fix: add SHA256 checksum verification for cert-manager manifest #701
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - 'main' | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build binaries | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 | |
| with: | |
| go-version-file: go.mod | |
| - uses: ./.github/actions/aqua | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - run: make release-build | |
| test: | |
| name: Small tests | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 | |
| with: | |
| go-version-file: go.mod | |
| - uses: ./.github/actions/aqua | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - run: make lint | |
| - run: make test | |
| - run: make check-generate | |
| - run: make envtest | |
| e2e: | |
| name: End-to-End Tests | |
| strategy: | |
| matrix: | |
| k8s-version: | |
| - v1.35.0@sha256:4613778f3cfcd10e615029370f5786704559103cf27bef934597ba562b269661 # renovate: kindest/node | |
| - v1.34.3@sha256:08497ee19eace7b4b5348db5c6a1591d7752b164530a36f855cb0f2bdcbadd48 # renovate: kindest/node | |
| - v1.33.7@sha256:d26ef333bdb2cbe9862a0f7c3803ecc7b4303d8cea8e814b481b09949d353040 # renovate: kindest/node | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - uses: ./.github/actions/aqua | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - run: make start KUBERNETES_VERSION=${{ matrix.k8s-version }} | |
| working-directory: e2e | |
| - run: make test | |
| working-directory: e2e | |
| - run: make logs | |
| working-directory: e2e | |
| if: always() | |
| - name: Sanitize version name | |
| id: sanitize | |
| run: | | |
| # extract only version name because ':' is not allowed for artifact name | |
| SANITIZED_K8S_VERSION="$(echo ${{ matrix.k8s-version}} | awk -F '@' '{print $1}')" | |
| echo "SANITIZED_K8S_VERSION=$SANITIZED_K8S_VERSION" >> $GITHUB_OUTPUT | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| if: always() | |
| with: | |
| name: logs-${{ steps.sanitize.outputs.SANITIZED_K8S_VERSION }}.tar.gz | |
| path: e2e/logs.tar.gz |