Enforce Pod Security Standard restricted #6240
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Crystal Specs | |
on: | |
push: | |
paths: | |
- '**' | |
- '!**.md' | |
- '!docs/*' | |
- '!doc-lint/*' | |
pull_request: | |
paths: | |
- '**' | |
- '!**.md' | |
- '!docs/*' | |
- '!doc-lint/*' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
tests: | |
name: Fetch Matrix Tests | |
runs-on: [ubuntu-latest] | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- id: set-matrix | |
run: | | |
JSON="{\"include\":[" | |
TEST_ARRAY=$(grep -roP --no-filename 'tags: \K(\[|")(.*)(\]|")' spec/ | tr -d '[],' | tr -s '\n' ' ' | xargs -n1 | sort -u | xargs) | |
TEST_ARRAY=("${TEST_ARRAY[@]/testsuite-config-lifecycle/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/testsuite-microservice/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/testsuite-all/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/disk_fill/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/chaos_container_kill/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/chaos_cpu_hog/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/pod_delete/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/pod_io_stress/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/pod_memory_hog/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/pod_network_latency/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/zombie/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/oran/}") | |
TEST_LIST=$(for i in ${TEST_ARRAY[@]} | |
do | |
echo "{\"spec\":\"$i\"}," | tr -d '\n' | |
done) | |
TEST_LIST="${TEST_LIST%?}" | |
JSON="$JSON$TEST_LIST" | |
JSON="$JSON]}" | |
echo "TESTS: $JSON" | |
echo "matrix=$JSON" >> $GITHUB_OUTPUT | |
spec: | |
name: Crystal Specs | |
needs: [tests] | |
runs-on: [v1.0.0] | |
strategy: | |
fail-fast: false | |
matrix: ${{fromJson(needs.tests.outputs.matrix)}} | |
steps: | |
- name: Cleanup Tmp DIR | |
run: | | |
sudo rm -rf /tmp/* | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Configuration file that can be consumed by the Pod Security Admission Controller | |
run: | | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
mkdir -p /shared/pss | |
cat <<EOF > /shared/pss/cluster-level-pss.$CLUSTER.yaml | |
apiVersion: apiserver.config.k8s.io/v1 | |
kind: AdmissionConfiguration | |
plugins: | |
- name: PodSecurity | |
configuration: | |
apiVersion: pod-security.admission.config.k8s.io/v1 | |
kind: PodSecurityConfiguration | |
defaults: | |
enforce: "restricted" | |
enforce-version: "latest" | |
audit: "restricted" | |
audit-version: "latest" | |
warn: "restricted" | |
warn-version: "latest" | |
exemptions: | |
usernames: [] | |
runtimeClasses: [] | |
namespaces: | |
- kube-system | |
- local-path-storage | |
EOF | |
- name: Mirror Setup | |
run: | | |
source cluster.env | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
nodes: | |
- role: control-plane | |
kubeadmConfigPatches: | |
- | | |
kind: ClusterConfiguration | |
apiServer: | |
extraArgs: | |
admission-control-config-file: /shared/pss/cluster-level-pss.$CLUSTER.yaml | |
extraVolumes: | |
- name: accf | |
hostPath: /shared/pss | |
mountPath: /shared/pss | |
readOnly: false | |
pathType: "DirectoryOrCreate" | |
extraMounts: | |
- hostPath: /shared/pss | |
containerPath: /shared/pss | |
readOnly: false | |
selinuxRelabel: false | |
propagation: None | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] | |
endpoint = ["http://10.200.142.204"] | |
EOF | |
- name: sysctls specs kind config override | |
if: matrix.spec == 'sysctls' | |
run: | | |
source cluster.env | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
# Enabled additional unsafe sysctls to support the negative spec test for sysctls | |
nodes: | |
- role: control-plane | |
kubeadmConfigPatches: | |
- | | |
kind: KubeletConfiguration | |
allowedUnsafeSysctls: ["kernel.msg*"] | |
- | | |
kind: ClusterConfiguration | |
apiServer: | |
extraArgs: | |
admission-control-config-file: /shared/pss/cluster-level-pss.$CLUSTER.yaml | |
extraVolumes: | |
- name: accf | |
hostPath: /shared/pss | |
mountPath: /shared/pss | |
readOnly: false | |
pathType: "DirectoryOrCreate" | |
extraMounts: | |
- hostPath: /shared/pss | |
containerPath: /shared/pss | |
readOnly: false | |
selinuxRelabel: false | |
propagation: None | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] | |
endpoint = ["http://10.200.142.204"] | |
EOF | |
- name: Mirror Override | |
if: startsWith(matrix.spec, 'private_registry_') | |
run: | | |
source cluster.env | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
nodes: | |
- role: control-plane | |
kubeadmConfigPatches: | |
- | | |
kind: ClusterConfiguration | |
apiServer: | |
extraArgs: | |
admission-control-config-file: /shared/pss/cluster-level-pss.$CLUSTER.yaml | |
extraVolumes: | |
- name: accf | |
hostPath: /shared/pss | |
mountPath: /shared/pss | |
readOnly: false | |
pathType: "DirectoryOrCreate" | |
extraMounts: | |
- hostPath: /shared/pss | |
containerPath: /shared/pss | |
readOnly: false | |
selinuxRelabel: false | |
propagation: None | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] | |
endpoint = ["http://10.200.142.204"] | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"] | |
endpoint = ["http://localhost:5000"] | |
EOF | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Create Kind Cluster | |
run: | | |
cat /tmp/cluster.yml | |
source cluster.env | |
echo kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf --retain | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf --retain | |
export KUBECONFIG=$(pwd)/$CLUSTER.conf | |
kubectl get nodes | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Setup CNF-Conformance | |
run: | | |
helm repo add stable https://cncf.gitlab.io/stable | |
git fetch --all --tags --force | |
shards install | |
echo "RUNNER: $RUNNER_NAME" | |
- name: Run Crystal Spec | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DOCKERHUB_USERNAMES: ${{ secrets.DOCKERHUB_USERNAMES }} | |
DOCKERHUB_PASSWORDS: ${{ secrets.DOCKERHUB_PASSWORDS }} | |
DOCKERHUB_EMAIL: ${{ secrets.DOCKERHUB_EMAIL }} | |
IMAGE_REPO: ${{ secrets.IMAGE_REPO }} | |
run: | | |
USERNAME_ARRAY=($DOCKERHUB_USERNAMES) | |
PASSWORD_ARRAY=($DOCKERHUB_PASSWORDS) | |
EMAIL_ARRAY=($DOCKERHUB_EMAIL) | |
IMAGE_ARRAY=($IMAGE_REPO) | |
RANDOMIZER=$(( 0 + $RANDOM % 3 )) | |
export DOCKERHUB_USERNAME=${USERNAME_ARRAY[$RANDOMIZER]} | |
export DOCKERHUB_PASSWORD=${PASSWORD_ARRAY[$RANDOMIZER]} | |
export PROTECTED_DOCKERHUB_USERNAME=$DOCKERHUB_USERNAME | |
export PROTECTED_DOCKERHUB_PASSWORD=$DOCKERHUB_PASSWORD | |
export PROTECTED_DOCKERHUB_EMAIL=${EMAIL_ARRAY[$RANDOMIZER]} | |
export PROTECTED_IMAGE_REPO=${IMAGE_ARRAY[$RANDOMIZER]} | |
source cluster.env | |
export KUBECONFIG=$(pwd)/$CLUSTER.conf | |
until [[ $(kubectl get pods -l app=local-path-provisioner --namespace=local-path-storage -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do | |
echo "Waiting for local-path-storage" | |
sleep 1 | |
done | |
LOCAL_PATH_STORAGE_POD=$(kubectl get pods -l app=local-path-provisioner --namespace=local-path-storage -o jsonpath='{range .items[*]}{.metadata.name}') | |
# until [[ $(kubectl exec -ti $LOCAL_PATH_STORAGE_POD --namespace=local-path-storage -- apk add curl jq) ]]; do | |
# echo "Failed to install packages, retrying" | |
# sleep 1 | |
#done | |
crystal build src/cnf-testsuite.cr | |
./cnf-testsuite setup | |
LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.spec }} -v | |
- name: Delete Cluster | |
if: ${{ always() }} | |
run: | | |
source cluster.env | |
kind export logs --name $CLUSTER /tmp/output-dir | |
kind delete cluster --name $CLUSTER | |
docker container prune -f || true | |
docker volume prune -f || true | |
rm -f /shared/pss/cluster-level-pss.$CLUSTER.yaml /tmp/cluster.yml | |
continue-on-error: true | |
- name: upload artifact | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: log | |
path: /tmp/output-dir | |
chaos: | |
name: Chaos & Oran Tests | |
needs: [tests] | |
runs-on: [ubuntu-22.04] | |
strategy: | |
fail-fast: false | |
matrix: | |
tag: ["pod_delete", "pod_io_stress", "pod_memory_hog", "pod_network_latency", "disk_fill", "pod_network_corruption", "pod_network_duplication", "zombie", "oran"] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Install kubectl | |
run: | | |
wget -O kubectl "https://dl.k8s.io/release/v1.28.3/bin/linux/amd64/kubectl" | |
ls -la | |
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl | |
- name: Create Kind Cluster | |
run: | | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
nodes: | |
- role: control-plane | |
EOF | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
echo kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf --retain | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf --retain | |
export KUBECONFIG=$(pwd)/$CLUSTER.conf | |
kubectl get nodes | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Install Crystal | |
uses: crystal-lang/install-crystal@v1 | |
with: | |
crystal: 1.6.2 | |
- name: Setup CNF-Conformance | |
run: | | |
helm repo add stable https://cncf.gitlab.io/stable | |
git fetch --all --tags --force | |
shards install | |
echo "RUNNER: $RUNNER_NAME" | |
- name: Run Crystal Spec | |
run: | | |
echo "Current path: $(echo pwd)" | |
source cluster.env | |
export KUBECONFIG=$(pwd)/$CLUSTER.conf | |
until [[ $(kubectl get pods -l app=kindnet --namespace=kube-system -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do | |
echo "Waiting for kindnet" | |
sleep 1 | |
done | |
LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.tag }} -v | |
- name: Delete Cluster | |
if: ${{ always() }} | |
run: | | |
source cluster.env | |
kind export logs --name $CLUSTER /tmp/output-dir | |
kind delete cluster --name $CLUSTER | |
docker container prune -f || true | |
docker volume prune -f || true | |
continue-on-error: true | |
- name: upload artifact | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: log | |
path: /tmp/output-dir | |
build: | |
name: Build Release | |
runs-on: ubuntu-latest | |
env: | |
CRYSTAL_IMAGE: "conformance/crystal:1.6.2-alpine" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Build Release | |
run: | | |
docker pull $CRYSTAL_IMAGE | |
docker run --rm -v $PWD:/workspace -w /workspace $CRYSTAL_IMAGE shards install | |
docker run --rm -v $PWD:/workspace -w /workspace $CRYSTAL_IMAGE crystal build --warnings none src/cnf-testsuite.cr --release --static --link-flags '-lxml2 -llzma' | |
- name: upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: release | |
path: cnf-testsuite | |
test_binary_configuration_lifecycle: | |
name: Test Binary Without Source(config_lifecycle) | |
runs-on: [v1.0.0] | |
steps: | |
- name: Cleanup Tmp DIR | |
run: | | |
sudo rm -rf /tmp/* | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Build cnf-testsuite & Create Kind Cluster | |
run: | | |
shards install | |
crystal build src/cnf-testsuite.cr --warnings none | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
nodes: | |
- role: control-plane | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] | |
endpoint = ["http://10.200.142.204"] | |
EOF | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig /tmp/$CLUSTER.conf --retain | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
kubectl get nodes | |
- name: Run Test Suite without source(config_lifecycle) | |
run: | | |
source cluster.env | |
echo "SHARDS_INSTALL_PATH: $SHARDS_INSTALL_PATH" | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
helm repo add stable https://cncf.gitlab.io/stable | |
export DIR=$(uuidgen) | |
echo "Shared DIR: /shared/$DIR" | |
mkdir /shared/$DIR | |
mv cnf-testsuite /shared/$DIR | |
cd /shared/$DIR | |
./cnf-testsuite setup | |
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/${GITHUB_SHA}/example-cnfs/coredns/cnf-testsuite.yml | |
./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml | |
LOG_LEVEL=info ./cnf-testsuite all ~compatibility ~resilience ~reasonable_startup_time ~reasonable_image_size ~platform ~increase_capacity ~decrease_capacity ~install_script_helm ~helm_chart_valid ~helm_chart_published verbose | |
- name: Delete Cluster | |
if: ${{ always() }} | |
run: | | |
source cluster.env | |
kind export logs --name $CLUSTER /tmp/output-dir | |
kind delete cluster --name $CLUSTER | |
docker container prune -f || true | |
docker volume prune -f || true | |
docker network prune -f || true | |
rm -f /tmp/cluster.yml | |
continue-on-error: true | |
- name: upload artifact | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: log | |
path: /tmp/output-dir | |
test_binary_microservice: | |
name: Test Binary Without Source(microservice) | |
runs-on: [v1.0.0] | |
steps: | |
- name: Cleanup Tmp DIR | |
run: | | |
sudo rm -rf /tmp/* | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Build cnf-testsuite & Create Kind Cluster | |
run: | | |
shards install | |
crystal build src/cnf-testsuite.cr --warnings none | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] | |
endpoint = ["http://10.200.142.204"] | |
EOF | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig /tmp/$CLUSTER.conf --retain | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
kubectl get nodes | |
- name: Run Test Suite without source(microservice) | |
run: | | |
source cluster.env | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
helm repo add stable https://cncf.gitlab.io/stable | |
export DIR=$(uuidgen) | |
echo "Shared DIR: /shared/$DIR" | |
mkdir /shared/$DIR | |
mv cnf-testsuite /shared/$DIR | |
cd /shared/$DIR | |
./cnf-testsuite setup | |
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/${GITHUB_SHA}/example-cnfs/coredns/cnf-testsuite.yml | |
./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml | |
LOG_LEVEL=info ./cnf-testsuite all ~resilience ~compatibility ~pod_network_latency ~platform ~increase_capacity ~decrease_capacity ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~install_script_helm ~helm_chart_valid ~helm_chart_published ~rollback ~secrets_used ~immutable_configmap verbose | |
- name: Delete Cluster | |
if: ${{ always() }} | |
run: | | |
source cluster.env | |
kind export logs --name $CLUSTER /tmp/output-dir | |
kind delete cluster --name $CLUSTER | |
docker container prune -f || true | |
docker volume prune -f || true | |
docker network prune -f || true | |
rm -f /tmp/cluster.yml | |
continue-on-error: true | |
- name: upload artifact | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: log | |
path: /tmp/output-dir | |
test_binary_all: | |
name: Test Binary Without Source(all) | |
runs-on: [v1.0.0] | |
steps: | |
- name: Cleanup Tmp DIR | |
run: | | |
sudo rm -rf /tmp/* | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Build cnf-testsuite & Create Kind Cluster | |
run: | | |
shards install | |
crystal build src/cnf-testsuite.cr --warnings none | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] | |
endpoint = ["http://10.200.142.204"] | |
EOF | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig /tmp/$CLUSTER.conf --retain | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
kubectl get nodes | |
- name: Run Test Suite without source(all) | |
run: | | |
source cluster.env | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
helm repo add stable https://cncf.gitlab.io/stable | |
export DIR=$(uuidgen) | |
echo "Shared DIR: /shared/$DIR" | |
mkdir /shared/$DIR | |
mv cnf-testsuite /shared/$DIR | |
cd /shared/$DIR | |
./cnf-testsuite setup | |
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/${GITHUB_SHA}/example-cnfs/coredns/cnf-testsuite.yml | |
./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml | |
LOG_LEVEL=info ./cnf-testsuite all ~resilience ~platform ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~rollback ~secrets_used ~immutable_configmap ~reasonable_startup_time ~reasonable_image_size verbose | |
- name: Delete Cluster | |
if: ${{ always() }} | |
run: | | |
source cluster.env | |
kind export logs --name $CLUSTER /tmp/output-dir | |
kind delete cluster --name $CLUSTER | |
docker container prune -f || true | |
docker volume prune -f || true | |
docker network prune -f || true | |
rm -f /tmp/cluster.yml | |
continue-on-error: true | |
- name: upload artifact | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: log | |
path: /tmp/output-dir | |
release: | |
name: Publish Release | |
needs: [spec, build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: release | |
- name: Make release executable | |
run: chmod +x ./cnf-testsuite | |
- name: Publish Release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
if [ -z "${GITHUB_TOKEN+x}" ]; then | |
exit 0 | |
else | |
./cnf-testsuite upsert_release | |
fi |