You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
flux2/.github/workflows
Hidde Beydals 506da2466b
ci: release: disable interpretation backslash esc
This ensures `jq` can properly parse the given `ARTIFACTS` JSON blob,
as it contains escaped newlines in for example the Brew formula.

This should address the issue with the generation of SLSA metadata.

Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2 years ago
..
README.md ci: Refactor GitHub workflows 2 years ago
backport.yaml ci: enable workflows for `release/**` branches 2 years ago
e2e-arm64.yaml Run conformance tests for Kubernetes v1.27.3 2 years ago
e2e-azure.yaml build(deps): bump actions/checkout from 3.5.2 to 3.5.3 2 years ago
e2e-bootstrap.yaml Run conformance tests for Kubernetes v1.27.3 2 years ago
e2e.yaml Run conformance tests for Kubernetes v1.27.3 2 years ago
ossf.yaml build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 2 years ago
release.yaml ci: release: disable interpretation backslash esc 2 years ago
scan.yaml ci: enable workflows for `release/**` branches 2 years ago
sync-labels.yaml Declaratively define (and sync) labels 2 years ago
update.yaml ci: enable workflows for `release/**` branches 2 years ago

README.md

Flux GitHub Workflows

End-to-end Testing

The e2e workflows run a series of tests to ensure that the Flux CLI and the GitOps Toolkit controllers work well all together. The tests are written in Go, Bash, Make and Terraform.

Workflow Jobs Runner Role
e2e.yaml e2e-amd64-kubernetes GitHub Ubuntu integration testing with Kubernetes Kind
e2e-arm64.yaml e2e-arm64-kubernetes Equinix Ubuntu integration testing with Kubernetes Kind
e2e-bootstrap.yaml e2e-boostrap-github GitHub Ubuntu integration testing with GitHub API
e2e-azure.yaml e2e-amd64-aks GitHub Ubuntu integration testing with Azure API
scan.yaml scan-fossa GitHub Ubuntu license scanning
scan.yaml scan-snyk GitHub Ubuntu vulnerability scanning
scan.yaml scan-codeql GitHub Ubuntu vulnerability scanning

Components Update

The components update workflow scans the GitOps Toolkit controller repositories for new releases, amd when it finds a new controller version, the workflow performs the following steps:

  • Updates the controller API package version in go.mod.
  • Patches the controller CRDs version in the manifests/crds overlay.
  • Patches the controller Deployment version in manifests/bases overlay.
  • Opens a Pull Request against the main branch.
  • Triggers the e2e test suite to run for the opened PR.
Workflow Jobs Runner Role
update.yaml update-components GitHub Ubuntu update the GitOps Toolkit APIs and controllers

Release

The release workflow is triggered by a semver Git tag and performs the following steps:

  • Generates the Flux install manifests (YAML).
  • Generates the OpenAPI validation schemas for the GitOps Toolkit CRDs (JSON).
  • Generates a Software Bill of Materials (SPDX JSON).
  • Builds the Flux CLI binaries and the multi-arch container images.
  • Pushes the container images to GitHub Container Registry and DockerHub.
  • Signs the sbom, the binaries checksum and the container images with Cosign and GitHub OIDC.
  • Uploads the sbom, binaries, checksums and install manifests to GitHub Releases.
  • Pushes the install manifests as OCI artifacts to GitHub Container Registry and DockerHub.
  • Signs the OCI artifacts with Cosign and GitHub OIDC.
Workflow Jobs Runner Role
release.yaml release-flux-cli GitHub Ubuntu build, push and sign the CLI release artifacts
release.yaml release-flux-manifests GitHub Ubuntu build, push and sign the Flux install manifests