Skip to content

chore(deps): bump github.com/cert-manager/cert-manager (#1222) #3249

chore(deps): bump github.com/cert-manager/cert-manager (#1222)

chore(deps): bump github.com/cert-manager/cert-manager (#1222) #3249

Workflow file for this run

name: tests
concurrency:
# Run only for most recent commit in PRs but for all tags and commits on main
# Ref: https://docs.github.com/en/actions/using-jobs/using-concurrency
group: ${{ github.workflow }}-${{ github.head_ref || github.sha }}
cancel-in-progress: true
on:
pull_request:
branches:
- 'main'
push:
branches:
- 'main'
workflow_dispatch: {}
jobs:
installer-tests:
timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
runs-on: ubuntu-latest
steps:
- name: checkout repository
uses: actions/checkout@v4
- name: run installer script
env:
GITHUB_TOKEN: ${{ github.token }}
run: ./docs/install.sh
- name: run ktf to verify if it installed properly to a desired location
run: ~/.local/bin/ktf
unit-tests:
timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
runs-on: ubuntu-latest
steps:
- name: checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: setup golang
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: run unit tests
run: make test.unit
# We're using a retry mechanism for codecov to ensure we do get the reports
# uploaded. The alternative is to use fail_ci_if_error: false, but that
# somewhat defeats the purpose of uploading those reports. Why bother uploading
# if we don't care if the upload's successful?
- name: Upload coverage to Codecov
if: steps.detect_if_should_run.outputs.result == 'true'
uses: Wandalen/[email protected]
with:
action: codecov/codecov-action@v3
with: |
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
flags: unit-test
files: unit.coverage.out
verbose: true
attempt_limit: 10
attempt_delay: 30000
setup-integration-tests:
timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
runs-on: ubuntu-latest
outputs:
test_names: ${{ steps.set_test_names.outputs.test_names }}
steps:
- uses: actions/checkout@v4
- id: set_test_names
name: Set test names
working-directory: test/integration/
# grep magic described in https://unix.stackexchange.com/a/13472
# sed to add the extra $ is because some of our test names overlap. we need it so the -run regex only matches one test
run: |
echo "test_names=$(grep -shoP "(?<=^func )(Test[a-zA-z_0-9]+)(?=\(t \*testing.T\) {)" * | sed -e "s/$/\$/"| jq -R . | jq -cs .)" >> $GITHUB_OUTPUT
- name: Print test names
run: echo "Test names ${{ steps.set_test_names.outputs.test_names }}"
integration-tests:
needs:
- setup-integration-tests
strategy:
fail-fast: false
matrix:
test: ${{ fromJSON(needs.setup-integration-tests.outputs.test_names) }}
runs-on: ubuntu-latest
steps:
# This step is needed to avoid running the integration tests requiring an enterprise license
# if the secrets are not available.
- name: Detect if we should run test cases requring an enterprise license (have required secrets)
id: detect_if_should_run_enterprise
run: echo "result=${{ secrets.PULP_PASSWORD != '' }}" >> $GITHUB_OUTPUT
- name: Set environment variable to enable test cases requiring an enterprise license
if: steps.detect_if_should_run_enterprise.outputs.result == 'true'
id: set_run_enterprise_env
run: echo "KTF_TEST_RUN_ENTERPRISE_CASES=true" >> $GITHUB_ENV
- name: checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: Kong/kong-license@master
if: steps.detect_if_should_run_enterprise.outputs.result == 'true'
id: license
with:
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- name: setup golang
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: run integration test ${{ matrix.test }}
run: make test.integration
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
KTF_TEST_KONG_PULL_USERNAME: ${{ secrets.GHA_DOCKERHUB_PULL_USER }}
KTF_TEST_KONG_PULL_PASSWORD: ${{ secrets.GHA_KONG_ORG_DOCKERHUB_PUBLIC_TOKEN }}
KONG_LICENSE_DATA: ${{ steps.license.outputs.license }}
TEST_RUN: ${{ matrix.test }}
NCPU: 1
# We're using a retry mechanism for codecov to ensure we do get the reports
# uploaded. The alternative is to use fail_ci_if_error: false, but that
# somewhat defeats the purpose of uploading those reports. Why bother uploading
# if we don't care if the upload's successful?
- name: Upload coverage to Codecov
uses: Wandalen/[email protected]
with:
action: codecov/codecov-action@v3
with: |
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
flags: integration-test
files: integration.coverage.out
verbose: true
attempt_limit: 10
attempt_delay: 30000
integration-tests-passed:
timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
needs: integration-tests
if: always()
runs-on: ubuntu-latest
steps:
- if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: |
echo "Some jobs failed or were cancelled."
exit 1
setup-e2e-tests:
timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
runs-on: ubuntu-latest
outputs:
test_names: ${{ steps.set_test_names.outputs.test_names }}
steps:
- uses: actions/checkout@v4
- id: set_test_names
name: Set test names
working-directory: test/e2e/
# grep magic described in https://unix.stackexchange.com/a/13472
# sed to add the extra $ is because some of our test names overlap. we need it so the -run regex only matches one test
run: |
echo "test_names=$(grep -shoP "(?<=^func )(Test[a-zA-z_0-9]+)(?=\(t \*testing.T\) {)" * | sed -e "s/$/\$/"| jq -R . | jq -cs .)" >> $GITHUB_OUTPUT
- name: Print test names
run: echo "Test names ${{ steps.set_test_names.outputs.test_names }}"
e2e-tests:
needs:
- setup-e2e-tests
strategy:
fail-fast: false
matrix:
test: ${{ fromJSON(needs.setup-e2e-tests.outputs.test_names) }}
environment: gcloud
runs-on: ubuntu-latest
steps:
# This step is needed to avoid running the e2e tests if the secrets are not available.
# TODO: remove this step once we have a way to run integration tests on forks.
# https://github.com/Kong/kubernetes-testing-framework/issues/596
- name: Detect if we should run (have required secrets)
id: detect_if_should_run
run: echo "result=${{ secrets.PULP_PASSWORD != '' && secrets.GOOGLE_APPLICATION_CREDENTIALS != '' }}" >> $GITHUB_OUTPUT
- uses: Kong/kong-license@master
if: steps.detect_if_should_run.outputs.result == 'true'
id: license
with:
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- name: checkout repository
if: steps.detect_if_should_run.outputs.result == 'true'
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: setup golang
if: steps.detect_if_should_run.outputs.result == 'true'
uses: actions/setup-go@v5
with:
go-version: '^1.19'
- name: run e2e tests
if: steps.detect_if_should_run.outputs.result == 'true'
run: make test.e2e
env:
TEST_RUN: ${{ matrix.test }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }}
GOOGLE_LOCATION: ${{ secrets.GOOGLE_LOCATION }}
KONG_LICENSE_DATA: ${{ steps.license.outputs.license }}
e2e-tests-passed:
timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
needs: e2e-tests
if: always() && !contains(needs.*.result, 'failure')
runs-on: ubuntu-latest
steps:
- name: e2e tests pased
run: echo all e2e tests passed