mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-25 19:15:34 +00:00
07991dec83
Pin actions/checkout usage to latest 3.x or 4.x as appropriate. These were previously pointing to `@4` or `@3` which pull in the latest versions at these tags as they are released, with the potential to break our workflows if a breaking change or malicious version for either of these streams are released. Changing this to a pinned version also means that dependabot will keep this in the pinend version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>
32 lines
1.1 KiB
YAML
32 lines
1.1 KiB
YAML
name: "Kubernetes manifests"
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- 'cmd/k8s-operator/**'
|
|
- 'k8s-operator/**'
|
|
- '.github/workflows/kubemanifests.yaml'
|
|
|
|
# Cancel workflow run if there is a newer push to the same PR for which it is
|
|
# running
|
|
concurrency:
|
|
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
testchart:
|
|
runs-on: [ ubuntu-latest ]
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
- name: Build and lint Helm chart
|
|
run: |
|
|
eval `./tool/go run ./cmd/mkversion`
|
|
./tool/helm package --app-version="${VERSION_SHORT}" --version=${VERSION_SHORT} './cmd/k8s-operator/deploy/chart'
|
|
./tool/helm lint "tailscale-operator-${VERSION_SHORT}.tgz"
|
|
- name: Verify that static manifests are up to date
|
|
run: |
|
|
make kube-generate-all
|
|
echo
|
|
echo
|
|
git diff --name-only --exit-code || (echo "Generated files for Tailscale Kubernetes operator are out of date. Please run 'make kube-generate-all' and commit the diff."; exit 1)
|