chore: update CODEOWNERS to use teams and add validator workflow #637
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| merge_group: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| env: | |
| GOPRIVATE: github.com/observiq | |
| concurrency: | |
| group: ${{ github.head_ref || github.ref_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| setup-environment: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v6 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Install Tools | |
| if: steps.tool-cache.outputs.cache-hit != 'true' | |
| run: make install-tools | |
| vet: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v6 | |
| - name: Configure GIT SSH | |
| run: git config --global url.git@github.com:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: Vet | |
| run: go vet ./... | |
| secure: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v6 | |
| - name: Configure GIT SSH | |
| run: git config --global url.git@github.com:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Gosec | |
| run: make gosec | |
| check-license: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v6 | |
| - name: Configure GIT SSH | |
| run: git config --global url.git@github.com:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Check License Headers | |
| run: make check-license | |
| lint: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v6 | |
| - name: Configure GIT SSH | |
| run: git config --global url.git@github.com:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Lint | |
| run: make lint | |
| misspell: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v6 | |
| - name: Configure GIT SSH | |
| run: git config --global url.git@github.com:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Misspell | |
| run: make misspell | |
| test-end-to-end: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| bindplane_version: | |
| - "latest" | |
| - "module" # Use the current Go module version | |
| - "v1.96.0" | |
| - "v1.93.0" | |
| - "v1.89.3" | |
| - "v1.88.1" | |
| - "v1.85.0" # v2 config released as beta | |
| - "v1.79.0" # v1.77.0 and v1.78.0 were never released | |
| # v1.70.0 introduced v2 config and routes behind a feature flag | |
| # There were some growing pains and bugs. v1.76.0 is consider the | |
| # minimum supported server version for the provider. | |
| - "v1.76.0" | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v6 | |
| - name: Configure GIT SSH | |
| run: git config --global url.git@github.com:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - uses: KengoTODA/actions-setup-docker-compose@main | |
| with: | |
| version: '2.7.0' | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - run: make test-end-to-end | |
| env: | |
| BINDPLANE_VERSION: ${{ matrix.bindplane_version }} | |
| BINDPLANE_LICENSE: ${{ secrets.BINDPLANE_LICENSE }} | |
| - run: goreleaser --version | |
| if: always() | |
| - run: tree dist/ | |
| if: always() | |
| - name: list images (debug) | |
| if: always() | |
| run: docker images | |
| test-local: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| strategy: | |
| matrix: | |
| bindplane_version: | |
| - "latest" | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v6 | |
| - name: Configure GIT SSH | |
| run: git config --global url.git@github.com:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - uses: KengoTODA/actions-setup-docker-compose@main | |
| with: | |
| version: '2.7.0' | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| # https://bindplane.com/download | |
| - name: Start Bindplane | |
| run: | | |
| cat <<EOF > docker-compose.yml | |
| version: "3" | |
| volumes: | |
| bindplane: | |
| services: | |
| transform: | |
| container_name: bindplane-transform-agent | |
| restart: always | |
| image: ghcr.io/observiq/bindplane-transform-agent:latest | |
| ports: | |
| - "4568:4568" | |
| bindplane: | |
| container_name: bindplane-server | |
| restart: always | |
| image: ghcr.io/observiq/bindplane-ee:${VERSION} | |
| ports: | |
| - "3001:3001" | |
| environment: | |
| - BINDPLANE_USERNAME=admin | |
| - BINDPLANE_PASSWORD=password | |
| - BINDPLANE_REMOTE_URL=http://localhost:3001 | |
| - BINDPLANE_SESSION_SECRET=2c23c9d3-850f-4062-a5c8-3f9b814ae144 | |
| - BINDPLANE_LOG_OUTPUT=stdout | |
| - BINDPLANE_ACCEPT_EULA=true | |
| - BINDPLANE_TRANSFORM_AGENT_ENABLE_REMOTE=true | |
| - BINDPLANE_TRANSFORM_AGENT_REMOTE_AGENTS=transform:4568 | |
| - BINDPLANE_LICENSE=${BINDPLANE_LICENSE} | |
| - BINDPLANE_POSTGRES_HOST=bindplane-postgres | |
| - BINDPLANE_POSTGRES_PORT=5432 | |
| - BINDPLANE_POSTGRES_DATABASE=bindplane | |
| - BINDPLANE_POSTGRES_USERNAME=bindplane | |
| - BINDPLANE_POSTGRES_PASSWORD=password | |
| volumes: | |
| - bindplane:/data | |
| depends_on: | |
| - transform | |
| - postgres | |
| postgres: | |
| container_name: bindplane-postgres | |
| restart: always | |
| image: postgres:16 | |
| ports: | |
| - "5432:5432" | |
| environment: | |
| - POSTGRES_DB=bindplane | |
| - POSTGRES_PASSWORD=password | |
| - POSTGRES_USER=bindplane | |
| EOF | |
| docker-compose up -d | |
| env: | |
| BINDPLANE_LICENSE: ${{ secrets.BINDPLANE_LICENSE }} | |
| VERSION: ${{ matrix.bindplane_version }} | |
| - name: Init Bindplane Organization | |
| uses: nick-fields/retry@v3 | |
| with: | |
| timeout_minutes: 1 | |
| polling_interval_seconds: 2 | |
| max_attempts: 3 | |
| shell: bash | |
| command: | | |
| curl \ | |
| -u admin:password http://localhost:3001/v1/organizations \ | |
| -X POST -d '{"organizationName": "init", "accountName": "project", "eulaAccepted":true}' -v | |
| # Allow bindplane to seed the database by making a GET request | |
| # and waiting 20 seconds. | |
| - name: Trigger Seeding | |
| uses: nick-fields/retry@v3 | |
| with: | |
| timeout_minutes: 1 | |
| polling_interval_seconds: 2 | |
| max_attempts: 3 | |
| shell: bash | |
| command: | | |
| curl -v -u admin:password http://localhost:3001/v1/source-types | |
| sleep 20 | |
| - name: Get docker compose config (debug) | |
| if: always() | |
| run: cat docker-compose.yml | grep -v BINDPLANE_LICENSE | |
| - name: Build provider for local testing | |
| run: make test-local | |
| - name: run local tests | |
| run: TF_CLI_CONFIG_FILE=./dev.tfrc terraform apply -auto-approve | |
| working-directory: test/local | |
| - name: cleanup local tests | |
| run: TF_CLI_CONFIG_FILE=./dev.tfrc terraform destroy -auto-approve | |
| working-directory: test/local | |
| - name: prep example/ | |
| run: | | |
| cp test/local/dev.tfrc example/ | |
| cp -r test/local/providers example/ | |
| - name: apply example resources | |
| run: TF_CLI_CONFIG_FILE=./dev.tfrc terraform apply -auto-approve | |
| working-directory: example/ | |
| - name: cleanup example resources | |
| run: TF_CLI_CONFIG_FILE=./dev.tfrc terraform destroy -auto-approve | |
| working-directory: example/ | |
| - run: goreleaser --version | |
| if: always() | |
| - run: tree dist/ | |
| if: always() | |
| - name: list images (debug) | |
| if: always() | |
| run: docker images | |
| - name: list containers (debug) | |
| if: always() | |
| run: docker ps | |
| - name: bindplane logs (debug) | |
| if: always() | |
| run: docker logs bindplane-server | |
| - name: postgres logs (debug) | |
| if: always() | |
| run: docker logs bindplane-postgres | |
| build: | |
| # Skip build for dependabot. It takes long and requires our GPG | |
| # key. The `test-end-to-end` job will test building the binary. | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v6 | |
| - name: Configure GIT SSH | |
| run: git config --global url.git@github.com:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Import GPG key | |
| id: import_gpg | |
| uses: paultyng/ghaction-import-gpg@v2.1.0 | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Test GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| version: v2.1.0 | |
| args: release --snapshot --skip=publish --clean --parallelism 2 --config release/goreleaser.yml | |
| env: | |
| GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} | |
| - name: Scan Binaries | |
| run: lichen --config=./license.yaml $(find dist/provider_* -type f | grep terraform-provider-bindplane | xargs) |