chore(deps): bump the go-dependencies group with 6 updates #613
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| tags: ["v*"] | |
| pull_request: | |
| branches: [main, develop] | |
| env: | |
| GO_VERSION: "1.26.2" | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: configbutler/gitops-reverser | |
| IMAGE_TAG: ci-${{ github.sha }} | |
| CHART_REGISTRY: ghcr.io/configbutler/charts | |
| REPO_NAME: ${{ github.event.repository.name }} | |
| CI_WORKDIR: /workspaces/${{ github.event.repository.name }} | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| packages: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-ci-container: | |
| name: Build CI Base Container | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image: ${{ steps.image.outputs.name }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set image name | |
| id: image | |
| run: | | |
| IMAGE="${{ env.REGISTRY }}/configbutler/gitops-reverser-ci:${{ github.sha }}" | |
| echo "name=${IMAGE}" >> $GITHUB_OUTPUT | |
| echo "Building CI base container: ${IMAGE}" | |
| - name: Build and push CI base container | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| file: .devcontainer/Dockerfile | |
| target: ci | |
| push: true | |
| load: true # So that we can run the next step without pulling | |
| tags: | | |
| ${{ steps.image.outputs.name }} | |
| ${{ env.REGISTRY }}/configbutler/gitops-reverser-ci:latest | |
| cache-from: type=gha,scope=ci-container | |
| cache-to: type=gha,mode=max,scope=ci-container | |
| - name: Validate CI container tools | |
| run: | | |
| docker run --rm ${{ steps.image.outputs.name }} bash -c " | |
| set -e | |
| echo '=== Validating CI Container Tools ===' | |
| go version | |
| kubectl version --client | |
| kustomize version | |
| helm version | |
| golangci-lint version | |
| controller-gen --version | |
| k3d version | |
| docker --version | |
| echo '✅ All CI container tools verified' | |
| " | |
| validate-devcontainer: | |
| name: Validate Dev Container | |
| runs-on: ubuntu-latest | |
| needs: build-ci-container | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build dev container (validation only) | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| file: .devcontainer/Dockerfile | |
| push: false | |
| load: true | |
| tags: gitops-reverser-devcontainer:test | |
| cache-from: type=gha,scope=devcontainer | |
| cache-to: type=gha,scope=devcontainer,mode=max | |
| build-args: | | |
| BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 | |
| - name: Validate dev container tools | |
| run: | | |
| docker run --rm gitops-reverser-devcontainer:test bash -c " | |
| set -e | |
| echo '=== Validating Dev Container Tools ===' | |
| go version | |
| kubectl version --client | |
| kustomize version | |
| helm version | |
| golangci-lint version | |
| k3d version | |
| task --version | |
| bash -ic 'complete -p task >/dev/null' | |
| docker --version | |
| echo '✅ All dev container tools verified' | |
| " | |
| lint-helm: | |
| name: Lint and build Helm Chart (and generate single-file installer) | |
| runs-on: ubuntu-latest | |
| needs: build-ci-container | |
| container: | |
| image: ${{ needs.build-ci-container.outputs.image }} | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Configure Git safe directory | |
| run: git config --global --add safe.directory /__w/gitops-reverser/gitops-reverser | |
| - name: Copy generated things from /config | |
| run: task helm-sync | |
| - name: Helm lint | |
| run: helm lint charts/gitops-reverser | |
| - name: Helm template (dry-run) | |
| run: | | |
| helm template gitops-reverser charts/gitops-reverser \ | |
| --namespace gitops-reverser-system \ | |
| --set image.repository=test/image \ | |
| --set image.tag=test | |
| - name: Generate install.yaml from Helm chart | |
| run: task dist-install | |
| - name: Package Helm chart | |
| run: | | |
| helm package charts/gitops-reverser --destination . | |
| mv gitops-reverser-*.tgz gitops-reverser.tgz | |
| - name: Upload release bundle artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: release-bundle | |
| path: | | |
| dist/install.yaml | |
| gitops-reverser.tgz | |
| if-no-files-found: error | |
| lint: | |
| name: Lint Go Code | |
| runs-on: ubuntu-latest | |
| needs: build-ci-container | |
| container: | |
| image: ${{ needs.build-ci-container.outputs.image }} | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Configure Git safe directory (for now needed as workarround https://github.com/actions/checkout/issues/2031) | |
| run: git config --global --add safe.directory /__w/gitops-reverser/gitops-reverser | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v9 | |
| with: | |
| install-mode: none | |
| skip-cache: false | |
| skip-save-cache: false | |
| only-new-issues: ${{ github.event_name == 'pull_request' }} | |
| args: --timeout=5m --concurrency=4 | |
| test: | |
| name: Unit tests | |
| runs-on: ubuntu-latest | |
| needs: build-ci-container | |
| container: | |
| image: ${{ needs.build-ci-container.outputs.image }} | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Configure Git safe directory | |
| run: git config --global --add safe.directory /__w/gitops-reverser/gitops-reverser | |
| - name: Run tests | |
| run: task test | |
| docker-build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image: ${{ steps.image.outputs.name }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set full image name | |
| id: image | |
| run: | | |
| FULL_IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}" | |
| echo "name=${FULL_IMAGE}" >> $GITHUB_OUTPUT | |
| echo "Building image: ${FULL_IMAGE}" | |
| - name: Build and push Docker image | |
| uses: ./.github/actions/docker-build | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| platforms: linux/amd64 | |
| tags: ${{ steps.image.outputs.name }} | |
| outputs: type=image,push=true | |
| cache-scope: build-linux/amd64 | |
| e2e: | |
| name: E2E (${{ matrix.name }}) | |
| runs-on: ubuntu-latest | |
| needs: [build-ci-container, docker-build, lint-helm] | |
| strategy: | |
| matrix: | |
| include: | |
| - name: quickstart-helm-and-makefile-image-refresh | |
| script: "export INSTALL_MODE=helm HELM_CHART_SOURCE=./gitops-reverser.tgz && task test-e2e-quickstart-helm && task test-image-refresh" | |
| needs_artifact: true | |
| - name: quickstart-manifest | |
| script: "task test-e2e-quickstart-manifest" | |
| needs_artifact: true | |
| - name: full | |
| script: "task test-e2e-full" | |
| needs_artifact: false | |
| env: | |
| PROJECT_IMAGE: ${{ needs.docker-build.outputs.image }} | |
| CI_CONTAINER: ${{ needs.build-ci-container.outputs.image }} | |
| IMAGE_DELIVERY_MODE: pull | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Download release bundle artifact | |
| if: matrix.needs_artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: release-bundle | |
| path: . | |
| - name: Login to Docker registry | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin | |
| - name: Run E2E tests in CI container | |
| run: | | |
| docker run --rm \ | |
| --network host \ | |
| -v "${GITHUB_WORKSPACE}:${{ env.CI_WORKDIR }}" \ | |
| -v /var/run/docker.sock:/var/run/docker.sock \ | |
| -w "${{ env.CI_WORKDIR }}" \ | |
| -e PROJECT_IMAGE=${{ env.PROJECT_IMAGE }} \ | |
| -e IMAGE_DELIVERY_MODE=${{ env.IMAGE_DELIVERY_MODE }} \ | |
| -e HOST_PROJECT_PATH=${{ github.workspace }} \ | |
| ${{ env.CI_CONTAINER }} \ | |
| bash -c " | |
| git config --global --add safe.directory ${{ env.CI_WORKDIR }} | |
| ${{ matrix.script }} | |
| " | |
| # Release job only runs on push to main after tests pass | |
| release-please: | |
| name: Release Please | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| needs: [lint-helm, lint, test, e2e, validate-devcontainer] | |
| outputs: | |
| release_created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| version: ${{ steps.release.outputs.version }} | |
| steps: | |
| - name: Run release-please | |
| id: release | |
| uses: googleapis/release-please-action@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| config-file: release-please-config.json | |
| manifest-file: .release-please-manifest.json | |
| # Build and push Docker images in parallel for each platform | |
| publish: | |
| name: Build ${{ matrix.platform }} | |
| runs-on: ${{ matrix.runs_on }} | |
| needs: release-please | |
| if: needs.release-please.outputs.release_created == 'true' | |
| strategy: | |
| matrix: | |
| include: | |
| - platform: linux/amd64 | |
| runs_on: ubuntu-latest | |
| - platform: linux/arm64 | |
| runs_on: ubuntu-24.04-arm | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ needs.release-please.outputs.version }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-please.outputs.version }} | |
| type=semver,pattern={{major}},value=${{ needs.release-please.outputs.version }} | |
| type=raw,value=latest | |
| - name: Build and push Docker image by digest | |
| id: build | |
| uses: ./.github/actions/docker-build | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| platforms: ${{ matrix.platform }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true | |
| cache-scope: build-${{ matrix.platform }} | |
| - name: Export digest | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: digests-${{ strategy.job-index }} | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| # Merge all platform images into multi-arch manifests | |
| publish-manifest: | |
| name: Publish Multi-Arch Manifest | |
| runs-on: ubuntu-latest | |
| needs: [release-please, publish] | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@v8 | |
| with: | |
| path: /tmp/digests | |
| pattern: digests-* | |
| merge-multiple: true | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Login to registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ needs.release-please.outputs.version }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-please.outputs.version }} | |
| type=semver,pattern={{major}},value=${{ needs.release-please.outputs.version }} | |
| type=raw,value=latest | |
| - name: Create manifest list and push | |
| working-directory: /tmp/digests | |
| run: | | |
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} | |
| - name: Update release info | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ needs.release-please.outputs.tag_name }} | |
| append_body: true | |
| body: | | |
| ## Installation | |
| ### Quick Install (Single YAML) | |
| ```bash | |
| kubectl apply -f https://github.com/ConfigButler/gitops-reverser/releases/download/${{ needs.release-please.outputs.tag_name }}/install.yaml | |
| ``` | |
| ### Helm Chart | |
| ```bash | |
| helm install gitops-reverser oci://${{ env.CHART_REGISTRY }}/gitops-reverser --version ${{ needs.release-please.outputs.version }} | |
| ``` | |
| ## Docker Images | |
| This release is available as a Docker image: | |
| ```bash | |
| docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release-please.outputs.version }} | |
| docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| ``` | |
| **Platforms:** linux/amd64, linux/arm64 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Publish Helm chart to ghcr.io as OCI artifact | |
| publish-helm: | |
| name: Publish Helm Chart | |
| runs-on: ubuntu-latest | |
| needs: [build-ci-container, e2e, release-please] | |
| if: needs.release-please.outputs.release_created == 'true' | |
| container: | |
| image: ${{ needs.build-ci-container.outputs.image }} | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Configure Git safe directory | |
| run: git config --global --add safe.directory /__w/gitops-reverser/gitops-reverser | |
| - name: Download tested release bundle artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: release-bundle | |
| path: . | |
| - name: Login to GitHub Container Registry | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ${{ env.REGISTRY }} --username ${{ github.actor }} --password-stdin | |
| - name: Push Helm chart to GHCR | |
| run: | | |
| helm push ./gitops-reverser.tgz oci://${{ env.CHART_REGISTRY }} | |
| - name: Upload install.yaml as release asset | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ needs.release-please.outputs.tag_name }} | |
| files: dist/install.yaml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |