DEVOPS-2370 Node 4.10 #935
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: ['main', 'stable/**'] | |
| types: ['opened', 'reopened', 'synchronize'] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| changes: | |
| name: Changes | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| base: ${{ steps.filter.outputs.base }} | |
| go: ${{ steps.filter.outputs.go }} | |
| helm: ${{ steps.filter.outputs.helm }} | |
| smoke: ${{ steps.filter.outputs.smoke }} | |
| runner: ${{ steps.runner.outputs.type }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 | |
| id: filter | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| filters: | | |
| base: | |
| - 'NGINX_BASE' | |
| go: | |
| - '**/*.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'rootfs/**/*' | |
| - 'TAG' | |
| - 'test/e2e/**/*' | |
| - 'NGINX_BASE' | |
| helm: | |
| - 'charts/ingress-nginx/Chart.yaml' | |
| - 'charts/ingress-nginx/**/*' | |
| smoke: | |
| - 'test/smoke/*' | |
| build: | |
| name: Build images | |
| runs-on: ${{ matrix.RUNNER }} | |
| if: | | |
| (needs.changes.outputs.base == 'true' || needs.changes.outputs.go == 'true' || needs.changes.outputs.helm == 'true' || needs.changes.outputs.smoke == 'true') | |
| needs: | |
| - changes | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - ARCH: amd64 | |
| RUNNER: self-hosted-amd64-2cpu | |
| - ARCH: arm64 | |
| RUNNER: self-hosted-arm64-2cpu | |
| env: | |
| ARCH: ${{ matrix.ARCH }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2 | |
| - name: Build controller images | |
| env: | |
| REGISTRY: wallarm | |
| TAG: 1.0.0-dev | |
| USER: runner | |
| run: | | |
| echo "Building controller images ..." | |
| make clean-image build image image-chroot | |
| echo "Building E2E image ..." | |
| make -C test/e2e-image image | |
| docker save -o controller-${{ env.ARCH }}.tar \ | |
| wallarm/ingress-controller:1.0.0-dev \ | |
| wallarm/ingress-controller-chroot:1.0.0-dev \ | |
| nginx-ingress-controller:e2e | |
| - name: Cache controller images | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 | |
| with: | |
| retention-days: 1 | |
| name: controller-${{ env.ARCH }}.tar | |
| path: controller-${{ env.ARCH }}.tar | |
| smoke: | |
| name: Smoke | |
| runs-on: ${{ matrix.RUNNER }} | |
| needs: | |
| - build | |
| - changes | |
| if: | | |
| (needs.changes.outputs.helm == 'true' || needs.changes.outputs.go == 'true' || needs.changes.outputs.smoke == 'true') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| k8s: [v1.23.13, v1.27.1] | |
| ARCH: [amd64, arm64] | |
| include: | |
| - ARCH: amd64 | |
| RUNNER: self-hosted-amd64-1cpu | |
| - ARCH: arm64 | |
| RUNNER: self-hosted-arm64-1cpu | |
| env: | |
| ARCH: ${{ matrix.ARCH }} | |
| KIND_CLUSTER_NAME: kind-${{ matrix.k8s }} | |
| KUBECONFIG: $HOME/.kube/kind-config-${{ matrix.k8s }} | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@cb841f2c86fb6d07cff94fda240828c1abc5ba43 # v2.7.3 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: | | |
| kv-gitlab-ci/data/github/ingress-audit api_token ; | |
| kv-gitlab-ci/data/github/ingress-audit user_secret ; | |
| kv-gitlab-ci/data/github/ingress-audit user_uuid ; | |
| kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_name ; | |
| kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ; | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2 | |
| - name: Load cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Create cluster | |
| run: kind create cluster --image=kindest/node:${{ matrix.k8s }} | |
| - name: Run smoke tests | |
| env: | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_IMAGE_CREATION: true | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| WALLARM_API_HOST: audit.api.wallarm.com # TODO: tmp | |
| WALLARM_API_PRESET: audit # TODO: tmp | |
| CLIENT_ID: "55146" # TODO: tmp | |
| USER_UUID: ${{ steps.secrets.outputs.user_uuid }} | |
| USER_SECRET: ${{ steps.secrets.outputs.user_secret }} | |
| SMOKE_REGISTRY_TOKEN: ${{ steps.secrets.outputs.token_name }} | |
| SMOKE_REGISTRY_SECRET: ${{ steps.secrets.outputs.token_secret }} | |
| ALLURE_UPLOAD_REPORT: true | |
| ALLURE_GENERATE_REPORT: true | |
| ALLURE_TOKEN: ${{ secrets.ALLURE_SERVER_TOKEN }} | |
| ALLURE_ENDPOINT: ${{ secrets.ALLURE_SERVER_URL }} | |
| ALLURE_PROJECT_ID: ${{ secrets.ALLURE_PROJECT_ID }} | |
| ALLURE_ENVIRONMENT_K8S: ${{ matrix.k8s }} | |
| ALLURE_ENVIRONMENT_ARCH: ${{ matrix.ARCH }} | |
| TEST_RC: true | |
| run: | | |
| make kind-smoke-test | |
| chart-testing: | |
| name: Chart testing | |
| runs-on: self-hosted-amd64-2cpu | |
| needs: | |
| - build | |
| - changes | |
| if: needs.changes.outputs.helm == 'true' | |
| env: | |
| ARCH: amd64 | |
| strategy: | |
| matrix: | |
| # "upgrade" is disabled, there is an issue with this mode if values.yaml changed https://github.com/helm/chart-testing/issues/525 | |
| method: [ "install" ] | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@affa6f04da5c2d55e6e115b7d1b044a6b1af8c74 # v2.7.4 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: kv-gitlab-ci/data/github/ingress-audit api_token | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Load cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Create cluster | |
| run: kind create cluster --image=kindest/node:v1.25.8 --config test/e2e/kind.yaml | |
| - name: Run chart testing ${{ matrix.method }} | |
| env: | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_IMAGE_CREATION: true | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| WALLARM_API_PRESET: audit # TODO: tmp | |
| WALLARM_API_HOST: audit.api.wallarm.com # TODO: tmp | |
| CLIENT_ID: "55146" # TODO: tmp | |
| CT_MODE: ${{ matrix.method }} | |
| run: | | |
| kind get kubeconfig > $GITHUB_WORKSPACE/kind-config-kind | |
| export KUBECONFIG=$GITHUB_WORKSPACE/kind-config-kind | |
| make kind-e2e-chart-tests | |
| e2e: | |
| name: E2E | |
| runs-on: self-hosted-amd64-4cpu | |
| needs: | |
| - build | |
| - changes | |
| if: needs.changes.outputs.go == 'true' | |
| env: | |
| ARCH: amd64 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2 | |
| - name: Load controller build cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load controller images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Create cluster | |
| run: kind create cluster --image=kindest/node:v1.25.8 --config test/e2e/kind.yaml | |
| - name: Run e2e tests | |
| env: | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_INGRESS_IMAGE_CREATION: true | |
| SKIP_E2E_IMAGE_CREATION: true | |
| ARCH: amd64 | |
| run: | | |
| kind get kubeconfig > $HOME/.kube/kind-config-kind | |
| make kind-e2e-test | |
| e2e-wallarm: | |
| name: E2E - Wallarm | |
| runs-on: self-hosted-amd64-4cpu | |
| needs: | |
| - changes | |
| - build | |
| if: needs.changes.outputs.go == 'true' | |
| env: | |
| ARCH: amd64 | |
| strategy: | |
| fail-fast: false # TODO: temporary for arm64 new arc testing | |
| matrix: | |
| k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1, v1.28.0] | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@affa6f04da5c2d55e6e115b7d1b044a6b1af8c74 # v2.7.4 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: kv-gitlab-ci/data/github/ingress-audit api_token | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2 | |
| - name: Load controller build cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load controller images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Create cluster ${{ matrix.k8s }} | |
| run: kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml | |
| - name: Run e2e tests | |
| env: | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_INGRESS_IMAGE_CREATION: true | |
| SKIP_E2E_IMAGE_CREATION: true | |
| WALLARM_ENABLED: true | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| WALLARM_API_HOST: audit.api.wallarm.com # TODO: tmp | |
| WALLARM_API_PRESET: audit # TODO: tmp | |
| CLIENT_ID: "55146" # TODO: tmp | |
| run: | | |
| kind get kubeconfig > $HOME/.kube/kind-config-kind | |
| make E2E_NODES=6 kind-e2e-test | |
| scan: | |
| name: Scan images | |
| runs-on: self-hosted-amd64-1cpu | |
| continue-on-error: true | |
| needs: | |
| - changes | |
| - build | |
| if: | | |
| (needs.changes.outputs.base == 'true' || needs.changes.outputs.go == 'true') | |
| env: | |
| ARCH: amd64 | |
| steps: | |
| - name: Load controller build cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load controller images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Scan controller image | |
| uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4 | |
| with: | |
| image: "wallarm/ingress-controller:1.0.0-dev" | |
| fail-build: true | |
| output-format: 'table' | |
| severity-cutoff: 'critical' |