Skip to content
ci

fix(tests): deploy kratos in auth namespace #34

Sign in to view logs

fix(tests): deploy kratos in auth namespace

fix(tests): deploy kratos in auth namespace #34

Workflow file for this run

.github/workflows/ci.yml at 530221d
---
name: ci
concurrency:
cancel-in-progress: ${{ ! startsWith(github.ref, 'refs/tags/v') }}
group: ci-${{ github.ref_name }}-${{ github.event_name }}
on:
push:
branches:
- main
tags:
- v*
pull_request:
branches:
- main
env:
ANSIBLE_FORCE_COLOR: "1"
PY_COLORS: "1"
jobs:
trivy:
if: github.event_name == 'push' || github.event_name == 'pull_request'
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
scan-type:
- fs
- config
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Cache trivy db
uses: actions/cache@v4
with:
path: |
~/.cache/trivy
~/work/temp
key: ${{ runner.os }}-trivy-db-${{ hashFiles('**/trivy.yaml') }}
- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@master
with:
format: sarif
ignore-unfixed: true
output: trivy-results.sarif
scan-ref: .
scan-type: ${{ matrix.scan-type }}
severity: CRITICAL,HIGH
trivy-config: trivy.yaml
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy-results.sarif
test:
if: github.event_name == 'push' || github.event_name == 'pull_request'
runs-on: ubuntu-latest
permissions:
contents: read
env:
K3S_VERSION: v1.31.1-k3s1
strategy:
fail-fast: false
matrix:
include:
- kustomization: oathkeeper/test/vm
namespace: auth
extras: |
kubectl apply --server-side --timeout=10m -f \
https://github.com/VictoriaMetrics/operator/raw/refs/tags/v0.48.3/config/crd/overlay/crd.yaml
- kustomization: oathkeeper/test/prom
namespace: auth
extras: |
kubectl apply --server-side --timeout=10m \
-f https://github.com/prometheus-operator/prometheus-operator/raw/refs/tags/v0.77.1/example/prometheus-operator-crd-full/monitoring.coreos.com_servicemonitors.yaml
- kustomization: kratos/test/vm
namespace: auth
extras: |
kubectl apply --server-side --timeout=10m -f \
https://github.com/VictoriaMetrics/operator/raw/refs/tags/v0.48.3/config/crd/overlay/crd.yaml
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup k3s cluster
uses: debianmaster/actions-k3s@master
with:
version: ${{ env.K3S_VERSION }}
- name: Verify k8s cluster
run: kubectl get nodes
- name: Ensure namespace exists ${{ matrix.namespace }}
run: kubectl create namespace ${{ matrix.namespace }} --dry-run=client -o yaml | kubectl apply -f -
- name: Create extras
if: matrix.extras
run: ${{ matrix.extras }}
- name: Verify kustomization ${{ matrix.kustomization }}
run: kubectl apply -k ${{ matrix.kustomization }} --wait --timeout=10m
- name: Wait for pods to get into ready state
run: |
kubectl get pod -n ${{ matrix.namespace }}
kubectl wait --for=condition=ready --timeout=10m pod --all -n ${{ matrix.namespace }}
kubectl get pod -n ${{ matrix.namespace }}
- name: Print pod logs
if: failure()
run: |
echo "Printing logs of pods in namespace ${{ matrix.namespace }}"
kubectl logs --all-containers=true --namespace=${{ matrix.namespace }} --selector=app.kubernetes.io/managed-by=Kustomize
ansible-lint:
if: github.event_name == 'push' || github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint@main
release-please:
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Release please
uses: googleapis/release-please-action@v4
with:
release-type: simple