Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI/CD using github actions and a custom dnsimple account #67

Closed
wants to merge 44 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
5883251
feat: initial commit for use with DNSimple
arnediekmann May 26, 2020
f703e54
doc: add certificate creation to README
arnediekmann May 26, 2020
2724b83
feat: add release script
arnediekmann May 26, 2020
6496c7d
fix: add correct helm path in release script
arnediekmann May 27, 2020
cda293d
chore: Bump version to 0.0.1.
arnediekmann May 27, 2020
a4132d7
fix: fix path to helm dir in release script
arnediekmann May 27, 2020
e1e088b
chore: update deps
arnediekmann May 27, 2020
b85fb0f
chore: update README.md
arnediekmann Jun 2, 2020
3741646
fix: quote account id in staging cluster issuer
arnediekmann Jul 29, 2020
67e2abf
chore: Bump version to 0.0.2.
arnediekmann Jul 29, 2020
81f4c24
docs: add better description for chart
arnediekmann Jul 29, 2020
4a085a8
chore: update helm index in repo that enframes all of our charts
arnediekmann Jul 29, 2020
9ce3e6d
docs: update README to include instructions on how to use our helm repo
arnediekmann Jul 29, 2020
2ed52c8
chore: add more info to Helm chart metadata
arnediekmann Jul 29, 2020
1bb8d33
chore: Bump version to 0.0.3.
arnediekmann Jul 29, 2020
0acec98
fix: explicit pki durations to match resulting objects
cmacrae Aug 25, 2020
6c154de
Merge pull request #5 from cmacrae/compat/gitops_pki_durations
arnediekmann Aug 25, 2020
0bb6900
chore: Bump version to 0.0.4.
arnediekmann Aug 25, 2020
24c78cb
chore: update deps
arnediekmann Dec 9, 2020
c5b7612
chore: change apiVersion to v1
arnediekmann Dec 9, 2020
fc6e021
chore: Bump version to 0.0.5.
arnediekmann Dec 9, 2020
1880524
Fetch account ID from DNSimple API
Jan 19, 2021
3142c58
Add support for using an existing token secret
Jan 19, 2021
6c88ff5
Add support for imagePullSecret
Jan 20, 2021
865b72e
Merge pull request #7 from Peltarion/parmus/whoami
arnediekmann Mar 25, 2021
61c77c0
Merge pull request #9 from Peltarion/parmus/helm-secret
arnediekmann Mar 25, 2021
4516234
Merge pull request #10 from Peltarion/parmus/helm-pullsecret
arnediekmann Mar 25, 2021
55c1af1
docs: clarify test execution
arnediekmann Mar 25, 2021
11fb703
fix: downgrade k8s libraries to 0.19.0 to fix #8
arnediekmann Mar 25, 2021
c22a4ce
chore: use yq v4 in release script
arnediekmann Mar 25, 2021
8b70f5f
chore: Bump version to 0.1.0.
arnediekmann Mar 25, 2021
5041b63
fix typo in values
denismatyu Jul 1, 2021
5684017
fix typo
denismatyu Jul 1, 2021
f4504a7
Merge pull request #11 from denismatiu/master
arnediekmann Oct 12, 2021
e9100f8
Support newer stable APIs in Helm chart
Dec 1, 2021
687d533
Merge pull request #16 from Peltarion/parmus/helm
arnediekmann Dec 20, 2021
365a0db
chore: Bump version to 0.1.1.
arnediekmann Dec 20, 2021
d6f3d9a
Upgrade dependencies and allign with cert-manager/webhook-example
splattner Jul 17, 2023
8b63a36
Merge pull request #23 from splattner/upgrade-dependencies
arnediekmann Aug 24, 2023
04cc3cc
chore: Bump version to 0.1.2.
arnediekmann Aug 24, 2023
c1db14c
Add the ability to use a DNSimple User API token (#26)
IntegralProgrammer Apr 22, 2024
8fe4516
restructure source and templates to follow helm best-practices
moll-re Apr 22, 2024
f6b1c25
add basic actions for more complex workflows
moll-re Apr 22, 2024
00ee468
workflows for pr ands tags (along with required fixes to go code)
moll-re Apr 22, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions .github/workflows/build-images.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Build docker images

env:
DOCKER_BASE_NAME: 'ghcr.io/${{ github.repository_owner }}/cert-manager-webhook-dnsimple'

on:
workflow_call:
inputs:
tags:
description: 'Tags to build the image for (separated by a whitespace)'
required: true
type: string


jobs:
build:
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
password: ${{ secrets.GITHUB_TOKEN }}
username: ${{ github.repository_owner }}

- name: Format tags
id: format-tags
# prepends DOCKER_BASE_NAME to every entry in the string ${{ inputs.tags }}
run: |
echo "TAGS=$(printf '${{ env.DOCKER_BASE_NAME }}/%s,' ${{ inputs.tags }})" >> $GITHUB_OUTPUT

- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.format-tags.outputs.TAGS }}
54 changes: 54 additions & 0 deletions .github/workflows/test-go.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Run code tests

on:
push:
workflow_call:
secrets:
DNSIMPLE_API_TOKEN:
required: true
DNSIMPLE_ZONE_NAME:
required: true


jobs:
test:
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4


- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: src/go.mod
cache-dependency-path: src/go.sum


- name: Install kubebuilder fixtures
id: kubebuilder
run: |
go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
echo "BIN_DIR=$(setup-envtest use -p path)" >> $GITHUB_OUTPUT


- name: Run tests
env:
DNSIMPLE_API_TOKEN: ${{ secrets.DNSIMPLE_API_TOKEN }}
DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME }}
run: |
export TEST_ASSET_KUBE_APISERVER=${{ steps.kubebuilder.outputs.BIN_DIR }}/kube-apiserver
export TEST_ASSET_ETCD=${{ steps.kubebuilder.outputs.BIN_DIR }}/etcd
export TEST_ASSET_KUBECTL=${{ steps.kubebuilder.outputs.BIN_DIR }}/kubectl
export TEST_ZONE_NAME="${DNSIMPLE_ZONE_NAME}." # add trailing dot
echo """apiVersion: v1
kind: Secret
metadata:
name: dnsimple-token
type: Opaque
stringData:
token: $DNSIMPLE_API_TOKEN
""" > testdata/dnsimple-token.yaml
cd src
go test -v .
91 changes: 91 additions & 0 deletions .github/workflows/test-kubernetes.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
name: Run webhook tests in a full environment

on:
workflow_call:
secrets:
DNSIMPLE_API_TOKEN:
required: true
DNSIMPLE_ZONE_NAME:
required: true


jobs:
test:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4


- name: Start minikube
uses: medyagh/setup-minikube@master
with:
kubernetes-version: 1.29.3


- name: Install cert-manager and patch upstream dns servers
run: |
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.3/cert-manager.yaml


- name: Wait for cert-manager to be ready
run: |
kubectl wait --for=condition=available --timeout=600s deployment/cert-manager-webhook -n cert-manager
kubectl get pods -n cert-manager
kubectl get svc -n cert-manager -o wide


- name: Install cert-manager-webhook-dnsimple
env:
DNSIMPLE_API_TOKEN: ${{ secrets.DNSIMPLE_API_TOKEN }}
DNSIMPLE_ZONE_NAME: ${{ secrets.DNSIMPLE_ZONE_NAME}}
run: |
helm install cert-manager-webhook-dnsimple ./charts/cert-manager-webhook-dnsimple \
--namespace cert-manager \
--set dnsimple.token="$DNSIMPLE_API_TOKEN" \
--set groupName="acme.$DNSIMPLE_ZONE_NAME" \
--set image.repository=ghcr.io/${{ github.repository_owner }}/cert-manager-webhook-dnsimple \
--set clusterIssuer.staging.enabled=true \
--set clusterIssuer.email="noreply@$DNSIMPLE_ZONE_NAME" \
--set image.tag=commit-${{ github.sha }}
kubectl get secrets cert-manager-webhook-dnsimple -o yaml


- name: Wait for cert-manager-webhook-dnsimple to be ready
run: |
kubectl wait --for=condition=available --timeout=600s deployment/cert-manager-webhook-dnsimple
kubectl get pods
kubectl get svc -o wide


- name: Create sample certificate that uses the webhook
env:
DNSIMPLE_ZONE_NAME: ${{ env.DNSIMPLE_ZONE_NAME }}
run: |
kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: dnsimple-test
namespace: default
spec:
dnsNames:
- "gh-action-test.$DNSIMPLE_ZONE_NAME"
issuerRef:
name: cert-manager-webhook-dnsimple-staging
kind: ClusterIssuer
secretName: dnsimple-test-tls
EOF


- name: Wait for certificate to be ready
run: |
kubectl wait --for=condition=ready --timeout=600s certificate/dnsimple-test
kubectl get certificate dnsimple-test


- name: Check DNSimple API for new TXT record
env:
DNSIMPLE_ZONE_NAME: ${{ env.DNSIMPLE_ZONE_NAME }}
run: |
dig +short TXT _acme-challenge.gh-action-test.$DNSIMPLE_ZONE_NAME
32 changes: 32 additions & 0 deletions .github/workflows/workflow_full-test-suite.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Run full test suite

on:
push:
branches:
- master
pull_request:
branches:
- master

jobs:
code-test:
name: Run tests on code
uses: ./.github/workflows/test-go.yaml
secrets: inherit


build-image:
name: Build Docker image
uses: ./.github/workflows/build-images.yaml
with:
tags: >
commit-${{ github.sha }}
latest
needs: code-test


webhook-tests:
name: Run tests on webhooks
needs: build-image
uses: ./.github/workflows/test-kubernetes.yaml
secrets: inherit
16 changes: 16 additions & 0 deletions .github/workflows/workflow_tagged-build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Publish a new tagged Docker image

on:
push:
tags: # v* tags are protected in the repository settings
- 'v*'

jobs:
docker-build:
name: Build tagged Docker image
uses: ./.github/workflows/build-images.yaml
with:
tags: >
${{ github.ref }}
commit-${{ github.sha }}
latest
5 changes: 4 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,7 @@
*.out

# Ignore the built binary
cert-manager-webhook-example
cert-manager-webhook-dnsimple

# Ignore kubebuilder test binaries
_test/
10 changes: 5 additions & 5 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
FROM golang:1.12.4-alpine AS build_deps
FROM golang:1.20-alpine AS build_deps

RUN apk add --no-cache git

WORKDIR /workspace
ENV GO111MODULE=on

COPY go.mod .
COPY go.sum .
COPY src/go.mod .
COPY src/go.sum .

RUN go mod download

FROM build_deps AS build

COPY . .
COPY src .

RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' .

FROM alpine:3.9
FROM alpine:3.17

RUN apk add --no-cache ca-certificates

Expand Down
35 changes: 20 additions & 15 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,20 +1,25 @@
IMAGE_NAME := "webhook"
IMAGE_TAG := "latest"
GO ?= $(shell which go)
OS ?= $(shell $(GO) env GOOS)
ARCH ?= $(shell $(GO) env GOARCH)
KUBE_VERSION=1.25.0

OUT := $(shell pwd)/_out
# required by go tests
export TEST_ASSET_ETCD=../_test/kubebuilder/etcd
export TEST_ASSET_KUBE_APISERVER=../_test/kubebuilder/kube-apiserver
export TEST_ASSET_KUBECTL=../_test/kubebuilder/kubectl

$(shell mkdir -p "$(OUT)")
test: _test/kubebuilder
cd src && $(GO) test -v .

verify:
go test -v .
_test/kubebuilder:
curl -fsSL https://go.kubebuilder.io/test-tools/$(KUBE_VERSION)/$(OS)/$(ARCH) -o kubebuilder-tools.tar.gz
mkdir -p _test/kubebuilder
tar -xvf kubebuilder-tools.tar.gz
mv kubebuilder/bin/* _test/kubebuilder/
rm kubebuilder-tools.tar.gz
rm -R kubebuilder

build:
docker build -t "$(IMAGE_NAME):$(IMAGE_TAG)" .
clean: clean-kubebuilder

.PHONY: rendered-manifest.yaml
rendered-manifest.yaml:
helm template \
--name example-webhook \
--set image.repository=$(IMAGE_NAME) \
--set image.tag=$(IMAGE_TAG) \
deploy/example-webhook > "$(OUT)/rendered-manifest.yaml"
clean-kubebuilder:
rm -Rf _test
Loading