website for our cnf (#1544) #5327
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test Incoming Changes | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
workflow_dispatch: | |
env: | |
REGISTRY: quay.io | |
REGISTRY_LOCAL: localhost | |
TNF_IMAGE_NAME: testnetworkfunction/cnf-certification-test | |
TNF_IMAGE_TAG: unstable | |
OCT_IMAGE_NAME: testnetworkfunction/oct | |
OCT_IMAGE_TAG: latest | |
GRADETOOL_IMAGE_NAME: testnetworkfunction/gradetool | |
GRADETOOL_IMAGE_TAG: latest | |
TNF_CONTAINER_CLIENT: docker | |
TNF_NON_INTRUSIVE_ONLY: false | |
TNF_ALLOW_PREFLIGHT_INSECURE: false | |
TNF_DISABLE_CONFIG_AUTODISCOVER: false | |
TNF_CONFIG_DIR: /tmp/tnf/config | |
TNF_OUTPUT_DIR: /tmp/tnf/output | |
TNF_SRC_URL: 'https://github.com/${{ github.repository }}' | |
TESTING_CMD_PARAMS: '-n host -i ${REGISTRY_LOCAL}/${TNF_IMAGE_NAME}:${TNF_IMAGE_TAG} -t ${TNF_CONFIG_DIR} -o ${TNF_OUTPUT_DIR}' | |
TNF_SMOKE_TESTS_LOG_LEVEL: trace | |
ON_DEMAND_DEBUG_PODS: false | |
TERM: xterm-color | |
CM_BIN: /usr/local/bin/checkmake | |
CM_URL_LINUX: https://github.com/mrtazz/checkmake/releases/download/0.2.2/checkmake-0.2.2.linux.amd64 # yamllint disable-line | |
SMOKE_TESTS_GINKGO_LABELS_FILTER: '!affiliated-certification-container-is-certified-digest && !access-control-security-context' | |
jobs: | |
lint: | |
name: Run Linters and Vet | |
runs-on: ubuntu-latest | |
env: | |
SHELL: /bin/bash | |
steps: | |
- name: Set up Go 1.21 | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.3 | |
- name: Disable default go problem matcher | |
run: echo "::remove-matcher owner=go::" | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.sha }} | |
- name: Extract dependent Pull Requests | |
uses: depends-on/depends-on-action@main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install checkmake | |
run: | | |
curl --location --output $CM_BIN --silent $CM_URL_LINUX | |
chmod +x $CM_BIN | |
- name: Install Shfmt | |
uses: mfinelli/setup-shfmt@v3 | |
- name: Golangci-lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: v1.55 | |
args: --timeout 10m0s | |
- name: Checkmake | |
run: checkmake --config=.checkmake Makefile | |
- name: Hadolint | |
uses: hadolint/[email protected] | |
with: | |
dockerfile: Dockerfile | |
recursive: true | |
- name: Shfmt | |
run: shfmt -d *.sh script | |
- name: Markdownlint | |
uses: nosborn/[email protected] | |
with: | |
files: . | |
- name: ShellCheck | |
uses: ludeeus/action-shellcheck@master | |
- name: Typos | |
uses: crate-ci/typos@master | |
- name: Yamllint | |
uses: ibiqlik/action-yamllint@v3 | |
with: | |
config_file: .yamllint.yml | |
- name: Go vet | |
run: make vet | |
unit-tests: | |
name: Run Unit Tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-22.04, macos-latest] | |
env: | |
SHELL: /bin/bash | |
steps: | |
- name: Set up Go 1.21 | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.3 | |
- name: Disable default go problem matcher | |
run: echo "::remove-matcher owner=go::" | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.sha }} | |
- name: Extract dependent Pull Requests | |
uses: depends-on/depends-on-action@main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run Tests | |
run: make test | |
env: | |
SHELL: /bin/bash | |
- name: Quality Gate - Test coverage shall be above threshold | |
env: | |
TESTCOVERAGE_THRESHOLD: 15 | |
run: | | |
echo "Quality Gate: checking test coverage is above threshold ..." | |
echo "Threshold : $TESTCOVERAGE_THRESHOLD %" | |
totalCoverage=`UNIT_TEST='true' cat cover.out.tmp | grep -v "_moq.go" > cover.out; go tool cover -func=cover.out | grep total | grep -Eo '[0-9]+\.[0-9]+'` | |
echo "Current test coverage : $totalCoverage %" | |
if (( $(echo "$totalCoverage $TESTCOVERAGE_THRESHOLD" | awk '{print ($1 > $2)}') )); then | |
echo OK | |
else | |
echo "Current test coverage is below threshold. Please add more unit tests or adjust threshold to a lower value." | |
echo "Failed" | |
exit 1 | |
fi | |
smoke-tests-local: | |
name: Run Local Smoke Tests | |
runs-on: ubuntu-22.04 | |
env: | |
SHELL: /bin/bash | |
KUBECONFIG: '/home/runner/.kube/config' | |
PFLT_DOCKERCONFIG: '/home/runner/.docker/config' | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
tool-cache: false | |
large-packages: true | |
android: true | |
dotnet: true | |
haskell: true | |
docker-images: true | |
swap-storage: true | |
continue-on-error: true | |
- name: Write temporary docker file | |
run: | | |
mkdir -p /home/runner/.docker | |
touch ${PFLT_DOCKERCONFIG} | |
echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG} | |
- name: Set up Go 1.21 | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.3 | |
- name: Disable default go problem matcher | |
run: echo "::remove-matcher owner=go::" | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.sha }} | |
- name: Extract dependent Pull Requests | |
uses: depends-on/depends-on-action@main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
# Update the CNF containers, helm charts and operators DB. | |
- name: Update the CNF DB | |
run: | | |
mkdir -p "${GITHUB_WORKSPACE}"/offline-db | |
docker run \ | |
--env OCT_DUMP_ONLY=true \ | |
--rm \ | |
--volume "${GITHUB_WORKSPACE}"/offline-db:/tmp/dump:Z \ | |
${REGISTRY}/${OCT_IMAGE_NAME}:${OCT_IMAGE_TAG} | |
docker system prune --volumes -f | |
- name: Install ginkgo | |
run: make install-tools | |
- name: Build CNF test suite binary | |
run: make build-cnf-tests | |
- name: Remove go mod cache to save disk space. | |
run: | | |
df -h | |
go clean -modcache || true | |
df -h | |
# Create a Kind cluster for testing. | |
- name: Check out `cnf-certification-test-partner` | |
uses: actions/checkout@v4 | |
with: | |
repository: test-network-function/cnf-certification-test-partner | |
path: cnf-certification-test-partner | |
- name: Start the Kind cluster for `local-test-infra` | |
uses: ./cnf-certification-test-partner/.github/actions/start-k8s-cluster | |
with: | |
working_directory: cnf-certification-test-partner | |
- name: Create `local-test-infra` OpenShift resources | |
uses: ./cnf-certification-test-partner/.github/actions/create-local-test-infra-resources | |
with: | |
working_directory: cnf-certification-test-partner | |
# Perform smoke tests. | |
- name: 'Test: Run test suites' | |
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-cnf-suites.sh -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}" | |
- name: Upload smoke test results as an artifact | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: smoke-tests | |
path: | | |
cnf-certification-test/*.tar.gz | |
- name: Remove tarball(s) to save disk space. | |
run: rm -f cnf-certification-test/*.tar.gz | |
- name: Run gradetool on the claim.json. | |
run: | | |
docker run \ | |
--rm \ | |
--volume "${GITHUB_WORKSPACE}"/generated_policy.json:/policy.json \ | |
--volume "${GITHUB_WORKSPACE}"/cnf-certification-test/claim.json:/claim.json \ | |
${REGISTRY}/${GRADETOOL_IMAGE_NAME}:${GRADETOOL_IMAGE_TAG} \ | |
--OutputPath results.txt \ | |
--policy /policy.json \ | |
--results /claim.json \ | |
>"${GITHUB_WORKSPACE}"/results.txt | |
docker system prune --volumes -f | |
- name: Check that their are 0 failed tests in the gradetool results | |
run: | | |
if $(jq '.[] | .Fail | length' "${GITHUB_WORKSPACE}"/results.txt | grep -q 0); then | |
echo OK | |
else | |
echo "Gradetool has found failing tests in the following:" | |
jq '.[] | .Fail | .[].id' "${GITHUB_WORKSPACE}"/results.txt | |
exit 1 | |
fi | |
- name: 'Test: Run preflight specific test suite' | |
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-cnf-suites.sh -l "preflight" | |
- name: Upload preflight smoke test results as an artifact | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: preflight-smoke-tests | |
path: | | |
cnf-certification-test/*.tar.gz | |
- name: Remove tarball(s) to save disk space | |
run: rm -f cnf-certification-test/*.tar.gz | |
smoke-tests-container: | |
name: Run Container Smoke Tests | |
runs-on: ubuntu-22.04 | |
env: | |
SHELL: /bin/bash | |
KUBECONFIG: '/home/runner/.kube/config' | |
PFLT_DOCKERCONFIG: '/home/runner/.docker/config' | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
tool-cache: false | |
large-packages: true | |
android: true | |
dotnet: true | |
haskell: true | |
docker-images: true | |
swap-storage: true | |
continue-on-error: true | |
- name: Write temporary docker file | |
run: | | |
mkdir -p /home/runner/.docker | |
touch ${PFLT_DOCKERCONFIG} | |
echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG} | |
# Create a Kind cluster for testing. | |
- name: Check out `cnf-certification-test-partner` | |
uses: actions/checkout@v4 | |
with: | |
repository: test-network-function/cnf-certification-test-partner | |
path: cnf-certification-test-partner | |
- name: Start the Kind cluster for `local-test-infra` | |
uses: ./cnf-certification-test-partner/.github/actions/start-k8s-cluster | |
with: | |
working_directory: cnf-certification-test-partner | |
- name: Create `local-test-infra` OpenShift resources | |
uses: ./cnf-certification-test-partner/.github/actions/create-local-test-infra-resources | |
with: | |
working_directory: cnf-certification-test-partner | |
# needed by depends-on-action | |
- name: Set up Go 1.21 | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.3 | |
# Perform smoke tests using a TNF container. | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.sha }} | |
- name: Extract dependent Pull Requests | |
uses: depends-on/depends-on-action@main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build the `cnf-certification-test` image | |
run: | | |
make build-image-local | |
env: | |
IMAGE_TAG: ${TNF_IMAGE_TAG} | |
# Prepare collector to be used when running smoke tests | |
- name: Check out `Collector` | |
uses: actions/checkout@v4 | |
with: | |
repository: test-network-function/collector | |
path: collector | |
- name: Deploy collector and mysql | |
uses: ./collector/.github/actions/prepare-collector-for-use | |
with: | |
working_directory: collector | |
# Clean up unused container image layers. We need to filter out a possible error return code | |
# from docker with "|| true" as some images might still be used by running kind containers and | |
# won't be removed. | |
- name: Remove unnamed/dangling container images to save space. Show disk space before and after removing them. | |
run: | | |
df -h | |
docker rmi $(docker images -f "dangling=true" -q) || true | |
df -h | |
- name: Create required TNF config files and directories | |
run: | | |
mkdir -p $TNF_CONFIG_DIR $TNF_OUTPUT_DIR | |
cp cnf-certification-test/*.yml $TNF_CONFIG_DIR | |
shell: bash | |
- name: 'Test: Run without any TS, just get diagnostic information' | |
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} | |
- name: 'Test: Run Smoke Tests in a TNF container' | |
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} TNF_ENABLE_DATA_COLLECTION=true ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}" | |
- name: Run sanity check on collector | |
uses: ./collector/.github/actions/run-sanity-check | |
with: | |
working_directory: collector | |
- name: Upload container test results as an artifact | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: smoke-tests-container | |
path: | | |
${{ env.TNF_OUTPUT_DIR }}/*.tar.gz | |
- name: Remove tarball(s) to save disk space. | |
run: rm -f ${{ env.TNF_OUTPUT_DIR }}/*.tar.gz | |
- name: Run gradetool on the claim.json. | |
run: | | |
docker run \ | |
--rm \ | |
--volume "${GITHUB_WORKSPACE}"/generated_policy.json:/policy.json \ | |
--volume "${TNF_OUTPUT_DIR}"/claim.json:/claim.json \ | |
${REGISTRY}/${GRADETOOL_IMAGE_NAME}:${GRADETOOL_IMAGE_TAG} \ | |
--OutputPath results.txt \ | |
--policy /policy.json \ | |
--results /claim.json \ | |
>"${GITHUB_WORKSPACE}"/results.txt | |
docker system prune --volumes -f | |
- name: Check that their are 0 failed tests in the gradetool results | |
run: | | |
if $(jq '.[] | .Fail | length' "${GITHUB_WORKSPACE}"/results.txt | grep -q 0); then | |
echo OK | |
else | |
echo "Gradetool has found failing tests in the following:" | |
jq '.[] | .Fail | .[].id' "${GITHUB_WORKSPACE}"/results.txt | |
exit 1 | |
fi | |
- name: 'Test: Run Preflight Specific Smoke Tests in a TNF container' | |
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "preflight" | |
- name: Upload container preflight test results as an artifact | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: preflight-smoke-tests-container | |
path: | | |
${{ env.TNF_OUTPUT_DIR }}/*.tar.gz | |
- name: Remove tarball(s) to save disk space. | |
run: rm -f ${{ env.TNF_OUTPUT_DIR }}/*.tar.gz | |
- name: (if on main and upstream) Send chat msg to dev team if failed to create container image. | |
if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }} | |
env: | |
COMMIT_SHA: ${{ github.sha }} | |
JOB_RUN_ID: ${{ github.run_id }} | |
JOB_RUN_ATTEMPT: ${{ github.run_attempt }} | |
GITHUB_REPO: https://github.com/test-network-function/cnf-certification-test | |
run: | | |
curl -X POST --data "{ | |
\"text\": \"🚨⚠️ Failed to create \`unstable\` container image from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" | |
}" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.GCHAT_WEBHOOK_URL }} | |
# Push the new unstable TNF image to Quay.io. | |
- name: (if on main and upstream) Authenticate against Quay.io | |
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
# Use a Robot Account to authenticate against Quay.io | |
# https://docs.quay.io/glossary/robot-accounts.html | |
username: ${{ secrets.QUAY_ROBOT_USERNAME }} | |
password: ${{ secrets.QUAY_ROBOT_TOKEN }} | |
- name: (if on main and upstream) Push the newly built image to Quay.io | |
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }} | |
run: docker push --all-tags ${REGISTRY}/${TNF_IMAGE_NAME} | |
check-all-dependencies-are-merged: | |
name: Check all the PR dependencies are merged | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Check all dependent Pull Requests are merged | |
uses: depends-on/depends-on-action@main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
check-unmerged-pr: true |