-
Notifications
You must be signed in to change notification settings - Fork 21
91 lines (76 loc) · 3.28 KB
/
conformance-tetragon-gke.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: ConformanceTetragonGKE (ci-tetragon-gke)
# Any change in triggers needs to be reflected in the concurrency group.
on:
push:
branches:
- master
env:
clusterName: ${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }}
zone: us-west2-a
# https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke
USE_GKE_GCLOUD_AUTH_PLUGIN: True
jobs:
installation:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
with:
fetch-depth: 0
persist-credentials: false
- name: Set up job variables
id: vars
run: |
# Get last commit message
readonly local last_commit_log=$(git log -1 --grep "^Add tetragon" --pretty=format:"%s")
echo "last commit log: $last_commit_log"
readonly local chart_version=$(echo "$last_commit_log" | grep -Eo "Add tetragon [^@]+" | sed 's/Add\ tetragon\ //' )
echo "Helm chart detected version: '${chart_version}'"
if [[ -n "${chart_version}" ]]; then
echo ::set-output name=chartVersion::${chart_version}
fi
echo ::set-output name=owner::${{ github.sha }}
- name: Set up gcloud credentials
id: 'auth'
uses: 'google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70'
with:
credentials_json: '${{ secrets.GCP_PR_SA_KEY }}'
- name: Should it be e2e tested?
run: |
if [[ -z "${{ steps.vars.outputs.chartVersion }}" ]]; then
echo "Not running tetragon helm e2e tests since the helm chart version was not detected in commit message"
echo "Expected format: 'Add tetragon <chart-version>@<upstream-commit-sha>'"
exit 0
fi
- name: Set up gcloud CLI
uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- name: Display gcloud CLI info
run: |
gcloud info
- name: Install gke-gcloud-auth-plugin
run: |
gcloud components install gke-gcloud-auth-plugin
- name: Create GKE cluster
run: |
gcloud container clusters create ${{ env.clusterName }} \
--labels "usage=${{ github.repository_owner }}-${{ github.event.repository.name }},owner=${{ steps.vars.outputs.owner }}" \
--zone ${{ env.zone }} \
--release-channel rapid \
--num-nodes 1
- name: Get cluster credentials
run: |
gcloud container clusters get-credentials ${{ env.clusterName }} --zone ${{ env.zone }}
- name: Install Tetragon
run: |
helm repo add cilium https://helm.cilium.io
helm repo update
helm install tetragon cilium/tetragon -n kube-system --version ${{ steps.vars.outputs.chartVersion }}
kubectl rollout status -n kube-system ds/tetragon -w
- name: Clean up GKE
if: ${{ always() }}
run: |
gcloud container clusters delete ${{ env.clusterName }} --zone ${{ env.zone }} --quiet --async
shell: bash {0} # Disable default fail-fast behaviour so that all commands run independently