Skip to content

operator

operator #4190

Workflow file for this run

---
# yamllint disable rule:line-length
name: operator
on: # yamllint disable-line rule:truthy
push:
branches: ["main", "release-*"]
tags: ["*"]
pull_request:
branches: ["main", "release-*"]
# This workflow must be able to be triggered manually so that it can be
# started from another workflow
workflow_dispatch:
env:
GO_VERSION: "1.21"
KIND_VERSION: "0.20.0"
GO111MODULE: "on"
OPERATOR_IMAGE: "quay.io/backube/volsync"
CUSTOM_SCORECARD_IMAGE: "quay.io/backube/volsync-custom-scorecard-tests"
DOCKER_BUILDKIT: "1"
jobs:
lint:
name: Lint
runs-on: ubuntu-22.04
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install pre-commit
run: |
python -m pip install --user pre-commit
echo "PYHASH=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
- name: Enable cache for pre-commit hooks
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ env.PYHASH }}|${{ hashFiles('.pre-commit-config.yaml') }}
restore-keys: |
pre-commit|${{ env.PYHASH }}
pre-commit|
- name: Run pre-commit checks
run: |
pre-commit run -a
pre-commit gc
generated-files-check:
name: Auto Generated Files Check
runs-on: ubuntu-22.04
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: ${{ env.GO_VERSION }}
# Only run this for branch (PR and push, not tag)
- name: Ensure custom-scorecard-tests config.yaml is up-to-date
if: github.ref_type == 'branch'
run: |
TGT_BRANCH_NAME="${{ github.base_ref || github.ref_name }}"
echo "TGT_BRANCH_NAME is: $TGT_BRANCH_NAME"
DEF_BRANCH_NAME="${{ github.event.repository.default_branch }}"
echo "DEF_BRANCH_NAME: $DEF_BRANCH_NAME"
CUST_IMG_TAG=$TGT_BRANCH_NAME
# For main use "latest"
if [ "$TGT_BRANCH_NAME" == "$DEF_BRANCH_NAME" ]; then
CUST_IMG_TAG="latest"
fi
echo "Generating custom-scorecard-config for $CUST_IMG_TAG"
make custom-scorecard-tests-generate-config CUSTOM_SCORECARD_IMG_TAG=${CUST_IMG_TAG}
diff=$(git diff --color --ignore-space-change -- custom-scorecard-tests/config.yaml)
if [ -n "$diff" ]; then
echo "$diff"
echo "***** custom-scorecard-tests/config.yaml is out-of-date *****"
echo "***** run 'make custom-scorecard-tests-generate-config' *****"
exit 1
fi
- name: crd files check
run: |
make manifests
diff=$(git diff --color --ignore-space-change config/crd/bases)
if [ -n "$diff" ]; then
echo "$diff"
echo "***** config/crd/bases is out-of-date *****"
echo "***** run 'make manifests' *****"
exit 1
fi
- name: generated deepcopy files check
run: |
make generate
diff=$(git diff --color --ignore-space-change api/v1alpha1/*generated*.go)
if [ -n "$diff" ]; then
echo "$diff"
echo "***** api/v1alpha1 generated files are out-of-date *****"
echo "***** run 'make generate' *****"
exit 1
fi
- name: CSV bundle files check
run: |
make bundle
diff=$(git diff --color --ignore-space-change -IcreatedAt bundle)
if [ -n "$diff" ]; then
echo "$diff"
echo "***** CSV bundle files are out-of-date *****"
echo "***** run 'make bundle' *****"
exit 1
fi
test-operator:
name: Test-operator
runs-on: ubuntu-22.04
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: ${{ env.GO_VERSION }}
- name: Ensure go module files are up-to-date
run: |
go mod tidy
diff=$(git diff --color -- go.mod go.sum)
if [ -n "$diff" ]; then
echo "$diff"
echo "***** go modules are out-of-date *****"
echo "***** run 'go mod tidy' *****"
exit 1
fi
- name: Run unit tests
run: make test
- name: Upload test coverage
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./cover.out
# This is disabled because codecov is currently (2022-10-28)
# unreliable. We should consider re-enabling this at some point in the
# future. Until then, coverage stats are best-effort.
fail_ci_if_error: false
build-operator:
name: Build-operator
runs-on: ubuntu-22.04
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Build operator container
run: make docker-build IMG=${OPERATOR_IMAGE}
- name: Export container image
run: docker save -o /tmp/image.tar ${OPERATOR_IMAGE}
- name: Save container as artifact
uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
with:
name: volsync-operator
path: /tmp/image.tar
build-scorecard:
name: Build-custom-scorecard-tests
runs-on: ubuntu-22.04
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: ${{ env.GO_VERSION }}
- name: Ensure go module files are up-to-date
run: |
cd custom-scorecard-tests
go mod tidy
diff=$(git diff --color -- go.mod go.sum)
if [ -n "$diff" ]; then
echo "$diff"
echo "***** go modules in custom-scorecard-tests are out-of-date *****"
echo "***** run 'go mod tidy' *****"
exit 1
fi
- name: Build operator container
run: make custom-scorecard-tests-build CUSTOM_SCORECARD_IMG=${CUSTOM_SCORECARD_IMAGE}
- name: Export container image
run: docker save -o /tmp/image.tar ${CUSTOM_SCORECARD_IMAGE}
- name: Save container as artifact
uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
with:
name: volsync-custom-scorecard-tests-container
path: /tmp/image.tar
kubectl-plugin:
name: kubectl-plugin
runs-on: ubuntu-22.04
env:
KUBECONFIG: /tmp/kubeconfig
KUBERNETES_VERSION: "1.25.0"
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
# Fetch whole history so we can properly determine the version string
# (required by krew validation)
fetch-depth: 0
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: ${{ env.GO_VERSION }}
- name: Install kubectl
run: |
curl -fsSLO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
sudo install ./kubectl /usr/local/bin/
kubectl version --short --client
kubectl version --short --client | grep -q ${KUBERNETES_VERSION}
- name: Install krew
# https://krew.sigs.k8s.io/docs/user-guide/setup/install/
run: |
cd "$(mktemp -d)"
OS="$(uname | tr '[:upper:]' '[:lower:]')"
ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')"
KREW="krew-${OS}_${ARCH}"
curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz"
tar zxvf "${KREW}.tar.gz"
./"${KREW}" install krew
echo "${KREW_ROOT:-$HOME/.krew}/bin" >> $GITHUB_PATH
- name: Test build/install of plugin via krew
run: make test-krew
- name: Save cli as artifact
uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
with:
name: kubectl-volsync
path: bin/kubectl-volsync
e2e:
name: End-to-end
needs: [build-operator, kubectl-plugin]
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# There must be kindest/node images for these versions
# See: https://hub.docker.com/r/kindest/node/tags?page=1&ordering=name
# Or: skopeo list-tags docker://kindest/node
KUBERNETES_VERSIONS:
- "1.20.15" # OCP 4.7
- "1.21.14" # OCP 4.8
- "1.22.17" # OCP 4.9
- "1.23.17" # OCP 4.10
- "1.24.15" # OCP 4.11
- "1.25.11" # OCP 4.12
- "1.26.6" # OCP 4.13
- "1.27.3"
- "1.28.0"
- "1.29.0"
env:
KUBECONFIG: /tmp/kubeconfig
KUBERNETES_VERSION: ${{ matrix.KUBERNETES_VERSIONS }}
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
# We set bash as the default shell (instead of dash) because the kuttl
# test steps require bash, but the "script" directive executes them as "sh
# -c ..."
- name: Set bash as default shell
run: |
sudo ln -s bash /bin/sh.bash && sudo mv /bin/sh.bash /bin/sh
sudo ln -s bash /usr/bin/sh.bash && sudo mv /usr/bin/sh.bash /usr/bin/sh
- name: Install kubectl
run: |
curl -fsSLO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
sudo install ./kubectl /usr/local/bin/
kubectl version --client
kubectl version --client | grep -q ${KUBERNETES_VERSION}
- name: Install helm
run: make helm
- name: Install kind
run: |
curl -fsSL -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
sudo install ./kind /usr/local/bin && rm kind
kind version
kind version | grep -q ${KIND_VERSION}
- name: Create Kubernetes cluster
run: |
./hack/setup-kind-cluster.sh "${KUBERNETES_VERSION}"
- name: Start MinIO
run: |
./hack/run-minio.sh
- name: Start MinIO w/ TLS
run: |
MINIO_NAMESPACE=minio-tls MINIO_USE_TLS=1 ./hack/run-minio.sh
- name: Load operator container artifact
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with:
name: volsync-operator
path: /tmp
- name: Import container image into cluster
run: |
docker load -i /tmp/image.tar
docker inspect ${OPERATOR_IMAGE}
docker tag ${OPERATOR_IMAGE} ${OPERATOR_IMAGE}:ci-build
kind load docker-image "${OPERATOR_IMAGE}:ci-build"
- name: Start operator
run: |
helm install --create-namespace -n volsync-system \
--set image.tag=ci-build \
--set rclone.tag=ci-build \
--set rsync.tag=ci-build \
--set rsync-tls.tag=ci-build \
--set restic.tag=ci-build \
--set syncthing.tag=ci-build \
--wait --timeout=300s \
volsync-ghaction ./helm/volsync
- name: Load cli artifact
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with:
name: kubectl-volsync
path: bin
- name: Make cli executable
run: chmod a+x bin/kubectl-volsync
- name: Ensure MinIO is ready
run: kubectl -n minio wait --for=condition=Available --timeout=300s deploy/minio
- name: Setup Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: '3.10'
cache: 'pipenv'
- name: Install e2e prereqs
run: make test-e2e-install
- name: Run e2e tests
env:
BATCHES: 2
run: make test-e2e
# This is a dummy job that can be used to determine success of CI:
# - by Mergify instead of having to list a bunch of other jobs
# - by the push jobs to ensure all pre-reqs pass before ANY containers are
# pushed.
e2e-success:
name: Successful e2e tests
needs: [e2e, lint, generated-files-check, test-operator, build-scorecard]
runs-on: ubuntu-22.04
steps:
- name: Success
run: echo "Previous steps were successful"
# This is a dummy job that gates whether the container image artifacts should
# be pushed to the registry. It is only here so that the "if" clause doesn't
# need to be repeated for each push job.
push-gate:
name: Containers should be pushed
needs: e2e-success
if: >
(github.event_name == 'push' || github.event_name == 'workflow_dispatch') &&
(github.ref == 'refs/heads/main' ||
startsWith(github.ref, 'refs/heads/release-') ||
startsWith(github.ref, 'refs/tags/v'))
runs-on: ubuntu-22.04
steps:
- name: No-op
run: /bin/true
# The operator images are specified directly because the env context isn't
# available in the job.with.
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idwithinput_id
push-operator:
name: Push operator container to registry
needs: push-gate
uses: ./.github/workflows/registry-push.yml
with:
artifact-name: volsync-operator
image-name: quay.io/backube/volsync
secrets:
registry-username: ${{ secrets.REGISTRY_USERNAME }}
registry-password: ${{ secrets.REGISTRY_PASSWORD }}
push-scorecard:
name: Push custom scorecard container to registry
needs: push-gate
uses: ./.github/workflows/registry-push.yml
with:
artifact-name: volsync-custom-scorecard-tests-container
image-name: quay.io/backube/volsync-custom-scorecard-tests
secrets:
registry-username: ${{ secrets.REGISTRY_USERNAME }}
registry-password: ${{ secrets.REGISTRY_PASSWORD }}