-
Notifications
You must be signed in to change notification settings - Fork 5
149 lines (132 loc) · 5.69 KB
/
system-tests.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: KubeCop System Test
on:
pull_request:
paths-ignore:
- '**/*.md'
types: [labeled, synchronize, ready_for_review, opened, reopened]
env:
GKE_TEST_CLUSTER: ${{ vars.GKE_TEST_CLUSTER }}
GKE_TEST_ZONE: ${{ vars.GKE_TEST_ZONE }}
GKE_TEST_PROJECT: ${{ vars.GKE_TEST_PROJECT }}
jobs:
system-tests:
runs-on: ubuntu-latest
# Run on specific label or if running under act
if: github.event.label.name == 'requires-system-test' || contains(github.event.pull_request.labels.*.name, 'requires-system-test')|| github.actor == 'nektos/act'
environment: gke-cluster-env
concurrency:
group: gke-cluster-lock
cancel-in-progress: false
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io/armosec
username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
- name: Build the Image and Push to Quay.io
run: |
COMMIT_HASH=$(git rev-parse --short HEAD)
export IMAGE_TAG=test-${COMMIT_HASH}
export IMAGE_REPO=quay.io/armosec/kubecop
echo ${IMAGE_REPO} > test-image-repo.txt
export IMAGE_NAME=quay.io/armosec/kubecop:${IMAGE_TAG}
echo "${IMAGE_TAG}" > test-image-tag.txt
make build-image-and-push
- name: Check what K8s cluster to use
id: check-act
run: |
if [ -z $ACT ]; then
echo 'K8S_TYPE=GKE' >> $GITHUB_OUTPUT
else
echo $ACT
echo 'K8S_TYPE=kind' >> $GITHUB_OUTPUT
fi
- name: Set up Google Cloud
if: ${{ steps.check-act.outputs.K8S_TYPE == 'GKE' }}
uses: google-github-actions/[email protected]
with:
service_account_key: ${{ secrets.GKE_SA_KEY }}
project_id: ${{ vars.GKE_TEST_PROJECT }}
- name: Connect to GKE cluster
if: ${{ steps.check-act.outputs.K8S_TYPE == 'GKE' }}
run: |
gcloud components install --quiet kubectl
gcloud container clusters get-credentials ${{ vars.GKE_TEST_CLUSTER }} --zone ${{ vars.GKE_TEST_ZONE }} --project ${{ vars.GKE_TEST_PROJECT }} || echo "Failed to connect to GKE cluster"
- name: Set up Kind
if: ${{ steps.check-act.outputs.K8S_TYPE == 'kind' }}
run: |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-$(uname)-amd64
chmod +x ./kind
./kind create cluster
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
- name: Install Helm and Kubectl
run: |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
sudo ./get_helm.sh
- name: Install Prometheus and Node Exporter
run: |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm upgrade --install prometheus prometheus-community/kube-prometheus-stack --set grafana.enabled=false --namespace monitoring --create-namespace --wait --timeout 5m
# Check that the prometheus pod is running
kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=prometheus -n monitoring --timeout=300s
echo "prometheus" >> cleanup.txt
- name: Install KubeCop
run: |
echo "crd" >> cleanup.txt
helm upgrade --install kubecop chart/kubecop --set image.tag=$(cat test-image-tag.txt) --set image.repository=$(cat test-image-repo.txt) --set kubecop.recording.finalizationDuration=120s -f resources/system-tests/kubecop-values.yaml -n kubescape --create-namespace --wait --timeout 5m --debug
# Check that the kubecop pod is running
kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=kubecop -n kubescape --timeout=300s
sleep 5
echo "kubecop" >> cleanup.txt
- name: Install python dependencies
run: |
pip install -r system-tests/requirements.txt
- name: Run System Tests
run: |
./scripts/run-system-tests.sh
- name: Upload plot images
if: always()
uses: actions/upload-artifact@v2
with:
name: Performance plots
path: "*.png"
- name: Upload pprof files
if: always()
uses: actions/upload-artifact@v2
with:
name: Pprof files
path: "*.pprof"
- name: Comment on PR
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
uses: actions/github-script@v3
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const artifactUrl = `https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}`;
const comment = `:sparkles: Artifacts are available [here](${artifactUrl}).`;
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
- name: Cleanup
if: always()
run: |
# If it is a kind cluster, delete it
if [ -f kind ]; then
./kind delete cluster
else
helm uninstall kubecop -n kubescape || echo "Failed to uninstall kubecop"
kubectl delete ns kubescape || echo "Failed to delete namespace kubescape"
kubectl delete -f ./chart/kubecop/crds/app-profile.crd.yaml -f ./chart/kubecop/crds/runtime-rule-binding.crd.yaml || echo "Failed to delete crd"
helm uninstall prometheus -n monitoring || echo "Failed to uninstall prometheus"
kubectl delete ns monitoring || echo "Failed to delete namespace monitoring"
fi