-
Notifications
You must be signed in to change notification settings - Fork 14
163 lines (163 loc) · 4.96 KB
/
itest-gha.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
name: "Fink-broker e2e workflow (noscience, GHA)"
on:
push:
pull_request:
branches:
- master
env:
CIUXCONFIG: /tmp/ciux.sh
CIUX_VERSION: v0.0.1-rc10
GHA_BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
NOSCIENCE: true
MINIMAL: true
jobs:
build:
name: Build image
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version: '1.21.4'
- name: Install ciux
run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
- name: Check dependencies consistency
run: ciux ignite $PWD
- name: Build fink-broker image for k8s
run: |
./build.sh
- name: Export fink-broker image
run: |
docker images
. "$CIUXCONFIG"
. ./conf.sh
mkdir -p artifacts
docker save "$IMAGE" > artifacts/image.tar
echo "$IMAGE" > artifacts/image-tag
- uses: actions/upload-artifact@v2
with:
name: docker-artifact
path: artifacts
integration-tests:
name: Run integration tests
runs-on: ubuntu-22.04
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version: '1.21.4'
- name: Install ciux
run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
- name: Ciux project ignition
run: |
ciux ignite $PWD --itest --branch="$GHA_BRANCH_NAME"
- name: Create k8s/kind cluster
run: |
ktbx install kind
ktbx install kubectl
ktbx create -s
- name: Load fink-alert-simulator image inside kind
run: |
. "$CIUXCONFIG"
. "$FINK_ALERT_SIMULATOR_DIR"/conf.sh
if docker exec -t -- kind-control-plane crictl pull "$IMAGE"; then
echo "::notice Succeeded to pull $IMAGE"
else
echo "::error Failed to pull $IMAGE"
exit 1
fi
- name: Download image
uses: actions/download-artifact@v3
with:
name: docker-artifact
path: artifacts
- name: Load container image inside kind
run: |
kind load image-archive artifacts/image.tar
docker exec -- kind-control-plane crictl image
- name: Install fink-alert-simulator pre-requisites (argoCD)
run: |
. "$CIUXCONFIG"
. "$FINK_ALERT_SIMULATOR_DIR"/prereq-install.sh
- name: Install strimzi (kafka-operator)
run: ./itest/strimzi-install.sh
- name: Setup kafka
run: ./itest/strimzi-setup.sh
- name: Install fink-broker pre-requisites (Spark)
run: ./itest/prereq-install.sh
- name: Install MinIO
run: ./itest/minio-install.sh
- name: Run fink-alert-simulator
run: |
. "$CIUXCONFIG"
"$FINK_ALERT_SIMULATOR_DIR"/argo-submit.sh
argo watch @latest
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
- name: Run fink-broker
run: |
./itest/fink-start.sh
- name: Check results
run: |
./itest/check-results.sh
image-analysis:
name: Analyze image
runs-on: ubuntu-22.04
permissions:
security-events: write
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Download image
uses: actions/download-artifact@v3
with:
name: docker-artifact
path: artifacts
- name: Load image in local registry
run: |
docker load --input artifacts/image.tar
echo "IMAGE=$(cat artifacts/artifacts/image-tag)" >> $GITHUB_ENV
- name: Scan fink-broker image
uses: anchore/scan-action@v3
id: scan
with:
image: "${{ env.IMAGE }}"
fail-build: false
- name: Display SARIF report
run: |
cat ${{ steps.scan.outputs.sarif }}
- name: upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
push:
name: Push fink-broker image to IN2P3 registry
runs-on: ubuntu-22.04
needs: integration-tests
steps:
- name: Download image
uses: actions/download-artifact@v3
with:
name: docker-artifact
path: artifacts
- name: Load image in local registry
run: |
docker load --input artifacts/image.tar
echo "IMAGE=$(cat artifacts/image-tag)" >> $GITHUB_ENV
- name: Login to DockerHub
uses: docker/login-action@v2
with:
registry: gitlab-registry.in2p3.fr
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Push image to IN2P3 registry
run: |
docker push ${{ env.IMAGE }}