name: CI on: push: branches: [master] pull_request: permissions: contents: read env: DAGGER_VERSION: 0.19.9 jobs: test: name: Test runs-on: ubuntu-latest services: postgres: image: postgres:10.8 env: TZ: UTC ports: - 5432 options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 postgres-ent: image: postgres:10.8 env: TZ: UTC ports: - 5432 options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 mysql: image: mysql:5.7 env: MYSQL_ROOT_PASSWORD: root MYSQL_DATABASE: dex ports: - 3306 options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5 mysql-ent: image: mysql:5.7 env: MYSQL_ROOT_PASSWORD: root MYSQL_DATABASE: dex ports: - 3306 options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5 etcd: image: gcr.io/etcd-development/etcd:v3.5.0 ports: - 2379 env: ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379 ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379 options: --health-cmd "ETCDCTL_API=3 etcdctl --endpoints http://localhost:2379 endpoint health" --health-interval 10s --health-timeout 5s --health-retries 5 keystone: image: openio/openstack-keystone:rocky ports: - 5000 - 35357 options: --health-cmd "curl --fail http://localhost:5000/v3" --health-interval 10s --health-timeout 5s --health-retries 5 steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: "1.25" - name: Download tool dependencies run: make deps # Ensure that generated files were committed. # It can help us determine, that the code is in the intermediate state, which should not be tested. # Thus, heavy jobs like creating a kind cluster and testing / linting will be skipped. - name: Verify run: make verify - name: Start services run: docker compose -f docker-compose.test.yaml up -d - name: Create kind cluster uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 with: version: "v0.17.0" node_image: "kindest/node:v1.25.3@sha256:cd248d1438192f7814fbca8fede13cfe5b9918746dfa12583976158a834fd5c5" - name: Test run: make testall env: DEX_MYSQL_DATABASE: dex DEX_MYSQL_USER: root DEX_MYSQL_PASSWORD: root DEX_MYSQL_HOST: 127.0.0.1 DEX_MYSQL_PORT: ${{ job.services.mysql.ports[3306] }} DEX_MYSQL_ENT_DATABASE: dex DEX_MYSQL_ENT_USER: root DEX_MYSQL_ENT_PASSWORD: root DEX_MYSQL_ENT_HOST: 127.0.0.1 DEX_MYSQL_ENT_PORT: ${{ job.services.mysql-ent.ports[3306] }} DEX_POSTGRES_DATABASE: postgres DEX_POSTGRES_USER: postgres DEX_POSTGRES_PASSWORD: postgres DEX_POSTGRES_HOST: localhost DEX_POSTGRES_PORT: ${{ job.services.postgres.ports[5432] }} DEX_POSTGRES_ENT_DATABASE: postgres DEX_POSTGRES_ENT_USER: postgres DEX_POSTGRES_ENT_PASSWORD: postgres DEX_POSTGRES_ENT_HOST: localhost DEX_POSTGRES_ENT_PORT: ${{ job.services.postgres-ent.ports[5432] }} DEX_ETCD_ENDPOINTS: http://localhost:${{ job.services.etcd.ports[2379] }} DEX_LDAP_HOST: localhost DEX_LDAP_PORT: 3890 DEX_LDAP_TLS_PORT: 6360 DEX_KEYSTONE_URL: http://localhost:${{ job.services.keystone.ports[5000] }} DEX_KEYSTONE_ADMIN_URL: http://localhost:${{ job.services.keystone.ports[35357] }} DEX_KEYSTONE_ADMIN_USER: demo DEX_KEYSTONE_ADMIN_PASS: DEMO_PASS DEX_KUBERNETES_CONFIG_PATH: ~/.kube/config lint: name: Lint runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: "1.25" - name: Download golangci-lint run: make bin/golangci-lint - name: Lint run: make lint artifacts: name: Artifacts uses: ./.github/workflows/artifacts.yaml with: publish: ${{ github.event_name == 'push' }} secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} permissions: attestations: write contents: read packages: write id-token: write security-events: write helm: name: Helm runs-on: ubuntu-latest strategy: fail-fast: false matrix: kube-version: ["1.30", "1.31", "1.32", "1.33", "1.34", "1.35"] steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Run pipeline uses: dagger/dagger-for-github@d913e70051faf3b907d4dd96ef1161083c88c644 # v8.2.0 with: verb: call args: test helm-chart --kube-version ${{ matrix.kube-version }} # cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }} version: ${{ env.DAGGER_VERSION }} dependency-review: name: Dependency review runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Dependency Review uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3