@v4 | |
| # Build Collector image with unstable tag | |
| - name: Build the image | |
| run: make build-image-collector | |
| env: | |
| COLLECTOR_IMAGE_TAG: ${{ env.COLLECTOR_IMAGE_TAG }} | |
| # Push the new unstable TNF image to Quay.io. | |
| - name: (if on main and upstream) Authenticate against Quay.io | |
| if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| # Use a Robot Account to authenticate against Quay.io | |
| # https://docs.quay.io/glossary/robot-accounts.html | |
| username: ${{ secrets.QUAY_ROBOT_USERNAME_K8S }} | |
| password: ${{ secrets.QUAY_ROBOT_TOKEN_K8S }} | |
| - name: (if on main and upstream) Push the newly built image to Quay.io | |
| if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
| run: docker push --all-tags ${REGISTRY}/${COLLECTOR_IMAGE_NAME} | |
| - uses: webfactory/[email protected] | |
| name: (if on main and upstream) Add SSH key to agent | |
| if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
| with: | |
| ssh-private-key: ${{ secrets.COLLECTOR_KEYPAIR }} | |
| build-and-push-image-legacy: | |
| name: "Build and Push Image (Legacy)" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@v4 | |
| # Build Collector image with unstable tag | |
| - name: Build the image | |
| run: make build-image-collector-legacy | |
| env: | |
| COLLECTOR_IMAGE_TAG: ${{ env.COLLECTOR_IMAGE_TAG }} | |
| # Push the new unstable TNF image to Quay.io. | |
| - name: (if on main and upstream) Authenticate against Quay.io | |
| if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| # Use a Robot Account to authenticate against Quay.io | |
| # https://docs.quay.io/glossary/robot-accounts.html | |
| username: ${{ secrets.QUAY_ROBOT_USERNAME }} | |
| password: ${{ secrets.QUAY_ROBOT_TOKEN }} | |
| - name: (if on main and upstream) Push the newly built image to Quay.io | |
| if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
| run: docker push --all-tags ${REGISTRY}/${COLLECTOR_IMAGE_NAME_LEGACY} | |
| - uses: webfactory/[email protected] | |
| name: (if on main and upstream) Add SSH key to agent | |
| if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
| with: | |
| ssh-private-key: ${{ secrets.COLLECTOR_KEYPAIR }} | |
| sanity-check: | |
| name: Run Collector's sanity check | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| certsuite_img_tag: [unstable, latest] | |
| env: | |
| SHELL: /bin/bash | |
| KUBECONFIG: '/home/runner/.kube/config' | |
| PFLT_DOCKERCONFIG: '/home/runner/.docker/config' | |
| steps: | |
| - name: Write temporary docker file | |
| run: | | |
| mkdir -p /home/runner/.docker | |
| touch ${PFLT_DOCKERCONFIG} | |
| echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG} | |
| # Perform smoke tests using a Certsuite container. | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| ref: ${{ github.sha }} | |
| - name: Check out `certsuite` | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| repository: redhat-best-practices-for-k8s/certsuite | |
| path: certsuite | |
| - name: Setup partner cluster | |
| uses: ./certsuite/.github/actions/setup-partner-cluster | |
| with: | |
| working_directory: certsuite | |
| make-command: 'install' | |
| # Clean up unused container image layers. We need to filter out a possible error return code | |
| # from docker with "|| true" as some images might still be used by running kind containers and | |
| # will not be removed. | |
| - name: Remove unnamed/dangling container images to save space. Show disk space before and after removing them. | |
| run: | | |
| df -h | |
| docker rmi $(docker images -f "dangling=true" -q) || true | |
| df -h | |
| - name: Create required Certsuite config files and directories | |
| run: | | |
| mkdir -p $CERTSUITE_CONFIG_DIR $CERTSUITE_OUTPUT_DIR | |
| cp /home/runner/.kube/config $CERTSUITE_CONFIG_DIR/kubeconfig | |
| cp /home/runner/.docker/config $CERTSUITE_CONFIG_DIR/dockerconfig | |
| cp certsuite/config/*.yml $CERTSUITE_CONFIG_DIR | |
| shell: bash | |
| - name: Get Collector's CI credentials | |
| run: | | |
| echo "collector_ciuser=ciuser_${{ matrix.certsuite_img_tag }}_${{ github.run_id }}" >> $GITHUB_OUTPUT | |
| echo "collector_cipassword=cipassword" >> $GITHUB_OUTPUT | |
| id: set_collector_ci_creds | |
| - name: Update Collector's CI credentials and Print username | |
| run: | | |
| echo Collector CI username: ${{ steps.set_collector_ci_creds.outputs.collector_ciuser }} | |
| echo "COLLECTOR_CIUSER=${{ steps.set_collector_ci_creds.outputs.collector_ciuser }}" >> $GITHUB_ENV | |
| echo "COLLECTOR_CIPASSWORD=${{ steps.set_collector_ci_creds.outputs.collector_cipassword }}" >> $GITHUB_ENV | |
| - name: Ensure COLLECTOR_CIUSER and COLLECTOR_CIPASSWORD are set | |
| run: '[[ -n "$COLLECTOR_CIUSER" ]] && [[ -n "$COLLECTOR_CIPASSWORD" ]]' | |
| - name: Modify Certsuite config with CI collector credentials | |
| run: | | |
| sed -i\ | |
| -e '/executedBy/s/""/"CI"/g' \ | |
| -e '/partnerName/s/""/"${{ env.COLLECTOR_CIUSER }}"/g' \ | |
| -e '/collectorAppPassword/s/""/"${{ env.COLLECTOR_CIPASSWORD }}"/g' \ | |
| $CERTSUITE_CONFIG_DIR/certsuite_config.yml | |
| # - name: Setup tmate session | |
| # uses: mxschmitt/action-tmate@v3 | |
| - name: 'Run Smoke Tests in a Certsuite unstable container with the certsuite command' | |
| run: | | |
| docker run --rm --network host \ | |
| -v $CERTSUITE_CONFIG_DIR:/usr/certsuite/config:Z \ | |
| -v $CERTSUITE_OUTPUT_DIR:/usr/certsuite/output:Z \ | |
| ${REGISTRY}/${CERTSUITE_IMAGE_NAME}:${{ matrix.certsuite_img_tag }} \ | |
| certsuite run \ | |
| --output-dir=/usr/certsuite/output \ | |
| --preflight-dockerconfig=/usr/certsuite/config/dockerconfig \ | |
| --offline-db=/usr/offline-db \ | |
| --enable-data-collection=true \ | |
| --log-level=${SMOKE_TESTS_LOG_LEVEL} \ | |
| --config-file=/usr/certsuite/config/certsuite_config.yml \ | |
| --kubeconfig=/usr/certsuite/config/kubeconfig \ | |
| --label-filter="${SMOKE_TESTS_LABELS_FILTER}" | |
| - name: Run sanity check on collector | |
| id: collector_sanity_check | |
| uses: ./.github/actions/run-sanity-check | |
| with: | |
| collector_username: ${COLLECTOR_CIUSER} | |
| collector_password: ${COLLECTOR_CIPASSWORD} |