chore(image): reference local images for dry run and cronjob #574
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: | |
| - 'opened' | |
| - 'synchronize' | |
| - 'reopened' | |
| env: | |
| GO_VERSION: 1.24 | |
| KIND_VERSION: v0.27.0 | |
| IMAGE_NAME: namespace-cleaner:test | |
| REGISTRY: k8scc01covidacr.azurecr.io | |
| jobs: | |
| deploy-namespace-cleaner: # Consolidated job for all deployment-related tasks | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| # --- Linting and Setup --- | |
| - uses: actions/checkout@v4 | |
| - name: Lint Dockerfile | |
| uses: hadolint/[email protected] | |
| with: | |
| dockerfile: Dockerfile | |
| - name: Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.10" | |
| - name: Run yamllint | |
| run: | | |
| pip install yamllint | |
| yamllint . | |
| # --- Build Docker Image --- | |
| - name: Build Docker Image | |
| run: docker build -t ${{ env.IMAGE_NAME }} . | |
| # --- Unit Tests --- | |
| - name: Setup Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Run Unit Tests | |
| run: make test-unit | |
| id: unit-tests | |
| # --- Integration Tests with Kind --- | |
| - name: Install kubectl | |
| uses: azure/setup-kubectl@v3 | |
| - name: Install Kind | |
| run: | | |
| curl -Lo ./kind https://kind.sigs.k8s.io/dl/${{ env.KIND_VERSION }}/kind-linux-amd64 | |
| chmod +x ./kind | |
| sudo mv ./kind /usr/local/bin/kind | |
| - name: Create Kind Cluster | |
| run: kind create cluster | |
| - name: Load Image into Kind | |
| run: kind load docker-image ${{ env.IMAGE_NAME }} | |
| - name: Run Integration Tests | |
| run: make test-integration | |
| # --- Security Scan --- | |
| - name: Run Trivy Security Scan | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.IMAGE_NAME }} | |
| severity: "CRITICAL" | |
| ignore-unfixed: true | |
| exit-code: 1 | |
| format: table | |
| # --- Push Image to ACR --- | |
| - name: Login to ACR | |
| uses: azure/docker-login@v1 | |
| with: | |
| login-server: ${{ env.REGISTRY }} | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Tag and Push Image | |
| run: | | |
| docker tag ${{ env.IMAGE_NAME }} ${{ env.REGISTRY }}/namespace-cleaner:${{ github.sha }} | |
| docker push ${{ env.REGISTRY }}/namespace-cleaner:${{ github.sha }} |