-
Notifications
You must be signed in to change notification settings - Fork 154
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
12 changed files
with
269 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Test Deployments | ||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
branches: | ||
- main | ||
|
||
# cancel older, redundant runs of same workflow on same branch | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
docker-deployments: | ||
name: Test the Docker Deployments | ||
runs-on: ubuntu-latest | ||
env: | ||
ZIGGY_UID: 1001 # let container EUID run-as GHA "runner" user to share cache, etc. | ||
steps: | ||
- name: Shallow checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Install Go | ||
id: setup-go | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version-file: ./go.mod | ||
|
||
- name: Run the Compose Test Script | ||
shell: bash | ||
run: dist/docker-images/ziti-controller/compose.test.bash | ||
env: | ||
ZITI_GO_VERSION: ${{ steps.setup-go.outputs.go-version }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,7 @@ | |
|
||
# get kubectl CLI from a source with Docker Content Trust (DCT) | ||
# FIXME: require DCT at build time | ||
FROM bitnami/kubectl as bitnami-kubectl | ||
FROM bitnami/kubectl AS bitnami-kubectl | ||
|
||
# FIXME: This repo requires terms acceptance and is only available on registry.redhat.io. | ||
# FROM registry.access.redhat.com/openshift4/ose-cli as openshift-cli | ||
|
@@ -21,6 +21,8 @@ ARG TARGETARCH | |
ARG ZUID=2171 | ||
ARG ZGID=2171 | ||
|
||
ARG HOME=/home/ziggy | ||
|
||
### Required OpenShift Labels | ||
LABEL name="openziti/ziti-cli" \ | ||
maintainer="[email protected]" \ | ||
|
@@ -48,16 +50,18 @@ RUN mkdir -p -m0755 /licenses | |
COPY ./LICENSE /licenses/apache.txt | ||
|
||
RUN groupadd --gid ${ZGID} ziggy \ | ||
&& adduser --uid ${ZUID} --gid ${ZGID} --system --home /home/ziggy --shell /bin/bash ziggy \ | ||
&& mkdir -p /home/ziggy \ | ||
&& chown -R ${ZUID}:${ZGID} /home/ziggy \ | ||
&& chmod -R g+rwX /home/ziggy | ||
&& adduser --uid ${ZUID} --gid ${ZGID} --system --home ${HOME} --shell /bin/bash ziggy \ | ||
&& mkdir -p ${HOME} \ | ||
&& chown -R ${ZUID}:${ZGID} ${HOME} \ | ||
&& chmod -R g+rwX ${HOME} | ||
RUN mkdir -p /usr/local/bin | ||
COPY ${ARTIFACTS_DIR}/${TARGETARCH}/${TARGETOS}/ziti /usr/local/bin/ | ||
RUN chmod 0755 /usr/local/bin/ziti | ||
|
||
RUN /usr/local/bin/ziti completion bash > /etc/bash_completion.d/ziti_cli | ||
|
||
USER ziggy | ||
COPY ${DOCKER_BUILD_DIR}/bashrc /home/ziggy/.bashrc | ||
ENV HOME=${HOME} | ||
COPY ${DOCKER_BUILD_DIR}/bashrc ${HOME}/.bashrc | ||
|
||
ENTRYPOINT [ "ziti" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
#!/usr/bin/env bash | ||
|
||
# exec this script from the root directory of the repository to test the Docker deployment | ||
|
||
set -o errexit | ||
set -o nounset | ||
set -o pipefail | ||
set -o xtrace | ||
|
||
cleanup(){ | ||
docker compose --profile test down --volumes --remove-orphans | ||
} | ||
|
||
[[ -s ./go.work ]] && { | ||
echo "ERROR: remove go.work before testing deployment" >&2 | ||
exit 1 | ||
} | ||
|
||
: "${ZIGGY_UID:=$(id -u)}" | ||
: "${ZITI_GO_VERSION:=$(grep -Po '^go\s+\K\d+\.\d+(\.\d+)?$' ./go.mod)}" | ||
|
||
export COMPOSE_FILE=\ | ||
./dist/docker-images/ziti-controller/compose.yml\ | ||
:./dist/docker-images/ziti-controller/compose.test.yml\ | ||
:./dist/docker-images/ziti-router/compose.yml\ | ||
:./dist/docker-images/ziti-router/compose.test.yml \ | ||
ZIGGY_UID \ | ||
ZITI_GO_VERSION \ | ||
ZITI_PWD="ziggypw" \ | ||
ZITI_CTRL_ADVERTISED_ADDRESS="ctrl1.127.21.71.0.sslip.io" \ | ||
ZITI_CONTROLLER_IMAGE="ziti-controller:local" \ | ||
ZITI_ROUTER_IMAGE="ziti-router:local" \ | ||
ZITI_ROUTER_NAME="router1" | ||
|
||
export ZITI_ROUTER_ADVERTISED_ADDRESS="${ZITI_ROUTER_NAME}.127.21.71.0.sslip.io" \ | ||
ZITI_ENROLL_TOKEN="/home/ziggy/.config/ziti/${ZITI_ROUTER_NAME}.jwt" | ||
|
||
mkdir -p ./release/amd64/linux | ||
go build -o ./release/amd64/linux ./... | ||
|
||
docker buildx build \ | ||
--build-arg "DOCKER_BUILD_DIR=./dist/docker-images/ziti-cli" \ | ||
--platform "linux/amd64" \ | ||
--tag "ziti-cli:local" \ | ||
--file "./dist/docker-images/ziti-cli/Dockerfile" \ | ||
--load "$PWD" | ||
|
||
docker buildx build \ | ||
--build-arg "DOCKER_BUILD_DIR=./dist/docker-images/ziti-controller" \ | ||
--build-arg "ZITI_CLI_IMAGE=ziti-cli" \ | ||
--build-arg "ZITI_CLI_TAG=local" \ | ||
--platform "linux/amd64" \ | ||
--tag "${ZITI_CONTROLLER_IMAGE}" \ | ||
--file "./dist/docker-images/ziti-controller/Dockerfile" \ | ||
--load "$PWD" | ||
|
||
docker buildx build \ | ||
--build-arg "DOCKER_BUILD_DIR=./dist/docker-images/ziti-router" \ | ||
--build-arg "ZITI_CLI_IMAGE=ziti-cli" \ | ||
--build-arg "ZITI_CLI_TAG=local" \ | ||
--platform "linux/amd64" \ | ||
--tag "${ZITI_ROUTER_IMAGE}" \ | ||
--file "./dist/docker-images/ziti-router/Dockerfile" \ | ||
--load "$PWD" | ||
|
||
cleanup | ||
|
||
docker compose up ziti-login | ||
|
||
docker compose run --rm --entrypoint=/bin/bash --env ZITI_ROUTER_NAME="${ZITI_ROUTER_NAME}" ziti-login \ | ||
-euxc 'ziti edge create edge-router "${ZITI_ROUTER_NAME}" -to ~ziggy/.config/ziti/"${ZITI_ROUTER_NAME}.jwt"' | ||
|
||
docker compose up ziti-router --detach | ||
|
||
docker compose run --rm quickstart-test | ||
|
||
cleanup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
volumes: | ||
ziti-login: | ||
|
||
services: | ||
ziti-controller: | ||
network_mode: host | ||
networks: !override [] | ||
ports: !override [] | ||
|
||
quickstart-test: | ||
profiles: | ||
- test | ||
depends_on: | ||
ziti-login: | ||
condition: service_completed_successfully | ||
ziti-router: | ||
condition: service_healthy | ||
image: golang:${ZITI_GO_VERSION:-noop}-alpine | ||
# networks: | ||
# - quickstart | ||
# run as the same user as the host, so we can use the host's GOCACHE | ||
user: ${ZIGGY_UID:-2171} | ||
network_mode: host | ||
volumes: | ||
# mount the parent dir of the quickstart, which is the top-level of the ziti repo working copy, as /mnt, so we can | ||
# run the tests in the "edge" Go package | ||
- ../../../:/mnt | ||
# re-run tests if significant changes from last result in GOCACHE | ||
- ${GOCACHE:-${HOME}/.cache/go-build}:/.cache/go-build | ||
# re-download dep packages if significant changes from last download in GOPATH | ||
- ${GOPATH:-${HOME}/go}:/go | ||
working_dir: /mnt | ||
environment: | ||
# verbose, tests tagged 'quickstart && manual', manual means test an existing network, don't run a network inside | ||
# the test process | ||
GOFLAGS: "-tags=quickstart,manual" | ||
GOCACHE: /.cache/go-build | ||
GOPATH: /go | ||
ZITI_PWD: # default "admin" | ||
ZITI_CTRL_ADVERTISED_ADDRESS: ${ZITI_CTRL_ADVERTISED_ADDRESS:-quickstart} | ||
ZITI_CTRL_EDGE_ADVERTISED_ADDRESS: ${ZITI_CTRL_ADVERTISED_ADDRESS:-quickstart} # deprecated by ZITI_CTRL_ADVERTISED_ADDRESS | ||
ZITI_CTRL_EDGE_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-1280} # deprecated by ZITI_CTRL_ADVERTISED_PORT | ||
ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-1280} | ||
ZITI_ROUTER_ADVERTISED_ADDRESS: ${ZITI_CTRL_ADVERTISED_ADDRESS:-quickstart} | ||
ZITI_ROUTER_PORT: ${ZITI_ROUTER_PORT:-3022} | ||
ZITI_ROUTER_NAME: ${ZITI_ROUTER_NAME:-quickstart-router} | ||
command: go test -v ./ziti/cmd/edge/... | ||
|
||
chown-login: | ||
profiles: | ||
- test | ||
image: busybox | ||
command: chown -R ${ZIGGY_UID:-2171} /ziti-login | ||
volumes: | ||
- ziti-login:/ziti-login | ||
|
||
ziti-login: | ||
profiles: | ||
- test | ||
depends_on: | ||
ziti-controller: | ||
condition: service_healthy | ||
chown-login: | ||
condition: service_completed_successfully | ||
image: ${ZITI_CONTROLLER_IMAGE:-docker.io/openziti/ziti-controller} | ||
# run as the same user as the host, so we can write in ~/.config/ziti | ||
user: ${ZIGGY_UID:-2171} | ||
network_mode: host | ||
volumes: | ||
- ziti-controller:/ziti-controller | ||
- ziti-login:/home/ziggy/.config/ziti | ||
entrypoint: | ||
- bash | ||
- -euxc | ||
- | | ||
set -o pipefail | ||
ATTEMPTS=10 | ||
DELAY=3 | ||
until !((ATTEMPTS)) || ziti $${@}; do | ||
(( ATTEMPTS-- )) | ||
echo "Waiting for controller to start" | ||
sleep $${DELAY} | ||
done | ||
command: > | ||
-- edge login | ||
${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-controller}:${ZITI_CTRL_ADVERTISED_PORT:-1280} | ||
--ca=/ziti-controller/pki/root/certs/root.cert | ||
--username=${ZITI_USER:-admin} | ||
--password=${ZITI_PWD:-admin} | ||
--timeout=1 | ||
--verbose |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
services: | ||
ziti-router: | ||
network_mode: host | ||
networks: !override [] | ||
ports: !override [] | ||
volumes: | ||
- ziti-login:/home/ziggy/.config/ziti |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.