Skip to content

self-decision-logger v0.0.10 #1726

self-decision-logger v0.0.10

self-decision-logger v0.0.10 #1726

Workflow file for this run

name: ci
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
push:
# Publish `main` as Docker `latest` image.
branches:
- main
- dev
- dev-*
- release-*
# Publish `v1.2.3` tags as releases.
tags:
- v*
# Run tests for all PRs
pull_request:
env:
VAULT_ADDR: https://vault.eng.aserto.com/
PRE_RELEASE: ${{ github.ref == 'refs/heads/main' && 'main' || '' }}
GO_VERSION: "1.23"
GO_RELEASER_VERSION: "v2.3.2"
GO_LANGCI_LINT_VERSION: "v1.61.0"
GO_TESTSUM_VERSION: "1.11.0"
SYFT_VERSION: "v1.13.0"
jobs:
test:
runs-on: ubuntu-latest
steps:
-
name: Read Configuration
uses: hashicorp/vault-action@v3
id: vault
with:
url: https://vault.eng.aserto.com/
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY;
kv/data/github "USERNAME" | DOCKER_USERNAME;
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD;
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN;
-
uses: actions/checkout@v4
-
name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Setup QEMU
uses: docker/setup-qemu-action@v3
-
name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v3
with:
registry: https://ghcr.io
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
-
name: Docker SSH Setup
run: |
mkdir -p $HOME/.ssh
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
git config --global url."[email protected]:".insteadOf https://github.com/
git config --global user.email "[email protected]"
git config --global user.name "Aserto Bot"
eval `ssh-agent`
ssh-add $HOME/.ssh/id_rsa
-
name: Build
uses: goreleaser/goreleaser-action@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: build --clean --snapshot --single-target
-
name: Lint
uses: golangci/golangci-lint-action@v6
with:
version: ${{ env.GO_LANGCI_LINT_VERSION }}
args: --timeout=30m
-
name: Test Snapshot
uses: goreleaser/goreleaser-action@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: release --clean --snapshot --config .goreleaser-test.yml
-
name: Test Setup
uses: gertd/[email protected]
with:
gotestsum_version: ${{ env.GO_TESTSUM_VERSION }}
-
name: Test
run: |
gotestsum --format short-verbose -- -count=1 -timeout 120s -parallel=1 -v -coverprofile=cover.out -coverpkg=github.com/aserto-dev/topaz/pkg/app/tests/authz/... github.com/aserto-dev/topaz/pkg/app/tests/authz/...
gotestsum --format short-verbose -- -count=1 -timeout 120s -parallel=1 -v -coverprofile=cover.out -coverpkg=github.com/aserto-dev/topaz/pkg/app/tests/builtin/... github.com/aserto-dev/topaz/pkg/app/tests/builtin/...
gotestsum --format short-verbose -- -count=1 -timeout 120s -parallel=1 -v -coverprofile=cover.out -coverpkg=github.com/aserto-dev/topaz/pkg/app/tests/manifest/... github.com/aserto-dev/topaz/pkg/app/tests/manifest/...
gotestsum --format short-verbose -- -count=1 -timeout 120s -parallel=1 -v -coverprofile=cover.out -coverpkg=github.com/aserto-dev/topaz/pkg/app/tests/policy/... github.com/aserto-dev/topaz/pkg/app/tests/policy/...
gotestsum --format short-verbose -- -count=1 -timeout 120s -parallel=1 -v -coverprofile=cover.out -coverpkg=github.com/aserto-dev/topaz/pkg/app/tests/query/... github.com/aserto-dev/topaz/pkg/app/tests/query/...
-
name: Templates Test
run: |
gotestsum --format short-verbose -- -count=1 -timeout 240s -parallel=1 -v -coverprofile=cover.out -coverpkg=github.com/aserto-dev/topaz/pkg/app/tests/template/... github.com/aserto-dev/topaz/pkg/app/tests/template/...
-
name: Templates Test (NoTLS)
run: |
gotestsum --format short-verbose -- -count=1 -timeout 120s -parallel=1 -v -coverprofile=cover.out -coverpkg=github.com/aserto-dev/topaz/pkg/app/tests/template-no-tls/... github.com/aserto-dev/topaz/pkg/app/tests/template-no-tls/...
-
name: Upload code coverage
uses: shogo82148/actions-goveralls@v1
continue-on-error: true
with:
path-to-profile: cover.out
push:
runs-on: ubuntu-latest
# when on a branch only push if the branch is main
# always push when ref is a tag
if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-') || startsWith(github.ref, 'refs/heads/dev-') || startsWith(github.ref, 'refs/tags/v') )
steps:
-
name: Read Configuration
uses: hashicorp/vault-action@v3
id: vault
with:
url: https://vault.eng.aserto.com/
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY;
kv/data/github "USERNAME" | DOCKER_USERNAME;
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD;
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN;
-
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Setup QEMU
uses: docker/setup-qemu-action@v3
-
name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v3
with:
registry: https://ghcr.io
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
-
name: Docker SSH Setup
run: |
mkdir -p $HOME/.ssh
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
git config --global url."[email protected]:".insteadOf https://github.com/
git config --global user.email "[email protected]"
git config --global user.name "Aserto Bot"
eval `ssh-agent`
ssh-add $HOME/.ssh/id_rsa
-
name: Wait for tests to succeed
uses: fountainhead/[email protected]
id: wait-for-tests
with:
token: ${{ env.READ_WRITE_TOKEN }}
checkName: test
ref: ${{ github.event.pull_request.head.sha || github.sha }}
-
name: Stop if tests fail
if: steps.wait-for-tests.outputs.conclusion != 'success'
run: exit 1
-
name: Setup syft
uses: anchore/sbom-action/download-syft@v0
with:
syft-version: ${{ env.SYFT_VERSION }}
-
name: Push image to GitHub Container Registry
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: release --clean --snapshot
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release:
needs: [test, push]
runs-on: ubuntu-latest
# Only release when ref is a tag
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
steps:
-
name: Read Configuration
uses: hashicorp/vault-action@v3
id: vault
with:
url: https://vault.eng.aserto.com/
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY;
kv/data/github "USERNAME" | DOCKER_USERNAME;
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD;
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN;
kv/data/github "ASERTO_TAP" | ASERTO_TAP;
-
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
-
name: Setup QEMU
uses: docker/setup-qemu-action@v3
-
name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v3
with:
registry: https://ghcr.io
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
-
name: Docker SSH Setup
run: |
mkdir -p $HOME/.ssh
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
git config --global url."[email protected]:".insteadOf https://github.com/
git config --global user.email "[email protected]"
git config --global user.name "Aserto Bot"
eval `ssh-agent`
ssh-add $HOME/.ssh/id_rsa
-
name: Setup syft
uses: anchore/sbom-action/download-syft@v0
with:
syft-version: ${{ env.SYFT_VERSION }}
-
name: Release
uses: goreleaser/goreleaser-action@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP: ${{ secrets.GITHUB_TOKEN }}
with:
distribution: goreleaser
version: ${{ env.GO_RELEASER_VERSION }}
args: release --clean
-
name: Archive deployment examples
run: |
cd docs/deployments/sidecar-deployment && zip topaz_deployment_examples.zip *.yaml
-
name: Upload deployment examples
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: docs/deployments/sidecar-deployment
asset_name: topaz_deployment_examples.zip
tag: ${{ github.ref }}
overwrite: false
msi:
needs: release
runs-on: windows-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Read Configuration
uses: hashicorp/vault-action@v3
id: vault
with:
url: ${{ env.VAULT_ADDR }}
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
kv/data/github "ROOT_TOKEN" | ROOT_TOKEN;
-
name: Download exe
id: download_exe
shell: bash
run: |
gh release download "${GITHUB_REF#refs/tags/}" -p "topaz_windows_x86_64.zip"
printf "zip=%s\n" *.zip >> $GITHUB_OUTPUT
unzip -o *.zip && rm -v *.zip
env:
GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }}
-
name: Install go-msi
run: choco install -y "go-msi"
-
name: Prepare PATH
shell: bash
run: |
echo "$WIX\\bin" >> $GITHUB_PATH
echo "C:\\Program Files\\go-msi" >> $GITHUB_PATH
-
name: Build MSI
id: buildmsi
shell: bash
env:
ZIP_FILE: ${{ steps.download_exe.outputs.zip }}
run: |
mkdir -p build
msi="$(basename "$ZIP_FILE" ".zip").msi"
printf "msi=${msi}" >> $GITHUB_OUTPUT
go-msi make --arch amd64 --msi "$PWD/$msi" --out "$PWD/build" --version "${GITHUB_REF#refs/tags/}"
-
name: Upload MSI
shell: bash
run: |
tag_name="${GITHUB_REF#refs/tags/}"
gh release upload "$tag_name" "$MSI_FILE" --repo aserto-dev/topaz --clobber
env:
MSI_FILE: ${{ steps.buildmsi.outputs.msi }}
GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }}