feat: [enterprise] add serviceAccount #1069
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Test using kind and chart-testing tool" | |
| on: | |
| pull_request: | |
| paths: | |
| - 'stable/**' | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| kubernetesVersion: ["v1.28.7", "v1.29.2", "v1.30.0", "v1.31.0", "v1.32.2"] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 | |
| - name: Fetch history | |
| run: git fetch --prune --unshallow | |
| - name: Shellcheck | |
| uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 | |
| - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4 | |
| with: | |
| python-version: '3.10' | |
| - name: Set up Helm | |
| uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 | |
| with: | |
| version: v3.8.0 | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@b43128a8b25298e1e7b043b78ea6613844e079b1 # v2.7.0 | |
| - name: Run chart-testing (list-changed) | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --config 'ct-config.yaml' --target-branch ${{ github.event.pull_request.base.ref }}) | |
| if [[ -n "$changed" ]]; then | |
| echo "CHANGED=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Run chart-testing (lint) | |
| id: lint | |
| run: ct lint --config 'ct-config.yaml' | |
| if: steps.list-changed.outputs.CHANGED == 'true' && github.event.pull_request.base.ref == 'main' | |
| - name: Run chart-testing but skip version check (lint) | |
| id: lintskipversion | |
| run: ct lint --config 'ct-config.yaml' --check-version-increment=false | |
| if: steps.list-changed.outputs.CHANGED == 'true' && github.event.pull_request.base.ref != 'main' | |
| - name: Install kind | |
| if: steps.list-changed.outputs.CHANGED == 'true' | |
| uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 | |
| with: | |
| node_image: "kindest/node:${{ matrix.kubernetesVersion }}" | |
| config: kind-config.yaml | |
| wait: 600s | |
| - name: Check kind nodes | |
| if: steps.list-changed.outputs.CHANGED == 'true' | |
| run: kubectl describe nodes | |
| - name: Create pullcreds and license secrets | |
| if: steps.list-changed.outputs.CHANGED == 'true' | |
| run: | | |
| kubectl create namespace anchore | |
| echo "${ANCHORE_LICENSE}" | base64 --decode > /tmp/anchore-license | |
| kubectl --namespace anchore create secret generic anchore-enterprise-license --from-file=license.yaml=/tmp/anchore-license | |
| kubectl --namespace anchore create secret docker-registry anchore-enterprise-pullcreds --docker-server=docker.io --docker-username="${DOCKER_USER}" --docker-password="${DOCKER_PASS}" | |
| env: | |
| ANCHORE_LICENSE: ${{ secrets.B64_ANCHORE_LICENSE }} | |
| DOCKER_USER: ${{ secrets.ANCHOREREADONLY_DH_USERNAME }} | |
| DOCKER_PASS: ${{ secrets.ANCHOREREADONLY_DH_PAT }} | |
| - name: Check if anchore-enterprise endpoint is required for admission controller chart | |
| id: enterprise_required | |
| run: | | |
| if [[ -n $(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep 'anchore-admission-controller') ]]; then | |
| echo "File in the 'stable/anchore-admission-controller' directory was changed. We need an Enterprise deployment" | |
| echo "::set-output name=changed::true" | |
| elif [[ -n $(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep 'k8s-inventory') ]]; then | |
| echo "Branch: ${{ github.event.pull_request.head.ref }}" | |
| echo "File in the 'stable/k8s-inventory' directory was changed. We need an enterprise deployment" | |
| echo "::set-output name=changed::true" | |
| else | |
| echo "No files in 'stable/anchore-admission-controller' or 'stable/k8s-inventory' directory were changed. Skipping enterprise deployment" | |
| echo "::set-output name=changed::false" | |
| fi | |
| shell: bash | |
| - name: Deploy enterprise | |
| if: steps.enterprise_required.outputs.changed == 'true' | |
| run: | | |
| helm repo add anchore https://charts.anchore.io || echo "anchore repo already added" | |
| helm repo add bitnami https://charts.bitnami.com/bitnami || echo "bitnami repo already added" | |
| helm repo update | |
| helm install enterprise anchore/enterprise --namespace anchore -f stable/anchore-admission-controller/ci/enterprise-vals.yaml --wait | |
| kubectl --namespace anchore get pods | |
| - name: Update to rc image if needed | |
| if: ${{ github.event.pull_request.base.ref == 'rc5x' || github.ref_name == 'rc5x' }} | |
| run: | | |
| echo "Branch: ${{ github.event.pull_request.head.ref }}" | |
| echo 'image: "docker.io/anchore/enterprise-dev:rc"' >> stable/enterprise/ci/rc-values.yaml | |
| echo 'ui:' >> stable/enterprise/ci/rc-values.yaml | |
| echo ' image: "docker.io/anchore/anchore-on-prem-ui-dev:rc"' >> stable/enterprise/ci/rc-values.yaml | |
| echo "Appended to stable/enterprise/ci/rc-values.yaml" | |
| - name: Update to nightly image if needed | |
| if: ${{ github.event.pull_request.base.ref == 'nightly' || github.ref_name == 'nightly' }} | |
| run: | | |
| echo "Branch: ${{ github.event.pull_request.head.ref }}" | |
| echo 'image: "docker.io/anchore/enterprise-dev:nightly"' >> stable/enterprise/ci/nightly-values.yaml | |
| echo 'ui:' >> stable/enterprise/ci/nightly-values.yaml | |
| echo ' image: "docker.io/anchore/anchore-on-prem-ui-dev:nightly"' >> stable/enterprise/ci/nightly-values.yaml | |
| echo "Appended to stable/enterprise/ci/nightly-values.yaml" | |
| - name: Run chart-testing | |
| if: steps.list-changed.outputs.CHANGED == 'true' | |
| run: ct install --config ct-config.yaml --helm-extra-args "--timeout 600s" |