-
Notifications
You must be signed in to change notification settings - Fork 14
244 lines (242 loc) · 8.25 KB
/
e2e-common.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
name: "Reusable workflow for Fink self-hosted e2e tests"
on:
workflow_call:
inputs:
suffix:
required: true
type: string
ci_repo:
required: true
type: string
runner:
required: true
type: string
kind_version:
required: true
type: string
secrets:
registry_username:
required: true
registry_token:
required: true
private_registry_username:
required: true
private_registry_token:
required: true
env:
CIUX_VERSION: v0.0.4-rc9
GHA_BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
SUFFIX: ${{ inputs.suffix }}
CI_REPO: ${{ inputs.ci_repo }}
# Override the self-hosted runner value
POD_NAMESPACE: default
jobs:
build:
name: Build image
runs-on: ${{ fromJSON(inputs.runner) }}
outputs:
image: ${{ steps.export.outputs.IMAGE }}
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version: '1.21.4'
- name: Install ciux
run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
- name: Build fink-broker image for k8s
run: |
mkdir -p $HOME/.ciux
./build.sh -s "${{ env.SUFFIX }}" -r "${{ env.CI_REPO }}"
- name: Export fink-broker image
id: export
run: |
# Cannot use CIUXCONFIG because it may not have been created yet
# TODO make it simpler!
$(ciux get image --check $PWD --suffix "${{ env.SUFFIX }}" --tmp-registry "${{ env.CI_REPO }}" --env)
mkdir -p artifacts
if [ $CIUX_BUILD = true ]; then
if [ -n "${{ env.CI_REPO }}" ]; then
echo "Login to CI private registry"
echo ${{ secrets.private_registry_token }} | docker login --username ${{ secrets.private_registry_token }} --password-stdin ${{ env.CI_REPO }}
echo "Pushing image $CIUX_IMAGE_URL to CI private registry"
docker push $CIUX_IMAGE_URL
touch artifacts/empty
else
echo "Export $CIUX_IMAGE_URL to Github artifact store"
docker save "$CIUX_IMAGE_URL" > artifacts/image.tar
fi
else
echo "Using existing image $CIUX_IMAGE_URL"
touch artifacts/empty
fi
echo "IMAGE=$CIUX_IMAGE_URL" >> "$GITHUB_OUTPUT"
- uses: actions/upload-artifact@v4
with:
name: docker-artifact
path: artifacts
integration-tests:
name: Run integration tests
runs-on: ${{ fromJSON(inputs.runner) }}
outputs:
new_image: ${{ steps.promote.outputs.NEW_IMAGE }}
promoted_image: ${{ steps.promote.outputs.PROMOTED_IMAGE }}
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Maximize build space
run: |
echo "Removing unwanted software... "
df -h
sudo rm -rf /usr/share/dotnet
df -h
sudo rm -rf /usr/local/lib/android
df -h
sudo rm -rf /opt/ghc
df -h
sudo rm -rf /opt/hostedtoolcache/CodeQL
df -h
docker image prune --all --force
df -h
- uses: actions/setup-go@v4
with:
go-version: '1.21.4'
- name: Install ciux
run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
- name: Ciux project ignition
run: |
mkdir -p $HOME/.ciux
ciux ignite --selector itest --branch="$GHA_BRANCH_NAME" $PWD --suffix "${{ env.SUFFIX }}" --tmp-registry "${{ env.CI_REPO }}"
- name: Boostrap k8s (kind) cluster
run: |
# Configure private registry if needed
./e2e/kind-config.sh -r "${{ env.CI_REPO }}"
# v0.20.0 does not work on self-hosted runners
./e2e/prereq-install.sh -k "${{ inputs.kind_version }}"
- name: Download image
uses: actions/download-artifact@v4
with:
name: docker-artifact
path: artifacts
- name: Load container image inside kind
run: |
if [ -f artifacts/image.tar ]; then
echo "Loading image from archive"
cluster_name=$(ciux get clustername $PWD)
kind load image-archive artifacts/image.tar --name "$cluster_name"
node=$(kubectl get nodes --selector=node-role.kubernetes.io/control-plane -o jsonpath='{.items[0].metadata.name}')
docker exec -- $node crictl image
else
echo "Using pre-existing image from registry (See "Ciux project ignition" section)"
fi
- name: Run argoCD
run: |
./e2e/argocd.sh
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
# with:
# detached: true
- name: Check results
run: |
./e2e/check-results.sh
- name: Promote fink-broker image
id: promote
run: |
. "$HOME/.ciux/ciux.sh"
echo "PROMOTED_IMAGE=$CIUX_PROMOTED_IMAGE_URL" >> "$GITHUB_OUTPUT"
echo "NEW_IMAGE=$CIUX_BUILD" >> "$GITHUB_OUTPUT"
image-analysis:
name: Analyze image
runs-on: ${{ fromJSON(inputs.runner) }}
permissions:
security-events: write
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Download image
uses: actions/download-artifact@v4
with:
name: docker-artifact
path: artifacts
- name: Load image in local registry
run: |
if [ -f artifacts/image.tar ]; then
echo "Loading image ${{ needs.build.outputs.image }} from archive"
docker load --input artifacts/image.tar
else
echo "Using existing image ${{ needs.build.outputs.image }}"
fi
- name: Scan fink-broker image
uses: anchore/scan-action@v3
id: scan
with:
image: "${{ needs.build.outputs.image }}"
fail-build: false
- name: Display SARIF report
run: |
cat ${{ steps.scan.outputs.sarif }}
- name: upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
push:
env:
NEW_IMAGE: ${{ needs.integration-tests.outputs.new_image }}
IMAGE: ${{ needs.build.outputs.image }}
PROMOTED_IMAGE: ${{ needs.integration-tests.outputs.promoted_image }}
name: Push fink-broker image to IN2P3 registry
runs-on: ${{ fromJSON(inputs.runner) }}
needs: [build, integration-tests]
steps:
- name: Download image
uses: actions/download-artifact@v4
with:
name: docker-artifact
path: artifacts
- name: Load image in local registry
run: |
if [ $NEW_IMAGE = true ]; then
# GHA setup
if [ -f artifacts/image.tar ]; then
echo "Loading image "$IMAGE" from archive"
docker load --input artifacts/image.tar
# Self-hosted runners, new image is stored in the local registry
elif [ -n "$CI_REPO" ]; then
echo "Pulling image "$IMAGE" from $CI_REPO"
docker pull "$IMAGE"
else
echo "Error: no image found"
exit 1
fi
else
echo "Using existing image $IMAGE"
fi
- name: Login to DockerHub
uses: docker/login-action@v2
with:
registry: gitlab-registry.in2p3.fr
username: ${{ secrets.registry_username }}
password: ${{ secrets.registry_token }}
- name: Push image to official registry
run: |
if [ $NEW_IMAGE = true ]; then
echo "Push image $PROMOTED_IMAGE"
docker tag "$IMAGE" "$PROMOTED_IMAGE"
docker push "$PROMOTED_IMAGE"
else
if which skopeo; then
echo "skopeo is already installed"
else
echo "Install skopeo"
sudo apt-get update -y
sudo apt-get install -y skopeo
fi
echo "Add image tag $PROMOTED_IMAGE to $IMAGE"
skopeo copy docker://$IMAGE docker://$PROMOTED_IMAGE
fi