This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This GitHub Workflow will run on every push to the repository | |
# and will test the Kargo codebase on a Kind Kubernetes cluster. | |
name: CI - Kargo on Kind | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- "devcontainer/**" | |
- ".devcontainer/**" | |
- ".pulumi/**" | |
- ".talos/**" | |
- ".kube/**" | |
- "docs/**" | |
- "**.md" | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- "devcontainer/**" | |
- ".devcontainer/**" | |
- ".pulumi/**" | |
- ".talos/**" | |
- ".kube/**" | |
- "docs/**" | |
- "**.md" | |
schedule: | |
- cron: "0 2 * * *" | |
jobs: | |
ci-kargo-kind: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/containercraft/konductor:latest | |
options: --user runner --security-opt seccomp=unconfined | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
id: checkout | |
with: | |
fetch-depth: 1 | |
- name: Pulumi Login | |
id: pulumi-login | |
run: | | |
direnv allow | |
make login | |
env: | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Kind Cluster | |
id: create-kind-kubernetes | |
run: | | |
set -ex | |
direnv allow | |
make kind-cluster | |
env: | |
ACTIONS_STEP_DEBUG: true | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- id: wait-kind-ready | |
name: Wait for Kind Kubernetes API to be Ready | |
run: | | |
set -ex | |
direnv allow | |
make kind-ready | |
env: | |
ACTIONS_STEP_DEBUG: true | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Deploy Pulumi Infrastructure | |
id: deploy | |
run: | | |
set -ex | |
direnv allow | |
make pulumi-up | |
env: | |
ACTIONS_STEP_DEBUG: true | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Wait for All Pods to be Ready | |
id: wait-all-pods | |
run: | | |
set -ex | |
direnv allow | |
make wait-all-pods | |
env: | |
ACTIONS_STEP_DEBUG: false | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Destroy Pulumi Infrastructure | |
id: destroy | |
run: | | |
direnv allow | |
make pulumi-down | |
env: | |
ACTIONS_STEP_DEBUG: false | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Clean Up Resources | |
id: clean | |
run: | | |
direnv allow | |
make clean | |
env: | |
ACTIONS_STEP_DEBUG: false | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Perform Extended Cleanup | |
id: clean-all | |
if: always() | |
run: | | |
direnv allow | |
make clean-all | |
env: | |
ACTIONS_STEP_DEBUG: false | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |