kubewarden · flavio · Sep 17, 2024 · Sep 13, 2024 · Sep 13, 2024 · Sep 13, 2024
@@ -20,7 +20,7 @@ jobs:
     steps:
       -
         name: Install dependencies
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
       -
         uses: actions/checkout@v4
         with:
@@ -37,7 +37,7 @@ jobs:
         name: Check that artifacthub-pkg.yml is up-to-date
         # skip when releasing :latest from main, versions will not match
         if: startsWith(github.ref, 'refs/tags/v') && inputs.artifacthub
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           version: ${{ steps.calculate-version.outputs.version }}
       -
@@ -68,7 +68,7 @@ jobs:
           make e2e-tests
       -
         name: Release
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           oci-target: ${{ inputs.oci-target }}
@@ -84,4 +84,4 @@ jobs:
     steps:
       -
         name: Push artifacthub files to artifacthub branch
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
@@ -0,0 +1,58 @@
+name: Build and release a Kubewarden policy written in Go targeting KW WASI policy mode
+
+on:
+  workflow_call:
+    inputs:
+      oci-target:
+        type: string
+        required: true
+      artifacthub:
+        description: "check artifacthub-pkg.yml for submission to ArtifactHub"
+        required: false
+        type: boolean
+        default: true
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install dependencies
+        uses: kubewarden/github-actions/[email protected]
+      - uses: actions/checkout@v4
+        with:
+          # until https://github.com/actions/checkout/pull/579 is released
+          fetch-depth: 0
+      - id: calculate-version
+        # skip when releasing :latest from main, versions will not match
+        if: startsWith(github.ref, 'refs/tags/v') && inputs.artifacthub
+        # obtain latest tag. Here it must be the current release tag
+        run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT
+        shell: bash
+      - name: Check that artifacthub-pkg.yml is up-to-date
+        # skip when releasing :latest from main, versions will not match
+        if: startsWith(github.ref, 'refs/tags/v') && inputs.artifacthub
+        uses: kubewarden/github-actions/[email protected]
+        with:
+          version: ${{ steps.calculate-version.outputs.version }}
+      - name: Build and annotate policy
+        uses: kubewarden/github-actions/[email protected]
+      - name: Run e2e tests
+        run: |
+          make e2e-tests
+      - name: Release
+        uses: kubewarden/github-actions/[email protected]
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          oci-target: ${{ inputs.oci-target }}
+  push-artifacthub:
+    # skip when releasing :latest from main, versions will not match
+    if: startsWith(github.ref, 'refs/tags/v') && inputs.artifacthub
+    needs: release
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Push artifacthub files to artifacthub branch
+        uses: kubewarden/github-actions/[email protected]
@@ -7,7 +7,7 @@ on:
         type: string
         required: true
       artifacthub:
-        description: 'check artifacthub-pkg.yml for submission to ArtifactHub'
+        description: "check artifacthub-pkg.yml for submission to ArtifactHub"
         required: false
         type: boolean
         default: true
@@ -16,38 +16,31 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Install dependencies
-        uses: kubewarden/github-actions/[email protected]
-      -
-        uses: actions/checkout@v4
+      - name: Install dependencies
+        uses: kubewarden/github-actions/[email protected]
+      - uses: actions/checkout@v4
         with:
           # until https://github.com/actions/checkout/pull/579 is released
           fetch-depth: 0
-      -
-        id: calculate-version
+      - id: calculate-version
         # skip when releasing :latest from main, versions will not match
         if: startsWith(github.ref, 'refs/tags/v') && inputs.artifacthub
         # obtain latest tag. Here it must be the current release tag
         run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT
         shell: bash
-      -
-        name: Check that artifacthub-pkg.yml is up-to-date
+      - name: Check that artifacthub-pkg.yml is up-to-date
         # skip when releasing :latest from main, versions will not match
         if: startsWith(github.ref, 'refs/tags/v') && inputs.artifacthub
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           version: ${{ steps.calculate-version.outputs.version }}
-      -
-        name: Build and annotate policy
-        uses: kubewarden/github-actions/[email protected]
-      -
-        name: Run e2e tests
+      - name: Build and annotate policy
+        uses: kubewarden/github-actions/[email protected]
+      - name: Run e2e tests
         run: |
           make e2e-tests
-      -
-        name: Release
-        uses: kubewarden/github-actions/[email protected]
+      - name: Release
+        uses: kubewarden/github-actions/[email protected]
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           oci-target: ${{ inputs.oci-target }}
@@ -61,6 +54,5 @@ jobs:
       contents: write
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Push artifacthub files to artifacthub branch
-        uses: kubewarden/github-actions/[email protected]
+      - name: Push artifacthub files to artifacthub branch
+        uses: kubewarden/github-actions/[email protected]
@@ -18,7 +18,7 @@ jobs:
     steps:
       -
         name: Install dependencies
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
       -
         uses: actions/checkout@v4
         with:
@@ -35,12 +35,12 @@ jobs:
         name: Check that artifacthub-pkg.yml is up-to-date
         # skip when releasing :latest from main, versions will not match
         if: startsWith(github.ref, 'refs/tags/v') && inputs.artifacthub
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           version: ${{ steps.calculate-version.outputs.version }}
       -
         name: Install opa
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
       -
         uses: actions/checkout@v4
       -
@@ -57,7 +57,7 @@ jobs:
           make e2e-tests
       -
         name: Release
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           oci-target: ${{ inputs.oci-target }}
@@ -73,4 +73,4 @@ jobs:
     steps:
       -
         name: Push artifacthub files to artifacthub branch
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
@@ -18,7 +18,7 @@ jobs:
     steps:
       -
         name: Install dependencies
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
       -
         uses: actions/checkout@v4
         with:
@@ -34,19 +34,19 @@ jobs:
         name: Check that artifacthub-pkg.yml is up-to-date
         # skip when releasing :latest from main, versions will not match
         if: startsWith(github.ref, 'refs/tags/v') && inputs.artifacthub
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           version: ${{ steps.calculate-version.outputs.version }}
       -
         name: Build and annotate policy
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
       -
         name: Run e2e tests
         run: |
           make e2e-tests
       -
         name: Release
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           oci-target: ${{ inputs.oci-target }}
@@ -62,4 +62,4 @@ jobs:
     steps:
       -
         name: Push artifacthub files to artifacthub branch
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
@@ -18,7 +18,7 @@ jobs:
     steps:
       -
         name: Install dependencies
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
       -
         uses: actions/checkout@v4
         with:
@@ -35,7 +35,7 @@ jobs:
         name: Check that artifacthub-pkg.yml is up-to-date
         # skip when releasing :latest from main, versions will not match
         if: startsWith(github.ref, 'refs/tags/v') && inputs.artifacthub
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           version: ${{ steps.calculate-version.outputs.version }}
       -
@@ -67,7 +67,7 @@ jobs:
           make e2e-tests
       -
         name: Release
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           oci-target: ${{ inputs.oci-target }}
@@ -83,4 +83,4 @@ jobs:
     steps:
       -
         name: Push artifacthub files to artifacthub branch
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
@@ -41,14 +41,14 @@ jobs:
           fetch-depth: 0
       -
         name: Install kwctl
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
       -
         id: calculate-version
         run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT
         shell: bash
       -
         name: Check that artifacthub-pkg.yml is up-to-date
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           version: ${{ steps.calculate-version.outputs.version }}
           check_version: false # must match a git tag that hasn't been created yet, so let's ignore until then
@@ -0,0 +1,69 @@
+name: Tests and linters
+
+on:
+  workflow_call:
+    inputs:
+      artifacthub:
+        description: "check artifacthub-pkg.yml for submission to ArtifactHub"
+        required: false
+        type: boolean
+        default: true
+    secrets: {}
+
+jobs:
+  unit-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+
+      - name: run Go unit tests
+        run: make test
+
+  e2e-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install dependencies
+        uses: kubewarden/github-actions/[email protected]
+      - name: Build and annotate policy
+        with:
+          generate-sbom: false
+        uses: kubewarden/github-actions/[email protected]
+      - name: Run e2e tests
+        run: make e2e-tests
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - uses: actions/checkout@v4
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
+        with:
+          version: "latest"
+
+  check-artifacthub:
+    if: ${{ inputs.artifacthub }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # until https://github.com/actions/checkout/pull/579 is released
+          fetch-depth: 0
+      - name: Install kwctl
+        uses: kubewarden/github-actions/[email protected]
+      - id: calculate-version
+        run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT
+        shell: bash
+      - name: Check that artifacthub-pkg.yml is up-to-date
+        uses: kubewarden/github-actions/[email protected]
+        with:
+          version: ${{ steps.calculate-version.outputs.version }}
+          check_version: false # must match a git tag that hasn't been created yet, so let's ignore until then
@@ -29,11 +29,11 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Install dependencies
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
       - name: Build and annotate policy
         with:
           generate-sbom: false
-        uses: kubewarden/github-actions/policy-build-go@v3.3.4
+        uses: kubewarden/github-actions/policy-build-tinygo@v3.3.5
       - name: Run e2e tests
         run: make e2e-tests
 
@@ -58,12 +58,12 @@ jobs:
           # until https://github.com/actions/checkout/pull/579 is released
           fetch-depth: 0
       - name: Install kwctl
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
       - id: calculate-version
         run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT
         shell: bash
       - name: Check that artifacthub-pkg.yml is up-to-date
-        uses: kubewarden/github-actions/[email protected].4
+        uses: kubewarden/github-actions/[email protected].5
         with:
           version: ${{ steps.calculate-version.outputs.version }}
           check_version: false # must match a git tag that hasn't been created yet, so let's ignore until then