fix(walnuts-dev): update CPU request from 2m to 5m in deployment.jsonnet #2385
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Snapshot Auto Generation | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| - "!snapshot" | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| snapshot: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/create-github-app-token@v1 | |
| id: generate_token | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.PRIVATE_KEY }} | |
| - name: Set env | |
| run: | | |
| echo "GITHUB_TOKEN=${{ steps.generate_token.outputs.token }}" >> $GITHUB_ENV | |
| - name: Check out | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ steps.generate_token.outputs.token }} | |
| - name: switch to snapshot branch | |
| run: git switch -c snapshot | |
| - name: setup-go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: "scripts/infrautil/go.mod" | |
| cache-dependency-path: "scripts/infrautil/go.sum" | |
| - name: make snapshot | |
| run: | | |
| make snapshot | |
| - name: Upload folder | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| if-no-files-found: error | |
| name: snapshots | |
| path: | | |
| k8s/snapshots | |
| - name: mv snapshot | |
| if: ${{ github.ref_name == 'main' }} | |
| run: | | |
| rm -rf k8s/apps | |
| mv k8s/snapshots/apps k8s/apps | |
| mv k8s/snapshots/helm k8s/helm | |
| - name: push | |
| if: ${{ github.ref_name == 'main' }} | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git add . | |
| git commit -m "snapshot" | |
| git push origin snapshot --force | |
| scan: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.ref_name == 'main' }} | |
| needs: snapshot | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: snapshot | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@0.29.0 | |
| with: | |
| scan-type: "config" | |
| format: "sarif" | |
| output: "trivy-results.sarif" | |
| ignore-unfixed: true | |
| severity: "CRITICAL,HIGH" | |
| trivy-config: trivy.yaml | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: "trivy-results.sarif" | |
| lint: | |
| runs-on: ubuntu-latest | |
| needs: snapshot | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: snapshots | |
| - name: Lint manifest with kubeconform | |
| uses: docker://ghcr.io/yannh/kubeconform:latest | |
| with: | |
| args: "-ignore-missing-schemas -strict -summary apps" | |
| # auto merge用 | |
| # auto megeはskipもsuccessとみなす | |
| status-check: | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| if: failure() | |
| steps: | |
| - run: exit 1 |