ci: update workflows (#22)

raffis · web-flow · commit f1de570b3377 · 2023-04-24T15:11:56.000+02:00
* ci: update workflows

* ci: docker-build depends on build

* ci: build target

* ci: remove old dockerfile from goreleaser

* ci: update kind version

* ci: disable cgo
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -0,0 +1,30 @@
+name: main
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3
+      - name: Setup Go
+        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
+        with:
+          go-version: 1.20.x
+      - name: Restore Go cache
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Tests
+        run: make test
+      - name: Send go coverage report
+        uses: shogo82148/actions-goveralls@31ee804b8576ae49f6dc3caa22591bc5080e7920 #v1.6.0
+        with:
+          path-to-profile: coverage.out
diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml
@@ -47,17 +47,15 @@ jobs:
           fi
       - name: Build container image
         run: |
-          make docker-build IMG=test/k8soauth2-proxy-controller:latest BUILD_PLATFORMS=linux/amd64 \
-            BUILD_ARGS="--cache-from=type=local,src=/tmp/.buildx-cache \
-            --cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max"
+          make docker-build
       - name: Setup Kubernetes
         uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0
         with:
           version: v0.17.0
       - name: Load test image
-        run: kind load docker-image test/k8soauth2-proxy-controller:latest
+        run: kind load docker-image k8soauth2-proxy-controller:latest
       - name: Deploy controller
-        run: make deploy IMG=test/k8soauth2-proxy-controller:latest
+        run: make deploy
       - name: Debug failure
         if: failure()
         run: |
diff --git a/.github/workflows/pr-chart.yaml b/.github/workflows/pr-chart.yaml
@@ -1,4 +1,4 @@
-name: Lint and Test Charts
+name: pr-chart
 
 on: pull_request
 
diff --git a/.github/workflows/release-chart.yaml b/.github/workflows/release-chart.yaml
@@ -1,4 +1,4 @@
-name: Release Chart
+name: release-chart
 
 on:
   push:
diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
@@ -0,0 +1,41 @@
+name: scan
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+  schedule:
+    - cron: '18 10 * * 3'
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for codeQL to write security events
+
+jobs:
+  fossa:
+    name: FOSSA
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      - name: Run FOSSA scan and upload build data
+        uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2.0.0
+        with:
+          # FOSSA Push-Only API Token
+          fossa-api-key: 956b9b92c5b16eeca1467cebe104f2c3
+          github-token: ${{ github.token }}
+
+  codeql:
+    name: CodeQL
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@dc046388f30eacf938aadd32064285f437bd9c04 #codeql-bundle-20221020
+        with:
+          languages: go
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@dc046388f30eacf938aadd32064285f437bd9c04 #codeql-bundle-20221020
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@dc046388f30eacf938aadd32064285f437bd9c04 #codeql-bundle-20221020
diff --git a/.gitignore b/.gitignore
@@ -6,6 +6,7 @@
 *.so
 *.dylib
 bin
+manager
 
 # Test binary, build with `go test -c`
 *.test
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -33,7 +33,7 @@ sboms:
 dockers:
 - image_templates:
   - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64
-  dockerfile: Dockerfile.release
+  dockerfile: Dockerfile
   use: buildx
   ids:
   - manager
@@ -50,7 +50,7 @@ dockers:
 - image_templates: 
   - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8
   goarch: arm64
-  dockerfile: Dockerfile.release
+  dockerfile: Dockerfile
   use: buildx
   ids:
   - manager
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,17 +2,11 @@
 
 ### Controller release
 1. Merge all pr's to master which need to be part of the new release
-2. Create pr to master with these changes:
-  1. Bump kustomization
-  2. Create CHANGELOG.md entry with release and date
-3. Merge pr
-4. Push a tag following semantic versioning prefixed by 'v'. Do not create a github release, this is done automatically.
-5. Create new branch and add the following changes:
+2. Create pr to master and bump the kustomization base
+3. Push a tag following semantic versioning prefixed by 'v'. Do not create a github release, this is done automatically.
+4. Create a new pr and add the following changes:
   1. Bump chart version
   2. Bump charts app version
-6. Create pr to master and merge
 
 ### Helm chart change only
-1. Create branch with changes
-2. Bump chart version
-3. Create pr to master and merge
+1. Bump the helm chart version in the pr
diff --git a/Dockerfile b/Dockerfile
@@ -1,22 +1,7 @@
-# Build the manager binary
-FROM golang:1.20 as builder
-
-WORKDIR /workspace
-COPY . .
-
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
-# Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
-
-# Use distroless as minimal base image to package the manager binary
-# Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
-COPY --from=builder /workspace/manager .
-USER nonroot:nonroot
+COPY manager manager
+USER 65532:65532
 
 # User env is required by opentelemetry-go
 ENV USER=k8soauth2-proxy-controller
diff --git a/Dockerfile.release b/Dockerfile.release
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 
 # Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= k8soauth2-proxy-controller:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.23
 
@@ -71,7 +71,7 @@ test: manifests generate fmt vet tidy envtest ## Run tests.
 
 .PHONY: build
 build: generate fmt vet tidy ## Build manager binary.
-	go build -o bin/manager main.go
+	CGO_ENABLED=0 go build -o manager main.go
 
 .PHONY: run
 run: manifests generate fmt vet tidy ## Run a controller from your host.
@@ -88,7 +88,7 @@ api-docs: gen-crd-api-reference-docs
 	$(GEN_CRD_API_REFERENCE_DOCS) -api-dir=./api/v1beta1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/api/v1beta1.md
 
 .PHONY: docker-build
-docker-build:
+docker-build: build
 	docker build -t ${IMG} .
 
 .PHONY: docker-push

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-name: Lint and Test Charts`
	`1`	`+name: pr-chart`
`2`	`2`
`3`	`3`	`on: pull_request`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-name: Release Chart`
	`1`	`+name: release-chart`
`2`	`2`
`3`	`3`	`on:`
`4`	`4`	`push:`
-Original file line number
+Diff line change
 *.so
 *.dylib
 bin
 +manager
 # Test binary, build with `go test -c`
 *.test