Merge pull request #2 from kubewarden/reusable-workflows

Use GHA reusable workflows from kubewarden/github-actions

.github/workflows/release.yml

@@ -0,0 +1,30 @@
+on:
+  push:
+    branches:
+    - main
+    tags:
+    - 'v*'
+
+name: Release policy
+
+jobs:
+
+  test:
+    name: run tests and linters
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v1
+
+  release:
+    needs: test
+    permissions:
+      # Required to push to GHCR
+      contents: read
+      # Required to create GH releases
+      packages: write
+      # Required by cosign keyless signing
+      id-token: write
+
+    uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-go.yml@v1
+    with:
+      oci-target: ghcr.io/${{ github.repository_owner }}/policies/volumes-psp
+    secrets:
+      workflow-pat: ${{ secrets.WORKFLOW_PAT }}

.github/workflows/test.yml

@@ -0,0 +1,6 @@
+on: [push, pull_request]
+name: Continuous integration
+jobs:
+  test:
+    name: run tests and linters
+    uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-go.yml@v1

Makefile

@@ -1,16 +1,21 @@
-wasm: go.mod go.sum *.go
-	docker run --rm -v ${PWD}:/src -w /src tinygo/tinygo:0.18.0 tinygo build -o policy.wasm -target=wasi -no-debug .
+SOURCE_FILES := $(shell find . -type f -name '*.go')
 
-annotate:
-	kwctl annotate -m metadata.yml -o annotated.wasm policy.wasm
+policy.wasm: $(SOURCE_FILES) go.mod go.sum
+	docker run --rm -v ${PWD}:/src -w /src tinygo/tinygo:0.18.0 tinygo build \
+		-o policy.wasm -target=wasi -no-debug .
 
+annotated-policy.wasm: policy.wasm metadata.yml
+	kwctl annotate -m metadata.yml -o annotated-policy.wasm policy.wasm
+
+.PHONY: test
 test:
 	go test -v
 
-e2e-tests:
+.PHONY: e2e-tests
+e2e-tests: annotated-policy.wasm
 	bats e2e.bats
 
 .PHONY: clean
 clean:
 	go clean
-	rm -f policy.wasm
+	rm -f policy.wasm annotated-policy.wasm

e2e.bats

@@ -1,7 +1,7 @@
 #!/usr/bin/env bats
 
 @test "reject because allowedTypes is empty" {
-  run kwctl run policy.wasm -r test_data/request-pod-volumes.json \
+  run kwctl run annotated-policy.wasm -r test_data/request-pod-volumes.json \
     --settings-json \
     '{ "allowedTypes": [] }'
 
@@ -15,7 +15,7 @@
 }
 
 @test "reject because types not present" {
-  run kwctl run policy.wasm -r test_data/request-pod-volumes.json \
+  run kwctl run annotated-policy.wasm -r test_data/request-pod-volumes.json \
     --settings-json \
     '{ "allowedTypes": ["foo", "hostPath"] }'
 
@@ -29,7 +29,7 @@
 }
 
 @test "reject because mix of '*' and other types" {
-  run kwctl run policy.wasm -r test_data/request-pod-volumes.json \
+  run kwctl run annotated-policy.wasm -r test_data/request-pod-volumes.json \
     --settings-json \
     '{ "allowedTypes": ["projected", "hostPath", "*"] }'
 
@@ -43,7 +43,7 @@
 }
 
 @test "accept all types" {
-  run kwctl run policy.wasm -r test_data/request-pod-volumes.json \
+  run kwctl run annotated-policy.wasm -r test_data/request-pod-volumes.json \
     --settings-json \
     '{ "allowedTypes": [ "*" ] }'
 
@@ -56,7 +56,7 @@
 }
 
 @test "accept pods with no volumes" {
-  run kwctl run policy.wasm -r test_data/request-pod-no-volumes.json \
+  run kwctl run annotated-policy.wasm -r test_data/request-pod-no-volumes.json \
     --settings-json \
     '{ "allowedTypes": [ "foo" ] }'
 
@@ -70,7 +70,7 @@
 
 
 @test "accept pods with correct types" {
-  run kwctl run policy.wasm -r test_data/request-pod-volumes.json \
+  run kwctl run annotated-policy.wasm -r test_data/request-pod-volumes.json \
     --settings-json \
     '{ "allowedTypes": [ "hostPath", "projected", "foo" ] }'