cert-manager-alidns-webhook/.github/workflows/ci.yaml at main · crazygit/cert-manager-alidns-webhook · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: CI

on:
  push:
    branches:
      - main
    tags:
      - "v*.*.*"
  pull_request:
    branches:
      - main

permissions:
  contents: read
  packages: read

jobs:
  test:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Cache Go modules
        uses: actions/cache@v4
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: "go.mod"

      - name: Run go vet
        run: go vet ./...

      - name: Run tests
        run: go test -race -coverprofile=coverage.txt -covermode=atomic ./...

      - name: Upload coverage to Codecov
        if: success() || failure()
        uses: codecov/codecov-action@v5
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: ./coverage.txt
          fail_ci_if_error: false
          verbose: true

  helm-lint:
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          version: v3.16.0

      - name: Lint Helm Chart
        run: |
          helm lint deploy/cert-manager-alidns-webhook

  version-check:
    if: startsWith(github.ref, 'refs/tags/v')
    runs-on: ubuntu-latest
    timeout-minutes: 2
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Check release version sync
        run: ./scripts/check-version.sh

  docker-release:
    if: startsWith(github.ref, 'refs/tags/v')
    needs: [test, helm-lint, version-check]
    uses: ./.github/workflows/docker-release.yaml
    secrets: inherit
    permissions:
      contents: write
      packages: write
      id-token: write

  helm-release:
    if: startsWith(github.ref, 'refs/tags/v')
    needs: [test, helm-lint, version-check]
    uses: ./.github/workflows/helm-release.yaml
    secrets: inherit
    permissions:
      contents: write
      packages: write
      id-token: write

  create-release:
    if: startsWith(github.ref, 'refs/tags/v')
    needs: [docker-release, helm-release]
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Extract version without prefix
        id: version
        run: echo "version=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          body: |
            ## Docker Image

            ```bash
            docker pull ghcr.io/crazygit/cert-manager-alidns-webhook:${{ steps.version.outputs.version }}
            ```

            ## Helm Chart

            ```bash
            helm install cert-manager-alidns-webhook oci://ghcr.io/crazygit/charts/cert-manager-alidns-webhook \
              --version ${{ steps.version.outputs.version }}
            ```
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}