Skip to content

chore(deps): Bump golang.org/x/crypto from 0.15.0 to 0.19.0 #1540

chore(deps): Bump golang.org/x/crypto from 0.15.0 to 0.19.0

chore(deps): Bump golang.org/x/crypto from 0.15.0 to 0.19.0 #1540

Workflow file for this run

name: CI
on:
push:
branches:
- '**'
- '!dependabot/**'
tags:
- '**'
pull_request: {}
jobs:
unit-ubuntu:
env:
TANZU_CLI_NO_INIT: true
TANZU_HOME: $HOME/tanzu
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: 1.20.x
- name: Grype scan
run: |
echo "##[group]Install grype"
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
echo "##[endgroup]"
echo "##[group]Scan source ."
grype dir:. --exclude ./hack,./vendor --exclude '**/testdata/**'
echo "##[endgroup]"
- name: Install tanzu cli
run: |
TANZU_VERSION=$(cat TANZU_VERSION)
mkdir -p ${TANZU_HOME}
curl -Lo tanzu-framework.tar.gz https://github.com/vmware-tanzu/tanzu-cli/releases/download/${TANZU_VERSION}/tanzu-cli-linux-amd64.tar.gz
tar -xzf tanzu-framework.tar.gz -C ${TANZU_HOME}
sudo mv ${TANZU_HOME}/${TANZU_VERSION}/tanzu-cli-linux_amd64 /usr/local/bin/tanzu
chmod +x /usr/local/bin/tanzu
tanzu config eula accept
tanzu version
tanzu plugin source init
tanzu plugin install builder --version ${TANZU_VERSION}
tanzu plugin list
- name: Scan Inclusive Terminology
uses: get-woke/woke-action@v0
with:
fail-on-error: true
woke-args: -c ./hack/woke/its-woke-rules.yaml
- name: Test
run: make test
- name: Codecov
uses: codecov/[email protected]
- name: Build Version
run: echo "PLUGIN_BUILD_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
if: startsWith(github.ref, 'refs/tags/')
- name: Build
run: make plugin-build
- uses: actions/upload-artifact@v3
with:
name: tanzu-apps-plugin.tar.gz
path: ./artifacts/tanzu-apps-plugin*.tar.gz
retention-days: 1
- name: Install
run: |
if [[ -z ${PLUGIN_BUILD_VERSION} ]]; then
PLUGIN_BUILD_SHA_SHORT=$(git rev-parse --short HEAD)
PLUGIN_BUILD_VERSION=$(cat APPS_PLUGIN_VERSION)-dev-$PLUGIN_BUILD_SHA_SHORT
fi
echo $PLUGIN_BUILD_VERSION
tanzu plugin install apps --version $PLUGIN_BUILD_VERSION --local ./artifacts/plugins/linux/amd64
- name: Verify docs
run: |
rm -rf docs/command-reference
tanzu apps docs --directory docs/command-reference
git diff --exit-code docs
continue-on-error: true
unit-windows:
env:
TANZU_CLI_NO_INIT: true
TANZU_HOME: c:/Program\ Files/tanzu
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: 1.20.x
- name: Install tanzu cli
run: |
$TANZU_VERSION = type .\TANZU_VERSION
mkdir "C:\Program Files\tanzu"
$Env:PATH += ";C:\Program Files\tanzu"
$TANZU_HOME = "C:\Program Files\tanzu"
$Env:TANZU_CLI_NO_INIT = "true"
curl -Lo tanzu-framework-windows-amd64.zip https://github.com/vmware-tanzu/tanzu-cli/releases/download/$TANZU_VERSION/tanzu-cli-windows-amd64.zip
tar -xf tanzu-framework-windows-amd64.zip
cp "$TANZU_VERSION\tanzu-cli-windows_amd64.exe" "C:\Program Files\tanzu\tanzu.exe"
tanzu config eula accept
tanzu plugin source init
tanzu plugin install builder --version ${TANZU_VERSION}
tanzu plugin list
- name: Test
run: |
$Env:PATH += ";C:\Program Files\tanzu"
make test
- name: Build
run: |
$Env:PATH += ";C:\Program Files\tanzu"
make plugin-build
- name: Install
run: |
$Env:PATH += ";C:\Program Files\tanzu"
$PLUGIN_BUILD_SHA_SHORT=git rev-parse --short HEAD
$APP_PLUGIN_VERSION=type .\APPS_PLUGIN_VERSION
$PLUGIN_BUILD_VERSION=$APP_PLUGIN_VERSION+'-dev-'+$PLUGIN_BUILD_SHA_SHORT
tanzu plugin install apps --version $PLUGIN_BUILD_VERSION --local ./artifacts/plugins/windows/amd64
unit-macos:
env:
TANZU_CLI_NO_INIT: true
TANZU_HOME: $HOME/tanzu
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: 1.20.x
- name: Install tanzu cli
run: |
TANZU_VERSION=$(cat TANZU_VERSION)
TANZU_HOME=$HOME/tanzu
mkdir -p $HOME/tanzu
curl -Lo tanzu-framework.tar.gz https://github.com/vmware-tanzu/tanzu-cli/releases/download/${TANZU_VERSION}/tanzu-cli-darwin-amd64.tar.gz
tar -xzf tanzu-framework.tar.gz -C ${TANZU_HOME}
sudo mv ${TANZU_HOME}/${TANZU_VERSION}/tanzu-cli-darwin_amd64 /usr/local/bin/tanzu
chmod +x /usr/local/bin/tanzu
tanzu config eula accept
tanzu plugin source init
tanzu plugin install builder --version ${TANZU_VERSION}
tanzu plugin list
- name: Test
run: make test
- name: Build Version
run: echo "PLUGIN_BUILD_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
if: startsWith(github.ref, 'refs/tags/')
- name: Build
run: make plugin-build
- name: Install
run: |
if [[ -z ${PLUGIN_BUILD_VERSION} ]]; then
PLUGIN_BUILD_SHA_SHORT=$(git rev-parse --short HEAD)
PLUGIN_BUILD_VERSION=$(cat APPS_PLUGIN_VERSION)-dev-$PLUGIN_BUILD_SHA_SHORT
fi
echo $PLUGIN_BUILD_VERSION
tanzu plugin install apps --version $PLUGIN_BUILD_VERSION --local ./artifacts/plugins/darwin/amd64
acceptance:
needs: [unit-ubuntu, unit-windows, unit-macos]
runs-on: ubuntu-latest
strategy:
matrix:
k8s:
- 1.22.7
- 1.23.5
- 1.24.6
- 1.25.2
- 1.26.0
- 1.27.2
env:
REGISTRY_NAME: registry.local
REGISTRY_USERNAME: ruser
REGISTRY_PASSWORD: rpass
BUNDLE: registry.local/integration-test/hellojar:source
TANZU_CLI_NO_INIT: true
TANZU_HOME: $HOME/tanzu
OS_ARCH: linux-amd64
steps:
- uses: actions/checkout@v4
- uses: vmware-tanzu/carvel-setup-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/setup-go@v4
with:
go-version: 1.20.x
- name: Download plugin bundle
uses: actions/download-artifact@v3
with:
name: tanzu-apps-plugin.tar.gz
- name: Install tanzu cli
run: |
TANZU_VERSION=$(cat TANZU_VERSION)
mkdir -p ${TANZU_HOME}
curl -Lo tanzu-framework.tar.gz https://github.com/vmware-tanzu/tanzu-cli/releases/download/${TANZU_VERSION}/tanzu-cli-linux-amd64.tar.gz
tar -xzf tanzu-framework.tar.gz -C ${TANZU_HOME}
sudo mv ${TANZU_HOME}/${TANZU_VERSION}/tanzu-cli-linux_amd64 /usr/local/bin/tanzu
chmod +x /usr/local/bin/tanzu
tanzu config eula accept
- name: Build dev version
run: |
PLUGIN_BUILD_SHA_SHORT=$(git rev-parse --short HEAD)
echo "PLUGIN_BUILD_VERSION=$(cat APPS_PLUGIN_VERSION)-dev-$PLUGIN_BUILD_SHA_SHORT" >> $GITHUB_ENV
echo $PLUGIN_BUILD_VERSION
if: startsWith(github.ref, 'refs/tags/') != true
- name: Build tag version
run: echo "PLUGIN_BUILD_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
if: startsWith(github.ref, 'refs/tags/')
- name: Install apps plugin
run: |
set -o errexit
set -o nounset
set -o pipefail
set -u
tar -xvf tanzu-apps-plugin.tar.gz
tanzu plugin install apps --local ./linux/amd64 --version ${PLUGIN_BUILD_VERSION:-v0.0.0-dev}
- name: Generate certs
run: |
set -o errexit
set -o nounset
set -o pipefail
CERT_DIR=$(mktemp -d -t certs.XXXX)
echo "CERT_DIR=$CERT_DIR" >> $GITHUB_ENV
echo "##[group]Install cfssl"
go install github.com/cloudflare/cfssl/cmd/[email protected]
go install github.com/cloudflare/cfssl/cmd/[email protected]
echo "##[endgroup]"
echo "##[group]Generate CA"
cfssl gencert -initca ./.github/tls/root-csr.json \
| cfssljson -bare ${CERT_DIR}/root-ca
cfssl gencert -ca ${CERT_DIR}/root-ca.pem -ca-key ${CERT_DIR}/root-ca-key.pem \
-config=".github/tls/config.json" \
-profile="intermediate" ./.github/tls/intermediate-csr.json \
| cfssljson -bare ${CERT_DIR}/signing-ca
cat ${CERT_DIR}/signing-ca.pem ${CERT_DIR}/root-ca.pem > ${CERT_DIR}/ca.pem
echo "##[endgroup]"
echo "##[group]Install CA"
# https://ubuntu.com/server/docs/security-trust-store
sudo apt-get install -y ca-certificates
echo "##[endgroup]"
echo "##[group]Generate cert"
cfssl gencert -ca ${CERT_DIR}/signing-ca.pem -ca-key ${CERT_DIR}/signing-ca-key.pem \
-config=".github/tls/config.json" \
-profile="server" \
-hostname="${REGISTRY_NAME},local-registry" \
.github/tls/server-csr.json \
| cfssljson -bare ${CERT_DIR}/server
echo "##[endgroup]"
- name: Setup local registry
run: |
set -o errexit
set -o nounset
set -o pipefail
# Create password file
REGISTRY_HTPWD=$(mktemp -d -t htpwd.XXXX)
docker run \
--entrypoint htpasswd \
httpd:2 -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} > ${REGISTRY_HTPWD}/htpasswd
# Run a registry.
docker run -d \
--restart=always \
--name local-registry \
-v ${CERT_DIR}:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.pem \
-e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem \
-p "443:443" \
registry:2
# Make the $REGISTRY_NAME -> local-registry
echo "$(hostname -I | cut -d' ' -f1) $REGISTRY_NAME" | sudo tee -a /etc/hosts
- name: Install kind
run: |
cd $(mktemp -d -t kind.XXXX)
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.16.0/kind-$(go env GOHOSTOS)-$(go env GOHOSTARCH)
chmod +x ./kind
sudo mv ./kind /usr/local/bin
cd -
- name: Create Cluster
run: |
set -o errexit
set -o nounset
set -o pipefail
# KinD configuration.
# create a cluster with the local registry enabled in containerd
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."${REGISTRY_NAME}"]
endpoint = ["https://local-registry"]
- |-
[plugins."io.containerd.grpc.v1.cri".registry.configs."local-registry".tls]
ca_file = "/etc/docker/certs.d/local-registry/ca.pem"
nodes:
- role: control-plane
image: kindest/node:v${{ matrix.k8s }}
extraMounts:
- containerPath: /etc/docker/certs.d/local-registry
hostPath: ${CERT_DIR}
EOF
# connect the registry to the cluster network
docker network connect kind local-registry
# Document the local registry
# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry wokeignore:rule=master
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
name: local-registry-hosting
namespace: kube-public
data:
localRegistryHosting.v1: |
host: "localhost"
help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
EOF
- name: Deploy Cartographer
run: |
set -o errexit
set -o nounset
set -o pipefail
echo "##[group]Apply cartographer"
kubectl create namespace cartographer-system
kapp deploy -y -a cartographer -n kube-system -f ./acceptance/vendor/cartographer/
echo "##[endgroup]"
- name: Integration test
run: |
set -o errexit
set -o nounset
set -o pipefail
echo "##[group]Integration Test"
make integration-test
echo "##[endgroup]"
continue-on-error: false
- name: Delete Gracefully
run: |
set -o errexit
set -o nounset
set -o pipefail
echo "##[group]Delete workload"
printf 'y' | tanzu apps workload delete petclinic
echo "##[endgroup]"
echo "##[group]Delete cartographer"
kapp delete -y -a cartographer -n kube-system
kubectl delete namespace cartographer-system
echo "##[endgroup]"
if: always()
- name: Cleanup cluster
run: kind delete cluster
if: always()
create-release:
needs:
- unit-ubuntu
- unit-windows
- unit-macos
- acceptance
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- name: Get the version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
- name: Draft release
id: create_release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ steps.get_version.outputs.VERSION }}
draft: true
- name: Create release info files
run: |
echo "${{ steps.get_version.outputs.VERSION }}" > RELEASE_INFO_VERSION
echo "${{ steps.create_release.outputs.upload_url }}" > RELEASE_INFO_UPLOAD_URL
- name: Upload release files
uses: actions/upload-artifact@v3
with:
name: tanzu-apps-plugin.tar.gz
path: RELEASE_INFO_*
retention-days: 1
release:
needs:
- create-release
if: startsWith(github.ref, 'refs/tags/')
strategy:
matrix:
os-arch: ["", -darwin-amd64, -linux-amd64, -windows-amd64]
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Download staged CLI binaries${{ matrix.os-arch }}
uses: actions/download-artifact@v3
with:
name: tanzu-apps-plugin.tar.gz
- name: Get release info
run: |
echo "RELEASE_VERSION=$(cat RELEASE_INFO_VERSION)" >> $GITHUB_ENV
echo "UPLOAD_URL=$(cat RELEASE_INFO_UPLOAD_URL)" >> $GITHUB_ENV
- name: Upload CLI release${{ matrix.os-arch }}
uses: actions/[email protected]
with:
upload_url: ${{ env.UPLOAD_URL }}
asset_path: tanzu-apps-plugin${{ matrix.os-arch }}.tar.gz
asset_name: tanzu-apps-plugin${{ matrix.os-arch }}-${{ env.RELEASE_VERSION }}.tar.gz
asset_content_type: application/gzip