Bump github/codeql-action from 3.27.1 to 3.27.3 #1887
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: KinD e2e tests | |
on: | |
workflow_dispatch: # Allow manual runs. | |
pull_request: | |
branches: | |
- 'main' | |
jobs: | |
e2e-tests: | |
name: e2e tests | |
runs-on: ubuntu-latest | |
env: | |
# https://github.com/google/go-containerregistry/pull/125 allows insecure registry for | |
# '*.local' hostnames. This works both for `ko` and our own tag-to-digest resolution logic, | |
# thus allowing us to test without bypassing tag-to-digest resolution. | |
REGISTRY_NAME: registry.local | |
REGISTRY_PORT: 5000 | |
KO_DOCKER_REPO: registry.local:5000/ko | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
- name: Install ko | |
run: go install ./ | |
- name: Setup Cluster | |
uses: chainguard-dev/actions/setup-kind@29fb6e979a0b3efc79748a17e8cec08d0594cbfd # main | |
with: | |
k8s-version: v1.28.x | |
registry-authority: ${{ env.REGISTRY_NAME }}:${{ env.REGISTRY_PORT }} | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
- name: Run Smoke Test | |
run: | | |
# Test with kind load | |
KO_DOCKER_REPO=kind.local ko apply --platform=all -f ./test | |
kubectl wait --timeout=10s --for=condition=Ready pod/kodata | |
kubectl delete pod kodata | |
# Test with registry | |
ko apply --platform=all -f ./test | |
kubectl wait --timeout=60s --for=condition=Ready pod/kodata | |
kubectl delete pod kodata | |
# Test ko run with kind load | |
# This tests that --labels are passed to kubectl, and -wait is passed to the test binary. | |
KO_DOCKER_REPO=kind.local ko run ./test -- --labels=foo=bar -- -wait=false | |
- name: Check SBOM | |
run: | | |
set -o pipefail | |
echo '::group:: SBOM' | |
cosign download sbom $(ko build ./test) | |
echo "${SBOM}" | |
echo '::endgroup::' | |
- name: Collect diagnostics and upload | |
if: ${{ failure() }} | |
uses: chainguard-dev/actions/kind-diag@29fb6e979a0b3efc79748a17e8cec08d0594cbfd # main |