feat: Add ability to optionally create Database contained user, instead of Instance level #751
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - release-* | |
| pull_request: {} | |
| workflow_dispatch: {} | |
| env: | |
| # Common versions | |
| GO_VERSION: '1.24' | |
| GOLANGCI_VERSION: 'v2.1.2' | |
| DOCKER_BUILDX_VERSION: 'v0.23.0' | |
| # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run | |
| # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether | |
| # credentials have been provided before trying to run steps that need them. | |
| CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }} | |
| XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }} | |
| AWS_USR: ${{ secrets.AWS_USR }} | |
| jobs: | |
| detect-noop: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| noop: ${{ steps.noop.outputs.should_skip }} | |
| steps: | |
| - name: Detect No-op Changes | |
| id: noop | |
| uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| paths_ignore: '["**.md", "**.png", "**.jpg"]' | |
| do_not_skip: '["workflow_dispatch", "schedule", "push"]' | |
| concurrent_skipping: false | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| submodules: true | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cachedir=$(make go.cachedir)" >> $GITHUB_ENV | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: ${{ env.cachedir }} | |
| key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-lint- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-pkg- | |
| - name: Download Go Modules | |
| run: make modules.download modules.check | |
| # We could run 'make lint' but we prefer this action because it leaves | |
| # 'annotations' (i.e. it comments on PRs to point out linter violations). | |
| - name: Lint | |
| uses: golangci/golangci-lint-action@e7fa5ac41e1cf5b7d48e45e42232ce7ada589601 # v9.1.0 | |
| with: | |
| version: ${{ env.GOLANGCI_VERSION }} | |
| check-diff: | |
| runs-on: ubuntu-24.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| submodules: true | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cachedir=$(make go.cachedir)" >> $GITHUB_ENV | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: ${{ env.cachedir }} | |
| key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-check-diff- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-pkg- | |
| - name: Download Go Modules | |
| run: make modules.download modules.check | |
| - name: Check Diff | |
| id: check-diff | |
| run: | | |
| mkdir _output | |
| make check-diff | |
| - name: Show diff | |
| if: failure() && steps.check-diff.outcome == 'failure' | |
| run: git diff | |
| unit-tests: | |
| runs-on: ubuntu-24.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| submodules: true | |
| - name: Fetch History | |
| run: git fetch --prune --unshallow | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cachedir=$(make go.cachedir)" >> $GITHUB_ENV | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: ${{ env.cachedir }} | |
| key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-unit-tests- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-pkg- | |
| - name: Download Go Modules | |
| run: make modules.download modules.check | |
| - name: Run Unit Tests | |
| run: make -j2 test | |
| - name: Publish Unit Test Coverage | |
| uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 | |
| with: | |
| flags: unittests | |
| files: _output/tests/linux_amd64/coverage.txt | |
| e2e-tests: | |
| runs-on: ubuntu-24.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| with: | |
| platforms: all | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| with: | |
| version: ${{ env.DOCKER_BUILDX_VERSION }} | |
| install: true | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| submodules: true | |
| - name: Fetch History | |
| run: git fetch --prune --unshallow | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cachedir=$(make go.cachedir)" >> $GITHUB_ENV | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: ${{ env.cachedir }} | |
| key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-unit-tests- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-pkg- | |
| - name: Download Go Modules | |
| run: make modules.download modules.check | |
| - name: Build Helm Chart | |
| run: make -j2 build | |
| #env: | |
| # # We're using docker buildx, which doesn't actually load the images it | |
| # # builds by default. Specifying --load does so. | |
| # BUILD_ARGS: "--load" | |
| - name: Run E2E Tests | |
| run: make e2e USE_HELM=true | |
| publish-artifacts: | |
| runs-on: ubuntu-24.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| with: | |
| platforms: all | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| with: | |
| version: ${{ env.DOCKER_BUILDX_VERSION }} | |
| install: true | |
| - name: Login to Upbound | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| if: env.XPKG_ACCESS_ID != '' | |
| with: | |
| registry: xpkg.upbound.io | |
| username: ${{ secrets.XPKG_ACCESS_ID }} | |
| password: ${{ secrets.XPKG_TOKEN }} | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| submodules: true | |
| - name: Fetch History | |
| run: git fetch --prune --unshallow | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cachedir=$(make go.cachedir)" >> $GITHUB_ENV | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: ${{ env.cachedir }} | |
| key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-publish-artifacts- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-pkg- | |
| - name: Download Go Modules | |
| run: make modules.download modules.check | |
| - name: Build Artifacts | |
| run: make -j2 build.all | |
| env: | |
| # We're using docker buildx, which doesn't actually load the images it | |
| # builds by default. Specifying --load does so. | |
| BUILD_ARGS: "--load" | |
| - name: Publish Artifacts to GitHub | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: output | |
| path: _output/** | |
| - name: Publish Artifacts | |
| if: env.XPKG_ACCESS_ID != '' | |
| run: make publish BRANCH_NAME=${GITHUB_REF##*/} | |
| - name: Login to Docker | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| if: env.CONTRIB_DOCKER_USR != '' | |
| with: | |
| username: ${{ secrets.CONTRIB_DOCKER_USR }} | |
| password: ${{ secrets.CONTRIB_DOCKER_PSW }} | |
| - name: Publish Artifacts to S3 and Docker Hub | |
| run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} | |
| if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} | |
| GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| DOCS_GIT_USR: ${{ secrets.UPBOUND_BOT_GITHUB_USR }} | |
| DOCS_GIT_PSW: ${{ secrets.UPBOUND_BOT_GITHUB_PSW }} | |
| - name: Promote Artifacts in S3 and Docker Hub | |
| if: github.ref == 'refs/heads/master' && env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' | |
| run: make -j2 promote | |
| env: | |
| BRANCH_NAME: master | |
| CHANNEL: master | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} |