GitHub actions Build, Test and Release workflows (#94)

* Switching to Github Codeowners

* Generate Codecoverage reports

* Initial Build workflows

* Upgrade to go1.18

* Fix Code Owners

* Swith to ubuntu-latest

* General fixes

* Update to go 1.20

* Initial Dependabot setup

* Upgrade all the things

* Fix up testcoverage check

* Switching to Go-lang/jwt

* Only build the image if lint and tests pass

* Simple Helm lint Test

* Update Dockerfile to alpine:3.17.2

* helm chart fixes (#102)

* Adding Error Counter Metric

* Adding Semver Prefix and fix typo

* Revert "helm chart fixes (#102)" (#103)

This reverts commit 9185224.

* Resolve issue 63 (#101)

* Allow for overriding Token Path (#100)

* Increase the number of Tags fetched for Docker Registries (#99)

* Adding k8s.io support (#98)

* Better support for selfHosted and SSL connections (#95)

* Enable SSL Skip Verify if you're unable to provide a valid certificate bundle

* Allow for additional Certs to be added into the CA Chain

* Update README.md for helm installation

* Adding initial release workflow

* Build multi-arch images

* Fix Dockerfile build artifact

* Tag and Upload to quay.io/jetstack/version-checker instead of docker hub

* Swithcing to main as the default branch changed

* Set up for review

* Switch to using sha for PR builds

Author: davidcollom

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @davidcollom

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0
+
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0

.github/workflows/build-test.yaml

@@ -0,0 +1,96 @@
+name: Test & Build
+on:
+  pull_request:
+    branches:
+      - 'main'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
+    name: Lint Go code
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - name: Setup Golang
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
+        with:
+          version: v1.53
+          args: --timeout 10m --exclude SA5011 --verbose --issues-exit-code=0
+          only-new-issues: true
+
+  test:
+    name: Run unit tests for Go packages
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3 # v3.5.3
+    - name: Setup Go
+      uses: actions/setup-go@v4
+
+    - name: Download and required packages
+      run: |
+        make deps
+
+    - name: Run all unit tests
+      run: make test
+
+    - name: check test coverage
+      uses: vladopajic/go-test-coverage@v2
+      with:
+        config: ./.testcoverage.yml
+
+    - name: Generate code coverage artifacts
+      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      with:
+        name: code-coverage
+        path: coverage.out
+
+  build:
+    needs:
+      - test
+      - lint
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+          - linux/arm/v7
+    name: Build Images
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+      with:
+        platforms: ${{ matrix.platform }}
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        registry: quay.io
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+
+    - name: Build and push
+      uses: docker/build-push-action@v4
+      with:
+        context: .
+        platforms: ${{ matrix.platform }}
+        push: false
+        tags: quay.io/jetstack/version-checker:${{github.sha}}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

.github/workflows/helm-test.yaml

@@ -0,0 +1,51 @@
+name: Test Helm Chart
+on:
+  pull_request:
+    paths:
+      - 'deploy/charts/version-checker/**'
+    branches:
+      - 'main'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
+    name: Lint Helm Chart
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+      - uses: azure/setup-helm@v3
+
+      - run: helm lint deploy/charts/version-checker
+
+  test:
+    name: Run unit tests for Helm Chart
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+      - uses: azure/setup-helm@v3
+        with:
+          token: ${{ github.token }}
+
+      - name: Install helm Plugins
+        run: |
+          if [ ! -e "${HELM_PLUGINS}/helm-unittest" ]; then
+            helm plugin install https://github.com/helm-unittest/helm-unittest.git
+          fi
+
+      - name: Run Tests
+        run: |
+          if [ ! -e "deploy/charts/verson-checker/tests" ]; then
+            echo "Not running tests, directory doesn't exist: deploy/charts/verson-checker/tests"
+            exit 0
+          fi
+          helm unittest --helm3 --color deploy/charts/verson-checker

.github/workflows/release.yaml

@@ -0,0 +1,103 @@
+name: Version-Checker Release
+
+on:
+  push:
+    branches:
+      - 'release-.*'
+    tags:
+        - '*'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  helm-release:
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout our Repo
+      - uses: actions/checkout@v3
+        with:
+          path: version-checker
+
+      - name: checkout jetstack-charts
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.JETSTACK_CHARTS_PAT }}
+          repository: jetstack/jetstack-charts
+          ref: main
+          path: jetstack-charts
+
+      - uses: azure/setup-helm@v3
+        with:
+          token: ${{ github.token }}
+
+      - name: package helm chart
+        run: |
+          helm package version-checker/deploy/charts/version-checker -d jetstack-charts/charts/
+
+      - name: Creating PR
+        uses: peter-evans/create-pull-request@v5
+        with:
+          token: ${{ secrets.JETSTACK_CHARTS_PAT }}
+          title: "Release version-checker ${{github.ref_name }}"
+          commit-message: "Release version-checker ${{github.ref_name }}"
+          branch: version-checker/${{github.ref_name}}
+          path: jetstack-charts
+          add-paths: charts/*.tgz
+          delete-branch: true
+          signoff: true
+          base: main
+          draft: ${{ contains('-rc', github.ref_name) || !startsWith(github.ref, 'refs/tags/') }}
+
+  docker-release:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+          - linux/arm/v7
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: ${{ matrix.platform }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+
+      - name: Build and push (if applicable)
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          platforms: ${{ matrix.platform }}
+          push: ${{ !startsWith(github.ref, 'refs/tags/') }}
+          tags: quay.io/jetstack/version-checker:${{github.ref_name}}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+
+  github-release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Create Release / Change Logs
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: ${{ !startsWith(github.ref, 'refs/tags/') }}
+          prerelease: ${{ contains('-rc', github.ref_name) || !startsWith(github.ref, 'refs/tags/') }}
+          generate_release_notes: true

.gitignore

@@ -1 +1,2 @@
 /bin
+coverage.out

.testcoverage.yml

@@ -0,0 +1,38 @@
+# (mandatory)
+# Path to coverprofile file (output of `go test -coverprofile` command)
+profile: coverage.out
+
+# (optional)
+# When specified reported file paths will not contain local prefix in the output
+# local-prefix: "github.com/org/project"
+
+# Holds coverage thresholds percentages, values should be in range [0-100]
+threshold:
+  # (optional; default 0)
+  # The minimum coverage that each file should have
+  file: 0
+
+  # (optional; default 0)
+  # The minimum coverage that each package should have
+  package: 0
+
+  # (optional; default 0)
+  # The minimum total coverage project should have
+  total: 0
+
+# Holds regexp rules which will override thresholds for matched files or packages
+# override:
+#   # Increase coverage threshold to 100% for `foo` package (default is 80, as configured above)
+#   - threshold: 100
+#     path: ^pkg/lib/foo$
+
+# Holds regexp rules which will exclude matched files or packages from coverage statistics
+# exclude:
+#   # Exclude files or packages matching their paths
+#   paths:
+#     - \.pb\.go$    # excludes all protobuf generated files
+#     - ^pkg/bar     # exclude package `pkg/bar`
+
+# NOTES:
+# - symbol `/` in all path regexps will be replaced by
+#   current OS file path separator to properly work on Windows

Dockerfile

@@ -1,8 +1,18 @@
-FROM alpine:3.12
+FROM golang:1.20-alpine as builder
+
+RUN apk --no-cache add make
+
+COPY . /app/
+WORKDIR /app/
+
+RUN make build
+
+
+FROM alpine:3.18.2
 LABEL description="Kubernetes utility for exposing used image versions compared to the latest version, as metrics."
 
 RUN apk --no-cache add ca-certificates
 
-COPY ./bin/version-checker-linux /usr/bin/version-checker
+COPY --from=builder /app/bin/version-checker /usr/bin/version-checker
 
 ENTRYPOINT ["/usr/bin/version-checker"]

Makefile

@@ -6,17 +6,21 @@ help:  ## display this help
 
 .PHONY: help build image all clean
 
-test: ## test version-checker
-	go test ./...
+deps: ## Download all Dependencies
+	go mod download
 
-build: ## build version-checker
+test: deps ## test version-checker
+	go test ./... -coverprofile=coverage.out
+
+$(BINDIR):
 	mkdir -p $(BINDIR)
+
+build: deps $(BINDIR) ## build version-checker
 	CGO_ENABLED=0 go build -o ./bin/version-checker ./cmd/.
 
 verify: test build ## tests and builds version-checker
 
 image: ## build docker image
-	GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o ./bin/version-checker-linux ./cmd/.
 	docker build -t quay.io/jetstack/version-checker:v0.2.2 .
 
 clean: ## clean up created files