Bump github/codeql-action from 3.27.9 to 3.28.2 #2454
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: QE Testing (Ubuntu-hosted) | |
on: | |
pull_request: | |
branches: [ main ] | |
workflow_dispatch: | |
# Schedule a daily cron at midnight UTC | |
schedule: | |
- cron: '0 0 * * *' | |
permissions: | |
contents: read | |
env: | |
QE_REPO: redhat-best-practices-for-k8s/certsuite-qe | |
CERTSUITE_IMAGE_NAME: quay.io/redhat-best-practices-for-k8s/certsuite | |
TEST_CERTSUITE_IMAGE_TAG: localtest | |
CERTSUITE_CONFIG_DIR: '/tmp/certsuite_config' | |
CERTSUITE_REPORT_DIR: '/tmp/certsuite_report' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
# Build the image used for testing first, then pass the reference to the QE tests. | |
# This saves time and resources by not building the image in each QE suite. | |
build-image-for-qe: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
ref: ${{ github.sha }} | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
# Restart docker using /mnt/docker-storage (sdb) instead of /var/lib/docker (sda). | |
# This step needs to be done right after the partner repo's bootstrap scripts, as they | |
# overwrite the docker's daemon.json. | |
- name: Create docker/daemon.json if it does not exist | |
run: | | |
if [ ! -f /etc/docker/daemon.json ]; then | |
echo '{}' | sudo tee /etc/docker/daemon.json | |
fi | |
- name: Make docker to use /mnt (sdb) for storage | |
run: | | |
df -h | |
lsblk | |
sudo mkdir /mnt/docker-storage | |
sudo jq '. +={"data-root" : "/mnt/docker-storage"}' < /etc/docker/daemon.json > /tmp/docker-daemon.json | |
sudo cp /tmp/docker-daemon.json /etc/docker/daemon.json | |
cat /etc/docker/daemon.json | |
sudo systemctl restart docker | |
sudo ls -la /mnt/docker-storage | |
- name: Build temporary image tag for this PR | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 | |
with: | |
context: . | |
file: ./Dockerfile | |
tags: | | |
${{ env.CERTSUITE_IMAGE_NAME }}:${{ env.TEST_CERTSUITE_IMAGE_TAG }} | |
outputs: type=docker,dest=/tmp/testimage.tar | |
- name: Store image as artifact | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
with: | |
name: testimage | |
path: /tmp/testimage.tar | |
qe-testing: | |
runs-on: ubuntu-22.04 | |
needs: build-image-for-qe | |
if: needs.build-image-for-qe.result == 'success' | |
strategy: | |
fail-fast: false | |
matrix: | |
suite: [accesscontrol, affiliatedcertification, manageability, networking, lifecycle, performance, platformalteration, observability, operator] | |
env: | |
SHELL: /bin/bash | |
KUBECONFIG: '/home/runner/.kube/config' | |
PFLT_DOCKERCONFIG: '/home/runner/.docker/config' | |
DOCKER_CONFIG_DIR: '/home/runner/.docker/' | |
SKIP_PRELOAD_IMAGES: true | |
steps: | |
- name: Check out code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
ref: ${{ github.sha }} | |
- name: Run initial setup | |
uses: ./.github/actions/setup | |
# Download the image from the artifact and load it into the docker daemon. | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
# Restart docker using /mnt/docker-storage (sdb) instead of /var/lib/docker (sda). | |
# This step needs to be done right after the partner repo's bootstrap scripts, as they | |
# overwrite the docker's daemon.json. | |
- name: Create docker/daemon.json if it does not exist | |
run: | | |
if [ ! -f /etc/docker/daemon.json ]; then | |
echo '{}' | sudo tee /etc/docker/daemon.json | |
fi | |
- name: Make docker to use /mnt (sdb) for storage | |
run: | | |
df -h | |
lsblk | |
if [ ! -d /mnt/docker-storage ]; then | |
sudo mkdir /mnt/docker-storage | |
fi | |
sudo jq '. +={"data-root" : "/mnt/docker-storage"}' < /etc/docker/daemon.json > /tmp/docker-daemon.json | |
sudo cp /tmp/docker-daemon.json /etc/docker/daemon.json | |
cat /etc/docker/daemon.json | |
sudo systemctl restart docker | |
sudo ls -la /mnt/docker-storage | |
- name: Setup partner cluster | |
uses: ./.github/actions/setup-partner-cluster | |
with: | |
make-command: 'install-for-qe' | |
- name: Download image from artifact | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: testimage | |
path: /tmp | |
- name: Load image into docker | |
run: docker load --input /tmp/testimage.tar | |
- name: Wait for all pods to be ready | |
run: ./scripts/wait-for-all-pods-running.sh | |
working-directory: certsuite-sample-workload | |
timeout-minutes: 10 | |
- name: Clone the QE repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: ${{ env.QE_REPO }} | |
path: certsuite-qe | |
ref: main | |
- name: Extract dependent Pull Requests | |
uses: depends-on/depends-on-action@61cb3f4a0e2c8ae4b90c9448dc57c7ba9ca24c35 # main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run the tests (against image) | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 | |
with: | |
timeout_minutes: 60 | |
max_attempts: 3 | |
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} CERTSUITE_IMAGE=${{env.CERTSUITE_IMAGE_NAME}} CERTSUITE_IMAGE_TAG=${{env.TEST_CERTSUITE_IMAGE_TAG}} JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features | |
# Only run against the binary during a scheduled run | |
- name: Build the binary | |
if: github.event_name == 'schedule' | |
run: make build-certsuite-tool | |
- name: Run the tests (against binary) | |
if: github.event_name == 'schedule' | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 | |
with: | |
timeout_minutes: 60 | |
max_attempts: 3 | |
command: cd ${GITHUB_WORKSPACE}/certsuite-qe; FEATURES=${{matrix.suite}} CERTSUITE_REPO_PATH=${GITHUB_WORKSPACE} USE_BINARY=true JOB_ID=${{github.run_id}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features | |
- name: (if on main and upstream) Send chat msg to dev team if failed to run QE tests | |
if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
env: | |
COMMIT_SHA: ${{ github.sha }} | |
JOB_RUN_ID: ${{ github.run_id }} | |
JOB_RUN_ATTEMPT: ${{ github.run_attempt }} | |
GITHUB_REPO: https://github.com/redhat-best-practices-for-k8s/certsuite | |
run: | | |
curl -X POST --data "{ | |
\"text\": \"🚨⚠️ Failed to run Github hosted QE tests from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" | |
}" -H 'Content-type: application/json; charset=UTF-8' '${{ secrets.QE_NIGHTLY_WEBHOOK }}' |