CI #1691

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	- release-*
	pull_request: {}
	workflow_dispatch: {}

	env:
	# Common versions
	GO_VERSION: '1.24'
	GOLANGCI_VERSION: 'v1.64.6'
	DOCKER_BUILDX_VERSION: 'v0.22.0'
	UP_VERSION: 'v0.38.4'

	# Registry/Org names
	CROSSPLANE_REGORG: 'ghcr.io/crossplane-contrib' # xpkg.crossplane.io/crossplane-contrib
	UPBOUND_REGORG: 'xpkg.upbound.io/crossplane-contrib'

	PROVIDER_REPO: provider-keycloak

	# Upbound registry specific variables
	UP_DOMAIN: "https://upbound.io"

	# Common users. We can't run a step 'if secrets.XXX != ""' but we can run a
	# step 'if env.XXX != ""', so we copy these to succinctly test whether
	# credentials have been provided before trying to run steps that need them.
	UPBOUND_MARKETPLACE_PUSH_ROBOT_USR: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}

	jobs:
	detect-noop:
	runs-on: ubuntu-24.04
	outputs:
	noop: ${{ steps.noop.outputs.should_skip }}
	steps:
	- name: Detect No-op Changes
	id: noop
	uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	paths_ignore: '[".md", ".png", "**.jpg"]'
	do_not_skip: '["workflow_dispatch", "schedule", "push"]'


	lint:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
	with:
	submodules: true

	- name: Setup Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-lint-

	- name: Cache Go Dependencies
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	# We could run 'make lint' but we prefer this action because it leaves
	# 'annotations' (i.e. it comments on PRs to point out linter violations).
	- name: Lint
	uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6
	with:
	version: ${{ env.GOLANGCI_VERSION }}

	check-diff:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	with:
	submodules: true

	- name: Setup Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Install goimports
	run: go install golang.org/x/tools/cmd/goimports@latest

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-check-diff-

	- name: Cache Go Dependencies
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Check Diff
	run: make check-diff

	unit-tests:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-unit-tests-

	- name: Cache Go Dependencies
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Run Unit Tests
	run: make -j2 test

	- name: Publish Unit Test Coverage
	uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5
	with:
	flags: unittests
	file: _output/tests/linux_amd64/coverage.txt

	local-deploy:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-unit-tests-

	- name: Cache Go Dependencies
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Deploying locally built provider package
	run: make local-deploy

	e2e-tests:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'
	concurrency:
	group: ${{ github.head_ref \|\| github.run_id }}-${{ matrix.keycloak-version }}
	cancel-in-progress: true
	strategy:
	fail-fast: false
	matrix:
	keycloak-version:
	- '26.4.4'
	- '26.3.5'
	- '26.2.10'
	- '26.1.5'
	- '26.0.17'
	steps:
	- name: Checkout
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-unit-tests-

	- name: Cache Go Dependencies
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Starting testsetup for E2E Tests
	run: ./dev/setup_dev_environment.sh --deploy-local-provider --keycloak-version ${{ matrix.keycloak-version }}

	- name: Set kind cluster as context
	run: kind export kubeconfig --name fenrir-1

	- name: Running E2E Tests
	run: make uptest

	publish-artifacts:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'
	outputs:
	version: ${{ steps.version.outputs.VERSION }}
	permissions:
	packages: write
	contents: read
	attestations: write
	id-token: write
	steps:
	- name: Setup QEMU
	uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
	with:
	platforms: all

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
	with:
	version: ${{ env.DOCKER_BUILDX_VERSION }}
	install: true

	- name: Login to GHCR using PAT
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Checkout
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Find the version
	id: version
	run: make common.buildvars >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-publish-artifacts-

	- name: Cache Go Dependencies
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Build Artifacts
	run: \|-
	make -j2 XPKG_REG_ORGS="${{ env.CROSSPLANE_REGORG }}" XPKG_REG_ORGS_NO_PROMOTE="${{ env.CROSSPLANE_REGORG }}" BRANCH_NAME="main" VERSION="${{ steps.version.outputs.VERSION }}" build.all
	env:
	# We're using docker buildx, which doesn't actually load the images it
	# builds by default. Specifying --load does so.
	BUILD_ARGS: "--load"

	- name: Upload Artifacts to GitHub
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
	with:
	name: output
	path: _output/**

	- name: Publish Artifacts
	run: \|-
	make -j2 XPKG_REG_ORGS="${{ env.CROSSPLANE_REGORG }}" XPKG_REG_ORGS_NO_PROMOTE="${{ env.CROSSPLANE_REGORG }}" BRANCH_NAME="main" VERSION="${{ steps.version.outputs.VERSION }}" publish

	mirror-to-xpkg-upbound-io:
	needs: publish-artifacts
	runs-on: ubuntu-24.04
	steps:
	- name: Setup QEMU
	uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
	with:
	platforms: all

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
	with:
	version: ${{ env.DOCKER_BUILDX_VERSION }}
	install: true

	- name: Setup crane
	# crane will inherit credentials from `docker login`
	uses: imjasonh/setup-crane@31b88efe9de28ae0ffa220711af4b60be9435f6e # v0.4

	- name: Validate crane installation
	run: crane version

	- name: Login to Upbound
	uses: docker/login-action@28fdb31ff34708d19615a74d67103ddc2ea9725c
	with:
	registry: "xpkg.upbound.io"
	username: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}
	password: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_PSW }}

	- name: Mirror to xpkg.upbound.io
	run: \|
	crane copy ${{ env.CROSSPLANE_REGORG }}/${{ env.PROVIDER_REPO }}:${{ needs.publish-artifacts.outputs.version }} ${{ env.UPBOUND_REGORG }}/${{ env.PROVIDER_REPO }}:${{ needs.publish-artifacts.outputs.version }} --allow-nondistributable-artifacts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CI #1691

Workflow file

CI #1691

Uh oh!

Jobs

Run details

Workflow file for this run