-
Notifications
You must be signed in to change notification settings - Fork 34
105 lines (92 loc) · 3.19 KB
/
ci-alpha-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: ci-alpha-build
on:
pull_request:
branches:
- main
paths:
- "apis/**"
- "cmd/**"
- "config/**"
- "internal/**"
- "pkg/**"
- ".gitmodules"
- "manifests/**"
- "vArmor-ebpf/**" # check submodule content
permissions: read-all
jobs:
build:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.SetVersion.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Checkout submodules
run: git submodule update --init --recursive
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.20"
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
platforms: linux/amd64,linux/arm64/v8
- name: Run build
run: make docker-build-dev
- name: Package helm chart
run: make helm-package-dev
- name: Login to registry
run: echo "${{ secrets.PUSH_PASSWORD }}" | docker login -u=${{ secrets.PUSH_USERNAME }} elkeid-ap-southeast-1.cr.volces.com --password-stdin
- name: Push artifacts to registry
run: make push-dev
- name: Upload Helm Chart as Artifact
uses: actions/upload-artifact@v2
with:
name: helm-chart
path: varmor-*.tgz
- id: SetVersion
run: echo "version=$(git describe --tags --match "v[0-9]*" | sed 's/^v//')">> "$GITHUB_OUTPUT"
deploy-and-basic-test:
needs: build
strategy:
fail-fast: false
matrix:
k8s_version: [ "1.20.15", "1.24.17", "1.26.14" ]
os: ["ubuntu-latest" ]
runs-on: ${{ matrix.os }}
env:
KUBE_VER: ${{ matrix.k8s_version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: debianmaster/actions-k3s@master
id: k3s
with:
version: v${{ matrix.k8s_version }}-k3s1
- name: Download Helm Chart Artifact
uses: actions/download-artifact@v2
with:
name: helm-chart
- name: Checkout submodules
run: git submodule update --init --recursive
- name: Install varmor alpha version
run: |
helm install varmor varmor-*.tgz \
--namespace varmor --create-namespace \
--set image.registry="elkeid-test-cn-beijing.cr.volces.com" \
--set image.username=${{ secrets.TEST_USERNAME }}" \
--set image.password=${{ secrets.TEST_PASSWORD }}" \
--set bpfLsmEnforcer.enabled=true \
--set "agent.bpfLsmEnforcer.volumes[0].hostPath.type=Directory,agent.bpfLsmEnforcer.volumes[0].hostPath.path=/run/k3s/containerd/,agent.bpfLsmEnforcer.volumes[0].name=containerd" \
--set "agent.bpfLsmEnforcer.volumes[1].hostPath.type=Directory,agent.bpfLsmEnforcer.volumes[1].hostPath.path=/proc,agent.bpfLsmEnforcer.volumes[1].name=procfs"
- name: Run basic test
run: ./.github/scripts/basic-test.sh
# - name: Kill all and clean up
# if: ${{ always() }}
# run: ./.github/scripts/kill-and-clean-all.sh