🤖 feat: add kind dev cluster scaffolding and k9s tooling #105
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| merge_group: | |
| types: [checks_requested] | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| changes: | |
| name: Detect changed paths | |
| runs-on: depot-ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| outputs: | |
| go: ${{ steps.merge_group_defaults.outputs.go || steps.filter.outputs.go }} | |
| workflows: ${{ steps.merge_group_defaults.outputs.workflows || steps.filter.outputs.workflows }} | |
| publish: ${{ steps.merge_group_defaults.outputs.publish || steps.filter.outputs.publish }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| # Required so paths-filter can diff push events using github.event.before without fetching. | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set merge-group defaults | |
| if: github.event_name == 'merge_group' | |
| id: merge_group_defaults | |
| run: | | |
| { | |
| echo "go=true" | |
| echo "workflows=true" | |
| echo "publish=false" | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Detect changed paths | |
| if: github.event_name != 'merge_group' | |
| id: filter | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| with: | |
| filters: | | |
| go: | |
| - '**/*.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'vendor/**' | |
| - 'Makefile' | |
| - '.golangci.yml' | |
| - '.golangci.yaml' | |
| - 'hack/update-reference-docs.sh' | |
| - 'hack/crd-ref-docs/**' | |
| - 'docs/reference/api/**' | |
| workflows: | |
| - '.github/workflows/**' | |
| - '.github/actionlint.yaml' | |
| - '.github/actionlint.yml' | |
| publish: | |
| - '**/*.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'vendor/**' | |
| - 'Dockerfile*' | |
| - 'Dockerfile.goreleaser' | |
| lint: | |
| needs: changes | |
| if: github.event_name == 'merge_group' || needs.changes.outputs.go == 'true' | |
| runs-on: depot-ubuntu-24.04-8 | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Verify vendor is up to date | |
| run: | | |
| go mod tidy | |
| go mod vendor | |
| git diff --exit-code -- go.mod go.sum vendor/ | |
| - name: Verify API reference docs are up to date | |
| run: | | |
| bash ./hack/update-reference-docs.sh | |
| git diff --exit-code -- docs/reference/api/ | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9 | |
| with: | |
| version: v2.8 | |
| args: --timeout=5m ./... | |
| - name: Run golangci-lint formatter checks | |
| run: go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.8.0 fmt --diff | |
| - name: Detect Go version from go.mod | |
| id: govulncheck-go-version | |
| # govulncheck-action v1 passes both go-version and go-version-file to setup-go. | |
| # setup-go prioritizes go-version and warns when both are set, so we parse | |
| # go.mod ourselves and forward it via go-version-input to keep go.mod as the | |
| # single source of truth without duplicate-input warnings. | |
| run: | | |
| GO_VERSION="$(awk '/^go / { print $2; exit }' go.mod)" | |
| if [ -z "$GO_VERSION" ]; then | |
| echo "assertion failed: expected go.mod to contain a go directive" >&2 | |
| exit 1 | |
| fi | |
| echo "value=$GO_VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Run govulncheck | |
| uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1 | |
| with: | |
| go-version-input: ${{ steps.govulncheck-go-version.outputs.value }} | |
| go-package: ./... | |
| test: | |
| needs: changes | |
| if: github.event_name == 'merge_group' || needs.changes.outputs.go == 'true' | |
| runs-on: depot-ubuntu-24.04-8 | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Go | |
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Verify vendor is up to date | |
| run: | | |
| go mod tidy | |
| go mod vendor | |
| git diff --exit-code -- go.mod go.sum vendor/ | |
| - name: Setup envtest assets | |
| env: | |
| GOFLAGS: -mod=vendor | |
| run: | | |
| KUBEBUILDER_ASSETS_PATH="$(go run ./vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest use 1.35.x --bin-dir "${{ github.workspace }}/bin/envtest" -p path)" | |
| echo "KUBEBUILDER_ASSETS=${KUBEBUILDER_ASSETS_PATH}" >> "$GITHUB_ENV" | |
| - name: Run tests | |
| env: | |
| GOFLAGS: -mod=vendor | |
| KUBEBUILDER_ASSETS: ${{ env.KUBEBUILDER_ASSETS }} | |
| run: go test ./... -count=1 | |
| - name: Build | |
| env: | |
| GOFLAGS: -mod=vendor | |
| run: go build ./... | |
| e2e-kind: | |
| name: E2E Smoke (Kind) | |
| needs: [changes, test] | |
| if: needs.changes.outputs.go == 'true' | |
| runs-on: depot-ubuntu-24.04-8 | |
| timeout-minutes: 45 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Go | |
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Create Kind cluster | |
| uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 | |
| with: | |
| cluster_name: e2e | |
| - name: Build binary | |
| env: | |
| GOFLAGS: -mod=vendor | |
| CGO_ENABLED: "0" | |
| GOOS: linux | |
| GOARCH: amd64 | |
| run: go build -o coder-k8s ./ | |
| - name: Build and load image | |
| run: | | |
| docker build -f Dockerfile.goreleaser -t ghcr.io/coder/coder-k8s:e2e . | |
| kind load docker-image ghcr.io/coder/coder-k8s:e2e --name e2e | |
| - name: Apply CRDs and RBAC | |
| run: | | |
| kubectl apply -f config/crd/bases/ | |
| kubectl apply -f config/rbac/ | |
| - name: Deploy controller | |
| run: | | |
| kubectl apply -f config/e2e/namespace.yaml | |
| kubectl apply -f config/e2e/ | |
| - name: Wait for controller | |
| run: kubectl wait --for=condition=Available deploy/coder-k8s -n coder-system --timeout=120s | |
| - name: Apply sample CR | |
| run: kubectl apply -f config/samples/coder_v1alpha1_codercontrolplane.yaml | |
| - name: Verify CR exists | |
| run: | | |
| kubectl get codercontrolplanes -A | |
| COUNT=$(kubectl get codercontrolplanes -A -o json | jq '.items | length') | |
| if [ "$COUNT" -lt 1 ]; then | |
| echo "assertion failed: expected at least 1 CoderControlPlane resource" >&2 | |
| exit 1 | |
| fi | |
| lint-actions: | |
| name: Lint GitHub Actions | |
| needs: changes | |
| if: github.event_name == 'merge_group' || needs.changes.outputs.workflows == 'true' | |
| runs-on: depot-ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Go | |
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Run actionlint | |
| run: go run github.com/rhysd/actionlint/cmd/actionlint@v1.7.10 | |
| - name: Run zizmor | |
| uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0 | |
| with: | |
| advanced-security: false | |
| online-audits: false | |
| inputs: .github/workflows | |
| codex-comments: | |
| name: Codex Comments | |
| if: github.event_name == 'pull_request' | |
| runs-on: depot-ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Check unresolved Codex comments | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./scripts/check_codex_comments.sh ${{ github.event.pull_request.number }} | |
| publish-main: | |
| name: Publish GHCR :main | |
| needs: [changes, test, lint, lint-actions, e2e-kind] | |
| if: | | |
| always() && | |
| github.event_name == 'push' && | |
| github.ref == 'refs/heads/main' && | |
| needs.changes.outputs.publish == 'true' && | |
| (needs.test.result == 'success' || needs.test.result == 'skipped') && | |
| (needs.lint.result == 'success' || needs.lint.result == 'skipped') && | |
| (needs.lint-actions.result == 'success' || needs.lint-actions.result == 'skipped') && | |
| (needs.e2e-kind.result == 'success' || needs.e2e-kind.result == 'skipped') | |
| runs-on: depot-ubuntu-24.04-8 | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Go | |
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: false | |
| - name: Build linux/amd64 binary for image | |
| env: | |
| GOFLAGS: -mod=vendor | |
| CGO_ENABLED: "0" | |
| GOOS: linux | |
| GOARCH: amd64 | |
| run: go build -o coder-k8s ./ | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push :main | |
| uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 | |
| with: | |
| context: . | |
| file: Dockerfile.goreleaser | |
| push: true | |
| tags: ghcr.io/coder/coder-k8s:main |