forked from kyma-project/api-gateway
-
Notifications
You must be signed in to change notification settings - Fork 0
157 lines (147 loc) · 5.81 KB
/
main-integration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Main Integration
permissions:
id-token: write # This is required for requesting the JWT token
contents: read # This is required for actions/checkout
on:
push:
paths-ignore:
- "docs/**"
- "**/*.md"
- "CODEOWNERS"
- "sec-scanners-config.yaml"
- ".github/**" #Ignoring since build job isn't triggered on the workflow directory changes
- "external-images.yaml"
branches:
- main
schedule:
- cron: '0 5 * * *' # Run every day at 05:00 AM
jobs:
build:
name: build api-gateway image
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
if: ${{ github.event_name != 'schedule' }}
with:
name: api-gateway-manager
dockerfile: Dockerfile
context: .
build-args: |
VERSION=${{ github.sha }}
tags: "${{ github.sha }}"
get-sha:
name: Get manager SHA
runs-on: ubuntu-latest
needs: [ build ]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
outputs:
sha: ${{ steps.get-sha.outputs.sha }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- id: get-sha
uses: ./.github/actions/get-latest-sha
integration-tests:
name: Integration tests
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/integration-tests
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
client_id: ${{ secrets.CLIENT_ID }}
client_secret: ${{ secrets.CLIENT_SECRET }}
oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
migration-downtime-tests:
name: Zero Downtime Migration Tests
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
strategy:
fail-fast: false
matrix:
test_make_target: [ "test-migration-zero-downtime HANDLER=no_auth", "test-migration-zero-downtime HANDLER=allow", "test-migration-zero-downtime HANDLER=noop", "test-migration-zero-downtime HANDLER=jwt", "test-migration-zero-downtime HANDLER=oauth2_introspection" ]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/integration-tests
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
test_make_target: ${{ matrix.test_make_target }}
upgrade-tests:
name: Upgrade tests
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/upgrade-test
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
client_id: ${{ secrets.CLIENT_ID }}
client_secret: ${{ secrets.CLIENT_SECRET }}
oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
target_branch: ${{github.ref_name}}
custom-domain-integration-gcp:
name: Custom domain integration GCP
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- uses: ./.github/actions/integration-test-gardener
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
gardener_secret: ${{ secrets.GARDENER_TOKEN }}
script: ./hack/ci/custom-domain-gardener-gcp.sh
client_id: ${{ secrets.CLIENT_ID }}
client_secret: ${{ secrets.CLIENT_SECRET }}
oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
dns_secret_json: ${{ secrets.DNS_SECRET_JSON }}
custom-domain-integration-aws:
name: Custom domain integration AWS
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- uses: ./.github/actions/integration-test-gardener
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
gardener_secret: ${{ secrets.GARDENER_TOKEN }}
script: ./hack/ci/custom-domain-gardener-aws.sh
client_id: ${{ secrets.CLIENT_ID }}
client_secret: ${{ secrets.CLIENT_SECRET }}
oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
dns_secret_json: ${{ secrets.DNS_SECRET_JSON }}
slack_failed_notification:
name: Slack Notification
runs-on: ubuntu-latest
if: ${{ failure() }}
needs: [integration-tests, upgrade-tests, custom-domain-integration-gcp, custom-domain-integration-aws, migration-downtime-tests]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Notify
uses: ./.github/actions/slack-notification-failed-workflow
with:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}