Cut v0.29.0 (#275) #958
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: [ '*' ] | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 | |
| with: | |
| go-version: '1.25' | |
| check-latest: true | |
| cache: ${{ github.event_name != 'push' }} # zizmor: ignore[cache-poisoning] Zizmor doesn't understand that this disables caching for release builds | |
| - run: make rollout-operator | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 | |
| with: | |
| go-version: '1.25' | |
| check-latest: true | |
| cache: ${{ github.event_name != 'push' }} # zizmor: ignore[cache-poisoning] Zizmor doesn't understand that this disables caching for release builds | |
| - run: make test | |
| - run: make test-boringcrypto | |
| integration: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 | |
| with: | |
| go-version: '1.25' | |
| check-latest: true | |
| cache: ${{ github.event_name != 'push' }} # zizmor: ignore[cache-poisoning] Zizmor doesn't understand that this disables caching for release builds | |
| - run: make build-image | |
| - run: make integration | |
| integration-boringcrypto: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 | |
| with: | |
| go-version: '1.25' | |
| check-latest: true | |
| cache: ${{ github.event_name != 'push' }} # zizmor: ignore[cache-poisoning] Zizmor doesn't understand that this disables caching for release builds | |
| - run: make build-image-boringcrypto | |
| - run: make integration | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 | |
| with: | |
| go-version: '1.25' | |
| check-latest: true | |
| cache: ${{ github.event_name != 'push' }} # zizmor: ignore[cache-poisoning] Zizmor doesn't understand that this disables caching for release builds | |
| - uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8 | |
| with: | |
| version: v2.4.0 | |
| args: --timeout=5m | |
| push-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - test | |
| - integration | |
| - integration-boringcrypto | |
| - lint | |
| if: github.event_name == 'push' # We want this job to run for both pushes to main, as well as new tags. | |
| permissions: | |
| contents: write # Needed to be able to create releases. | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 | |
| with: | |
| go-version: '1.25' | |
| check-latest: true | |
| cache: false | |
| - name: Log in to Docker Hub | |
| uses: grafana/shared-workflows/actions/dockerhub-login@c6d954f7cd9c0022018982e01268de6cb75b913c # dockerhub-login/v1.0.2 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Generate image tag | |
| id: image_tag | |
| run: | | |
| if [[ "$REF_TYPE" == "tag" ]]; then | |
| echo "tag=$REF_NAME" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "tag=main-$SHA" >> "$GITHUB_OUTPUT" | |
| fi | |
| env: | |
| REF_TYPE: ${{ github.ref_type }} | |
| REF_NAME: ${{ github.ref_name }} | |
| SHA: ${{ github.sha }} | |
| - name: Build and push image | |
| run: make publish-images | |
| env: | |
| IMAGE_TAG: ${{ steps.image_tag.outputs.tag }} | |
| - name: Publish release | |
| if: github.ref_type == 'tag' | |
| run: make release-notes | gh release create "$IMAGE_TAG" --notes-file - | |
| env: | |
| IMAGE_TAG: ${{ steps.image_tag.outputs.tag }} |