CSPL-4372: Add approval gate workflow and integrate into existing Git… #6045
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| pull-requests: write | |
| on: | |
| pull_request_target: | |
| branches: | |
| - 'develop' | |
| - 'CSPL-4372-add-approval-gate-exec-in-target' | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| jobs: | |
| approval-gate: | |
| uses: ./.github/workflows/approval-gate.yml | |
| check-formating: | |
| runs-on: ubuntu-latest | |
| needs: approval-gate | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ needs.approval-gate.outputs.commit-sha }} | |
| - name: Dotenv Action | |
| id: dotenv | |
| uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
| - name: Setup Go | |
| uses: actions/setup-go@v2 | |
| with: | |
| go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
| - name: Check Source formatting | |
| run: make fmt && if [[ $? -ne 0 ]]; then false; fi | |
| - name: Lint source code | |
| run: make vet && if [[ $? -ne 0 ]]; then false; fi | |
| # unit-tests: | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - check-formating | |
| # - approval-gate | |
| # steps: | |
| # - uses: actions/checkout@v6 | |
| # with: | |
| # ref: ${{ needs.approval-gate.outputs.commit-sha }} | |
| # - name: Dotenv Action | |
| # id: dotenv | |
| # uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
| # - name: Setup Go | |
| # uses: actions/setup-go@v2 | |
| # with: | |
| # go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
| # - name: Install goveralls | |
| # run: | | |
| # go version | |
| # go install github.com/mattn/goveralls@latest | |
| # - name: Install Ginkgo | |
| # run: | | |
| # make setup/ginkgo | |
| # go mod tidy | |
| # - name: Run Unit Tests | |
| # run: | | |
| # make test | |
| # - name: Run Code Coverage | |
| # run: goveralls -coverprofile=coverage.out -service=circle-ci -repotoken ${{ secrets.COVERALLS_TOKEN }} | |
| # - name: Upload Coverage artifacts | |
| # uses: actions/[email protected] | |
| # with: | |
| # name: coverage.out | |
| # path: coverage.out | |
| # build-operator-image: | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - unit-tests | |
| # - approval-gate | |
| # env: | |
| # SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
| # SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
| # ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
| # S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| # steps: | |
| # - name: Set up cosign | |
| # uses: sigstore/cosign-installer@main | |
| # - uses: actions/checkout@v6 | |
| # with: | |
| # ref: ${{ needs.approval-gate.outputs.commit-sha }} | |
| # - name: Dotenv Action | |
| # id: dotenv | |
| # uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
| # - name: Setup Go | |
| # uses: actions/setup-go@v2 | |
| # with: | |
| # go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
| # - name: Install Ginkgo | |
| # run: | | |
| # make setup/ginkgo | |
| # - name: Set up Docker Buildx | |
| # uses: docker/[email protected] | |
| # - name: Install Operator SDK | |
| # run: | | |
| # export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) | |
| # export OS=$(uname | awk '{print tolower($0)}') | |
| # export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }} | |
| # sudo curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} | |
| # sudo chmod +x operator-sdk_${OS}_${ARCH} | |
| # sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk | |
| # - name: Configure AWS credentials | |
| # uses: aws-actions/configure-aws-credentials@v5 | |
| # with: | |
| # role-to-assume: ${{ vars.AWS_ROLE_ARN }} | |
| # role-session-name: github-${{ github.run_id }} | |
| # aws-region: ${{ vars.AWS_REGION }} | |
| # role-duration-seconds: ${{ vars.AWS_ROLE_DURATION_SECONDS }} | |
| # - name: Login to Amazon ECR | |
| # id: login-ecr | |
| # uses: aws-actions/amazon-ecr-login@v1 | |
| # - name: Build and push Splunk Operator Image | |
| # run: | | |
| # make docker-buildx IMG=${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA | |
| # - name: Sign Splunk Operator image with a key | |
| # run: | | |
| # cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ github.sha }} | |
| # env: | |
| # COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| # COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| # vulnerability-scan: | |
| # permissions: | |
| # actions: read | |
| # contents: read | |
| # id-token: write | |
| # security-events: write | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - build-operator-image | |
| # - approval-gate | |
| # env: | |
| # SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
| # SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
| # ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
| # S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| # IMAGE_NAME: ${{ secrets.ECR_REPOSITORY }}/splunk/splunk-operator:${{ github.sha }} | |
| # steps: | |
| # - name: Set up cosign | |
| # uses: sigstore/cosign-installer@main | |
| # - uses: actions/checkout@v6 | |
| # with: | |
| # ref: ${{ needs.approval-gate.outputs.commit-sha }} | |
| # - name: Dotenv Action | |
| # id: dotenv | |
| # uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
| # - name: Set up Docker Buildx | |
| # uses: docker/[email protected] | |
| # - name: Configure AWS credentials | |
| # uses: aws-actions/configure-aws-credentials@v5 | |
| # with: | |
| # role-to-assume: ${{ vars.AWS_ROLE_ARN }} | |
| # role-session-name: github-${{ github.run_id }} | |
| # aws-region: ${{ vars.AWS_REGION }} | |
| # role-duration-seconds: ${{ vars.AWS_ROLE_DURATION_SECONDS }} | |
| # - name: Login to Amazon ECR | |
| # uses: aws-actions/amazon-ecr-login@v1 | |
| # - name: Pull Splunk Operator Image Locally | |
| # run: | | |
| # docker pull ${{ env.IMAGE_NAME }} | |
| # - name: Verify Signed Splunk Operator image | |
| # run: | | |
| # cosign verify --key env://COSIGN_PUBLIC_KEY ${{ env.IMAGE_NAME }} | |
| # env: | |
| # COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} | |
| # - name: Run Trivy vulnerability scanner | |
| # uses: aquasecurity/trivy-action@master | |
| # with: | |
| # image-ref: '${{ env.IMAGE_NAME }}' | |
| # format: sarif | |
| # #exit-code: 1 | |
| # severity: 'CRITICAL' | |
| # ignore-unfixed: true | |
| # output: 'trivy-results.sarif' | |
| # - name: Upload Trivy scan results to GitHub Security tab | |
| # uses: github/codeql-action/upload-sarif@v3 | |
| # with: | |
| # sarif_file: 'trivy-results.sarif' | |
| # smoke-tests: | |
| # needs: | |
| # - vulnerability-scan | |
| # - approval-gate | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # test: [ | |
| # basic, | |
| # appframeworksS1, | |
| # managerappframeworkc3, | |
| # managerappframeworkm4, | |
| # managersecret, | |
| # managermc, | |
| # ] | |
| # runs-on: ubuntu-latest | |
| # env: | |
| # CLUSTER_NODES: 1 | |
| # CLUSTER_WORKERS: 3 | |
| # SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
| # SPLUNK_ENTERPRISE_RELEASE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_RELEASE_IMAGE }} | |
| # SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
| # SPLUNK_OPERATOR_IMAGE_FILENAME: splunk-operator | |
| # TEST_FOCUS: "${{ matrix.test }}" | |
| # # This regex matches any string not containing smoke keyword | |
| # TEST_TO_SKIP: "^(?:[^s]+|s(?:$|[^m]|m(?:$|[^o]|o(?:$|[^k]|k(?:$|[^e])))))*$" | |
| # TEST_CLUSTER_PLATFORM: eks | |
| # EKS_VPC_PRIVATE_SUBNET_STRING: ${{ secrets.EKS_VPC_PRIVATE_SUBNET_STRING }} | |
| # EKS_VPC_PUBLIC_SUBNET_STRING: ${{ secrets.EKS_VPC_PUBLIC_SUBNET_STRING }} | |
| # TEST_BUCKET: ${{ secrets.TEST_BUCKET }} | |
| # TEST_INDEXES_S3_BUCKET: ${{ secrets.TEST_INDEXES_S3_BUCKET }} | |
| # ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
| # PRIVATE_REGISTRY: ${{ secrets.ECR_REPOSITORY }} | |
| # S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| # EKS_SSH_PUBLIC_KEY: ${{ secrets.EKS_SSH_PUBLIC_KEY }} | |
| # CLUSTER_WIDE: "true" | |
| # DEPLOYMENT_TYPE: "" | |
| # steps: | |
| # - name: Chekcout code | |
| # uses: actions/checkout@v6 | |
| # with: | |
| # ref: ${{ needs.approval-gate.outputs.commit-sha }} | |
| # - name: Set Test Cluster Name | |
| # id: set-cluster-name | |
| # uses: ./.github/actions/set-cluster-name | |
| # with: | |
| # test-type: smoke | |
| # test-name: ${{ matrix.test }} | |
| # run-id: ${{ github.run_id }} | |
| # - name: Export cluster name to environment | |
| # run: | | |
| # echo "TEST_CLUSTER_NAME=${{ steps.set-cluster-name.outputs.cluster-name }}" >> $GITHUB_ENV | |
| # - name: Dotenv Action | |
| # id: dotenv | |
| # uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
| # - name: Change splunk enterprise to release image on main branches | |
| # if: github.ref == 'refs/heads/main' | |
| # run: | | |
| # echo "SPLUNK_ENTERPRISE_IMAGE=${{ steps.dotenv.outputs.SPLUNK_ENTERPRISE_RELEASE_IMAGE }}" >> $GITHUB_ENV | |
| # - name: Install Kubectl | |
| # uses: Azure/setup-kubectl@v3 | |
| # with: | |
| # version: ${{ steps.dotenv.outputs.KUBECTL_VERSION }} | |
| # - name: Install Python | |
| # uses: actions/setup-python@v2 | |
| # - name: Install AWS CLI | |
| # run: | | |
| # curl "${{ steps.dotenv.outputs.AWSCLI_URL}}" -o "awscliv2.zip" | |
| # unzip awscliv2.zip | |
| # sudo ./aws/install --update | |
| # aws --version | |
| # - name: Setup Go | |
| # uses: actions/setup-go@v2 | |
| # with: | |
| # go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
| # - name: Install Ginkgo | |
| # run: | | |
| # make setup/ginkgo | |
| # - name: Install Helm | |
| # run: | | |
| # curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |
| # chmod 700 get_helm.sh | |
| # ./get_helm.sh | |
| # DESIRED_VERSION=v3.8.2 bash get_helm.sh | |
| # - name: Install EKS CTL | |
| # run: | | |
| # curl --silent --insecure --location "https://github.com/weaveworks/eksctl/releases/download/${{ steps.dotenv.outputs.EKSCTL_VERSION }}/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp | |
| # sudo mv /tmp/eksctl /usr/local/bin | |
| # eksctl version | |
| # - name: Set up Docker Buildx | |
| # uses: docker/[email protected] | |
| # - name: Install Operator SDK | |
| # run: | | |
| # sudo curl -L -o /usr/local/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}/operator-sdk-${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}-x86_64-linux-gnu | |
| # sudo chmod +x /usr/local/bin/operator-sdk | |
| # - name: Configure Docker Hub credentials | |
| # uses: docker/login-action@v1 | |
| # with: | |
| # username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| # password: ${{ secrets.DOCKERHUB_TOKEN}} | |
| # - name: Set Splunk Operator image | |
| # run: | | |
| # echo "SPLUNK_OPERATOR_IMAGE=${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA" >> $GITHUB_ENV | |
| # - name: Pull Splunk Enterprise Image | |
| # run: docker pull ${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
| # - name: Configure AWS credentials | |
| # uses: aws-actions/configure-aws-credentials@v5 | |
| # with: | |
| # role-to-assume: ${{ vars.AWS_ROLE_ARN }} | |
| # role-session-name: github-${{ github.run_id }} | |
| # aws-region: ${{ vars.AWS_REGION }} | |
| # role-duration-seconds: ${{ vars.AWS_ROLE_DURATION_SECONDS }} | |
| # - name: Login to Amazon ECR | |
| # id: login-ecr | |
| # uses: aws-actions/amazon-ecr-login@v1 | |
| # - name: Tag and Push Splunk Enterprise Image to ECR | |
| # run: | | |
| # docker tag ${{ env.SPLUNK_ENTERPRISE_IMAGE }} ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
| # docker push ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
| # - name: Create EKS cluster | |
| # run: | | |
| # export EKS_CLUSTER_K8_VERSION=${{ steps.dotenv.outputs.EKS_CLUSTER_K8_VERSION }} | |
| # make cluster-up | |
| # - name: install metric server | |
| # run: | | |
| # curl -LO https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml | |
| # kubectl replace --force -f components.yaml || kubectl apply -f components.yaml | |
| # - name: install k8s dashboard | |
| # run: | | |
| # kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.5/aio/deploy/recommended.yaml | |
| # - name: Setup Kustomize | |
| # run: | | |
| # sudo snap install kustomize | |
| # mkdir -p ./bin | |
| # cp /snap/bin/kustomize ./bin/kustomize | |
| # - name: Run smoke test | |
| # id: smoketest | |
| # timeout-minutes: 240 | |
| # env: | |
| # TEST_S3_ACCESS_KEY_ID: ${{ vars.TEST_S3_ACCESS_KEY_ID }} | |
| # TEST_S3_SECRET_ACCESS_KEY: ${{ secrets.TEST_S3_SECRET_ACCESS_KEY }} | |
| # run: | | |
| # make int-test | |
| # - name: Collect Test Logs | |
| # if: ${{ always() }} | |
| # run: | | |
| # mkdir -p /tmp/pod_logs | |
| # find ./test -name "*.log" -exec cp {} /tmp/pod_logs \; | |
| # - name: Archive Pod Logs | |
| # if: ${{ always() }} | |
| # uses: actions/[email protected] | |
| # with: | |
| # name: "splunk-pods-logs--artifacts-${{ matrix.test }}" | |
| # path: "/tmp/pod_logs/**" | |
| # - name: Cleanup Test Case artifacts | |
| # if: ${{ always() }} | |
| # run: | | |
| # make cleanup | |
| # make clean | |
| # - name: Cleanup up EKS cluster | |
| # if: ${{ always() }} | |
| # run: | | |
| # make cluster-down | |
| # #- name: Test Report | |
| # # uses: dorny/test-reporter@v1 | |
| # # if: success() || failure() # run this step even if previous step failed | |
| # # with: | |
| # # name: Integration Tests # Name of the check run which will be created | |
| # # path: inttest-*.xml # Path to test results | |
| # # reporter: jest-junit # Format of test results |