From f6b1c25cf46097529ab06a2fec19595aabbc6d0d Mon Sep 17 00:00:00 2001 From: Remy Moll Date: Mon, 22 Apr 2024 10:31:46 +0200 Subject: [PATCH] add basic actions for more complex workflows --- .github/workflows/build-images.yaml | 49 ++++++++++++++ .github/workflows/test-go.yaml | 54 +++++++++++++++ .github/workflows/test-kubernetes.yaml | 91 ++++++++++++++++++++++++++ 3 files changed, 194 insertions(+) create mode 100644 .github/workflows/build-images.yaml create mode 100644 .github/workflows/test-go.yaml create mode 100644 .github/workflows/test-kubernetes.yaml diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml new file mode 100644 index 0000000..a4504b4 --- /dev/null +++ b/.github/workflows/build-images.yaml @@ -0,0 +1,49 @@ +name: Build docker images + +env: + DOCKER_BASE_NAME: 'ghcr.io/${{ github.repository_owner }}/cert-manager-webhook-dnsimple' + +on: + workflow_call: + inputs: + tags: + description: 'Tags to build the image for (separated by a whitespace)' + required: true + type: string + + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + password: ${{ secrets.GITHUB_TOKEN }} + username: ${{ github.repository_owner }} + + - name: Format tags + id: format-tags + # prepends DOCKER_BASE_NAME to every entry in the string ${{ inputs.tags }} + run: | + echo "TAGS=$(printf '${{ env.DOCKER_BASE_NAME }}/%s,' ${{ inputs.tags }})" >> $GITHUB_OUTPUT + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.format-tags.outputs.TAGS }} diff --git a/.github/workflows/test-go.yaml b/.github/workflows/test-go.yaml new file mode 100644 index 0000000..3e89bb1 --- /dev/null +++ b/.github/workflows/test-go.yaml @@ -0,0 +1,54 @@ +name: Run code tests + +on: + push: + workflow_call: + secrets: + DNSIMPLE_API_TOKEN: + required: true + DNSIMPLE_ZONE_NAME: + required: true + + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: src/go.mod + cache-dependency-path: src/go.sum + + + - name: Install kubebuilder fixtures + id: kubebuilder + run: | + go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest + echo "BIN_DIR=$(setup-envtest use -p path)" >> $GITHUB_OUTPUT + + + - name: Run tests + env: + DNSIMPLE_API_TOKEN: ${{ secrets.DNSIMPLE_API_TOKEN }} + DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME }} + run: | + export TEST_ASSET_KUBE_APISERVER=${{ steps.kubebuilder.outputs.BIN_DIR }}/kube-apiserver + export TEST_ASSET_ETCD=${{ steps.kubebuilder.outputs.BIN_DIR }}/etcd + export TEST_ASSET_KUBECTL=${{ steps.kubebuilder.outputs.BIN_DIR }}/kubectl + export TEST_ZONE_NAME="${DNSIMPLE_ZONE_NAME}." # add trailing dot + echo """apiVersion: v1 + kind: Secret + metadata: + name: dnsimple-token + type: Opaque + stringData: + token: $DNSIMPLE_API_TOKEN + """ > testdata/dnsimple-token.yaml + cd src + go test -v . diff --git a/.github/workflows/test-kubernetes.yaml b/.github/workflows/test-kubernetes.yaml new file mode 100644 index 0000000..80956a5 --- /dev/null +++ b/.github/workflows/test-kubernetes.yaml @@ -0,0 +1,91 @@ +name: Run webhook tests in a full environment + +on: + workflow_call: + secrets: + DNSIMPLE_API_TOKEN: + required: true + DNSIMPLE_ZONE_NAME: + required: true + + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + + - name: Start minikube + uses: medyagh/setup-minikube@master + with: + kubernetes-version: 1.29.3 + + + - name: Install cert-manager and patch upstream dns servers + run: | + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.3/cert-manager.yaml + + + - name: Wait for cert-manager to be ready + run: | + kubectl wait --for=condition=available --timeout=600s deployment/cert-manager-webhook -n cert-manager + kubectl get pods -n cert-manager + kubectl get svc -n cert-manager -o wide + + + - name: Install cert-manager-webhook-dnsimple + env: + DNSIMPLE_API_TOKEN: ${{ secrets.DNSIMPLE_API_TOKEN }} + DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME}} + run: | + helm install cert-manager-webhook-dnsimple ./charts/cert-manager-webhook-dnsimple \ + --namespace cert-manager \ + --set dnsimple.token="$DNSIMPLE_API_TOKEN" \ + --set groupName="acme.$DNSIMPLE_ZONE_NAME" \ + --set image.repository=ghcr.io/${{ github.repository_owner }}/cert-manager-webhook-dnsimple \ + --set clusterIssuer.staging.enabled=true \ + --set clusterIssuer.email="noreply@$DNSIMPLE_ZONE_NAME" \ + --set image.tag=commit-${{ github.sha }} + kubectl get secrets cert-manager-webhook-dnsimple -o yaml + + + - name: Wait for cert-manager-webhook-dnsimple to be ready + run: | + kubectl wait --for=condition=available --timeout=600s deployment/cert-manager-webhook-dnsimple + kubectl get pods + kubectl get svc -o wide + + + - name: Create sample certificate that uses the webhook + env: + DNSIMPLE_ZONE_NAME: ${{ env.DNSIMPLE_ZONE_NAME }} + run: | + kubectl apply -f - <