gitea_admin/Online-Boutique
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Initial commit
Some checks failed
Continuous Integration - Pull Request / code-tests (pull_request) Has been cancelled
Details
Continuous Integration - Pull Request / deployment-tests (local-code) (pull_request) Has been cancelled
Details
helm-chart-ci / helm-chart-ci (pull_request) Has been cancelled
Details
kubevious-manifests-ci / kubevious-manifests-ci (pull_request) Has been cancelled
Details
kustomize-build-ci / kustomize-build-ci (pull_request) Has been cancelled
Details
terraform-validate-ci / terraform-validate-ci (pull_request) Has been cancelled
Details
Clean up deployment / cleanup-namespace (pull_request) Has been cancelled
Details
Continuous Integration - Main/Release / code-tests (push) Has been cancelled
Details
Continuous Integration - Main/Release / deployment-tests (local-code) (push) Has been cancelled
Details
helm-chart-ci / helm-chart-ci (push) Has been cancelled
Details
kubevious-manifests-ci / kubevious-manifests-ci (push) Has been cancelled
Details
kustomize-build-ci / kustomize-build-ci (push) Has been cancelled
Details
terraform-validate-ci / terraform-validate-ci (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Subodh
2026-02-04 20:47:56 +05:30
commit dafcd9777f
363 changed files with 52703 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
.github/workflows/README.md vendored Normal file
View File

@@ -0,0 +1,65 @@
# GitHub Actions Workflows
This page describes the CI/CD workflows for the Online Boutique app, which run in [Github Actions](https://github.com/GoogleCloudPlatform/microservices-demo/actions).
## Infrastructure
The CI/CD pipelines for Online Boutique run in Github Actions, using a pool of two [self-hosted runners]((https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners)). These runners are GCE instances (virtual machines) that, for every open Pull Request in the repo, run the code test pipeline, deploy test pipeline, and (on main) deploy the latest version of the app to [cymbal-shops.retail.cymbal.dev](https://cymbal-shops.retail.cymbal.dev)
We also host a test GKE cluster, which is where the deploy tests run. Every PR has its own namespace in the cluster.
## Workflows
**Note**: In order for the current CI/CD setup to work on your pull request, you must branch directly off the repo (no forks). This is because the Github secrets necessary for these tests aren't copied over when you fork.
### Code Tests - [ci-pr.yaml](ci-pr.yaml)
These tests run on every commit for every open PR, as well as any commit to main / any release branch. Currently, this workflow runs only Go unit tests.
### Deploy Tests- [ci-pr.yaml](ci-pr.yaml)
These tests run on every commit for every open PR, as well as any commit to main / any release branch. This workflow:
1. Creates a dedicated GKE namespace for that PR, if it doesn't already exist, in the PR GKE cluster.
2. Uses `skaffold run` to build and push the images specific to that PR commit. Then skaffold deploys those images, via `kubernetes-manifests`, to the PR namespace in the test cluster.
3. Tests to make sure all the pods start up and become ready.
4. Gets the LoadBalancer IP for the frontend service.
5. Comments that IP in the pull request, for staging.
### Push and Deploy Latest - [push-deploy](push-deploy.yml)
This is the Continuous Deployment workflow, and it runs on every commit to the main branch. This workflow:
1. Builds the container images for every service, tagging as `latest`.
2. Pushes those images to Google Container Registry.
Note that this workflow does not update the image tags used in `release/kubernetes-manifests.yaml` - these release manifests are tied to a stable `v0.x.x` release.
### Cleanup - [cleanup.yaml](cleanup.yaml)
This workflow runs when a PR closes, regardless of whether it was merged into main. This workflow deletes the PR-specific GKE namespace in the test cluster.
## Appendix - Creating a new Actions runner
Should one of the two self-hosted Github Actions runners (GCE instances) fail, or you want to add more runner capacity, this is how to provision a new runner. Note that you need IAM access to the admin Online Boutique GCP project in order to do this.
1. Create a GCE instance.
- VM should be at least n1-standard-4 with 50GB persistent disk
- VM should use custom service account with permissions to: access a GKE cluster, create GCS storage buckets, and push to GCR.
2. SSH into new VM through the Google Cloud Console.
3. Install project-specific dependencies, including go, docker, skaffold, and kubectl:
```
wget -O - https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/main/.github/workflows/install-dependencies.sh | bash
```
The instance will restart when the script completes in order to finish the Docker install.
4. SSH back into the VM.
5. Follow the instructions to add a new runner on the [Actions Settings page](https://github.com/GoogleCloudPlatform/microservices-demo/settings/actions) to authenticate the new runner
6. Start GitHub Actions as a background service:
```
sudo ~/actions-runner/svc.sh install ; sudo ~/actions-runner/svc.sh start
```

122
.github/workflows/ci-main.yaml vendored Normal file
View File

@@ -0,0 +1,122 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "Continuous Integration - Main/Release"
on:
push:
# run on pushes to main or release/*
branches:
- main
- release/*
paths-ignore:
- '**/README.md'
- 'kustomize/**'
- '.github/workflows/kustomize-build-ci.yaml'
- 'terraform/**'
- '.github/workflows/terraform-validate-ci.yaml'
- 'helm-chart/**'
- '.github/workflows/helm-chart-ci.yaml'
jobs:
code-tests:
runs-on: [self-hosted, is-enabled]
steps:
- uses: actions/checkout@v6
- uses: actions/setup-dotnet@v5
env:
DOTNET_INSTALL_DIR: "./.dotnet"
with:
dotnet-version: '10.0'
- uses: actions/setup-go@v6
with:
go-version: '1.25'
- name: Go Unit Tests
timeout-minutes: 10
run: |
for SERVICE in "shippingservice" "productcatalogservice"; do
echo "testing $SERVICE..."
pushd src/$SERVICE
go test
popd
done
- name: C# Unit Tests
timeout-minutes: 10
run: |
dotnet test src/cartservice/
deployment-tests:
runs-on: [self-hosted, is-enabled]
needs: code-tests
strategy:
matrix:
profile: ["local-code"]
fail-fast: true
steps:
- uses: actions/checkout@v6
- name: Build + Deploy PR images to GKE
timeout-minutes: 20
run: |
PR_NUMBER=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }')
NAMESPACE="pr${PR_NUMBER}"
echo "::set-env name=NAMESPACE::$NAMESPACE"
echo "::set-env name=PR_NUMBER::$PR_NUMBER"
yes | gcloud auth configure-docker us-docker.pkg.dev
gcloud container clusters get-credentials $PR_CLUSTER --region $REGION --project $PROJECT_ID
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: $NAMESPACE
EOF
echo Deploying application
skaffold config set --global local-cluster false
skaffold run --default-repo=us-docker.pkg.dev/$PROJECT_ID/$GITHUB_REF --tag=$GITHUB_SHA --namespace=$NAMESPACE -p network-policies
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
PROJECT_ID: "online-boutique-ci"
PR_CLUSTER: "prs-gke-cluster"
REGION: "us-central1"
- name: Wait For Pods
timeout-minutes: 20
run: |
set -x
kubectl config set-context --current --namespace=$NAMESPACE
kubectl wait --for=condition=available --timeout=1000s deployment/redis-cart
kubectl wait --for=condition=available --timeout=1000s deployment/adservice
kubectl wait --for=condition=available --timeout=1000s deployment/cartservice
kubectl wait --for=condition=available --timeout=1000s deployment/checkoutservice
kubectl wait --for=condition=available --timeout=1000s deployment/currencyservice
kubectl wait --for=condition=available --timeout=1000s deployment/emailservice
kubectl wait --for=condition=available --timeout=1000s deployment/frontend
kubectl wait --for=condition=available --timeout=1000s deployment/loadgenerator
kubectl wait --for=condition=available --timeout=1000s deployment/paymentservice
kubectl wait --for=condition=available --timeout=1000s deployment/productcatalogservice
kubectl wait --for=condition=available --timeout=1000s deployment/recommendationservice
kubectl wait --for=condition=available --timeout=1000s deployment/shippingservice
- name: Smoke Test
timeout-minutes: 5
run: |
set -x
# start fresh loadgenerator pod
kubectl delete pod -l app=loadgenerator
# wait for requests to come in
REQUEST_COUNT="0"
while [[ "$REQUEST_COUNT" -lt "50" ]]; do
sleep 5
REQUEST_COUNT=$(kubectl logs -l app=loadgenerator | grep Aggregated | awk '{print $2}')
done
# ensure there are no errors hitting endpoints
ERROR_COUNT=$(kubectl logs -l app=loadgenerator | grep Aggregated | awk '{print $3}' | sed "s/[(][^)]*[)]//g")
if [[ "$ERROR_COUNT" -gt "0" ]]; then
exit 1
fi

158
.github/workflows/ci-pr.yaml vendored Normal file
View File

@@ -0,0 +1,158 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "Continuous Integration - Pull Request"
on:
pull_request:
branches:
- main
paths-ignore:
- '**/README.md'
- 'kustomize/**'
- '.github/workflows/kustomize-build-ci.yaml'
- 'terraform/**'
- '.github/workflows/terraform-validate-ci.yaml'
- 'helm-chart/**'
- '.github/workflows/helm-chart-ci.yaml'
# Ensure this workflow only runs for the most recent commit of a pull-request
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
code-tests:
runs-on: [self-hosted, is-enabled]
steps:
- uses: actions/checkout@v6
- uses: actions/setup-dotnet@v5
env:
DOTNET_INSTALL_DIR: "./.dotnet"
with:
dotnet-version: '10.0'
- uses: actions/setup-go@v6
with:
go-version: '1.25'
- name: Go Unit Tests
timeout-minutes: 10
run: |
for GO_PACKAGE in "shippingservice" "productcatalogservice" "frontend/validator"; do
echo "Testing $GO_PACKAGE..."
pushd src/$GO_PACKAGE
go test
popd
done
- name: C# Unit Tests
timeout-minutes: 10
run: |
dotnet test src/cartservice/
deployment-tests:
runs-on: [self-hosted, is-enabled]
needs: code-tests
strategy:
matrix:
profile: ["local-code"]
fail-fast: true
steps:
- uses: actions/checkout@v6
with:
ref: ${{github.event.pull_request.head.sha}}
- name: Build + Deploy PR images to GKE
timeout-minutes: 20
run: |
NAMESPACE="pr${PR_NUMBER}"
echo "::set-env name=NAMESPACE::$NAMESPACE"
yes | gcloud auth configure-docker us-docker.pkg.dev
gcloud container clusters get-credentials $PR_CLUSTER --region $REGION --project $PROJECT_ID
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: $NAMESPACE
EOF
echo Deploying application
skaffold config set --global local-cluster false
skaffold run --default-repo=us-docker.pkg.dev/$PROJECT_ID/refs/pull/$PR_NUMBER --tag=$PR_NUMBER --namespace=$NAMESPACE -p network-policies
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
PR_NUMBER: ${{ github.event.pull_request.number }}
PROJECT_ID: "online-boutique-ci"
PR_CLUSTER: "prs-gke-cluster"
REGION: "us-central1"
- name: Wait For Pods
timeout-minutes: 20
run: |
set -x
kubectl config set-context --current --namespace=$NAMESPACE
kubectl wait --for=condition=available --timeout=1000s deployment/redis-cart
kubectl wait --for=condition=available --timeout=1000s deployment/adservice
kubectl wait --for=condition=available --timeout=1000s deployment/cartservice
kubectl wait --for=condition=available --timeout=1000s deployment/checkoutservice
kubectl wait --for=condition=available --timeout=1000s deployment/currencyservice
kubectl wait --for=condition=available --timeout=1000s deployment/emailservice
kubectl wait --for=condition=available --timeout=1000s deployment/frontend
kubectl wait --for=condition=available --timeout=1000s deployment/loadgenerator
kubectl wait --for=condition=available --timeout=1000s deployment/paymentservice
kubectl wait --for=condition=available --timeout=1000s deployment/productcatalogservice
kubectl wait --for=condition=available --timeout=1000s deployment/recommendationservice
kubectl wait --for=condition=available --timeout=1000s deployment/shippingservice
- name: Query EXTERNAL_IP for staging
timeout-minutes: 5
run: |
set -x
NAMESPACE="pr${PR_NUMBER}"
get_externalIP() {
kubectl get service frontend-external --namespace $NAMESPACE -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
}
until [[ -n "$(get_externalIP)" ]]; do
echo "Querying for external IP for frontend-external on namespace: $NAMESPACE{}"
sleep 3
done
EXTERNAL_IP=$(get_externalIP)
echo "::set-env name=EXTERNAL_IP::$EXTERNAL_IP"
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
PR_NUMBER: ${{ github.event.pull_request.number }}
- name: Smoke Test
timeout-minutes: 5
run: |
set -x
# start fresh loadgenerator pod
kubectl delete pod -l app=loadgenerator
# wait for requests to come in
REQUEST_COUNT="0"
while [[ "$REQUEST_COUNT" -lt "50" ]]; do
sleep 5
REQUEST_COUNT=$(kubectl logs -l app=loadgenerator | grep Aggregated | awk '{print $2}')
done
# ensure there are no errors hitting endpoints
ERROR_COUNT=$(kubectl logs -l app=loadgenerator | grep Aggregated | awk '{print $3}' | sed "s/[(][^)]*[)]//g")
if [[ "$ERROR_COUNT" -gt "0" ]]; then
exit 1
fi
- name: Comment EXTERNAL_IP
timeout-minutes: 5
env:
COMMENTS_URL: ${{ github.event.pull_request.comments_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl \
-X POST \
$COMMENTS_URL \
-H "Content-Type: application/json" \
-H "Authorization: token $GITHUB_TOKEN" \
--data '{ "body": "🚲 PR staged at '"http://${EXTERNAL_IP}"'"}'
sleep 60

44
.github/workflows/cleanup.yaml vendored Normal file
View File

@@ -0,0 +1,44 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "Clean up deployment"
on:
pull_request:
# run on pull requests targeting main
branches:
- main
types: closed
paths-ignore:
- '**/README.md'
- 'kustomize/**'
- '.github/workflows/kustomize-build-ci.yaml'
- 'terraform/**'
- '.github/workflows/terraform-validate-ci.yaml'
jobs:
cleanup-namespace:
runs-on: [self-hosted, is-enabled]
steps:
- name: Delete PR namespace in staging cluster
if: ${{ always() }}
timeout-minutes: 20
run: |
gcloud container clusters get-credentials $PR_CLUSTER \
--region $REGION --project $PROJECT_ID
NAMESPACE="pr${PR_NUMBER}"
kubectl delete namespace $NAMESPACE
env:
PROJECT_ID: "online-boutique-ci"
PR_CLUSTER: "prs-gke-cluster"
REGION: "us-central1"
PR_NUMBER: ${{ github.event.number }}

107
.github/workflows/helm-chart-ci.yaml vendored Normal file
View File

@@ -0,0 +1,107 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: helm-chart-ci
on:
push:
branches:
- main
paths:
- 'helm-chart/**'
- '.github/workflows/helm-chart-ci.yaml'
pull_request:
paths:
- 'helm-chart/**'
- '.github/workflows/helm-chart-ci.yaml'
jobs:
helm-chart-ci:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6
- name: helm lint
run: |
cd helm-chart/
helm lint --strict
- name: helm template default
run: |
cd helm-chart/
helm template . > helm-template.yaml
cat helm-template.yaml
kustomize create --resources helm-template.yaml
kustomize build .
- name: helm template grpc health probes
run: |
# Test related to https://medium.com/google-cloud/b5bd26253a4c
cd helm-chart/
SPANNER_CONNECTION_STRING=projects/PROJECT_ID/instances/SPANNER_INSTANCE_NAME/databases/SPANNER_DATABASE_NAME
helm template . \
--set nativeGrpcHealthCheck=true \
-n onlineboutique \
> helm-template.yaml
cat helm-template.yaml
kustomize build .
- name: helm template spanner
run: |
# Test related to https://medium.com/google-cloud/f7248e077339
cd helm-chart/
SPANNER_CONNECTION_STRING=projects/PROJECT_ID/instances/SPANNER_INSTANCE_NAME/databases/SPANNER_DATABASE_NAME
SPANNER_DB_USER_GSA_ID=spanner-db-user@my-project.iam.gserviceaccount.com
helm template . \
--set cartDatabase.inClusterRedis.create=false \
--set cartDatabase.type=spanner \
--set cartDatabase.connectionString=${SPANNER_CONNECTION_STRING} \
--set serviceAccounts.create=true \
--set serviceAccounts.annotationsOnlyForCartservice=true \
--set "serviceAccounts.annotations.iam\.gke\.io/gcp-service-account=${SPANNER_DB_USER_GSA_ID}" \
-n onlineboutique \
> helm-template.yaml
cat helm-template.yaml
kustomize build .
- name: helm template asm
run: |
# Test related to https://medium.com/google-cloud/246119e46d53
cd helm-chart/
helm template . \
--set networkPolicies.create=true \
--set sidecars.create=true \
--set serviceAccounts.create=true \
--set authorizationPolicies.create=true \
--set frontend.externalService=false \
--set frontend.virtualService.create=true \
--set frontend.virtualService.gateway.name=asm-ingressgateway \
--set frontend.virtualService.gateway.namespace=asm-ingress \
--set frontend.virtualService.gateway.labelKey=asm \
--set frontend.virtualService.gateway.labelValue=ingressgateway \
-n onlineboutique \
> helm-template.yaml
cat helm-template.yaml
kustomize build .
- name: helm template memorystore istio tls origination
run: |
# Test related to https://medium.com/google-cloud/64b71969318d
cd helm-chart/
REDIS_IP=0.0.0.0
REDIS_PORT=7378
REDIS_CERT=dsjfgkldsjflkdsjflksdajfkldsjkfljsdaklfjaskjfakdsjfaklsdjflskadjfklasjfkls
helm template . \
--set cartDatabase.inClusterRedis.create=false \
--set cartDatabase.connectionString=${REDIS_IP}:${REDIS_PORT} \
--set cartDatabase.externalRedisTlsOrigination.enable=true \
--set cartDatabase.externalRedisTlsOrigination.certificate="${REDIS_CERT}" \
--set cartDatabase.externalRedisTlsOrigination.endpointAddress=${REDIS_IP} \
--set cartDatabase.externalRedisTlsOrigination.endpointPort=${REDIS_PORT} \
-n onlineboutique \
> helm-template.yaml
cat helm-template.yaml
kustomize build .

74
.github/workflows/install-dependencies.sh vendored Executable file
View File

@@ -0,0 +1,74 @@
#!/bin/bash
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -euo pipefail
# install wget
sudo apt install -y wget
# install dotnet CLI
sudo apt-get update
sudo apt-get install wget
wget -O - https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.asc.gpg
sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/
wget https://packages.microsoft.com/config/debian/9/prod.list
sudo mv prod.list /etc/apt/sources.list.d/microsoft-prod.list
sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg
sudo chown root:root /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get install -y apt-transport-https && \
sudo apt-get update && \
sudo apt-get install -y dotnet-sdk-10.0
echo "✅ dotnet installed"
# install kubectl
sudo apt-get install -yqq kubectl git
echo "✅ kubectl installed"
# install go
wget https://golang.org/dl/go1.25.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.25.linux-amd64.tar.gz
echo 'export GOPATH=$HOME/go' >> ~/.profile
echo 'export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin' >> ~/.profile
source ~/.profile
echo "✅ golang installed"
# install build-essential (gcc, used for go test)
sudo apt install -y build-essential
# install addlicense
go install github.com/google/addlicense@latest
sudo ln -s $HOME/go/bin/addlicense /bin
# install build-essential (gcc, used for go test)
sudo apt install -y build-essential
# install skaffold
curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \
chmod +x skaffold && \
sudo mv skaffold /usr/local/bin
echo "✅ skaffold installed"
# install docker
sudo apt install -yqq apt-transport-https ca-certificates curl gnupg2 software-properties-common && \
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - && \
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" && \
sudo apt-get update && \
sudo apt-get install -yqq docker-ce && \
sudo usermod -aG docker ${USER}
echo "✅ docker installed, rebooting..."
# reboot for docker setup
sudo reboot

56
.github/workflows/kubevious-manifests-ci.yaml vendored Normal file
View File

@@ -0,0 +1,56 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: kubevious-manifests-ci
on:
push:
branches:
- main
paths:
- 'helm-chart/**'
- 'kustomize/**'
- '.github/workflows/kubevious-manifests-ci.yaml'
pull_request:
paths:
- 'helm-chart/**'
- 'kustomize/**'
- '.github/workflows/kubevious-manifests-ci.yaml'
permissions:
contents: read
jobs:
kubevious-manifests-ci:
runs-on: ubuntu-24.04
timeout-minutes: 1
steps:
- uses: actions/checkout@v6
- name: Validate kubernetes-manifests
id: kubernetes-manifests-validation
uses: kubevious/cli@v1.0.64
with:
manifests: kubernetes-manifests
skip_rules: container-latest-image
- name: Validate helm-chart
id: helm-chart-validation
uses: kubevious/cli@v1.0.64
with:
manifests: helm-chart
- name: Validate kustomize
id: kustomize-validation
uses: kubevious/cli@v1.0.64
with:
manifests: kustomize
skip_rules: container-latest-image

45
.github/workflows/kustomize-build-ci.yaml vendored Normal file
View File

@@ -0,0 +1,45 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: kustomize-build-ci
on:
push:
branches:
- main
paths:
- 'kustomize/**'
- '.github/workflows/kustomize-build-ci.yaml'
pull_request:
paths:
- 'kustomize/**'
- '.github/workflows/kustomize-build-ci.yaml'
jobs:
kustomize-build-ci:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6
- name: kustomize build base
run: |
cd kustomize/
kubectl kustomize .
# Build the different combinations of Kustomize components found in kustomize/tests.
- name: kustomize build tests
run: |
cd kustomize/tests
KUSTOMIZE_TESTS_SUBFOLDERS=$(ls -d */)
for test in $KUSTOMIZE_TESTS_SUBFOLDERS;
do
echo "## kustomize build for " + $test
kustomize build $test
done

37
.github/workflows/terraform-validate-ci.yaml vendored Normal file
View File

@@ -0,0 +1,37 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: terraform-validate-ci
on:
push:
branches:
- main
paths:
- 'terraform/**'
- '.github/workflows/terraform-validate-ci.yaml'
pull_request:
paths:
- 'terraform/**'
- '.github/workflows/terraform-validate-ci.yaml'
jobs:
terraform-validate-ci:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6
- uses: hashicorp/setup-terraform@v3
- name: terraform init & validate
run: |
cd terraform/
terraform init -backend=false
terraform validate