Merge pull request #738 from dalton-hill-0/fn-conditions #1359

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- master
	- release-*
	pull_request: {}
	workflow_dispatch: {}

	env:
	# Common versions
	EARTHLY_VERSION: '0.8.13'

	# Force Earthly to use color output
	FORCE_COLOR: "1"

	# Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
	# a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
	# credentials have been provided before trying to run steps that need them.
	DOCKER_USR: ${{ secrets.DOCKER_USR }}

	jobs:
	check-diff:
	runs-on: ubuntu-22.04

	steps:
	- name: Checkout
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4

	- name: Setup Earthly
	uses: earthly/actions-setup@v1
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	version: ${{ env.EARTHLY_VERSION }}

	- name: Login to DockerHub
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	if: env.DOCKER_USR != ''
	with:
	username: ${{ secrets.DOCKER_USR }}
	password: ${{ secrets.DOCKER_PSW }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Configure Earthly to Push Cache to GitHub Container Registry
	if: github.ref == 'refs/heads/master'
	run: \|
	echo "EARTHLY_PUSH=true" >> $GITHUB_ENV
	echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV

	- name: Generate Files
	run: earthly --strict --remote-cache ghcr.io/crossplane/crossplane-runtime-earthly-cache:${{ github.job }} +generate

	- name: Count Changed Files
	id: changed_files
	run: echo "count=$(git status --porcelain \| wc -l)" >> $GITHUB_OUTPUT

	- name: Fail if Files Changed
	if: steps.changed_files.outputs.count != 0
	uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
	with:
	script: core.setFailed('Found changed files after running earthly +generate.')

	lint:
	runs-on: ubuntu-22.04

	steps:
	- name: Checkout
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4

	- name: Setup Earthly
	uses: earthly/actions-setup@v1
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	version: ${{ env.EARTHLY_VERSION }}

	- name: Login to DockerHub
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	if: env.DOCKER_USR != ''
	with:
	username: ${{ secrets.DOCKER_USR }}
	password: ${{ secrets.DOCKER_PSW }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Configure Earthly to Push Cache to GitHub Container Registry
	if: github.ref == 'refs/heads/master'
	run: \|
	echo "EARTHLY_PUSH=true" >> $GITHUB_ENV
	echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV

	- name: Lint
	run: earthly --strict --remote-cache ghcr.io/crossplane/crossplane-runtime-earthly-cache:${{ github.job }} +lint

	codeql:
	runs-on: ubuntu-22.04

	steps:
	- name: Checkout
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4

	- name: Setup Earthly
	uses: earthly/actions-setup@v1
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	version: ${{ env.EARTHLY_VERSION }}

	- name: Login to DockerHub
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	if: env.DOCKER_USR != ''
	with:
	username: ${{ secrets.DOCKER_USR }}
	password: ${{ secrets.DOCKER_PSW }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Configure Earthly to Push Cache to GitHub Container Registry
	if: github.ref == 'refs/heads/master'
	run: \|
	echo "EARTHLY_PUSH=true" >> $GITHUB_ENV
	echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV

	- name: Run CodeQL
	run: earthly --strict --remote-cache ghcr.io/crossplane/crossplane-runtime-earthly-cache:${{ github.job }} +ci-codeql

	- name: Upload CodeQL Results to GitHub
	uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3
	with:
	sarif_file: '_output/codeql/go.sarif'


	trivy-scan-fs:
	runs-on: ubuntu-22.04
	steps:
	- name: Checkout
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4

	- name: Run Trivy vulnerability scanner in fs mode
	uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # 0.21.0
	with:
	scan-type: 'fs'
	ignore-unfixed: true
	skip-dirs: design
	scan-ref: '.'
	severity: 'CRITICAL,HIGH'
	format: sarif
	output: 'trivy-results.sarif'

	- name: Upload Trivy Results to GitHub
	uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3
	with:
	sarif_file: 'trivy-results.sarif'

	unit-tests:
	runs-on: ubuntu-22.04

	steps:
	- name: Checkout
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4

	- name: Setup Earthly
	uses: earthly/actions-setup@v1
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	version: ${{ env.EARTHLY_VERSION }}

	- name: Login to DockerHub
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	if: env.DOCKER_USR != ''
	with:
	username: ${{ secrets.DOCKER_USR }}
	password: ${{ secrets.DOCKER_PSW }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Configure Earthly to Push Cache to GitHub Container Registry
	if: github.ref == 'refs/heads/master'
	run: \|
	echo "EARTHLY_PUSH=true" >> $GITHUB_ENV
	echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV

	- name: Run Unit Tests
	run: earthly --strict --remote-cache ghcr.io/crossplane/crossplane-runtime-earthly-cache:${{ github.job }} +test

	- name: Publish Unit Test Coverage
	uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4
	with:
	flags: unittests
	file: _output/tests/coverage.txt
	token: ${{ secrets.CODECOV_TOKEN }}

	protobuf-schemas:
	runs-on: ubuntu-22.04

	steps:
	- name: Checkout
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4

	- name: Setup Buf
	uses: bufbuild/buf-setup-action@v1
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Lint Protocol Buffers
	uses: bufbuild/buf-lint-action@v1
	with:
	input: apis

	# buf-breaking-action doesn't support branches
	# https://github.com/bufbuild/buf-push-action/issues/34
	- name: Detect Breaking Changes in Protocol Buffers
	uses: bufbuild/buf-breaking-action@a074e988ee34efcd4927079e79c611f428354c01 # v1
	# We want to run this for the master branch, and PRs against master.
	if: ${{ github.ref == 'refs/heads/master' \|\| github.base_ref == 'master' }}
	with:
	input: apis
	against: "https://github.com/${GITHUB_REPOSITORY}.git#branch=master,subdir=apis"

	- name: Push Protocol Buffers to Buf Schema Registry
	if: ${{ github.repository == 'crossplane/crossplane-runtime' && github.ref == 'refs/heads/master' }}
	uses: bufbuild/buf-push-action@v1
	with:
	input: apis
	buf_token: ${{ secrets.BUF_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #738 from dalton-hill-0/fn-conditions #1359

Workflow file

Merge pull request #738 from dalton-hill-0/fn-conditions #1359

Jobs

Run details

Workflow file for this run