diff --git a/.github/workflows/check-codegen.yml b/.github/workflows/check-codegen.yml new file mode 100644 index 00000000..b7a1b174 --- /dev/null +++ b/.github/workflows/check-codegen.yml @@ -0,0 +1,38 @@ +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-License-Identifier: Apache-2.0 + +name: Check Codegen + +on: + pull_request: + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + +jobs: + check-codegen: + name: Detect Drift + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 + with: + go-version-file: 'go.mod' + - name: Run make generate + run: make generate + - name: Run make docs + run: make docs + - name: Run make charts + run: make charts + - name: Run fmt + run: make fmt + - name: Compare the expected and actual generated/* directories + run: | + if [ "$(git diff | wc -l)" -gt "0" ]; then + echo "Detected uncommitted changes after build. Consider running 'make generate && make docs && make charts && make fmt'." + echo "See status below:" + git diff + exit 1 + fi diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml deleted file mode 100644 index 2239b325..00000000 --- a/.github/workflows/checks.yaml +++ /dev/null @@ -1,56 +0,0 @@ -################################################################################ -# This file is AUTOGENERATED with # -# Edit Makefile.maker.yaml instead. # -################################################################################ - -# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company -# SPDX-License-Identifier: Apache-2.0 - -name: Checks -"on": - push: - branches: - - main - pull_request: - branches: - - '*' - workflow_dispatch: {} -permissions: - checks: write - contents: read -jobs: - checks: - name: Checks - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v6 - - name: Set up Go - uses: actions/setup-go@v6 - with: - check-latest: true - go-version: 1.26.1 - - name: Run prepare make target - run: make generate - - name: Run golangci-lint - uses: golangci/golangci-lint-action@v9 - with: - version: latest - - name: Delete pre-installed shellcheck - run: sudo rm -f $(which shellcheck) - - name: Run shellcheck - run: make run-shellcheck - - name: Dependency Licenses Review - run: make check-dependency-licenses - - name: Check for spelling errors - uses: crate-ci/typos@v1 - env: - CLICOLOR: "1" - - name: Delete typos binary - run: rm typos - - name: Check if source code files have license header - run: make check-addlicense - - name: Install govulncheck - run: go install golang.org/x/vuln/cmd/govulncheck@latest - - name: Run govulncheck - run: govulncheck -format text ./... diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 5d30ca3e..00000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,79 +0,0 @@ -################################################################################ -# This file is AUTOGENERATED with # -# Edit Makefile.maker.yaml instead. # -################################################################################ - -# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company -# SPDX-License-Identifier: Apache-2.0 - -name: CI -"on": - push: - branches: - - main - paths-ignore: - - '**.md' - pull_request: - branches: - - '*' - paths-ignore: - - '**.md' - workflow_dispatch: {} -permissions: - contents: read -jobs: - build: - name: Build - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v6 - - name: Set up Go - uses: actions/setup-go@v6 - with: - check-latest: true - go-version: 1.26.1 - - name: Run prepare make target - run: make generate - - name: Build all binaries - run: make build-all - code_coverage: - name: Code coverage report - if: github.event_name == 'pull_request' && github.base_ref == 'main' - needs: - - test - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v6 - - name: Post coverage report - uses: fgrosse/go-coverage-report@v1.2.0 - with: - coverage-artifact-name: code-coverage - coverage-file-name: cover.out - permissions: - actions: read - contents: read - pull-requests: write - test: - name: Test - needs: - - build - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v6 - - name: Set up Go - uses: actions/setup-go@v6 - with: - check-latest: true - go-version: 1.26.1 - - name: Run prepare make target - run: make generate - - name: Run tests and generate coverage report - run: make build/cover.out - - name: Archive code coverage results - uses: actions/upload-artifact@v7 - with: - name: code-coverage - path: build/cover.out diff --git a/.github/workflows/kustomize-validation.yml b/.github/workflows/kustomize-validation.yml new file mode 100644 index 00000000..4b0e38d7 --- /dev/null +++ b/.github/workflows/kustomize-validation.yml @@ -0,0 +1,25 @@ +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-License-Identifier: Apache-2.0 + +name: Kustomize + +on: + pull_request: + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + +jobs: + kustomize-validation: + name: Validate + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: Install Kustomize + run: | + make install-kustomize + - name: Validate Kustomize + run: | + ./hack/validate-kustomize.sh diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..fb164b73 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,66 @@ +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-License-Identifier: Apache-2.0 + +name: Lint + +on: + pull_request: + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + +jobs: + lint: + name: Check Go Code + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 + with: + go-version-file: 'go.mod' + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v9 + with: + version: latest + vulnerabilities: + name: Check Vulnerabilities + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 + with: + go-version: 'stable' + - name: Install govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + - name: Run govulncheck + run: govulncheck -format text ./... + spelling: + name: Check Spelling Errors + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: Run typos + uses: crate-ci/typos@v1 + env: + CLICOLOR: "1" + shellcheck: + name: Check Shell Scripts + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: Run shellcheck + uses: reviewdog/action-shellcheck@v1 + license: + name: Check Licenses + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 + with: + go-version-file: 'go.mod' + - name: Dependency Licenses Review + run: make check-dependency-licenses + - name: Check if source code files have license header + run: make check-addlicense diff --git a/.github/workflows/publish-chart.yml b/.github/workflows/publish-chart.yml new file mode 100644 index 00000000..cc9c6ee3 --- /dev/null +++ b/.github/workflows/publish-chart.yml @@ -0,0 +1,60 @@ +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-License-Identifier: Apache-2.0 + +name: Helm Chart + +on: + push: + tags: + - 'v*' + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + pull_request: + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + +permissions: + contents: read + packages: write + +jobs: + build-and-push-chart: + name: Build and Push Helm Chart + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v4.1.0 + - name: Determine Chart Version + id: chart_version + run: | + if [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + # Use tag version (strip 'v' prefix) + CHART_VERSION="${GITHUB_REF#refs/tags/v}" + else + # Use short commit hash + CHART_VERSION="0.0.0-$(git rev-parse --short HEAD)" + fi + echo "version=$CHART_VERSION" >> $GITHUB_OUTPUT + - name: Build Helm Dependencies + run: | + helm dependency build charts/network-operator + - name: Package Helm Chart + run: | + helm package charts/network-operator --version ${{ steps.chart_version.outputs.version }} + - name: Login to GitHub Container Registry + if: github.event_name != 'pull_request' + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin + - name: Push Helm Chart to ghcr.io + if: github.event_name != 'pull_request' + run: | + helm push network-operator-${{ steps.chart_version.outputs.version }}.tgz oci://ghcr.io/${{ github.repository_owner }}/charts diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index 4d96c833..2cc6efe0 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -5,20 +5,21 @@ name: Documentation on: push: - branches: [main] + branches: + - main pull_request: - types: [ assigned, opened, synchronize, reopened ] - workflow_dispatch: - -permissions: - contents: read - pages: write - id-token: write + branches: + - main concurrency: group: pages cancel-in-progress: false +permissions: + contents: read + id-token: write + pages: write + jobs: build: name: Build VitePress Site diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml new file mode 100644 index 00000000..1e522349 --- /dev/null +++ b/.github/workflows/publish-image.yml @@ -0,0 +1,99 @@ +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-License-Identifier: Apache-2.0 + +name: Container Image + +on: + push: + tags: + - 'v*' + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + pull_request: + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + +permissions: + contents: read + packages: write + +jobs: + build-and-push-image: + name: Build and Push Docker Image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: | + # https://github.com/docker/metadata-action#typeedge + type=edge + # https://github.com/docker/metadata-action#latest-tag + type=raw,value=latest,enable={{is_default_branch}} + # https://github.com/docker/metadata-action#typesemver + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + # https://github.com/docker/metadata-action#typeref + type=ref,event=branch + type=ref,event=pr + # https://github.com/docker/metadata-action#typesha + type=sha,format=long + - name: Extract build-args for Docker + id: build_args + run: | + echo "version=$(git describe --tags --always --abbrev=7)" >> $GITHUB_OUTPUT + echo "commit=$(git rev-parse --verify HEAD)" >> $GITHUB_OUTPUT + echo "date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + id: setup-buildx + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Go Cache for Docker + uses: actions/cache@v4 + id: cache + with: + path: | + go-pkg-mod + go-build-cache + key: cache-mount-${{ hashFiles('go.sum') }} + - name: Restore Docker Cache Mounts + uses: reproducible-containers/buildkit-cache-dance@v3.3.2 + with: + cache-map: | + { + "go-pkg-mod": "/go/pkg/mod", + "go-build-cache": "/root/.cache/go-build" + } + skip-extraction: ${{ steps.cache.outputs.cache-hit }} + builder: ${{ steps.setup-buildx.outputs.name }} + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + build-args: | + BININFO_VERSION=${{ steps.build_args.outputs.version }} + BININFO_COMMIT_HASH=${{ steps.build_args.outputs.commit }} + BININFO_BUILD_DATE=${{ steps.build_args.outputs.date }} + platforms: linux/amd64,linux/arm64 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-to: type=gha,mode=max + cache-from: type=gha diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/release.yml similarity index 55% rename from .github/workflows/goreleaser.yaml rename to .github/workflows/release.yml index 38c427d8..ec401882 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/release.yml @@ -1,33 +1,26 @@ -################################################################################ -# This file is AUTOGENERATED with # -# Edit Makefile.maker.yaml instead. # -################################################################################ - -# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company # SPDX-License-Identifier: Apache-2.0 -name: goreleaser -"on": +name: Release + +on: push: tags: - - '*' + - 'v*' + permissions: contents: write packages: write + jobs: release: - name: goreleaser + name: Publish Release runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@v6 + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 with: - check-latest: true - go-version: 1.26.1 + go-version-file: 'go.mod' - name: Run prepare make target run: make generate - name: Install syft diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml deleted file mode 100644 index affe89df..00000000 --- a/.github/workflows/reuse.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors -# SPDX-License-Identifier: Apache-2.0 - -name: REUSE Compliance -on: - push: - branches: - - main - pull_request: - branches: - - '*' - workflow_dispatch: {} -permissions: - contents: read -jobs: - test: - name: Check - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: REUSE Compliance Check - uses: fsfe/reuse-action@v6 diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml new file mode 100644 index 00000000..fdc013ac --- /dev/null +++ b/.github/workflows/reuse.yml @@ -0,0 +1,27 @@ +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-License-Identifier: Apache-2.0 + +name: REUSE + +on: + push: + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + pull_request: + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + +jobs: + compliance-check: + name: Compliance Check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: Compliance Check + uses: fsfe/reuse-action@v5 diff --git a/.github/workflows/size-label.yml b/.github/workflows/size-label.yml new file mode 100644 index 00000000..433b492c --- /dev/null +++ b/.github/workflows/size-label.yml @@ -0,0 +1,25 @@ +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-License-Identifier: Apache-2.0 +# +name: Size Label + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + contents: read + pull-requests: write + +jobs: + size-label: + name: Label PR with size + runs-on: ubuntu-latest + steps: + - name: size-label + uses: pascalgn/size-label-action@v0.5.5 + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yml similarity index 85% rename from .github/workflows/stale.yaml rename to .github/workflows/stale.yml index 79d72896..f07d1d7b 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yml @@ -1,17 +1,21 @@ -# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors # SPDX-License-Identifier: Apache-2.0 -name: Close inactive issues +name: Stale + on: schedule: - cron: "35 1 * * *" +permissions: + contents: read + issues: write + pull-requests: write + jobs: close-issues: + name: Close Inactive Issues and PRs runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write steps: - uses: actions/stale@v9 with: diff --git a/.github/workflows/test-chart.yml b/.github/workflows/test-chart.yml index 3ee1d13e..380bcb5c 100644 --- a/.github/workflows/test-chart.yml +++ b/.github/workflows/test-chart.yml @@ -1,62 +1,43 @@ -# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors # SPDX-License-Identifier: Apache-2.0 -name: Test +name: Test Chart + on: - push: - branches: - - main - paths-ignore: - - '**.md' pull_request: branches: - - '*' + - main paths-ignore: - - '**.md' - workflow_dispatch: {} -permissions: - contents: read + - 'docs/**' + - '**/*.md' + jobs: test-chart: - name: Chart + name: Run Chart Tests runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v6 + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 with: - check-latest: true - go-version: 1.26.1 - - name: Fetch latest kubectl version - id: kubectl - run: | - KUBECTL_VERSION=$(curl -sL https://dl.k8s.io/release/stable.txt) - echo "version=$KUBECTL_VERSION" >> $GITHUB_OUTPUT - - name: Fetch latest kind version - id: kind + go-version-file: 'go.mod' + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: latest + - name: Lint Helm Chart run: | - KIND_VERSION=$(curl -s https://api.github.com/repos/kubernetes-sigs/kind/releases/latest | grep '"tag_name":' | cut -d'"' -f4) - echo "version=$KIND_VERSION" >> $GITHUB_OUTPUT - - name: Create k8s kind cluster + helm lint ./charts/network-operator + - name: Create kind cluster uses: helm/kind-action@v1 with: - version: ${{ steps.kind.outputs.version }} + version: v0.31.0 + kubectl_version: v1.35.0 cluster_name: kind - kubectl_version: ${{ steps.kubectl.outputs.version }} - name: Prepare network-operator run: | - go mod tidy + go mod download make docker-build IMG=network-operator:v0.1.0 kind load docker-image network-operator:v0.1.0 - - name: Install Helm - run: | - curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - - name: Verify Helm installation - run: helm version - - name: Lint Helm Chart - run: | - helm lint ./charts/network-operator - name: Install cert-manager via Helm run: | helm repo add jetstack https://charts.jetstack.io @@ -67,28 +48,10 @@ jobs: kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-cainjector kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-webhook -# TODO: Uncomment if Prometheus is enabled -# - name: Install Prometheus Operator CRDs -# run: | -# helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -# helm repo update -# helm install prometheus-crds prometheus-community/prometheus-operator-crds -# - name: Install Prometheus via Helm -# run: | -# helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -# helm repo update -# helm install prometheus prometheus-community/prometheus --namespace monitoring --create-namespace -# - name: Wait for Prometheus to be ready -# run: | -# kubectl wait --namespace monitoring --for=condition=available --timeout=300s deployment/prometheus-server - - name: Install Helm chart for project + - name: Install Helm Chart run: | helm dependency build ./charts/network-operator helm install network-operator ./charts/network-operator --create-namespace --namespace network-operator-system - name: Check Helm release status run: | helm status network-operator --namespace network-operator-system -# TODO: Uncomment if prometheus.enabled is set to true to confirm that the ServiceMonitor gets created -# - name: Check Presence of ServiceMonitor -# run: | -# kubectl wait --namespace network-operator-system --for=jsonpath='{.kind}'=ServiceMonitor servicemonitor/network-operator-controller-manager-metrics-monitor diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 9f4f7c2f..4dd9c267 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -1,50 +1,32 @@ -# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors # SPDX-License-Identifier: Apache-2.0 -name: Test +name: Test E2E + on: - push: - branches: - - main - paths-ignore: - - '**.md' pull_request: branches: - - '*' + - main paths-ignore: - - '**.md' - workflow_dispatch: {} -permissions: - contents: read + - 'docs/**' + - '**/*.md' + jobs: test-e2e: - name: E2E + name: Run E2E Tests runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v6 + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 with: - check-latest: true - go-version: 1.26.1 - - name: Fetch latest kubectl version - id: kubectl - run: | - KUBECTL_VERSION=$(curl -sL https://dl.k8s.io/release/stable.txt) - echo "version=$KUBECTL_VERSION" >> $GITHUB_OUTPUT - - name: Fetch latest kind version - id: kind - run: | - KIND_VERSION=$(curl -s https://api.github.com/repos/kubernetes-sigs/kind/releases/latest | grep '"tag_name":' | cut -d'"' -f4) - echo "version=$KIND_VERSION" >> $GITHUB_OUTPUT - - name: Create k8s kind cluster + go-version-file: 'go.mod' + - name: Create kind cluster uses: helm/kind-action@v1 with: - version: ${{ steps.kind.outputs.version }} + version: v0.31.0 + kubectl_version: v1.35.0 cluster_name: network - kubectl_version: ${{ steps.kubectl.outputs.version }} - name: Running E2E Tests run: | - go mod tidy + go mod download make test-e2e diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 00000000..e344e454 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,65 @@ +# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-License-Identifier: Apache-2.0 + +name: Test and Code Coverage + +on: + pull_request: + branches: + - main + paths-ignore: + - 'docs/**' + - '**/*.md' + +permissions: + actions: read + contents: read + pull-requests: write + +jobs: + build: + name: Build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 + with: + go-version-file: 'go.mod' + - name: Run prepare make target + run: make generate + - name: Build all binaries + run: make build-all + test: + name: Test + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 + with: + go-version-file: 'go.mod' + - name: Run prepare make target + run: make generate + - name: Run tests and generate coverage report + run: make build/cover.out + - name: Archive code coverage results + uses: actions/upload-artifact@v6 + with: + name: code-coverage + path: build/cover.out + code-coverage: + name: Code Coverage Report + needs: test + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + permissions: + actions: read + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v6 + - name: Post coverage report + uses: fgrosse/go-coverage-report@v1.2.0 + with: + coverage-artifact-name: code-coverage + coverage-file-name: cover.out diff --git a/Dockerfile b/Dockerfile index f6538da3..8619d433 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,8 +4,6 @@ FROM --platform=$BUILDPLATFORM golang:1.26-alpine3.22 AS builder -RUN apk add --no-cache --no-progress git make - ARG BININFO_BUILD_DATE ARG BININFO_COMMIT_HASH ARG BININFO_VERSION @@ -20,10 +18,10 @@ RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=bind,source=go.sum,target=go.sum \ go mod download -x -RUN --mount=type=bind,target=.,readwrite \ +RUN --mount=type=bind,target=. \ --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target=/root/.cache/go-build \ - GO_BUILDENV="GOOS=${TARGETOS} GOARCH=${TARGETARCH}" GOTOOLCHAIN=local make install + GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOTOOLCHAIN=local CGO_ENABLED=0 go build -ldflags "-s -w -X github.com/sapcc/go-api-declarations/bininfo.binName=network-operator -X github.com/sapcc/go-api-declarations/bininfo.version=${BININFO_VERSION} -X github.com/sapcc/go-api-declarations/bininfo.commit=${BININFO_COMMIT_HASH} -X github.com/sapcc/go-api-declarations/bininfo.buildDate=${BININFO_BUILD_DATE}" -o /usr/bin/network-operator ./cmd FROM gcr.io/distroless/static:nonroot diff --git a/Makefile.maker.yaml b/Makefile.maker.yaml index 5b32c085..5261a7e2 100644 --- a/Makefile.maker.yaml +++ b/Makefile.maker.yaml @@ -53,25 +53,16 @@ testPackages: except: '/test' githubWorkflow: - global: - defaultBranch: main ci: - enabled: true - prepareMakeTarget: generate + enabled: false license: - enabled: true + enabled: false release: - enabled: true + enabled: false securityChecks: enabled: true pushContainerToGhcr: - enabled: true - platforms: "linux/amd64,linux/arm64" - tagStrategy: - - edge - - latest - - semver - - sha + enabled: false variables: GO_BUILDENV: 'CGO_ENABLED=0' diff --git a/hack/validate-kustomize.sh b/hack/validate-kustomize.sh new file mode 100755 index 00000000..1c62af45 --- /dev/null +++ b/hack/validate-kustomize.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors +# SPDX-License-Identifier: Apache-2.0 + +set -euo pipefail + +BASEDIR=$(cd -- "$(dirname -- "$0")" && pwd) + +for kustomization in $(find "$BASEDIR/../config" -name "kustomization.yaml"); do + dir=$(dirname "$kustomization") + name=${dir#"$BASEDIR/../"} + if kustomize build "$dir" >/dev/null 2>&1; then + echo "OK: $name" + else + echo "FAILED: $name" + exit 1 + fi +done