schemars 1 with kube pre-2 and k8s-openapi pins (#166) #473
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: ci | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - '*' | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| docker-base: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Build and push with docker buildx | |
| - name: Setup docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Configure tags based on git tags + latest | |
| uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: ghcr.io/${{ github.repository_owner }}/controller | |
| tags: | | |
| type=pep440,pattern={{version}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=ref,event=pr | |
| type=raw,value=test,enable=${{ !endsWith(github.ref, '/main')}} | |
| - name: Docker login on main origin | |
| uses: docker/login-action@v3 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: musl-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Compile base features | |
| run: | | |
| mkdir -p ~/.cargo/{git,registry} | |
| docker run --rm -t \ | |
| --mount type=bind,source=${{ github.workspace }},target=/volume \ | |
| --mount type=bind,source=$HOME/.cargo/registry,target=/root/.cargo/registry \ | |
| --mount type=bind,source=$HOME/.cargo/git,target=/root/.cargo/git \ | |
| clux/muslrust:stable \ | |
| cargo build --release --bin controller | |
| cp target/x86_64-unknown-linux-musl/release/controller . | |
| - name: Docker buildx and push with base features | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| cache-from: type=gha,scope=base | |
| cache-to: type=gha,scope=base,mode=max | |
| push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64 | |
| - name: Persist base image build to a tarball | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| cache-from: type=gha,scope=base | |
| outputs: type=docker,dest=/tmp/image.tar | |
| - name: Upload base docker image as artifact for e2e tests | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: controller-image | |
| path: /tmp/image.tar | |
| docker-otel: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Build and push with docker buildx | |
| - name: Setup docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Configure tags based on git tags for otel | |
| uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: ghcr.io/${{ github.repository_owner }}/controller | |
| tags: | | |
| type=pep440,pattern={{version}},prefix=otel- | |
| type=raw,value=otel,enable={{is_default_branch}} | |
| type=ref,event=pr,prefix=otel- | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: musl-cargo-otel-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Compile with telemetry | |
| run: | | |
| mkdir -p ~/.cargo/{git,registry} | |
| docker run --rm -t \ | |
| --mount type=bind,source=${{ github.workspace }},target=/volume \ | |
| --mount type=bind,source=$HOME/.cargo/registry,target=/root/.cargo/registry \ | |
| --mount type=bind,source=$HOME/.cargo/git,target=/root/.cargo/git \ | |
| clux/muslrust:stable \ | |
| cargo build --features=telemetry --release --bin controller | |
| cp target/x86_64-unknown-linux-musl/release/controller . | |
| - name: Docker login on main origin | |
| uses: docker/login-action@v3 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker buildx and push with telemetry | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| cache-from: type=gha,scope=otel | |
| cache-to: type=gha,scope=otel,mode=max | |
| push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64 | |
| e2e: | |
| runs-on: ubuntu-latest | |
| needs: [docker-base] | |
| # No need to e2e on main, we know it worked at the branch level | |
| # (also the e2e test assumes tag :test which is not available elsewhere) | |
| if: github.ref != 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nolar/setup-k3d-k3s@v1 | |
| with: | |
| version: v1.31 | |
| k3d-name: kube | |
| k3d-args: "--no-lb --no-rollback --registry-create reg --k3s-arg --disable=traefik,servicelb,metrics-server@server:*" | |
| - run: kubectl apply -f yaml/crd.yaml | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download docker image artifact from docker job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: controller-image | |
| path: /tmp | |
| - name: Load image into k3d registry | |
| run: k3d image import /tmp/image.tar --cluster kube | |
| - name: helm template | kubctl apply | |
| run: | | |
| apiserver="$(kubectl get endpoints kubernetes -ojson | jq '.subsets[0].addresses[0].ip' -r)" | |
| helm template charts/doc-controller \ | |
| --set version=test \ | |
| --set networkPolicy.enabled=true \ | |
| --set networkPolicy.apiserver.0=${apiserver}/32 \ | |
| | kubectl apply -f - | |
| - run: kubectl wait --for=condition=available deploy/doc-controller --timeout=30s | |
| - run: kubectl apply -f yaml/instance-samuel.yaml | |
| - run: sleep 2 # TODO: add condition on status and wait for it instead | |
| # verify reconcile actions have happened | |
| - run: kubectl get netpol doc-controller -oyaml | |
| - run: kubectl logs deploy/doc-controller | |
| - run: kubectl get event --field-selector "involvedObject.kind=Document,involvedObject.name=samuel" | grep "HideRequested" | |
| - run: kubectl get doc -oyaml | grep -A1 finalizers | grep documents.kube.rs | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install protoc | |
| run: sudo apt-get install -y protobuf-compiler | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: nightly | |
| components: rustfmt,clippy | |
| - run: cargo +nightly fmt -- --check | |
| - uses: giraffate/clippy-action@v1 | |
| with: | |
| reporter: 'github-pr-review' | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| clippy_flags: --all-features | |
| integration: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: nolar/setup-k3d-k3s@v1 | |
| with: | |
| version: v1.31 | |
| k3d-name: kube | |
| k3d-args: "--no-lb --no-rollback --k3s-arg --disable=traefik,servicelb,metrics-server@server:*" | |
| - name: Build workspace | |
| run: cargo build | |
| - name: Install crd | |
| run: cargo run --bin crdgen | kubectl apply -f - | |
| - name: Run all default features integration library tests | |
| run: cargo test --lib --all -- --ignored | |
| unit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| # Real CI work starts here | |
| - name: Build workspace | |
| run: cargo build | |
| - name: Run workspace unit tests | |
| run: cargo test | |
| - name: Generate crd.yaml | |
| run: cargo run --bin crdgen > yaml/crd.yaml | |
| - name: Generate deployment.yaml | |
| run: helm template charts/doc-controller > yaml/deployment.yaml | |
| - name: Ensure generated output is committed | |
| run: | | |
| if ! git diff --exit-code yaml/; then | |
| echo "Uncommitted changes in yaml directory" | |
| echo "Please run 'just generate' and commit the results" | |
| exit 1 | |
| fi |