Skip to content

website for our cnf (#1544) #5327

website for our cnf (#1544)

website for our cnf (#1544) #5327

Workflow file for this run

name: Test Incoming Changes
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
env:
REGISTRY: quay.io
REGISTRY_LOCAL: localhost
TNF_IMAGE_NAME: testnetworkfunction/cnf-certification-test
TNF_IMAGE_TAG: unstable
OCT_IMAGE_NAME: testnetworkfunction/oct
OCT_IMAGE_TAG: latest
GRADETOOL_IMAGE_NAME: testnetworkfunction/gradetool
GRADETOOL_IMAGE_TAG: latest
TNF_CONTAINER_CLIENT: docker
TNF_NON_INTRUSIVE_ONLY: false
TNF_ALLOW_PREFLIGHT_INSECURE: false
TNF_DISABLE_CONFIG_AUTODISCOVER: false
TNF_CONFIG_DIR: /tmp/tnf/config
TNF_OUTPUT_DIR: /tmp/tnf/output
TNF_SRC_URL: 'https://github.com/${{ github.repository }}'
TESTING_CMD_PARAMS: '-n host -i ${REGISTRY_LOCAL}/${TNF_IMAGE_NAME}:${TNF_IMAGE_TAG} -t ${TNF_CONFIG_DIR} -o ${TNF_OUTPUT_DIR}'
TNF_SMOKE_TESTS_LOG_LEVEL: trace
ON_DEMAND_DEBUG_PODS: false
TERM: xterm-color
CM_BIN: /usr/local/bin/checkmake
CM_URL_LINUX: https://github.com/mrtazz/checkmake/releases/download/0.2.2/checkmake-0.2.2.linux.amd64 # yamllint disable-line
SMOKE_TESTS_GINKGO_LABELS_FILTER: '!affiliated-certification-container-is-certified-digest && !access-control-security-context'
jobs:
lint:
name: Run Linters and Vet
runs-on: ubuntu-latest
env:
SHELL: /bin/bash
steps:
- name: Set up Go 1.21
uses: actions/setup-go@v4
with:
go-version: 1.21.3
- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
ref: ${{ github.sha }}
- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install checkmake
run: |
curl --location --output $CM_BIN --silent $CM_URL_LINUX
chmod +x $CM_BIN
- name: Install Shfmt
uses: mfinelli/setup-shfmt@v3
- name: Golangci-lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.55
args: --timeout 10m0s
- name: Checkmake
run: checkmake --config=.checkmake Makefile
- name: Hadolint
uses: hadolint/[email protected]
with:
dockerfile: Dockerfile
recursive: true
- name: Shfmt
run: shfmt -d *.sh script
- name: Markdownlint
uses: nosborn/[email protected]
with:
files: .
- name: ShellCheck
uses: ludeeus/action-shellcheck@master
- name: Typos
uses: crate-ci/typos@master
- name: Yamllint
uses: ibiqlik/action-yamllint@v3
with:
config_file: .yamllint.yml
- name: Go vet
run: make vet
unit-tests:
name: Run Unit Tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04, macos-latest]
env:
SHELL: /bin/bash
steps:
- name: Set up Go 1.21
uses: actions/setup-go@v4
with:
go-version: 1.21.3
- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
ref: ${{ github.sha }}
- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run Tests
run: make test
env:
SHELL: /bin/bash
- name: Quality Gate - Test coverage shall be above threshold
env:
TESTCOVERAGE_THRESHOLD: 15
run: |
echo "Quality Gate: checking test coverage is above threshold ..."
echo "Threshold : $TESTCOVERAGE_THRESHOLD %"
totalCoverage=`UNIT_TEST='true' cat cover.out.tmp | grep -v "_moq.go" > cover.out; go tool cover -func=cover.out | grep total | grep -Eo '[0-9]+\.[0-9]+'`
echo "Current test coverage : $totalCoverage %"
if (( $(echo "$totalCoverage $TESTCOVERAGE_THRESHOLD" | awk '{print ($1 > $2)}') )); then
echo OK
else
echo "Current test coverage is below threshold. Please add more unit tests or adjust threshold to a lower value."
echo "Failed"
exit 1
fi
smoke-tests-local:
name: Run Local Smoke Tests
runs-on: ubuntu-22.04
env:
SHELL: /bin/bash
KUBECONFIG: '/home/runner/.kube/config'
PFLT_DOCKERCONFIG: '/home/runner/.docker/config'
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false
large-packages: true
android: true
dotnet: true
haskell: true
docker-images: true
swap-storage: true
continue-on-error: true
- name: Write temporary docker file
run: |
mkdir -p /home/runner/.docker
touch ${PFLT_DOCKERCONFIG}
echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG}
- name: Set up Go 1.21
uses: actions/setup-go@v4
with:
go-version: 1.21.3
- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
ref: ${{ github.sha }}
- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
# Update the CNF containers, helm charts and operators DB.
- name: Update the CNF DB
run: |
mkdir -p "${GITHUB_WORKSPACE}"/offline-db
docker run \
--env OCT_DUMP_ONLY=true \
--rm \
--volume "${GITHUB_WORKSPACE}"/offline-db:/tmp/dump:Z \
${REGISTRY}/${OCT_IMAGE_NAME}:${OCT_IMAGE_TAG}
docker system prune --volumes -f
- name: Install ginkgo
run: make install-tools
- name: Build CNF test suite binary
run: make build-cnf-tests
- name: Remove go mod cache to save disk space.
run: |
df -h
go clean -modcache || true
df -h
# Create a Kind cluster for testing.
- name: Check out `cnf-certification-test-partner`
uses: actions/checkout@v4
with:
repository: test-network-function/cnf-certification-test-partner
path: cnf-certification-test-partner
- name: Start the Kind cluster for `local-test-infra`
uses: ./cnf-certification-test-partner/.github/actions/start-k8s-cluster
with:
working_directory: cnf-certification-test-partner
- name: Create `local-test-infra` OpenShift resources
uses: ./cnf-certification-test-partner/.github/actions/create-local-test-infra-resources
with:
working_directory: cnf-certification-test-partner
# Perform smoke tests.
- name: 'Test: Run test suites'
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-cnf-suites.sh -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}"
- name: Upload smoke test results as an artifact
uses: actions/upload-artifact@v3
if: always()
with:
name: smoke-tests
path: |
cnf-certification-test/*.tar.gz
- name: Remove tarball(s) to save disk space.
run: rm -f cnf-certification-test/*.tar.gz
- name: Run gradetool on the claim.json.
run: |
docker run \
--rm \
--volume "${GITHUB_WORKSPACE}"/generated_policy.json:/policy.json \
--volume "${GITHUB_WORKSPACE}"/cnf-certification-test/claim.json:/claim.json \
${REGISTRY}/${GRADETOOL_IMAGE_NAME}:${GRADETOOL_IMAGE_TAG} \
--OutputPath results.txt \
--policy /policy.json \
--results /claim.json \
>"${GITHUB_WORKSPACE}"/results.txt
docker system prune --volumes -f
- name: Check that their are 0 failed tests in the gradetool results
run: |
if $(jq '.[] | .Fail | length' "${GITHUB_WORKSPACE}"/results.txt | grep -q 0); then
echo OK
else
echo "Gradetool has found failing tests in the following:"
jq '.[] | .Fail | .[].id' "${GITHUB_WORKSPACE}"/results.txt
exit 1
fi
- name: 'Test: Run preflight specific test suite'
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-cnf-suites.sh -l "preflight"
- name: Upload preflight smoke test results as an artifact
uses: actions/upload-artifact@v3
if: always()
with:
name: preflight-smoke-tests
path: |
cnf-certification-test/*.tar.gz
- name: Remove tarball(s) to save disk space
run: rm -f cnf-certification-test/*.tar.gz
smoke-tests-container:
name: Run Container Smoke Tests
runs-on: ubuntu-22.04
env:
SHELL: /bin/bash
KUBECONFIG: '/home/runner/.kube/config'
PFLT_DOCKERCONFIG: '/home/runner/.docker/config'
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false
large-packages: true
android: true
dotnet: true
haskell: true
docker-images: true
swap-storage: true
continue-on-error: true
- name: Write temporary docker file
run: |
mkdir -p /home/runner/.docker
touch ${PFLT_DOCKERCONFIG}
echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG}
# Create a Kind cluster for testing.
- name: Check out `cnf-certification-test-partner`
uses: actions/checkout@v4
with:
repository: test-network-function/cnf-certification-test-partner
path: cnf-certification-test-partner
- name: Start the Kind cluster for `local-test-infra`
uses: ./cnf-certification-test-partner/.github/actions/start-k8s-cluster
with:
working_directory: cnf-certification-test-partner
- name: Create `local-test-infra` OpenShift resources
uses: ./cnf-certification-test-partner/.github/actions/create-local-test-infra-resources
with:
working_directory: cnf-certification-test-partner
# needed by depends-on-action
- name: Set up Go 1.21
uses: actions/setup-go@v4
with:
go-version: 1.21.3
# Perform smoke tests using a TNF container.
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
ref: ${{ github.sha }}
- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Build the `cnf-certification-test` image
run: |
make build-image-local
env:
IMAGE_TAG: ${TNF_IMAGE_TAG}
# Prepare collector to be used when running smoke tests
- name: Check out `Collector`
uses: actions/checkout@v4
with:
repository: test-network-function/collector
path: collector
- name: Deploy collector and mysql
uses: ./collector/.github/actions/prepare-collector-for-use
with:
working_directory: collector
# Clean up unused container image layers. We need to filter out a possible error return code
# from docker with "|| true" as some images might still be used by running kind containers and
# won't be removed.
- name: Remove unnamed/dangling container images to save space. Show disk space before and after removing them.
run: |
df -h
docker rmi $(docker images -f "dangling=true" -q) || true
df -h
- name: Create required TNF config files and directories
run: |
mkdir -p $TNF_CONFIG_DIR $TNF_OUTPUT_DIR
cp cnf-certification-test/*.yml $TNF_CONFIG_DIR
shell: bash
- name: 'Test: Run without any TS, just get diagnostic information'
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }}
- name: 'Test: Run Smoke Tests in a TNF container'
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} TNF_ENABLE_DATA_COLLECTION=true ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}"
- name: Run sanity check on collector
uses: ./collector/.github/actions/run-sanity-check
with:
working_directory: collector
- name: Upload container test results as an artifact
uses: actions/upload-artifact@v3
if: always()
with:
name: smoke-tests-container
path: |
${{ env.TNF_OUTPUT_DIR }}/*.tar.gz
- name: Remove tarball(s) to save disk space.
run: rm -f ${{ env.TNF_OUTPUT_DIR }}/*.tar.gz
- name: Run gradetool on the claim.json.
run: |
docker run \
--rm \
--volume "${GITHUB_WORKSPACE}"/generated_policy.json:/policy.json \
--volume "${TNF_OUTPUT_DIR}"/claim.json:/claim.json \
${REGISTRY}/${GRADETOOL_IMAGE_NAME}:${GRADETOOL_IMAGE_TAG} \
--OutputPath results.txt \
--policy /policy.json \
--results /claim.json \
>"${GITHUB_WORKSPACE}"/results.txt
docker system prune --volumes -f
- name: Check that their are 0 failed tests in the gradetool results
run: |
if $(jq '.[] | .Fail | length' "${GITHUB_WORKSPACE}"/results.txt | grep -q 0); then
echo OK
else
echo "Gradetool has found failing tests in the following:"
jq '.[] | .Fail | .[].id' "${GITHUB_WORKSPACE}"/results.txt
exit 1
fi
- name: 'Test: Run Preflight Specific Smoke Tests in a TNF container'
run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "preflight"
- name: Upload container preflight test results as an artifact
uses: actions/upload-artifact@v3
if: always()
with:
name: preflight-smoke-tests-container
path: |
${{ env.TNF_OUTPUT_DIR }}/*.tar.gz
- name: Remove tarball(s) to save disk space.
run: rm -f ${{ env.TNF_OUTPUT_DIR }}/*.tar.gz
- name: (if on main and upstream) Send chat msg to dev team if failed to create container image.
if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }}
env:
COMMIT_SHA: ${{ github.sha }}
JOB_RUN_ID: ${{ github.run_id }}
JOB_RUN_ATTEMPT: ${{ github.run_attempt }}
GITHUB_REPO: https://github.com/test-network-function/cnf-certification-test
run: |
curl -X POST --data "{
\"text\": \"🚨⚠️ Failed to create \`unstable\` container image from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \"
}" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.GCHAT_WEBHOOK_URL }}
# Push the new unstable TNF image to Quay.io.
- name: (if on main and upstream) Authenticate against Quay.io
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }}
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
# Use a Robot Account to authenticate against Quay.io
# https://docs.quay.io/glossary/robot-accounts.html
username: ${{ secrets.QUAY_ROBOT_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
- name: (if on main and upstream) Push the newly built image to Quay.io
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }}
run: docker push --all-tags ${REGISTRY}/${TNF_IMAGE_NAME}
check-all-dependencies-are-merged:
name: Check all the PR dependencies are merged
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check all dependent Pull Requests are merged
uses: depends-on/depends-on-action@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
check-unmerged-pr: true