name: CI on: pull_request: branches: - "*" push: branches: - main jobs: changes: runs-on: ubuntu-latest outputs: go: ${{ steps.filter.outputs.go }} charts: ${{ steps.filter.outputs.charts }} steps: - name: Checkout uses: actions/checkout@v2 - uses: dorny/paths-filter@v2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} filters: | go: - '**/*.go' - 'go.mod' - 'go.sum' - 'rootfs/**/*' - 'TAG' - 'test/e2e/**/*' charts: - 'charts/ingress-nginx/Chart.yaml' - 'charts/ingress-nginx/**/*' security: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Run Gosec Security Scanner uses: securego/gosec@master with: # G601 for zz_generated.deepcopy.go # G306 TODO: Expect WriteFile permissions to be 0600 or less # G307 TODO: Deferring unsafe method "Close" args: -exclude=G601,G104,G204,G304,G306,G307 -tests=false -exclude-dir=test -exclude-dir=images/ -exclude-dir=docs/ ./... build: name: Build runs-on: ubuntu-latest needs: changes steps: - name: Checkout uses: actions/checkout@v2 - name: Set up Go 1.17 id: go uses: actions/setup-go@v2 with: go-version: 1.17 - name: Set up Docker Buildx id: buildx uses: crazy-max/ghaction-docker-buildx@v1 with: buildx-version: latest qemu-version: latest - name: Available platforms run: echo ${{ steps.buildx.outputs.platforms }} - name: Prepare Host run: | sudo apt-get -qq update || true sudo apt-get install -y pigz curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl - name: Build images env: TAG: 1.0.0-dev ARCH: amd64 REGISTRY: ingress-controller run: | echo "building images..." make clean-image build image make -C test/e2e-image image echo "creating images cache..." docker save \ nginx-ingress-controller:e2e \ ingress-controller/controller:1.0.0-dev \ | pigz > docker.tar.gz - name: cache uses: actions/upload-artifact@v2 with: name: docker.tar.gz path: docker.tar.gz helm: name: Helm chart runs-on: ubuntu-latest needs: - changes - build if: | (needs.changes.outputs.charts == 'true') steps: - name: Checkout uses: actions/checkout@v2 - name: cache uses: actions/download-artifact@v2 with: name: docker.tar.gz - name: Lint run: | ./build/run-in-docker.sh ./hack/verify-chart-lint.sh - name: fix permissions run: | sudo mkdir -p $HOME/.kube sudo chmod -R 777 $HOME/.kube - name: Create Kubernetes cluster id: kind uses: engineerd/setup-kind@v0.5.0 with: version: v0.11.1 image: kindest/node:v1.21.1 - uses: geekyeggo/delete-artifact@v1 with: name: docker.tar.gz failOnError: false - name: Load images from cache run: | echo "loading docker images..." pigz -dc docker.tar.gz | docker load - name: Test env: KIND_CLUSTER_NAME: kind SKIP_CLUSTER_CREATION: true SKIP_IMAGE_CREATION: true run: | kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-chart-tests kubernetes: name: Kubernetes runs-on: ubuntu-latest needs: - changes - build if: | (needs.changes.outputs.go == 'true') strategy: matrix: k8s: [v1.19.11, v1.20.7, v1.21.2, v1.22.0] steps: - name: Checkout uses: actions/checkout@v2 - name: cache uses: actions/download-artifact@v2 with: name: docker.tar.gz - name: Create Kubernetes ${{ matrix.k8s }} cluster id: kind uses: engineerd/setup-kind@v0.5.0 with: version: v0.11.1 config: test/e2e/kind.yaml image: kindest/node:${{ matrix.k8s }} - uses: geekyeggo/delete-artifact@v1 with: name: docker.tar.gz failOnError: false - name: Prepare cluster for testing id: local-path run: | kubectl version echo echo "installing helm 3..." curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash - name: Load images from cache run: | echo "loading docker images..." pigz -dc docker.tar.gz | docker load - name: Run e2e tests env: KIND_CLUSTER_NAME: kind SKIP_CLUSTER_CREATION: true SKIP_IMAGE_CREATION: true run: | kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-test test-image-build: runs-on: ubuntu-latest env: PLATFORMS: linux/amd64 steps: - name: Checkout uses: actions/checkout@v2 - uses: dorny/paths-filter@v2 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} filters: | custom-error-pages: - 'images/custom-error-pages/**' cfssl: - 'images/cfssl/**' fastcgi-helloserver: - 'images/fastcgi-helloserver/**' echo: - 'images/echo/**' go-grpc-greeter-server: - 'images/go-grpc-greeter-server/**' httpbin: - 'images/httpbin/**' kube-webhook-certgen: - 'images/kube-webhook-certgen/**' - name: custom-error-pages image build if: ${{ steps.filter-images.outputs.custom-error-pages == 'true' }} run: | cd images/custom-error-pages && make build - name: cfssl image build if: ${{ steps.filter-images.outputs.cfssl == 'true' }} run: | cd images/cfssl && make build - name: fastcgi-helloserver if: ${{ steps.filter-images.outputs.fastcgi-helloserver == 'true' }} run: | cd images/fastcgi-helloserver && make build - name: echo image build if: ${{ steps.filter-images.outputs.echo == 'true' }} run: | cd images/echo && make build - name: go-grpc-greeter-server image build if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }} run: | cd images/go-grpc-greeter-server && make build - name: httpbin image build if: ${{ steps.filter-images.outputs.httpbin == 'true' }} run: | cd images/httpbin && make build - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} run: | cd images/kube-webhook-certgen && make build test-image: runs-on: ubuntu-latest env: PLATFORMS: linux/amd64 steps: - name: Checkout uses: actions/checkout@v2 - uses: dorny/paths-filter@v2 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} filters: | kube-webhook-certgen: - 'images/kube-webhook-certgen/**' - name: Create Kubernetes cluster id: kind if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: engineerd/setup-kind@v0.5.0 with: version: v0.11.1 image: kindest/node:v1.21.1 - name: Set up Go 1.17 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@v2 with: go-version: 1.17 - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} run: | cd images/kube-webhook-certgen && make test test-e2e