Use function protobufs from function-sdk-go #15
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release-* | |
| pull_request: {} | |
| workflow_dispatch: {} | |
| permissions: | |
| contents: read | |
| env: | |
| # We can't run a step 'if secrets.FOO != ""' but we can run a step | |
| # 'if env.FOO' != ""', so we copy secrets to env vars for conditional checks. | |
| AWS_USR: ${{ secrets.AWS_USR }} | |
| jobs: | |
| check-diff: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31 | |
| - name: Setup Cachix | |
| uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # v16 | |
| with: | |
| name: crossplane | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Verify Generated Code | |
| run: nix build .#checks.x86_64-linux.generate --print-build-logs | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31 | |
| - name: Setup Cachix | |
| uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # v16 | |
| with: | |
| name: crossplane | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Lint | |
| run: nix build .#checks.x86_64-linux.go-lint --print-build-logs | |
| codeql: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31 | |
| - name: Setup Cachix | |
| uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # v16 | |
| with: | |
| name: crossplane | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Setup Nix Environment | |
| uses: nicknovitski/nix-develop@9be7cfb4b10451d3390a75dc18ad0465bed4932a # v1 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4 | |
| with: | |
| languages: go | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4 | |
| unit-tests: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31 | |
| - name: Setup Cachix | |
| uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # v16 | |
| with: | |
| name: crossplane | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Run Unit Tests | |
| run: nix build .#checks.x86_64-linux.test --print-build-logs | |
| - name: Publish Unit Test Coverage | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 | |
| with: | |
| flags: unittests | |
| file: result/coverage.txt | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| # Build all artifacts | |
| build-artifacts: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Cleanup Disk | |
| uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| tool-cache: true | |
| swap-storage: false | |
| large-packages: false | |
| docker-images: false | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31 | |
| - name: Setup Cachix | |
| uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # v16 | |
| with: | |
| name: crossplane | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| # Set buildVersion in flake.nix. The version is an input to the build. | |
| # Pure (sandboxed, reproducible) Nix build inputs can only come from git | |
| # tracked files, so we set it in flake.nix before building. | |
| - name: Set Version | |
| run: | | |
| VERSION=$(git describe --dirty --always --tags | sed 's/-/./2g') | |
| echo "VERSION=$VERSION" >> "$GITHUB_ENV" | |
| sed -i "s|buildVersion = null;|buildVersion = \"$VERSION\";|" flake.nix | |
| - name: Build Artifacts | |
| run: nix build --option warn-dirty false --print-build-logs | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: output | |
| path: result/** | |
| - name: Push Artifacts to S3 | |
| if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-')) && env.AWS_USR != '' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} | |
| AWS_DEFAULT_REGION: us-east-1 | |
| run: nix run --option warn-dirty false .#push-artifacts -- "${GITHUB_REF##*/}" | |
| - name: Promote Artifacts to Master Channel | |
| if: github.ref == 'refs/heads/main' && env.AWS_USR != '' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} | |
| AWS_DEFAULT_REGION: us-east-1 | |
| run: nix run --option warn-dirty false .#promote-artifacts -- main "$VERSION" master |