forked from cerbos/cerbos
-
Notifications
You must be signed in to change notification settings - Fork 0
182 lines (159 loc) · 5.69 KB
/
snapshot.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
---
name: Snapshots
on:
push:
paths-ignore:
- "docs/**"
branches:
- main
jobs:
tests:
name: Run tests
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
lfs: true
- name: Install Go and cache dependencies
uses: ./.github/actions/setup-go
with:
cross_compiling: true
write_build_cache: true
- name: Generate
run: make generate
- name: Check repo status
run: |-
REPO_STATUS="$(git status --porcelain)"
if [[ ! -z $REPO_STATUS ]]; then
echo "::error::Uncommitted changes detected"
echo "$REPO_STATUS"
exit 1
fi
- name: Test
run: make test-all
env:
CERBOS_LOG_LEVEL: "debug"
- name: Upload unit coverage to Coveralls
uses: shogo82148/actions-goveralls@v1
with:
path-to-profile: unit.cover
flag-name: unit-main
- name: Upload integration coverage to Coveralls
uses: shogo82148/actions-goveralls@v1
with:
path-to-profile: integration.cover
flag-name: integration-main
publishContainers:
name: Publish Dev Containers
runs-on: ubuntu-latest
timeout-minutes: 30
needs: ["tests"]
permissions:
id-token: write
contents: read
packages: write
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false # this might remove tools that are actually needed, if set to "true" but frees about 6 GB
android: true
dotnet: true
haskell: true
large-packages: true
docker-images: true
swap-storage: true
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
lfs: true
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v3
with:
image: tonistiigi/binfmt:latest
platforms: arm64
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Install Go and cache dependencies
uses: ./.github/actions/setup-go
with:
cross_compiling: true
write_build_cache: true
- name: Install cosign
uses: sigstore/[email protected]
- name: GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: release --config=.goreleaser.yml --clean --snapshot --skip=publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TELEMETRY_WRITE_KEY: ${{ secrets.TELEMETRY_WRITE_KEY }}
TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}
- name: Push Cerbos dev images
run: |
docker push ghcr.io/cerbos/cerbos:dev-amd64
docker push ghcr.io/cerbos/cerbos:dev-arm64
docker manifest create ghcr.io/cerbos/cerbos:${{ github.sha }} ghcr.io/cerbos/cerbos:dev-arm64 ghcr.io/cerbos/cerbos:dev-amd64
docker manifest push ghcr.io/cerbos/cerbos:${{ github.sha }}
docker manifest create ghcr.io/cerbos/cerbos:dev ghcr.io/cerbos/cerbos:dev-arm64 ghcr.io/cerbos/cerbos:dev-amd64
docker manifest push ghcr.io/cerbos/cerbos:dev
- name: Push Cerbosctl dev images
run: |
docker push ghcr.io/cerbos/cerbosctl:dev-amd64
docker push ghcr.io/cerbos/cerbosctl:dev-arm64
docker manifest create ghcr.io/cerbos/cerbosctl:${{ github.sha }} ghcr.io/cerbos/cerbosctl:dev-arm64 ghcr.io/cerbos/cerbosctl:dev-amd64
docker manifest push ghcr.io/cerbos/cerbosctl:${{ github.sha }}
docker manifest create ghcr.io/cerbos/cerbosctl:dev ghcr.io/cerbos/cerbosctl:dev-arm64 ghcr.io/cerbos/cerbosctl:dev-amd64
docker manifest push ghcr.io/cerbos/cerbosctl:dev
- name: Push Cerbos dev images to Docker Hub
run: |
docker push docker.io/cerbos/cerbos:dev-amd64
docker push docker.io/cerbos/cerbos:dev-arm64
docker manifest create docker.io/cerbos/cerbos:dev docker.io/cerbos/cerbos:dev-arm64 docker.io/cerbos/cerbos:dev-amd64
docker manifest push docker.io/cerbos/cerbos:dev
- name: Push Cerbosctl dev images to Docker Hub
run: |
docker push docker.io/cerbos/cerbosctl:dev-amd64
docker push docker.io/cerbos/cerbosctl:dev-arm64
docker manifest create docker.io/cerbos/cerbosctl:dev docker.io/cerbos/cerbosctl:dev-arm64 docker.io/cerbos/cerbosctl:dev-amd64
docker manifest push docker.io/cerbos/cerbosctl:dev
publishProtos:
name: Publish Protobufs
runs-on: ubuntu-latest
timeout-minutes: 10
needs: ["tests"]
steps:
- uses: actions/checkout@v4
- name: Setup Buf
uses: bufbuild/[email protected]
with:
github_token: ${{ github.token }}
- name: Push public API to BSR
uses: bufbuild/[email protected]
with:
buf_token: ${{ secrets.BUF_TOKEN }}
input: api/public
- name: Push private API to BSR
uses: bufbuild/[email protected]
with:
buf_token: ${{ secrets.BUF_TOKEN }}
input: api/private