Rebrand Venafi to CyberArk #735
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tests | |
| on: | |
| push: | |
| branches: [master] | |
| pull_request: {} | |
| jobs: | |
| verify: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| # Adding `fetch-depth: 0` makes sure tags are also fetched. We need | |
| # the tags so `git describe` returns a valid version. | |
| # see https://github.com/actions/checkout/issues/701 for extra info about this option | |
| with: { fetch-depth: 0 } | |
| - uses: ./.github/actions/repo_access | |
| with: | |
| DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }} | |
| - id: go-version | |
| run: | | |
| make print-go-version >> "$GITHUB_OUTPUT" | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version: ${{ steps.go-version.outputs.result }} | |
| - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: _bin/downloaded | |
| key: downloaded-${{ runner.os }}-${{ hashFiles('klone.yaml') }}-verify | |
| - run: make -j verify | |
| test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: read # needed for checkout | |
| id-token: write # needed for google auth | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| # Adding `fetch-depth: 0` makes sure tags are also fetched. We need | |
| # the tags so `git describe` returns a valid version. | |
| # see https://github.com/actions/checkout/issues/701 for extra info about this option | |
| with: { fetch-depth: 0 } | |
| - uses: ./.github/actions/repo_access | |
| with: | |
| DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }} | |
| - id: go-version | |
| run: | | |
| make print-go-version >> "$GITHUB_OUTPUT" | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version: ${{ steps.go-version.outputs.result }} | |
| - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: _bin/downloaded | |
| key: downloaded-${{ runner.os }}-${{ hashFiles('klone.yaml') }}-test-unit | |
| - run: make -j test-unit test-helm | |
| test-e2e: | |
| if: contains(github.event.pull_request.labels.*.name, 'test-e2e') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| # Adding `fetch-depth: 0` makes sure tags are also fetched. We need | |
| # the tags so `git describe` returns a valid version. | |
| # see https://github.com/actions/checkout/issues/701 for extra info about this option | |
| with: { fetch-depth: 0 } | |
| - uses: ./.github/actions/repo_access | |
| with: | |
| DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }} | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 | |
| with: | |
| credentials_json: '${{ secrets.GCP_SA_KEY }}' | |
| - name: Set up gcloud | |
| uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 | |
| with: | |
| install_components: "gke-gcloud-auth-plugin" | |
| project_id: machineidentitysecurity-jsci-e | |
| - name: Configure Docker for Google Artifact Registry | |
| run: gcloud auth configure-docker europe-west1-docker.pkg.dev | |
| - id: go-version | |
| run: | | |
| make print-go-version >> "$GITHUB_OUTPUT" | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version: ${{ steps.go-version.outputs.result }} | |
| - name: Generate timestamp for cluster name | |
| id: timestamp # Give the step an ID to reference its output | |
| run: | | |
| # Generate a timestamp in the format YYMMDD-HHMMSS. | |
| # Extracting from PR name would require sanitization due to GKE cluster naming constraints | |
| TIMESTAMP=$(date +'%y%m%d-%H%M%S') | |
| CLUSTER_NAME="test-secretless-${TIMESTAMP}" | |
| echo "Generated cluster name: ${CLUSTER_NAME}" | |
| echo "cluster_name=${CLUSTER_NAME}" >> $GITHUB_OUTPUT | |
| - run: | | |
| make helm-plugins | |
| make -j test-e2e-gke | |
| # The VEN_API_KEY_PULL secret is set to my API key (Mladen) for glow.in.the.dark tenant. | |
| env: | |
| VEN_API_KEY: ${{ secrets.VEN_API_KEY_PULL }} | |
| VEN_API_KEY_PULL: ${{ secrets.VEN_API_KEY_PULL }} | |
| OCI_BASE: europe-west1-docker.pkg.dev/machineidentitysecurity-jsci-e/js-agent-ci-repo | |
| VEN_API_HOST: api.venafi.cloud | |
| VEN_ZONE: k8s-agent-CI\Default | |
| VEN_VCP_REGION: us | |
| CLOUDSDK_CORE_PROJECT: machineidentitysecurity-jsci-e | |
| CLOUDSDK_COMPUTE_ZONE: europe-west1-b | |
| CLUSTER_NAME: ${{ steps.timestamp.outputs.cluster_name }} | |
| - name: Delete GKE Cluster | |
| # 'always()' - Run this step regardless of success or failure. | |
| # '!contains(...)' - AND only run if the list of PR labels DOES NOT contain 'keep-e2e-cluster'. | |
| # NOTE: You will have to delete the test cluster manually when finished with debugging or incur costs. | |
| if: always() && !contains(github.event.pull_request.labels.*.name, 'keep-e2e-cluster') | |
| run: | | |
| echo "Label 'keep-e2e-cluster' not found. Cleaning up GKE cluster ${{ steps.timestamp.outputs.cluster_name }}" | |
| gcloud container clusters delete ${{ steps.timestamp.outputs.cluster_name }} \ | |
| --project=machineidentitysecurity-jsci-e \ | |
| --zone=europe-west1-b \ | |
| --quiet |