Skip to content

Commit

Permalink
Grouped CI related cherry-picks
Browse files Browse the repository at this point in the history
- Add args to golangci-lint to show lines number kubernetes-sigs#2180
- Align github actions with upstream CAPI kubernetes-sigs#2167
- flavorgen generates all flavors by default kubernetes-sigs#2172
  - only CI parts
- Add verify-govulncheck target and integrate to scan action kubernetes-sigs#2174
- Use shellcheck binary instead of self-built docker image kubernetes-sigs#2211
- Add doctoc and generate + verify targets kubernetes-sigs#2147
  - only CI parts
  • Loading branch information
lubronzhan authored and chrischdi committed Aug 15, 2023
1 parent 57c83f1 commit 70fb337
Show file tree
Hide file tree
Showing 121 changed files with 516 additions and 14,746 deletions.
34 changes: 34 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
# GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: ":seedling:"
labels:
- "ok-to-test"

# Go
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
ignore:
# Ignore controller-runtime as its upgraded manually.
- dependency-name: "sigs.k8s.io/controller-runtime"
update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
# Ignore k8s and its transitives modules as they are upgraded manually
# together with controller-runtime.
- dependency-name: "k8s.io/*"
update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
- dependency-name: "sigs.k8s.io/cluster-api/test"
update-types: ["version-update:semver-major", "version-update:semver-minor"]
commit-message:
prefix: ":seedling:"
labels:
- "ok-to-test"
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: golangci-lint
name: PR golangci-lint

on:
pull_request:
Expand All @@ -17,10 +17,11 @@ jobs:
id: vars
run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
- name: Set up Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # tag=v4.0.1
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # tag=v4.1.0
with:
go-version: ${{ steps.vars.outputs.go_version }}
- name: golangci-lint
uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # tag=v3.6.0
with:
version: v1.53.3
version: v1.53.3
args: --out-format=colored-line-number
23 changes: 23 additions & 0 deletions .github/workflows/pr-md-link-check.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: PR check Markdown links

on:
pull_request:
types: [opened, edited, synchronize, reopened]
paths:
- '**.md'

# Remove all permissions from GITHUB_TOKEN except metadata.
permissions: {}

jobs:
markdown-link-check:
name: Broken Links
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.5.3
- uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # tag=v1
with:
use-quiet-mode: 'yes'
config-file: .markdownlinkcheck.json
check-modified-files-only: 'yes'
base-branch: main
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Verify PR
name: PR Verify

on:
pull_request_target:
Expand All @@ -14,6 +14,6 @@ jobs:
steps:
- name: Verifier action
id: verifier
uses: kubernetes-sigs/[email protected]
uses: kubernetes-sigs/kubebuilder-release-tools@4f3d1085b4458a49ed86918b4b55505716715b77 # tag=v0.3.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
- name: Calculate go version
run: echo "go_version=$(make go-version)" >> $GITHUB_ENV
- name: Set up Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # tag=v4.0.1
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # tag=v4.1.0
with:
go-version: ${{ env.go_version }}
- name: generate release artifacts
Expand Down
32 changes: 0 additions & 32 deletions .github/workflows/scan.yaml

This file was deleted.

26 changes: 26 additions & 0 deletions .github/workflows/weekly-md-link-check.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Weekly check all Markdown links

on:
schedule:
# Cron for every Monday at 12:00 UTC.
- cron: "0 12 * * 1"

# Remove all permissions from GITHUB_TOKEN except metadata.
permissions: {}

jobs:
markdown-link-check:
name: Broken Links
strategy:
fail-fast: false
matrix:
branch: [ main, release-1.8, release-1.7, release-1.6, release-1.5 ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.5.3
with:
ref: ${{ matrix.branch }}
- uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # tag=v1
with:
use-quiet-mode: 'yes'
config-file: .markdownlinkcheck.json
32 changes: 32 additions & 0 deletions .github/workflows/weekly-security-scan.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Weekly security scan

on:
schedule:
# Cron for every Monday at 12:00 UTC.
- cron: "0 12 * * 1"

# Remove all permissions from GITHUB_TOKEN except metadata.
permissions: {}

jobs:
scan:
strategy:
fail-fast: false
matrix:
branch: [ main, release-1.8, release-1.7, release-1.6, release-1.5 ]
name: Trivy
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.5.3
with:
ref: ${{ matrix.branch }}
- name: Calculate go version
id: vars
run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # tag=v4.1.0
with:
go-version: ${{ steps.vars.outputs.go_version }}
- name: Run verify security target
run: make verify-security
40 changes: 40 additions & 0 deletions .github/workflows/weekly-test-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: Weekly release test

# Note: This workflow does not build for releases. It attempts to build release binaries periodically to ensure the repo
# release machinery is in a good state.

on:
schedule:
# Cron for every day at 12:00 UTC.
- cron: "0 12 * * *"

# Remove all permissions from GITHUB_TOKEN except metadata.
permissions: {}

jobs:
weekly-test-release:
name: Test release
strategy:
fail-fast: false
matrix:
branch: [ main, release-1.8, release-1.7, release-1.6, release-1.5 ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.5.3
with:
ref: ${{ matrix.branch }}
fetch-depth: 0
- name: Set env
run: echo "RELEASE_TAG=v9.9.9-fake" >> $GITHUB_ENV
- name: Set fake tag for release
run: |
git tag ${{ env.RELEASE_TAG }}
- name: Calculate go version
run: echo "go_version=$(make go-version)" >> $GITHUB_ENV
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # tag=v4.1.0
with:
go-version: ${{ env.go_version }}
- name: Test release
run: |
make release
17 changes: 17 additions & 0 deletions .markdownlinkcheck.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"ignorePatterns": [{
"pattern": "^http://localhost"
}],
"httpHeaders": [{
"comment": "Workaround as suggested here: https://github.com/tcort/markdown-link-check/issues/201",
"urls": ["https://docs.github.com/"],
"headers": {
"Accept-Encoding": "zstd, br, gzip, deflate"
}
}],
"timeout": "10s",
"retryOn429": true,
"retryCount": 5,
"fallbackRetryDelay": "30s",
"aliveStatusCodes": [200, 206]
}
Loading

0 comments on commit 70fb337

Please sign in to comment.