.github/workflows/ci.yml

---
name: CI
on:
  pull_request: {}
  push:
    branches:
      - main
concurrency:
  group: ci-${{ github.head_ref || github.ref }}
  cancel-in-progress: true

permissions:
  contents: read
jobs:
  golangci-lint:
    permissions:
      contents: read # for actions/checkout to fetch code
      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
        with:
          go-version-file: go.mod
      - uses: golangci/golangci-lint-action@e0ebdd245eea59746bb0b28ea6a9871d3e35fbc9 # v6.3.3
        with:
          # renovate: datasource=go depName=github.com/golangci/golangci-lint
          version: v1.64.5
          args: --timeout 5m
  yaml-lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
  markdown-lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: nosborn/github-action-markdown-cli@58bcfd1af530d87a13d51b76e6713b52602e3613 # v3.4.0
        with:
          files: .
  verify-generated:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
        with:
          go-version-file: go.mod
      - name: Generate all
        run: |
          make generate-all
      - name: Verify changed files
        uses: tj-actions/verify-changed-files@6ed7632824d235029086612d4330d659005af687 # v20.0.1
        id: verify-changed-files
        with:
          files: |
            **/*
      - name: Fail job is any changed files
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
          errorMsg="::error::\
            Changed files: $CHANGED_FILES\
            \nPlease run 'make generate-all' locally and commit the changes"
          echo -e "$errorMsg" && exit 1
  test:
    needs: verify-generated
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
        with:
          go-version-file: go.mod
      - run: make test
        env:
          KUBEBUILDER_ATTACH_CONTROL_PLANE_OUTPUT: true
  e2e-test:
    needs: verify-generated
    runs-on: ubuntu-latest-4-cores
    env:
      IMG: registry.dummy-domain.com/image-scanner/controller:dev
      IMG_FILE: operator-image.tar
      K3D_CLUSTER: image-scanner
      # renovate: datasource=github-tags depName=k3d-io/k3d
      K3D_VERSION: v5.8.2
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
        with:
          go-version-file: go.mod
      - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
      - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
      - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
        with:
          context: .
          outputs: type=docker,dest=${{ env.IMG_FILE }}
          tags: ${{ env.IMG }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
      - uses: AbsaOSS/k3d-action@4e8b3239042be1dc0aed6c5eb80c13b18200fc79 # v2.4.0
        with:
          cluster-name: ${{ env.K3D_CLUSTER }}
          k3d-version: ${{ env.K3D_VERSION }}
          args: >-
            --config=test/e2e-config/k3d-config.yml
      - run: |
          kubectl cluster-info
          kubectl version --output=yaml
      - run: |
          k3d image import ${{ env.IMG_FILE }} --cluster ${{ env.K3D_CLUSTER }}
          make deploy-dependencies deploy
      - name: Install Chainsaw
        uses: kyverno/action-install-chainsaw@f2b47b97dc889c12702113753d713f01ec268de5 # v0.2.12
      - run: |
          make e2e-test