support byovpc and clean up list filtering #681
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**/**.md' | |
| - 'docs/**' | |
| pull_request: | |
| branches: | |
| - "*" | |
| paths-ignore: | |
| - '**/**.md' | |
| - 'docs/**' | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| actions: read | |
| concurrency: | |
| group: build-test-ci-${{ github.ref }}-1 | |
| cancel-in-progress: true | |
| jobs: | |
| go-build-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| proxy.golang.org:443 | |
| sum.golang.org:443 | |
| objects.githubusercontent.com:443 | |
| storage.googleapis.com:443 | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.22' | |
| - name: Build | |
| run: make build | |
| - name: Test | |
| run: make test | |
| go-analyse: | |
| needs: go-build-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| proxy.golang.org:443 | |
| sum.golang.org:443 | |
| objects.githubusercontent.com:443 | |
| registry-1.docker.io:443 | |
| auth.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| vuln.go.dev:443 | |
| storage.googleapis.com:443 | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.22' | |
| - name: Docker cache | |
| uses: ScribeMD/[email protected] | |
| with: | |
| key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }}} | |
| - name: Lint | |
| run: make lint | |
| - name: Gosec | |
| run: make gosec | |
| - name: Vulncheck | |
| run: make vulncheck | |
| - name: Nilcheck | |
| run: make nilcheck | |
| e2e-test: | |
| needs: [go-build-test, docker-build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.linode.com:443 | |
| api.github.com:443 | |
| github.com:443 | |
| gcr.io:443 | |
| proxy.golang.org:443 | |
| sum.golang.org:443 | |
| *.githubusercontent.com:443 | |
| docker.io:443 | |
| registry-1.docker.io:443 | |
| auth.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| storage.googleapis.com:443 | |
| registry.k8s.io:443 | |
| *.pkg.dev:443 | |
| *.amazonaws.com:443 | |
| *.blob.core.windows.net:443 | |
| quay.io:443 | |
| *.quay.io:443 | |
| api.snapcraft.io:443 | |
| cloud.tilt.dev:443 | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.22' | |
| - name: Docker cache | |
| uses: ScribeMD/[email protected] | |
| with: | |
| key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }}} | |
| - name: E2E test | |
| run: make e2etest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.github_token }} | |
| LINODE_TOKEN: ${{ secrets.LINODE_TOKEN }} | |
| - name: Copy logs | |
| if: ${{ always() }} | |
| run: docker cp tilt-control-plane:/var/log .logs | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: logs | |
| path: .logs/* | |
| chainsaw-test: | |
| needs: [go-build-test, docker-build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.linode.com:443 | |
| api.github.com:443 | |
| github.com:443 | |
| gcr.io:443 | |
| proxy.golang.org:443 | |
| sum.golang.org:443 | |
| *.githubusercontent.com:443 | |
| docker.io:443 | |
| registry-1.docker.io:443 | |
| auth.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| storage.googleapis.com:443 | |
| registry.k8s.io:443 | |
| *.pkg.dev:443 | |
| *.amazonaws.com:443 | |
| *.blob.core.windows.net:443 | |
| quay.io:443 | |
| *.quay.io:443 | |
| api.snapcraft.io:443 | |
| cloud.tilt.dev:443 | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.22' | |
| - name: Docker cache | |
| uses: ScribeMD/[email protected] | |
| with: | |
| key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }}} | |
| - name: Chainsaw test | |
| run: make chainsaw-test | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.github_token }} | |
| LINODE_TOKEN: ${{ secrets.LINODE_TOKEN }} | |
| - name: Copy logs | |
| if: ${{ always() }} | |
| run: docker cp tilt-control-plane:/var/log .logs | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: logs | |
| path: .logs/* | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| proxy.golang.org:443 | |
| sum.golang.org:443 | |
| objects.githubusercontent.com:443 | |
| registry-1.docker.io:443 | |
| auth.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| gcr.io:443 | |
| storage.googleapis.com:443 | |
| - uses: actions/checkout@v4 | |
| - name: Docker cache | |
| uses: ScribeMD/[email protected] | |
| with: | |
| key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }} | |
| - name: Build the Docker image | |
| run: make docker-build |