-
Notifications
You must be signed in to change notification settings - Fork 0
232 lines (205 loc) · 9.67 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
name: CI
on:
push:
branches:
- 'main'
tags:
- '*.*.*'
paths-ignore:
- '*.md'
pull_request:
paths-ignore:
- '*.md'
workflow_dispatch:
jobs:
verify:
name: Build & Test
runs-on: ubuntu-latest
concurrency:
group: ci-concurrency-group-${{ github.ref }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: ~1.22
cache: true
- name: go version
run: |
go version
- name: build
run: |
make
- name: verify that generated code is up-to-date
run: |
# make (which we ran in the previous step) will implicitly also run the targets manifests & generate, which
# could potentially modify code that is under version control, if changes have been comitted that would have
# required updating manifests or generated code and these updates have not been done.
git diff --exit-code
- name: lint
run: |
make lint
- name: install Helm unittest plugin
shell: bash
run: |
helm plugin install https://github.com/helm-unittest/helm-unittest.git
- name: test
run: |
make test
# Builds and potentially pushes all container images. For pushes to PRs/branches, we simply verify that the image
# build still works, the resulting image will not be pushed to any target registry. For pushes to the main branch, the
# images are tagged with "main-dev", but not with a version x.y.z. Finally, for pushes to a tag (or when a tag is
# created), the images are tagged with the version indicated by the tag respectively, and also with latest. That is:
# Creating a GitHub release (or creating a git tag via other means) will trigger building images tagged with x.y.z
# meant for production use.
build-and-push-images:
name: Build Images
runs-on: ubuntu-latest
needs:
- verify
concurrency:
group: ci-concurrency-group-${{ github.ref }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# Note: By default, changed-files will compare against the last non-merge commit on the target branch for pull
# request events, and the previous remote commit of the current branch for push events.
- name: compile list of relevant changed files for instrumentation and operator controller image build
id: changed-files
uses: tj-actions/changed-files@v44
with:
files_yaml: |
instrumentation:
- .github/actions/build-image/**
- .github/workflows/ci.yaml
- images/instrumentation/**
operator_controller:
- .github/actions/build-image/**
- .github/workflows/ci.yaml
- go.mod
- go.sum
- api/**
- cmd/**
- internal/**
collector:
- .github/actions/build-image/**
- .github/workflows/ci.yaml
- images/collector/**
configuration_reloader:
- .github/actions/build-image/**
- .github/workflows/ci.yaml
- images/configreloader/**
- name: show changed files
env:
INSTRUMENTATION_CHANGED_FILES_FLAG: ${{ steps.changed-files.outputs.instrumentation_any_changed }}
INSTRUMENTATION_CHANGED_FILES_LIST: ${{ steps.changed-files.outputs.instrumentation_all_changed_files }}
OPERATOR_CONTROLLER_CHANGED_FILES_FLAG: ${{ steps.changed-files.outputs.operator_controller_any_changed }}
OPERATOR_CONTROLLER_CHANGED_FILES_LIST: ${{ steps.changed-files.outputs.operator_controller_all_changed_files }}
COLLECTOR_CHANGED_FILES_FLAG: ${{ steps.changed-files.outputs.collector_any_changed }}
COLLECTOR_CHANGED_FILES_LIST: ${{ steps.changed-files.outputs.collector_all_changed_files }}
CONFIGURATION_RELOADER_CHANGED_FILES_FLAG: ${{ steps.changed-files.outputs.configuration_reloader_any_changed }}
CONFIGURATION_RELOADER_CHANGED_FILES_LIST: ${{ steps.changed-files.outputs.configuration_reloader_all_changed_files }}
run: |
echo "files for instrumentation image have changed: $INSTRUMENTATION_CHANGED_FILES_FLAG"
echo "changed files for instrumentation image: $INSTRUMENTATION_CHANGED_FILES_LIST"
echo "files for operator controller image have changed: $OPERATOR_CONTROLLER_CHANGED_FILES_FLAG"
echo "changed files for operator controller image: $OPERATOR_CONTROLLER_CHANGED_FILES_LIST"
echo "files for collector image have changed: $COLLECTOR_CHANGED_FILES_FLAG"
echo "changed files for collector image: $COLLECTOR_CHANGED_FILES_LIST"
echo "files for configuration reloader image have changed: $CONFIGURATION_RELOADER_CHANGED_FILES_FLAG"
echo "changed files for configuration reloader image: $CONFIGURATION_RELOADER_CHANGED_FILES_LIST"
- name: build instrumentation image
uses: ./.github/actions/build-image
if: steps.changed-files.outputs.instrumentation_any_changed == 'true' || contains(github.ref, 'refs/tags/')
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
imageName: instrumentation
imageTitle: Dash0 Instrumentation
imageDescription: contains Dash0 OpenTelemetry distributions for multiple runtimes
imageUrl: https://github.com/dash0hq/dash0-operator/tree/main/images/instrumentation
context: images/instrumentation
- name: build collector image
uses: ./.github/actions/build-image
if: steps.changed-files.outputs.collector_any_changed == 'true' || contains(github.ref, 'refs/tags/')
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
imageName: collector
imageTitle: Dash0 Kubernetes Collector
imageDescription: the OpenTelemetry collector for the Dash0 Kubernetes operator
imageUrl: https://github.com/dash0hq/dash0-operator/tree/main/images/collector
context: images/collector
- name: build configuration reloader image
uses: ./.github/actions/build-image
if: steps.changed-files.outputs.configuration_reloader_any_changed == 'true' || contains(github.ref, 'refs/tags/')
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
imageName: configuration-reloader
imageTitle: Dash0 Kubernetes Configuration Reloader
imageDescription: the configuration reloader for the Dash0 Kubernetes operator
imageUrl: https://github.com/dash0hq/dash0-operator/tree/main/images/configreloader
context: images/configreloader
- name: build operator controller image
uses: ./.github/actions/build-image
if: steps.changed-files.outputs.operator_controller_any_changed == 'true' || contains(github.ref, 'refs/tags/')
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
imageName: operator-controller
imageTitle: Dash0 Kubernetes Operator Controller
imageDescription: the controller for the Dash0 Kubernetes operator
imageUrl: https://github.com/dash0hq/dash0-operator/tree/main
context: .
publish-helm-chart-dry-run:
name: Publish Helm Chart (Dry Run)
runs-on: ubuntu-latest
if: ${{ ! contains(github.ref, 'refs/tags/') && github.actor != 'dependabot[bot]'}}
needs:
- build-and-push-images
concurrency:
group: ci-concurrency-group-${{ github.ref }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- name: publish helm chart (dry run)
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
echo "verifying that helm chart can be published"
DRY_RUN=true helm-chart/bin/publish.sh 0.0.0
# By default, when a GH action run is triggered by dependabot, it will only get read-only permissions.
# See https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#changing-github_token-permissions
# For that reason, we skip the check whether the Helm chart can still be published for Dependabot update PRs.
# Those PRs do not change the Helm chart anyway.
# Note that the value of the "name" attribute needs to be identical to the publish-helm-chart-dry-run job, since the
# branch protection rules reference this property, and it is a required check.
skip-publish-helm-chart-dry-run-for-dependabot:
name: Publish Helm Chart (Dry Run)
runs-on: ubuntu-latest
if: ${{ ! contains(github.ref, 'refs/tags/') && github.actor == 'dependabot[bot]'}}
needs:
- build-and-push-images
concurrency:
group: ci-concurrency-group-${{ github.ref }}
cancel-in-progress: true
steps:
- name: skipping publish helm chart (dry run)
run: |
echo skipping publish helm chart dry run for dependabot commit
publish-helm-chart:
name: Publish Helm Chart
runs-on: ubuntu-latest
if: ${{ contains(github.ref, 'refs/tags/') && github.actor != 'dependabot[bot]'}}
needs:
- build-and-push-images
concurrency:
group: ci-concurrency-group-${{ github.ref }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- name: publish helm chart
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
echo "publishing helm chart version ${{ github.ref_name }}"
helm-chart/bin/publish.sh ${{ github.ref_name }}