Skip to content

Commit

Permalink
Merge branch 'main' into CNFCERT-1088
Browse files Browse the repository at this point in the history
  • Loading branch information
@bnshr
bnshr committed Feb 3, 2025
2 parents 79026d5 + 3ae64e9 commit 4f79e59
Show file tree
Hide file tree
Showing 42 changed files with 834 additions and 223 deletions.
2 changes: 1 addition & 1 deletion .github/actions/documentation/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM registry.access.redhat.com/ubi9/python-39:9.5@sha256:36ae15329ade62cc7082d44db67f94494bf3836edb8b7cf733f7519168a6e9de
FROM registry.access.redhat.com/ubi9/python-39:9.5@sha256:9a31f03f8b27d9065c3488bbd3650c67271c3b868eacf816ddea07ababd9fbc0

# Pin versions in pip.
# hadolint ignore=DL3013
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/setup/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ runs:
- name: Set up Go 1.23
uses: actions/setup-go@v4
with:
go-version: 1.23.4
go-version: 1.23.5
cache: false

- name: Disable default go problem matcher
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,13 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: 1.23.4
go-version: 1.23.5

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
with:
languages: ${{ matrix.language }}
tools: latest
Expand All @@ -64,7 +64,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -78,4 +78,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
4 changes: 2 additions & 2 deletions .github/workflows/merge.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,9 @@ jobs:
steps:

- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: 1.23.4
go-version: 1.23.5

- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down
90 changes: 65 additions & 25 deletions .github/workflows/pre-main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ env:
OCT_IMAGE_NAME: redhat-best-practices-for-k8s/oct
OCT_IMAGE_TAG: latest
PROBE_IMAGE_NAME: redhat-best-practices-for-k8s/certsuite-probe
PROBE_IMAGE_TAG: v0.0.11
PROBE_IMAGE_TAG: v0.0.13
CERTSUITE_CONFIG_DIR: /tmp/certsuite/config
CERTSUITE_OUTPUT_DIR: /tmp/certsuite/output
SMOKE_TESTS_LOG_LEVEL: debug
Expand All @@ -42,9 +42,9 @@ jobs:

steps:
- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: 1.23.4
go-version: 1.23.5

- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
Expand All @@ -58,7 +58,7 @@ jobs:
uses: ./.github/actions/install-yaml-dep

- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
uses: depends-on/depends-on-action@61cb3f4a0e2c8ae4b90c9448dc57c7ba9ca24c35 # main
with:
token: ${{ secrets.GITHUB_TOKEN }}

Expand All @@ -68,10 +68,10 @@ jobs:
chmod +x $CM_BIN
- name: Install Shfmt
uses: mfinelli/setup-shfmt@031e887e39d899d773a7e9b6dd6472c2c23ff50d # v3.0.1
uses: mfinelli/setup-shfmt@1a143389339b48c4b48ae3cdc058f3dbe336a701 # v3.0.2

- name: Golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0
with:
version: v1.63
args: --timeout 10m0s
Expand Down Expand Up @@ -117,9 +117,9 @@ jobs:

steps:
- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: 1.23.4
go-version: 1.23.5

- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
Expand All @@ -133,7 +133,7 @@ jobs:
uses: ./.github/actions/install-yaml-dep

- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
uses: depends-on/depends-on-action@61cb3f4a0e2c8ae4b90c9448dc57c7ba9ca24c35 # main
with:
token: ${{ secrets.GITHUB_TOKEN }}

Expand Down Expand Up @@ -187,9 +187,9 @@ jobs:
echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG}
- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: 1.23.4
go-version: 1.23.5

- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
Expand All @@ -203,7 +203,7 @@ jobs:
uses: ./.github/actions/install-yaml-dep

- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
uses: depends-on/depends-on-action@61cb3f4a0e2c8ae4b90c9448dc57c7ba9ca24c35 # main
with:
token: ${{ secrets.GITHUB_TOKEN }}

Expand Down Expand Up @@ -240,7 +240,7 @@ jobs:
run: ./certsuite claim show failures -c certsuite-out/claim.json

- name: Upload smoke test results as an artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: always()
with:
name: smoke-tests
Expand All @@ -257,7 +257,7 @@ jobs:
run: ./certsuite run --label-filter=preflight --log-level="${SMOKE_TESTS_LOG_LEVEL}"

- name: Upload preflight smoke test results as an artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: always()
with:
name: preflight-smoke-tests
Expand Down Expand Up @@ -286,9 +286,9 @@ jobs:
# needed by depends-on-action
- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: 1.23.4
go-version: 1.23.5

# Perform smoke tests using a Certsuite container.
- name: Check out code
Expand All @@ -302,7 +302,7 @@ jobs:
make-command: 'install'

- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
uses: depends-on/depends-on-action@61cb3f4a0e2c8ae4b90c9448dc57c7ba9ca24c35 # main
with:
token: ${{ secrets.GITHUB_TOKEN }}

Expand Down Expand Up @@ -363,7 +363,7 @@ jobs:
--label-filter="${SMOKE_TESTS_LABELS_FILTER}"
- name: Upload container test results as an artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: always()
with:
name: smoke-tests-container
Expand Down Expand Up @@ -410,10 +410,30 @@ jobs:
ref: ${{ github.sha }}

- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

# Restart docker using /mnt/docker-storage (sdb) instead of /var/lib/docker (sda).
# This step needs to be done right after the partner repo's bootstrap scripts, as they
# overwrite the docker's daemon.json.
- name: Create docker/daemon.json if it does not exist
run: |
if [ ! -f /etc/docker/daemon.json ]; then
echo '{}' | sudo tee /etc/docker/daemon.json
fi
- name: Make docker to use /mnt (sdb) for storage
run: |
df -h
lsblk
sudo mkdir /mnt/docker-storage
sudo jq '. +={"data-root" : "/mnt/docker-storage"}' < /etc/docker/daemon.json > /tmp/docker-daemon.json
sudo cp /tmp/docker-daemon.json /etc/docker/daemon.json
cat /etc/docker/daemon.json
sudo systemctl restart docker
sudo ls -la /mnt/docker-storage
- name: Login to Quay.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
Expand All @@ -423,12 +443,12 @@ jobs:
password: ${{ secrets.QUAY_ROBOT_TOKEN }}

- name: Build and push the unstable images for multi-arch
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
with:
context: .
file: Dockerfile
platforms: linux/amd64,linux/arm64
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
push: true
tags: |
${{ env.REGISTRY }}/${{ env.CERTSUITE_IMAGE_NAME_LEGACY }}:${{ env.CERTSUITE_IMAGE_TAG }}
Expand All @@ -453,10 +473,30 @@ jobs:
ref: ${{ github.sha }}

- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

# Restart docker using /mnt/docker-storage (sdb) instead of /var/lib/docker (sda).
# This step needs to be done right after the partner repo's bootstrap scripts, as they
# overwrite the docker's daemon.json.
- name: Create docker/daemon.json if it does not exist
run: |
if [ ! -f /etc/docker/daemon.json ]; then
echo '{}' | sudo tee /etc/docker/daemon.json
fi
- name: Make docker to use /mnt (sdb) for storage
run: |
df -h
lsblk
sudo mkdir /mnt/docker-storage
sudo jq '. +={"data-root" : "/mnt/docker-storage"}' < /etc/docker/daemon.json > /tmp/docker-daemon.json
sudo cp /tmp/docker-daemon.json /etc/docker/daemon.json
cat /etc/docker/daemon.json
sudo systemctl restart docker
sudo ls -la /mnt/docker-storage
- name: Login to Quay.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
Expand All @@ -466,12 +506,12 @@ jobs:
password: ${{ secrets.QUAY_ROBOT_TOKEN_K8S }}

- name: Build and push the unstable images for multi-arch
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
with:
context: .
file: Dockerfile
platforms: linux/amd64,linux/arm64
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
push: true
tags: |
${{ env.REGISTRY }}/${{ env.CERTSUITE_IMAGE_NAME }}:${{ env.CERTSUITE_IMAGE_TAG }}
Expand All @@ -493,7 +533,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Check all dependent Pull Requests are merged
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
uses: depends-on/depends-on-action@61cb3f4a0e2c8ae4b90c9448dc57c7ba9ca24c35 # main
with:
token: ${{ secrets.GITHUB_TOKEN }}
check-unmerged-pr: true
4 changes: 2 additions & 2 deletions .github/workflows/preflight.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: 1.23.4
go-version: 1.23.5

- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/qe-hosted.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ jobs:
sudo ls -la /mnt/docker-storage
- name: Build temporary image tag for this PR
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
with:
context: .
file: ./Dockerfile
Expand All @@ -67,7 +67,7 @@ jobs:
outputs: type=docker,dest=/tmp/testimage.tar

- name: Store image as artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: testimage
path: /tmp/testimage.tar
Expand Down Expand Up @@ -149,7 +149,7 @@ jobs:
ref: main

- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
uses: depends-on/depends-on-action@61cb3f4a0e2c8ae4b90c9448dc57c7ba9ca24c35 # main
with:
token: ${{ secrets.GITHUB_TOKEN }}

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/qe-ocp-414-intrusive.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ jobs:
with:
timeout_minutes: 60
max_attempts: 3
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} USE_BINARY=true JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} USE_BINARY=true JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features

- name: Cleanup self-hosted runner images
run: docker image prune -f
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/qe-ocp-415-intrusive.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ jobs:
with:
timeout_minutes: 60
max_attempts: 3
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} USE_BINARY=true JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} USE_BINARY=true JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features

- name: Cleanup self-hosted runner images
run: docker image prune -f
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/qe-ocp-416-intrusive.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ jobs:
with:
timeout_minutes: 60
max_attempts: 3
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} USE_BINARY=true JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} USE_BINARY=true JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features

- name: Cleanup self-hosted runner images
run: docker image prune -f
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/qe-ocp-417-intrusive.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ jobs:
with:
timeout_minutes: 60
max_attempts: 3
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} USE_BINARY=true JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} USE_BINARY=true JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features

- name: Cleanup self-hosted runner images
run: docker image prune -f
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/qe-ocp-arm-416.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

- name: Build temporary image tag for this PR
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
with:
context: .
platforms: linux/arm64
Expand All @@ -47,7 +47,7 @@ jobs:
outputs: type=docker,dest=/tmp/testimage.tar

- name: Store image as artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: testimage
path: /tmp/testimage.tar
Expand Down
Loading

0 comments on commit 4f79e59

Please sign in to comment.