Update docker/metadata-action digest to 906ecf0 #1471

Workflow file for this run

	name: CI

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]
	jobs:
	build:
	timeout-minutes: 10
	runs-on: ubuntu-latest

	strategy:
	matrix:
	node-version: [16.x, 18.x]

	steps:
	- uses: actions/checkout@v4
	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v4
	with:
	node-version: ${{ matrix.node-version }}
	cache: 'npm'
	- run: npm ci
	- run: npm run build --if-present
	- run: npm run lint --if-present
	- run: npm test
	- uses: actions/upload-artifact@v4
	if: ${{ matrix.node-version == '16.x' }}
	with:
	name: coverage
	path: \|
	coverage
	sonar:
	runs-on: ubuntu-latest
	needs:
	- build
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/download-artifact@v4
	with:
	name: coverage
	path: coverage
	- name: SonarCloud Scan
	uses: SonarSource/sonarcloud-github-action@master
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONARQUBE_KEY }}
	build-image:
	timeout-minutes: 10
	runs-on: ubuntu-latest
	needs:
	- build
	env:
	REGISTRY: 'ghcr.io'
	IMAGE_NAME: 'curium-rocks/k8s-validating-webhook'
	permissions:
	contents: read
	packages: write
	id-token: write
	security-events: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Install cosign
	uses: sigstore/cosign-installer@162dfdf7b9ab8be88c95b4fc982792c4c273e27a
	with:
	cosign-release: 'v1.13.1'
	# for multi arch container builds
	- name: Set up QEMU
	uses: docker/setup-qemu-action@master
	with:
	platforms: all
	- name: Setup Docker buildx
	id: buildx
	timeout-minutes: 4
	uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20
	- name: Log into registry
	timeout-minutes: 5
	uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Extract Docker metadata
	id: meta
	timeout-minutes: 5
	uses: docker/metadata-action@115662203e5f4c9b240a57397f721baaab82a488
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=sha
	type=raw,value={{date 'YYYYMMDD'}}-{{sha}}
	- name: Build Docker image
	id: push
	timeout-minutes: 25
	uses: docker/build-push-action@090ca155fc9b214cbcac536c450455a0e96f52c6
	with:
	context: .
	load: false
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	platforms: linux/amd64, linux/arm64
	- name: Sign the published Docker image
	env:
	COSIGN_EXPERIMENTAL: "true"
	run: cosign sign --force --recursive ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
	# deploy it and verify that expected things are allowed or disallowed
	verify:
	runs-on: ubuntu-latest
	timeout-minutes: 15
	strategy:
	fail-fast: false
	matrix:
	k8s-version: [1.22.13, 1.23.10, 1.24.4, 1.25.0]
	needs:
	- build-image
	env:
	REGISTRY: 'ghcr.io'
	IMAGE_NAME: 'curium-rocks/k8s-validating-webhook'
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Use Node.js 18
	uses: actions/setup-node@v4
	with:
	node-version: 18
	cache: 'npm'
	- name: Install Dependencies
	run: npm ci
	- name: Start Minikube
	run: npm run minikube:start -- --kubernetes-version=${{ matrix.k8s-version }}
	- name: Create Pull Secret
	run: npm run k8s:createPullSecret --helm_namespace=default --registry_username=${{ github.actor }} --registry_password=${{ github.token }}
	- name: Add Helm Repos
	run: npm run helm:addRepos
	- name: Deploy CertManager
	run: npm run helm:deployCertManager
	- name: Deploy (PR)
	if: ${{ github.event_name == 'pull_request' }}
	run: npm run helm:deploy -- --set 'imagePullSecrets[0].name'=ghcr-credentials --set image.tag=pr-${{ github.event.number }}
	- name: Deploy (Branch)
	if: ${{ github.event_name != 'pull_request' }}
	timeout-minutes: 10
	run: npm run helm:deploy -- --set 'imagePullSecrets[0].name'=ghcr-credentials --set image.tag=main
	- name: Run E2E Tests
	run: npm run test:e2e
	- name: Collect Logs On Failure
	if: ${{ failure() }}
	run: \|
	mkdir -p /tmp/failure-logs
	minikube logs > /tmp/failure-logs/minikube.log
	kubectl logs deployments/k8s-validating-webhook --prefix=true --ignore-errors=true --timestamps --pod-running-timeout=60s > /tmp/failure-logs/k8s-validating-webhook.deployment.log
	kubectl describe deployment k8s-validating-webhook > /tmp/failure-logs/k8s-validating-webhook.deployment.describe
	kubectl get deployment k8s-validating-webhook -o yaml > /tmp/failure-logs/k8s-validating-webhook.deployment.yaml
	kubectl describe configmap k8s-validating-webhook-config > /tmp/failure-logs/k8s-validating-webhook.configmap.describe
	- name: Upload Logs On Failure
	if: ${{ failure() }}
	uses: actions/upload-artifact@v4
	with:
	name: ${{ runner.name }} minikube logs
	path: \|
	/tmp/failure-logs
	publish-chart:
	if: ${{ github.event_name != 'pull_request' }}
	needs:
	- verify
	timeout-minutes: 5
	runs-on: ubuntu-latest
	permissions:
	contents: write
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Configure Git
	run: \|
	git config user.name "$GITHUB_ACTOR"
	git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
	- name: Install Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.8.1
	- name: Run chart-releaser
	uses: helm/chart-releaser-action@v1.6.0
	env:
	CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
	with:
	charts_dir: helm

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update docker/metadata-action digest to 906ecf0 #1471

Workflow file

Update docker/metadata-action digest to 906ecf0 #1471

Jobs

Run details

Workflow file for this run