build: add ci script (#3)

* feat: add ci script

* feat: add e2e instruction

* chore: add markdown lint

Author: lwpk110

.chainsaw.yaml

@@ -0,0 +1,14 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Configuration
+metadata:
+  name: custom-config
+spec:
+  timeouts:
+    apply: 120s
+    assert: 120s
+    cleanup: 120s
+    delete: 120s
+    error: 120s
+    exec: 45s
+  skipDelete: false
+  failFast: true

.editorconfig

@@ -0,0 +1,35 @@
+root = true
+
+[*]
+charset = utf-8
+max_line_length = 120
+
+[*.proto]
+indent_size = 2
+tab_width = 2
+
+[{*.bash,*.sh,*.zsh}]
+indent_size = 2
+tab_width = 2
+
+[{*.go,*.go2}]
+indent_style = tab
+
+[{*.har,*.jsb2,*.jsb3,*.json,.babelrc,.eslintrc,.prettierrc,.stylelintrc,bowerrc,jest.config}]
+indent_size = 2
+
+[{*.hcl,*.nomad}]
+indent_size = 2
+
+[{*.http,*.rest}]
+indent_size = 0
+
+[{*.pb,*.textproto}]
+indent_size = 2
+tab_width = 2
+
+[{*.tf,*.tfvars}]
+indent_size = 2
+
+[{*.yaml,*.yml}]
+indent_size = 2

.github/dependabot.yml

@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "docker"
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/ci.yml

@@ -0,0 +1,123 @@
+name: CI
+
+on: ['push', 'pull_request']
+
+jobs:
+
+  golang-test:
+    name: Golang Test
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        go-version: ['1.21.x']
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 1
+    - uses: actions/checkout@v4
+    - name: Setup Go ${{ matrix.go-version }}
+      uses: actions/setup-go@v4
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Display Go version
+      run: go version
+    - name: Install dependencies
+      run: go get ./...
+    - name: Test with Go
+      run: make test
+
+  golang-lint:
+    name: Golang Lint
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v4
+      with:
+        go-version: '1.21'
+        cache: false
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v3
+      with:
+        # Require: The version of golangci-lint to use.
+        # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version.
+        # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit.
+        version: v1.54
+
+        # Optional: working directory, useful for monorepos
+        # working-directory: somedir
+
+        # Optional: golangci-lint command line arguments.
+        #
+        # Note: By default, the `.golangci.yml` file should be at the root of the repository.
+        # The location of the configuration file can be changed by using `--config=`
+        # args: --timeout=30m --config=/my/path/.golangci.yml --issues-exit-code=0
+        args: --timeout=30m
+
+        # Optional: show only new issues if it's a pull request. The default value is `false`.
+        # only-new-issues: true
+
+        # Optional: if set to true, then all caching functionality will be completely disabled,
+        #           takes precedence over all other caching options.
+        # skip-cache: true
+
+        # Optional: if set to true, then the action won't cache or restore ~/go/pkg.
+        # skip-pkg-cache: true
+
+        # Optional: if set to true, then the action won't cache or restore ~/.cache/go-build.
+        # skip-build-cache: true
+
+        # Optional: The mode to install golangci-lint. It can be 'binary' or 'goinstall'.
+        # install-mode: "goinstall"
+
+  markdown-lint:
+    name: Markdown Lint
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Checkout Code
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - name: Lint Code Base
+      uses: github/super-linter@v4
+      env:
+        VALIDATE_MARKDOWN: true
+        VALIDATE_ALL_CODEBASE: false
+        DEFAULT_BRANCH: main
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        LINTER_RULES_PATH: /
+        MARKDOWN_CONFIG_FILE: .markdownlint.yml
+
+  deploy-operator:
+    name: Deploy operator
+    if: github.event_name == 'push' && github.ref_type == 'tag' && github.repository_owner == 'zncdata-labs'
+    runs-on: ubuntu-22.04
+    needs:
+    - golang-test
+    - markdown-lint
+    - golang-lint
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 1
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+      with:
+        platforms: linux/amd64,linux/arm64
+    - name: Login to quay.io
+      uses: docker/login-action@v2
+      with:
+        registry: quay.io
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+
+    - name: Build and push operator
+      run: |
+        make docker-buildx
+
+    - name: Build and push operator bundle
+      run: |
+        make bundle
+        make bundle-buildx
+

.github/workflows/e2e.yml

@@ -0,0 +1,36 @@
+# e2e test
+
+name: e2e-test
+
+on: ['push', 'pull_request']
+
+jobs:
+  chainsaw-test:
+    name: Chainsaw Test
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        k8s-version: ['1.26.14', '1.27.11']
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v4
+      with:
+        go-version: '1.21'
+        cache: false
+
+    - name: Create KinD cluster
+      env:
+        KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+        KIND_KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+        ENVTEST_K8S_VERSION: ${{ matrix.k8s-version}}
+      run: make kind-create
+    - name: Chainsaw test setup
+      env:
+        KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+        KIND_KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+      run: make chainsaw-setup
+    - name: Test with Chainsaw
+      env:
+        KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+        KIND_KUBECONFIG: kind-kubeconfig-${{ matrix.k8s-version }}
+      run: make chainsaw-test

.markdownlint.yml

@@ -0,0 +1,20 @@
+MD007:
+  indent: 4
+  start_indented: false
+
+MD013:
+  line_length: 200
+  heading_line_length: 80
+  code_block_line_length: 200
+  code_blocks: true
+  tables: true
+  headings: true
+  headers: true
+  strict: false
+  stern: false
+
+MD012:
+  maximum: 20
+
+MD046: false
+MD051: false

Makefile

@@ -57,7 +57,7 @@ OPERATOR_SDK_VERSION ?= v1.33.0
 # Image URL to use all building/pushing image targets
 IMG ?= $(REGISTRY)/$(PROJECT_NAME):v$(VERSION)
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.26.1
+ENVTEST_K8S_VERSION = 1.26.14
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -293,3 +293,86 @@ catalog-build: opm ## Build a catalog image.
 .PHONY: catalog-push
 catalog-push: ## Push a catalog image.
 	$(MAKE) docker-push IMG=$(CATALOG_IMG)
+
+##@ E2E
+
+# kind
+KIND_VERSION ?= v0.22.0
+
+KIND_KUBECONFIG ?= ./kind-kubeconfig
+KIND_CLUSTER_NAME ?= ${PROJECT_NAME}
+
+.PHONY: kind
+KIND = $(LOCALBIN)/kind
+kind: ## Download kind locally if necessary.
+ifeq (,$(shell which $(KIND)))
+ifeq (,$(shell which kind 2>/dev/null))
+	@{ \
+	set -e ;\
+	go install sigs.k8s.io/kind@$(KIND_VERSION) ;\
+	}
+KIND = $(GOBIN)/bin/kind
+else
+KIND = $(shell which kind)
+endif
+endif
+
+OLM_VERSION ?= v0.27.0
+
+# Create a kind cluster, install ingress-nginx, and wait for it to be available.
+.PHONY: kind-create
+kind-create: kind ## Create a kind cluster.
+	$(KIND) create cluster --config test/e2e/kind-$(ENVTEST_K8S_VERSION).yaml --name $(KIND_CLUSTER_NAME) --kubeconfig $(KIND_KUBECONFIG) --wait 120s
+	make kind-setup KUBECONFIG=$(KIND_KUBECONFIG)
+
+.PHONY: kind-setup
+kind-setup: kind ## setup kind cluster base environment
+	@echo "\nSetup kind cluster base environment, install ingress-nginx and OLM"
+	kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+	kubectl -n ingress-nginx wait deployment ingress-nginx-controller --for=condition=available --timeout=300s
+	curl -sSL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/$(OLM_VERSION)/install.sh | bash -s $(OLM_VERSION)
+
+.PHONY: kind-delete
+kind-delete: kind ## Delete a kind cluster.
+	$(KIND) delete cluster --name $(KIND_CLUSTER_NAME)
+
+# chainsaw
+
+CHAINSAW_VERSION ?= v0.1.8
+
+.PHONY: chainsaw
+CHAINSAW = $(LOCALBIN)/chainsaw
+chainsaw: ## Download chainsaw locally if necessary.
+ifeq (,$(shell which $(CHAINSAW)))
+ifeq (,$(shell which chainsaw 2>/dev/null))
+	@{ \
+	set -e ;\
+	go install github.com/kyverno/chainsaw@$(CHAINSAW_VERSION) ;\
+	}
+CHAINSAW = $(GOBIN)/chainsaw
+else
+CHAINSAW = $(shell which chainsaw)
+endif
+endif
+
+# chainsaw setup logical
+# - Build the operator docker image
+# - Load the operator docker image into the kind cluster. When create
+#   operator deployment, it will use the image in the kind cluster.
+# - Rebuild the bundle. If override VERSION / REGISTRY or other variables,
+#   we need to rebuild the bundle to use the new image, or other changes.
+.PHONY: chainsaw-setup
+chainsaw-setup: manifests kustomize ## Run the chainsaw setup
+	@echo "\nSetup chainsaw test environment"
+	make docker-build
+	$(KIND) --name $(KIND_CLUSTER_NAME) load docker-image $(IMG)
+	make deploy KUBECONFIG=$(KIND_KUBECONFIG)
+
+.PHONY: chainsaw-test
+chainsaw-test: chainsaw ## Run the chainsaw test
+	$(CHAINSAW) test --cluster cluster-1=$(KIND_KUBECONFIG) --test-dir ./test/e2e
+
+
+.PHONY: chainsaw-cleanup
+chainsaw-cleanup: manifests kustomize ## Run the chainsaw cleanup
+	make undeploy KUBECONFIG=$(KIND_KUBECONFIG)

chainsaw.yaml

@@ -0,0 +1,8 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Configuration
+metadata:
+  name: e2e
+spec:
+  skipDelete: false
+  failFast: true
+  parallel: 4

test/e2e/kind-1.26.14.yaml

@@ -0,0 +1,18 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  image: kindest/node:v1.26.14@sha256:5d548739ddef37b9318c70cb977f57bf3e5015e4552be4e27e57280a8cbb8e4f
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+  - containerPort: 80
+    hostPort: 18080
+    protocol: TCP
+  - containerPort: 443
+    hostPort: 18443
+    protocol: TCP

test/e2e/kind-1.27.11.yaml

@@ -0,0 +1,18 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  image: kindest/node:v1.27.11@sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+  - containerPort: 80
+    hostPort: 18080
+    protocol: TCP
+  - containerPort: 443
+    hostPort: 18443
+    protocol: TCP