Skip to content

Commit

Permalink
feat!: rename project, align ci pipelines (#138)
Browse files Browse the repository at this point in the history
* feat!: rename project, align ci pipelines

* test: fix verfiy curl pod
  • Loading branch information
raffis authored Nov 10, 2023
1 parent f9a4606 commit 7879dfb
Show file tree
Hide file tree
Showing 44 changed files with 332 additions and 225 deletions.
200 changes: 125 additions & 75 deletions .github/workflows/pr-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,9 @@ jobs:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit

egress-policy: audit
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
with:
fetch-depth: 0

Expand All @@ -26,12 +25,12 @@ jobs:
with:
version: v3.4.0

- uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: 3.7

- name: Set up chart-testing
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: Run chart-testing (list-changed)
id: list-changed
Expand All @@ -43,23 +42,21 @@ jobs:
- name: Run chart-testing (lint)
run: ct lint --target-branch=master --chart-dirs chart --check-version-increment=false

build:
fmt:
runs-on: ubuntu-latest
outputs:
profiles: ${{ steps.profiles.outputs.matrix }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
egress-policy: audit
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: 1.20.x
- name: Restore Go cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
Expand All @@ -71,14 +68,68 @@ jobs:
run: make vet
- name: lint
run: make lint
- name: test
run: make test
- name: Check if working tree is dirty
run: |
if [[ $(git diff --stat) != '' ]]; then
git --no-pager diff
echo 'run <make test> and commit changes'
exit 1
fi
test:
runs-on: ubuntu-latest
strategy:
matrix:
kubernetes-version:
- "1.25"
- "1.26"
- "1.27"
- "1.28"
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: 1.20.x
- name: Restore Go cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: run test
run: make test ENVTEST_K8S_VERSION=${{ matrix.kubernetes-version }}

build:
runs-on: ubuntu-latest
outputs:
profiles: ${{ steps.profiles.outputs.matrix }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: 1.20.x
- name: Restore Go cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: build
run: make build
- name: Send go coverage report
uses: shogo82148/actions-goveralls@7b1bd2871942af030d707d6574e5f684f9891fb2 # v1.8.0
with:
path-to-profile: coverage.out
- name: Check if working tree is dirty
run: |
if [[ $(git diff --stat) != '' ]]; then
Expand All @@ -91,64 +142,19 @@ jobs:
make docker-build
- name: Create image tarball
run: |
docker save --output k8skeycloak-controller-container.tar k8skeycloak-controller:latest
docker save --output keycloak-controller-container.tar keycloak-controller:latest
- name: Upload image
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce #v3.1.2
with:
name: k8skeycloak-controller-container
path: k8skeycloak-controller-container.tar
name: keycloak-controller-container
path: keycloak-controller-container.tar
- id: profiles
name: Determine test profiles
run: |
profiles=$(ls config/tests/cases | jq -R -s -c 'split("\n")[:-1]')
echo $profiles
echo "::set-output name=matrix::$profiles"
test-chart:
runs-on: ubuntu-latest
needs:
- build
- lint-chart
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
with:
fetch-depth: 0

- name: Set up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 #v3.5

- uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
with:
python-version: 3.7

- name: Set up chart-testing
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0

- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0

- name: Download k8skeycloak-controller container
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: k8skeycloak-controller-container
path: /tmp

- name: Load image
run: |
docker load --input /tmp/k8skeycloak-controller-container.tar
docker tag k8skeycloak-controller:latest ghcr.io/doodlescheduling/k8skeycloak-controller:0.0.0
kind load docker-image ghcr.io/doodlescheduling/k8skeycloak-controller:0.0.0 --name chart-testing
docker image ls -a
- name: Run chart-testing (install)
run: ct install --target-branch=master --chart-dirs chart

e2e-tests:
runs-on: ubuntu-latest
needs:
Expand All @@ -158,11 +164,11 @@ jobs:
profile: ${{ fromJson(needs.build.outputs.profiles) }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
Expand All @@ -171,14 +177,14 @@ jobs:
uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0
with:
version: v0.17.0
- name: Download k8skeycloak-controller container
- name: Download keycloak-controller container
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a #v3.0.2
with:
name: k8skeycloak-controller-container
name: keycloak-controller-container
path: /tmp
- name: Load images
run: |
docker load --input /tmp/k8skeycloak-controller-container.tar
docker load --input /tmp/keycloak-controller-container.tar
docker image ls -a
- name: Setup Kustomize
uses: imranismail/setup-kustomize@6691bdeb1b0a3286fb7f70fd1423c10e81e5375f # v2.0.0
Expand All @@ -189,7 +195,51 @@ jobs:
if: failure()
run: |
kubectl -n kube-system describe pods
kubectl -n k8skeycloak-system describe pods
kubectl -n k8skeycloak-system get all
kubectl -n k8skeycloak-system logs deploy/k8skeycloak-controller
kubectl -n k8skeycloak-system get keycloakrealm -o yaml
kubectl -n keycloak-system describe pods
kubectl -n keycloak-system get all
kubectl -n keycloak-system logs deploy/keycloak-controller
kubectl -n keycloak-system get keycloakrealms -o yaml
test-chart:
runs-on: ubuntu-latest
needs:
- build
- lint-chart
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
with:
fetch-depth: 0

- name: Set up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 #v3.5

- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: 3.7

- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0

- name: Download keycloak-controller container
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: keycloak-controller-container
path: /tmp

- name: Load image
run: |
docker load --input /tmp/keycloak-controller-container.tar
docker tag keycloak-controller:latest ghcr.io/doodlescheduling/keycloak-controller:v0.0.0
kind load docker-image ghcr.io/doodlescheduling/keycloak-controller:v0.0.0 --name chart-testing
docker image ls -a
- name: Run chart-testing (install)
run: ct install --target-branch=master --chart-dirs chart
6 changes: 3 additions & 3 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -72,10 +72,10 @@ jobs:
- name: Package helm charts
run: |
packVersion=$(echo "${{ github.ref_name }}" | sed 's/^v//g')
helm package chart/k8skeycloak-controller -d chart --version=$packVersion --app-version=${{ github.ref_name }}
helm package chart/keycloak-controller -d chart --version=$packVersion --app-version=${{ github.ref_name }}
- name: Publish helm charts to Github Container Registry
run: |
repository=$(echo "${{ github.repository_owner }}" | tr [:upper:] [:lower:])
helm push ${{ github.workspace }}/chart/k8skeycloak-controller-*.tgz oci://ghcr.io/$repository/charts |& tee .digest
helm push ${{ github.workspace }}/chart/keycloak-controller-*.tgz oci://ghcr.io/$repository/charts |& tee .digest
cosign login --username ${GITHUB_ACTOR} --password ${{ secrets.GITHUB_TOKEN }} ghcr.io
cosign sign --yes ghcr.io/$repository/charts/k8skeycloak-controller@$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}')
cosign sign --yes ghcr.io/$repository/charts/keycloak-controller@$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}')
8 changes: 8 additions & 0 deletions .github/workflows/scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ jobs:
name: FOSSA
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
- name: Run FOSSA scan and upload build data
uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2.0.0
Expand All @@ -29,6 +33,10 @@ jobs:
name: CodeQL
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
- name: Initialize CodeQL
Expand Down
2 changes: 1 addition & 1 deletion .goreleaser.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
project_name: k8skeycloak-controller
project_name: keycloak-controller

builds:
- id: manager
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ COPY manager manager
USER 65532:65532
COPY assets /assets
ENV ASSETS_PATH="/assets"
ENV USER k8skeycloak-controller
ENV USER keycloak-controller

ENTRYPOINT ["/manager"]
19 changes: 8 additions & 11 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@

# Image URL to use all building/pushing image targets
IMG ?= k8skeycloak-controller:latest
IMG ?= keycloak-controller:latest
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION = 1.23
ENVTEST_K8S_VERSION = 1.27

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
Expand Down Expand Up @@ -111,7 +111,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified

.PHONY: deploy
deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
cd config/base/manager && $(KUSTOMIZE) edit set image ghcr.io/doodlescheduling/k8skeycloak-controller=${IMG}
cd config/base/manager && $(KUSTOMIZE) edit set image ghcr.io/doodlescheduling/keycloak-controller=${IMG}
$(KUSTOMIZE) build config/default | kubectl apply -f -

.PHONY: undeploy
Expand All @@ -122,22 +122,19 @@ TEST_PROFILE=keycloak-v20
CLUSTER=kind

.PHONY: kind-test
kind-test: docker-build ## Deploy including test
kind-test: ## Deploy including test
kustomize build config/base/crd | kubectl --context kind-${CLUSTER} apply -f -
kubectl --context kind-${CLUSTER} -n keycloak-system delete pods --all
kind load docker-image ${IMG} --name ${CLUSTER}
kustomize build config/tests/cases/${TEST_PROFILE} --enable-helm | kubectl --context kind-${CLUSTER} apply -f -
kubectl --context kind-${CLUSTER} -n k8skeycloak-system delete pods --all
kubectl --context kind-${CLUSTER} -n k8skeycloak-system wait --for=condition=Ready pods --all --timeout=3m
kubectl --context kind-${CLUSTER} -n k8skeycloak-system wait keycloakrealm/test --for=condition=Ready --timeout=3m
kubectl --context kind-${CLUSTER} -n k8skeycloak-system port-forward svc/keycloakx-http 8090:80 &>/dev/null &
sleep 2
curl --fail http://localhost:8090/auth/realms/test/.well-known/openid-configuration
kubectl --context kind-${CLUSTER} -n keycloak-system wait --for=condition=Ready pods -l control-plane=controller-manager -l app.kubernetes.io/managed-by!=Helm,verify!=yes --timeout=3m
kubectl --context kind-${CLUSTER} -n keycloak-system wait --for=jsonpath='{.status.conditions[1].reason}'=PodCompleted pods -l app.kubernetes.io/managed-by!=Helm,verify=yes --timeout=3m

CONTROLLER_GEN = $(GOBIN)/controller-gen
.PHONY: controller-gen
controller-gen: ## Download controller-gen locally if necessary.
$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.12.0)
cp config/base/crd/bases/* chart/k8skeycloak-controller/crds/
cp config/base/crd/bases/* chart/keycloak-controller/crds/

GOLANGCI_LINT = $(GOBIN)/golangci-lint
.PHONY: golangci-lint
Expand Down
2 changes: 1 addition & 1 deletion PROJECT
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
domain: doodle.com
repo: github.com/DoodleScheduling/k8skeycloak-controller
repo: github.com/DoodleScheduling/keycloak-controller
resources:
- group: keycloak.infra.doodle.com
kind: KeycloakRealm
Expand Down
Loading

0 comments on commit 7879dfb

Please sign in to comment.