chore(deps): Bump golang.org/x/crypto from 0.15.0 to 0.19.0 #1540
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- '**' | |
- '!dependabot/**' | |
tags: | |
- '**' | |
pull_request: {} | |
jobs: | |
unit-ubuntu: | |
env: | |
TANZU_CLI_NO_INIT: true | |
TANZU_HOME: $HOME/tanzu | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: 1.20.x | |
- name: Grype scan | |
run: | | |
echo "##[group]Install grype" | |
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin | |
echo "##[endgroup]" | |
echo "##[group]Scan source ." | |
grype dir:. --exclude ./hack,./vendor --exclude '**/testdata/**' | |
echo "##[endgroup]" | |
- name: Install tanzu cli | |
run: | | |
TANZU_VERSION=$(cat TANZU_VERSION) | |
mkdir -p ${TANZU_HOME} | |
curl -Lo tanzu-framework.tar.gz https://github.com/vmware-tanzu/tanzu-cli/releases/download/${TANZU_VERSION}/tanzu-cli-linux-amd64.tar.gz | |
tar -xzf tanzu-framework.tar.gz -C ${TANZU_HOME} | |
sudo mv ${TANZU_HOME}/${TANZU_VERSION}/tanzu-cli-linux_amd64 /usr/local/bin/tanzu | |
chmod +x /usr/local/bin/tanzu | |
tanzu config eula accept | |
tanzu version | |
tanzu plugin source init | |
tanzu plugin install builder --version ${TANZU_VERSION} | |
tanzu plugin list | |
- name: Scan Inclusive Terminology | |
uses: get-woke/woke-action@v0 | |
with: | |
fail-on-error: true | |
woke-args: -c ./hack/woke/its-woke-rules.yaml | |
- name: Test | |
run: make test | |
- name: Codecov | |
uses: codecov/[email protected] | |
- name: Build Version | |
run: echo "PLUGIN_BUILD_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
if: startsWith(github.ref, 'refs/tags/') | |
- name: Build | |
run: make plugin-build | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: tanzu-apps-plugin.tar.gz | |
path: ./artifacts/tanzu-apps-plugin*.tar.gz | |
retention-days: 1 | |
- name: Install | |
run: | | |
if [[ -z ${PLUGIN_BUILD_VERSION} ]]; then | |
PLUGIN_BUILD_SHA_SHORT=$(git rev-parse --short HEAD) | |
PLUGIN_BUILD_VERSION=$(cat APPS_PLUGIN_VERSION)-dev-$PLUGIN_BUILD_SHA_SHORT | |
fi | |
echo $PLUGIN_BUILD_VERSION | |
tanzu plugin install apps --version $PLUGIN_BUILD_VERSION --local ./artifacts/plugins/linux/amd64 | |
- name: Verify docs | |
run: | | |
rm -rf docs/command-reference | |
tanzu apps docs --directory docs/command-reference | |
git diff --exit-code docs | |
continue-on-error: true | |
unit-windows: | |
env: | |
TANZU_CLI_NO_INIT: true | |
TANZU_HOME: c:/Program\ Files/tanzu | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: 1.20.x | |
- name: Install tanzu cli | |
run: | | |
$TANZU_VERSION = type .\TANZU_VERSION | |
mkdir "C:\Program Files\tanzu" | |
$Env:PATH += ";C:\Program Files\tanzu" | |
$TANZU_HOME = "C:\Program Files\tanzu" | |
$Env:TANZU_CLI_NO_INIT = "true" | |
curl -Lo tanzu-framework-windows-amd64.zip https://github.com/vmware-tanzu/tanzu-cli/releases/download/$TANZU_VERSION/tanzu-cli-windows-amd64.zip | |
tar -xf tanzu-framework-windows-amd64.zip | |
cp "$TANZU_VERSION\tanzu-cli-windows_amd64.exe" "C:\Program Files\tanzu\tanzu.exe" | |
tanzu config eula accept | |
tanzu plugin source init | |
tanzu plugin install builder --version ${TANZU_VERSION} | |
tanzu plugin list | |
- name: Test | |
run: | | |
$Env:PATH += ";C:\Program Files\tanzu" | |
make test | |
- name: Build | |
run: | | |
$Env:PATH += ";C:\Program Files\tanzu" | |
make plugin-build | |
- name: Install | |
run: | | |
$Env:PATH += ";C:\Program Files\tanzu" | |
$PLUGIN_BUILD_SHA_SHORT=git rev-parse --short HEAD | |
$APP_PLUGIN_VERSION=type .\APPS_PLUGIN_VERSION | |
$PLUGIN_BUILD_VERSION=$APP_PLUGIN_VERSION+'-dev-'+$PLUGIN_BUILD_SHA_SHORT | |
tanzu plugin install apps --version $PLUGIN_BUILD_VERSION --local ./artifacts/plugins/windows/amd64 | |
unit-macos: | |
env: | |
TANZU_CLI_NO_INIT: true | |
TANZU_HOME: $HOME/tanzu | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: 1.20.x | |
- name: Install tanzu cli | |
run: | | |
TANZU_VERSION=$(cat TANZU_VERSION) | |
TANZU_HOME=$HOME/tanzu | |
mkdir -p $HOME/tanzu | |
curl -Lo tanzu-framework.tar.gz https://github.com/vmware-tanzu/tanzu-cli/releases/download/${TANZU_VERSION}/tanzu-cli-darwin-amd64.tar.gz | |
tar -xzf tanzu-framework.tar.gz -C ${TANZU_HOME} | |
sudo mv ${TANZU_HOME}/${TANZU_VERSION}/tanzu-cli-darwin_amd64 /usr/local/bin/tanzu | |
chmod +x /usr/local/bin/tanzu | |
tanzu config eula accept | |
tanzu plugin source init | |
tanzu plugin install builder --version ${TANZU_VERSION} | |
tanzu plugin list | |
- name: Test | |
run: make test | |
- name: Build Version | |
run: echo "PLUGIN_BUILD_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
if: startsWith(github.ref, 'refs/tags/') | |
- name: Build | |
run: make plugin-build | |
- name: Install | |
run: | | |
if [[ -z ${PLUGIN_BUILD_VERSION} ]]; then | |
PLUGIN_BUILD_SHA_SHORT=$(git rev-parse --short HEAD) | |
PLUGIN_BUILD_VERSION=$(cat APPS_PLUGIN_VERSION)-dev-$PLUGIN_BUILD_SHA_SHORT | |
fi | |
echo $PLUGIN_BUILD_VERSION | |
tanzu plugin install apps --version $PLUGIN_BUILD_VERSION --local ./artifacts/plugins/darwin/amd64 | |
acceptance: | |
needs: [unit-ubuntu, unit-windows, unit-macos] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
k8s: | |
- 1.22.7 | |
- 1.23.5 | |
- 1.24.6 | |
- 1.25.2 | |
- 1.26.0 | |
- 1.27.2 | |
env: | |
REGISTRY_NAME: registry.local | |
REGISTRY_USERNAME: ruser | |
REGISTRY_PASSWORD: rpass | |
BUNDLE: registry.local/integration-test/hellojar:source | |
TANZU_CLI_NO_INIT: true | |
TANZU_HOME: $HOME/tanzu | |
OS_ARCH: linux-amd64 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: vmware-tanzu/carvel-setup-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: 1.20.x | |
- name: Download plugin bundle | |
uses: actions/download-artifact@v3 | |
with: | |
name: tanzu-apps-plugin.tar.gz | |
- name: Install tanzu cli | |
run: | | |
TANZU_VERSION=$(cat TANZU_VERSION) | |
mkdir -p ${TANZU_HOME} | |
curl -Lo tanzu-framework.tar.gz https://github.com/vmware-tanzu/tanzu-cli/releases/download/${TANZU_VERSION}/tanzu-cli-linux-amd64.tar.gz | |
tar -xzf tanzu-framework.tar.gz -C ${TANZU_HOME} | |
sudo mv ${TANZU_HOME}/${TANZU_VERSION}/tanzu-cli-linux_amd64 /usr/local/bin/tanzu | |
chmod +x /usr/local/bin/tanzu | |
tanzu config eula accept | |
- name: Build dev version | |
run: | | |
PLUGIN_BUILD_SHA_SHORT=$(git rev-parse --short HEAD) | |
echo "PLUGIN_BUILD_VERSION=$(cat APPS_PLUGIN_VERSION)-dev-$PLUGIN_BUILD_SHA_SHORT" >> $GITHUB_ENV | |
echo $PLUGIN_BUILD_VERSION | |
if: startsWith(github.ref, 'refs/tags/') != true | |
- name: Build tag version | |
run: echo "PLUGIN_BUILD_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
if: startsWith(github.ref, 'refs/tags/') | |
- name: Install apps plugin | |
run: | | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
set -u | |
tar -xvf tanzu-apps-plugin.tar.gz | |
tanzu plugin install apps --local ./linux/amd64 --version ${PLUGIN_BUILD_VERSION:-v0.0.0-dev} | |
- name: Generate certs | |
run: | | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
CERT_DIR=$(mktemp -d -t certs.XXXX) | |
echo "CERT_DIR=$CERT_DIR" >> $GITHUB_ENV | |
echo "##[group]Install cfssl" | |
go install github.com/cloudflare/cfssl/cmd/[email protected] | |
go install github.com/cloudflare/cfssl/cmd/[email protected] | |
echo "##[endgroup]" | |
echo "##[group]Generate CA" | |
cfssl gencert -initca ./.github/tls/root-csr.json \ | |
| cfssljson -bare ${CERT_DIR}/root-ca | |
cfssl gencert -ca ${CERT_DIR}/root-ca.pem -ca-key ${CERT_DIR}/root-ca-key.pem \ | |
-config=".github/tls/config.json" \ | |
-profile="intermediate" ./.github/tls/intermediate-csr.json \ | |
| cfssljson -bare ${CERT_DIR}/signing-ca | |
cat ${CERT_DIR}/signing-ca.pem ${CERT_DIR}/root-ca.pem > ${CERT_DIR}/ca.pem | |
echo "##[endgroup]" | |
echo "##[group]Install CA" | |
# https://ubuntu.com/server/docs/security-trust-store | |
sudo apt-get install -y ca-certificates | |
echo "##[endgroup]" | |
echo "##[group]Generate cert" | |
cfssl gencert -ca ${CERT_DIR}/signing-ca.pem -ca-key ${CERT_DIR}/signing-ca-key.pem \ | |
-config=".github/tls/config.json" \ | |
-profile="server" \ | |
-hostname="${REGISTRY_NAME},local-registry" \ | |
.github/tls/server-csr.json \ | |
| cfssljson -bare ${CERT_DIR}/server | |
echo "##[endgroup]" | |
- name: Setup local registry | |
run: | | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
# Create password file | |
REGISTRY_HTPWD=$(mktemp -d -t htpwd.XXXX) | |
docker run \ | |
--entrypoint htpasswd \ | |
httpd:2 -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} > ${REGISTRY_HTPWD}/htpasswd | |
# Run a registry. | |
docker run -d \ | |
--restart=always \ | |
--name local-registry \ | |
-v ${CERT_DIR}:/certs \ | |
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ | |
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.pem \ | |
-e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem \ | |
-p "443:443" \ | |
registry:2 | |
# Make the $REGISTRY_NAME -> local-registry | |
echo "$(hostname -I | cut -d' ' -f1) $REGISTRY_NAME" | sudo tee -a /etc/hosts | |
- name: Install kind | |
run: | | |
cd $(mktemp -d -t kind.XXXX) | |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.16.0/kind-$(go env GOHOSTOS)-$(go env GOHOSTARCH) | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin | |
cd - | |
- name: Create Cluster | |
run: | | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
# KinD configuration. | |
# create a cluster with the local registry enabled in containerd | |
cat <<EOF | kind create cluster --config=- | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."${REGISTRY_NAME}"] | |
endpoint = ["https://local-registry"] | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.configs."local-registry".tls] | |
ca_file = "/etc/docker/certs.d/local-registry/ca.pem" | |
nodes: | |
- role: control-plane | |
image: kindest/node:v${{ matrix.k8s }} | |
extraMounts: | |
- containerPath: /etc/docker/certs.d/local-registry | |
hostPath: ${CERT_DIR} | |
EOF | |
# connect the registry to the cluster network | |
docker network connect kind local-registry | |
# Document the local registry | |
# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry wokeignore:rule=master | |
cat <<EOF | kubectl apply -f - | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: local-registry-hosting | |
namespace: kube-public | |
data: | |
localRegistryHosting.v1: | | |
host: "localhost" | |
help: "https://kind.sigs.k8s.io/docs/user/local-registry/" | |
EOF | |
- name: Deploy Cartographer | |
run: | | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
echo "##[group]Apply cartographer" | |
kubectl create namespace cartographer-system | |
kapp deploy -y -a cartographer -n kube-system -f ./acceptance/vendor/cartographer/ | |
echo "##[endgroup]" | |
- name: Integration test | |
run: | | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
echo "##[group]Integration Test" | |
make integration-test | |
echo "##[endgroup]" | |
continue-on-error: false | |
- name: Delete Gracefully | |
run: | | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
echo "##[group]Delete workload" | |
printf 'y' | tanzu apps workload delete petclinic | |
echo "##[endgroup]" | |
echo "##[group]Delete cartographer" | |
kapp delete -y -a cartographer -n kube-system | |
kubectl delete namespace cartographer-system | |
echo "##[endgroup]" | |
if: always() | |
- name: Cleanup cluster | |
run: kind delete cluster | |
if: always() | |
create-release: | |
needs: | |
- unit-ubuntu | |
- unit-windows | |
- unit-macos | |
- acceptance | |
if: startsWith(github.ref, 'refs/tags/') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get the version | |
id: get_version | |
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//} | |
- name: Draft release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: Release ${{ steps.get_version.outputs.VERSION }} | |
draft: true | |
- name: Create release info files | |
run: | | |
echo "${{ steps.get_version.outputs.VERSION }}" > RELEASE_INFO_VERSION | |
echo "${{ steps.create_release.outputs.upload_url }}" > RELEASE_INFO_UPLOAD_URL | |
- name: Upload release files | |
uses: actions/upload-artifact@v3 | |
with: | |
name: tanzu-apps-plugin.tar.gz | |
path: RELEASE_INFO_* | |
retention-days: 1 | |
release: | |
needs: | |
- create-release | |
if: startsWith(github.ref, 'refs/tags/') | |
strategy: | |
matrix: | |
os-arch: ["", -darwin-amd64, -linux-amd64, -windows-amd64] | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
steps: | |
- name: Download staged CLI binaries${{ matrix.os-arch }} | |
uses: actions/download-artifact@v3 | |
with: | |
name: tanzu-apps-plugin.tar.gz | |
- name: Get release info | |
run: | | |
echo "RELEASE_VERSION=$(cat RELEASE_INFO_VERSION)" >> $GITHUB_ENV | |
echo "UPLOAD_URL=$(cat RELEASE_INFO_UPLOAD_URL)" >> $GITHUB_ENV | |
- name: Upload CLI release${{ matrix.os-arch }} | |
uses: actions/[email protected] | |
with: | |
upload_url: ${{ env.UPLOAD_URL }} | |
asset_path: tanzu-apps-plugin${{ matrix.os-arch }}.tar.gz | |
asset_name: tanzu-apps-plugin${{ matrix.os-arch }}-${{ env.RELEASE_VERSION }}.tar.gz | |
asset_content_type: application/gzip |