-
Notifications
You must be signed in to change notification settings - Fork 32
499 lines (420 loc) · 18.4 KB
/
pre-main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
name: Test Incoming Changes
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
permissions:
contents: read
env:
REGISTRY: quay.io
REGISTRY_LOCAL: localhost
CERTSUITE_IMAGE_NAME: redhat-best-practices-for-k8s/certsuite
CERTSUITE_IMAGE_NAME_LEGACY: testnetworkfunction/cnf-certification-test
CERTSUITE_IMAGE_TAG: unstable
OCT_IMAGE_NAME: redhat-best-practices-for-k8s/oct
OCT_IMAGE_TAG: latest
PROBE_IMAGE_NAME: redhat-best-practices-for-k8s/certsuite-probe
PROBE_IMAGE_TAG: v0.0.11
CERTSUITE_CONFIG_DIR: /tmp/certsuite/config
CERTSUITE_OUTPUT_DIR: /tmp/certsuite/output
SMOKE_TESTS_LOG_LEVEL: debug
SMOKE_TESTS_LABELS_FILTER: all
SKIP_PRELOAD_IMAGES: true
TERM: xterm-color
CM_BIN: /usr/local/bin/checkmake
CM_URL_LINUX: https://github.com/mrtazz/checkmake/releases/download/0.2.2/checkmake-0.2.2.linux.amd64 # yamllint disable-line
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
jobs:
lint:
name: Run Linters and Vet
runs-on: ubuntu-22.04
env:
SHELL: /bin/bash
steps:
- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: 1.23.4
- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.sha }}
- name: Install yaml dependency
uses: ./.github/actions/install-yaml-dep
- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install checkmake
run: |
curl --location --output $CM_BIN --silent $CM_URL_LINUX
chmod +x $CM_BIN
- name: Install Shfmt
uses: mfinelli/setup-shfmt@031e887e39d899d773a7e9b6dd6472c2c23ff50d # v3.0.1
- name: Golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: v1.60
args: --timeout 10m0s
- name: Checkmake
run: checkmake --config=.checkmake Makefile
- name: Hadolint
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: Dockerfile
recursive: true
- name: Shfmt
run: shfmt -d script
- name: Markdownlint
uses: nosborn/github-action-markdown-cli@9b5e871c11cc0649c5ac2526af22e23525fa344d # v3.3.0
with:
files: .
- name: ShellCheck
uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master
# - name: Typos
# uses: crate-ci/typos@master
- name: Yamllint
uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
with:
config_file: .yamllint.yml
- name: Go vet
run: make vet
unit-tests:
name: Run Unit Tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04]
env:
SHELL: /bin/bash
steps:
- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: 1.23.4
- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.sha }}
- name: Install yaml dependency
uses: ./.github/actions/install-yaml-dep
- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run Tests
run: make test
env:
SHELL: /bin/bash
- name: Quality Gate - Test coverage shall be above threshold
env:
TESTCOVERAGE_THRESHOLD: 15
run: |
echo "Quality Gate: checking test coverage is above threshold ..."
echo "Threshold : $TESTCOVERAGE_THRESHOLD %"
totalCoverage=`UNIT_TEST='true' cat cover.out.tmp | grep -v "_moq.go" > cover.out; go tool cover -func=cover.out | grep total | grep -Eo '[0-9]+\.[0-9]+'`
echo "Current test coverage : $totalCoverage %"
if (( $(echo "$totalCoverage $TESTCOVERAGE_THRESHOLD" | awk '{print ($1 > $2)}') )); then
echo OK
else
echo "Current test coverage is below threshold. Please add more unit tests or adjust threshold to a lower value."
echo "Failed"
exit 1
fi
precheck-images:
name: Precheck Images
runs-on: ubuntu-22.04
env:
SHELL: /bin/bash
steps:
- name: Pull the images to verify they exist
run: |
docker pull ${REGISTRY}/${OCT_IMAGE_NAME}:${OCT_IMAGE_TAG}
docker pull ${REGISTRY}/${PROBE_IMAGE_NAME}:${PROBE_IMAGE_TAG}
smoke-tests-local:
name: Run Local Smoke Tests
needs: precheck-images
if: needs.precheck-images.result == 'success'
runs-on: ubuntu-22.04
env:
SHELL: /bin/bash
KUBECONFIG: '/home/runner/.kube/config'
PFLT_DOCKERCONFIG: '/home/runner/.docker/config'
steps:
- name: Write temporary docker file
run: |
mkdir -p /home/runner/.docker
touch ${PFLT_DOCKERCONFIG}
echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG}
- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: 1.23.4
- name: Disable default go problem matcher
run: echo "::remove-matcher owner=go::"
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.sha }}
- name: Install yaml dependency
uses: ./.github/actions/install-yaml-dep
- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
with:
token: ${{ secrets.GITHUB_TOKEN }}
# Update the CNF containers, helm charts and operators DB.
- name: Update the CNF DB
run: |
mkdir -p "${GITHUB_WORKSPACE}"/offline-db
docker run \
--env OCT_DUMP_ONLY=true \
--rm \
--volume "${GITHUB_WORKSPACE}"/offline-db:/tmp/dump:Z \
${REGISTRY}/${OCT_IMAGE_NAME}:${OCT_IMAGE_TAG}
docker system prune --volumes -f
- name: Build the Certsuite tool
run: make build-certsuite-tool
- name: Remove go mod cache to save disk space.
run: |
df -h
go clean -modcache || true
df -h
- name: Setup partner cluster
uses: ./.github/actions/setup-partner-cluster
with:
make-command: 'install'
# Perform smoke tests.
- name: 'Test: Run test suites'
run: ./certsuite run --label-filter="${SMOKE_TESTS_LABELS_FILTER}" --output-dir=certsuite-out --log-level="${SMOKE_TESTS_LOG_LEVEL}"
- name: 'Show failed test cases and the non compliant objects'
run: ./certsuite claim show failures -c certsuite-out/claim.json
- name: Upload smoke test results as an artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: always()
with:
name: smoke-tests
path: |
certsuite-out/*.tar.gz
- name: Check the smoke test results against the expected results template
run: ./certsuite check results --log-file="certsuite-out/certsuite.log"
- name: Print the certsuite.log
run: cat certsuite-out/certsuite.log
- name: 'Test: Run preflight specific test suite'
run: ./certsuite run --label-filter=preflight --log-level="${SMOKE_TESTS_LOG_LEVEL}"
- name: Upload preflight smoke test results as an artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: always()
with:
name: preflight-smoke-tests
path: |
certsuite-out/*.tar.gz
- name: Remove tarball(s) to save disk space
run: rm -f certsuite-out/*.tar.gz
smoke-tests-container:
name: Run Container Smoke Tests
needs: precheck-images
if: needs.precheck-images.result == 'success'
runs-on: ubuntu-22.04
env:
SHELL: /bin/bash
KUBECONFIG: '/home/runner/.kube/config'
PFLT_DOCKERCONFIG: '/home/runner/.docker/config'
steps:
- name: Write temporary docker file
run: |
mkdir -p /home/runner/.docker
touch ${PFLT_DOCKERCONFIG}
echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG}
# needed by depends-on-action
- name: Set up Go 1.23
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: 1.23.4
# Perform smoke tests using a Certsuite container.
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.sha }}
- name: Setup partner cluster
uses: ./.github/actions/setup-partner-cluster
with:
make-command: 'install'
- name: Extract dependent Pull Requests
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Build the `certsuite` image
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
timeout_minutes: 90
max_attempts: 3
command: make build-image-local
env:
IMAGE_TAG: ${CERTSUITE_IMAGE_TAG}
# Clean up unused container image layers. We need to filter out a possible error return code
# from docker with "|| true" as some images might still be used by running kind containers and
# will not be removed.
- name: Remove unnamed/dangling container images to save space. Show disk space before and after removing them.
run: |
df -h
docker rmi $(docker images -f "dangling=true" -q) || true
df -h
- name: Create required Certsuite config files and directories
run: |
mkdir -p $CERTSUITE_CONFIG_DIR $CERTSUITE_OUTPUT_DIR
cp /home/runner/.kube/config $CERTSUITE_CONFIG_DIR/kubeconfig
cp /home/runner/.docker/config $CERTSUITE_CONFIG_DIR/dockerconfig
cp config/*.yml $CERTSUITE_CONFIG_DIR
shell: bash
- name: 'Test: Run without any TS, just get diagnostic information'
run: |
docker run --rm --network host \
-v $CERTSUITE_CONFIG_DIR:/usr/certsuite/config:Z \
-v $CERTSUITE_OUTPUT_DIR:/usr/certsuite/output:Z \
${REGISTRY_LOCAL}/${CERTSUITE_IMAGE_NAME}:${CERTSUITE_IMAGE_TAG} \
certsuite run \
--output-dir=/usr/certsuite/output \
--preflight-dockerconfig=/usr/certsuite/config/dockerconfig \
--offline-db=/usr/offline-db \
--log-level=${SMOKE_TESTS_LOG_LEVEL} \
--config-file=/usr/certsuite/config/certsuite_config.yml \
--kubeconfig=/usr/certsuite/config/kubeconfig \
- name: 'Test: Run Smoke Tests in a Certsuite container with the certsuite command'
run: |
docker run --rm --network host \
-v $CERTSUITE_CONFIG_DIR:/usr/certsuite/config:Z \
-v $CERTSUITE_OUTPUT_DIR:/usr/certsuite/output:Z \
${REGISTRY_LOCAL}/${CERTSUITE_IMAGE_NAME}:${CERTSUITE_IMAGE_TAG} \
certsuite run \
--output-dir=/usr/certsuite/output \
--preflight-dockerconfig=/usr/certsuite/config/dockerconfig \
--offline-db=/usr/offline-db \
--enable-data-collection=true \
--log-level=${SMOKE_TESTS_LOG_LEVEL} \
--config-file=/usr/certsuite/config/certsuite_config.yml \
--kubeconfig=/usr/certsuite/config/kubeconfig \
--label-filter="${SMOKE_TESTS_LABELS_FILTER}"
- name: Upload container test results as an artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: always()
with:
name: smoke-tests-container
path: |
${CERTSUITE_OUTPUT_DIR}/*.tar.gz
- name: Remove tarball(s) to save disk space.
run: rm -f ${CERTSUITE_OUTPUT_DIR}/*.tar.gz
- name: Build the Certsuite tool
run: make build-certsuite-tool
- name: Check the smoke test results against the expected results template
run: ./certsuite check results --log-file="${CERTSUITE_OUTPUT_DIR}"/certsuite.log
- name: Print the certsuite.log
run: cat "${CERTSUITE_OUTPUT_DIR}"/certsuite.log
- name: 'Test: Run Preflight Specific Smoke Tests in a Certsuite container with the certsuite command'
run: |
docker run --rm --network host \
-v $CERTSUITE_CONFIG_DIR:/usr/certsuite/config:Z \
-v $CERTSUITE_OUTPUT_DIR:/usr/certsuite/output:Z \
${REGISTRY_LOCAL}/${CERTSUITE_IMAGE_NAME}:${CERTSUITE_IMAGE_TAG} \
certsuite run \
--output-dir=/usr/certsuite/output \
--preflight-dockerconfig=/usr/certsuite/config/dockerconfig \
--offline-db=/usr/offline-db \
--log-level=${SMOKE_TESTS_LOG_LEVEL} \
--config-file=/usr/certsuite/config/certsuite_config.yml \
--kubeconfig=/usr/certsuite/config/kubeconfig \
--label-filter="preflight"
# Only run this job if the previous jobs are successful that build the ARM and x86 images.
create-manifest-multiarch-legacy:
name: Create manifest list for multi-arch image (legacy)
needs: [unit-tests, smoke-tests-container]
runs-on: ubuntu-22.04
if: github.event_name != 'pull_request' && needs.smoke-tests-container.result == 'success' && needs.unit-tests.result == 'success'
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.sha }}
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- name: Login to Quay.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.QUAY_ROBOT_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
- name: Build and push the unstable images for multi-arch
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
with:
context: .
file: Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ env.REGISTRY }}/${{ env.CERTSUITE_IMAGE_NAME_LEGACY }}:${{ env.CERTSUITE_IMAGE_TAG }}
- name: (if on main and upstream) Send chat msg to dev team if failed to create container image.
if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
uses: ./.github/actions/slack-webhook-sender
with:
message: 'Failed to create the *unstable* container manifest'
slack_webhook: '${{ secrets.SLACK_ALERT_WEBHOOK_URL }}'
# Only run this job if the previous jobs are successful that build the ARM and x86 images.
create-manifest-multiarch:
name: Create manifest list for multi-arch image
needs: [unit-tests, smoke-tests-container]
runs-on: ubuntu-22.04
if: github.event_name != 'pull_request' && needs.smoke-tests-container.result == 'success' && needs.unit-tests.result == 'success'
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.sha }}
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- name: Login to Quay.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.QUAY_ROBOT_USERNAME_K8S }}
password: ${{ secrets.QUAY_ROBOT_TOKEN_K8S }}
- name: Build and push the unstable images for multi-arch
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
with:
context: .
file: Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ env.REGISTRY }}/${{ env.CERTSUITE_IMAGE_NAME }}:${{ env.CERTSUITE_IMAGE_TAG }}
- name: (if on main and upstream) Send chat msg to dev team if failed to create container image.
if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }}
uses: ./.github/actions/slack-webhook-sender
with:
message: 'Failed to create the *unstable* container manifest'
slack_webhook: '${{ secrets.SLACK_ALERT_WEBHOOK_URL }}'
check-all-dependencies-are-merged:
name: Check all the PR dependencies are merged
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Check all dependent Pull Requests are merged
uses: depends-on/depends-on-action@77e67971a155b35424508ada365790c47286fd0f # main
with:
token: ${{ secrets.GITHUB_TOKEN }}
check-unmerged-pr: true