HPCC4J-553 Github Actions: Add baremetal test workflow #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: K8s Regression Suite | |
on: | |
pull_request: | |
branches: | |
- "master" | |
- "candidate-*" | |
workflow_dispatch: | |
jobs: | |
test-against-platform: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Setup JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Install K8s | |
uses: balchua/microk8s-actions@v0.3.2 | |
with: | |
channel: '1.26/stable' | |
devMode: 'true' | |
addons: '["dns", "rbac", "hostpath-storage", "registry"]' | |
# Note: IP Address range below is the IP address range that will be made available for load balancers | |
# on the host machine, they aren't actual load balancers so they will not be accessible externally | |
- name: Enable LoadBalancers | |
run: | | |
sudo microk8s enable metallb:10.64.140.43-10.64.140.49 | |
- name: Install JetStack Cert Manager | |
run: | | |
helm repo add jetstack https://charts.jetstack.io | |
helm repo update | |
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml | |
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.11.0 | |
- name: Create Root Certificates | |
run: | | |
echo "[req] | |
default_bits = 2048 | |
default_keyfile = ca.key | |
distinguished_name = dn | |
prompt = no | |
x509_extensions = x509_ca | |
[dn] | |
C = US | |
ST = GA | |
L = Alparetta | |
O = Lexis Nexis Risk | |
OU = Platform Development | |
CN = TestCluster | |
emailAddress = support@lexisnexisrisk.com | |
[x509_ca] | |
basicConstraints=CA:true,pathlen:1" > ca-req.cfg | |
openssl req -x509 -newkey rsa:2048 -nodes -keyout ca.key -sha256 -days 1825 -out ca.crt -config ca-req.cfg | |
kubectl create secret tls hpcc-signing-issuer-key-pair --cert=ca.crt --key=ca.key | |
kubectl create secret tls hpcc-local-issuer-key-pair --cert=ca.crt --key=ca.key | |
sudo keytool -import -trustcacerts -cacerts -storepass changeit -noprompt -alias hpcc-local-issuer -file ca.crt | |
- name: Install HPCC Cluster | |
run: | | |
cat <<EOF > values.yaml | |
certificates: | |
enabled: true | |
dafilesrv: | |
- name: rowservice | |
disabled: false | |
application: stream | |
service: | |
servicePort: 7600 | |
visibility: global | |
- name: direct-access | |
disabled: true | |
application: directio | |
service: | |
servicePort: 7200 | |
visibility: local | |
- name: spray-service | |
application: spray | |
service: | |
servicePort: 7300 | |
visibility: cluster | |
EOF | |
helm repo add hpcc https://hpcc-systems.github.io/helm-chart | |
helm repo update | |
helm install myhpcc hpcc/hpcc -f values.yaml | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
- name: Rebase | |
run: | | |
git config user.email 'hpccsystems@lexisnexisrisk.com' | |
git config user.name 'hpccsystems development' | |
git rebase origin/${{ github.event.pull_request.base.ref }} | |
git log --pretty=one -n 15 | |
- name: Wait for ECLWatch Startup | |
run: | | |
echo "Waiting for ECLWatch startup" && kubectl wait --for=condition=ready pod --timeout=180s -l app=eclwatch | |
echo "Waiting for Rowservice startup" && kubectl wait --for=condition=ready pod --timeout=180s -l server=rowservice | |
echo "Waiting for SQL2ECL startup" && kubectl wait --for=condition=ready pod --timeout=180s -l app=sql2ecl | |
echo "ECLWATCH_IP=$(kubectl get svc eclwatch -o jsonpath='{.spec.clusterIP}')" >> $GITHUB_ENV | |
echo "ROWSERVICE_IP=$(kubectl get svc rowservice -o jsonpath='{.spec.clusterIP}')" >> $GITHUB_ENV | |
echo "SQL_TO_ECL_IP=$(kubectl get svc sql2ecl -o jsonpath='{.spec.clusterIP}')" >> $GITHUB_ENV | |
kubectl get pods | |
kubectl get svc | |
- name: Add Host File Entries | |
run: | | |
sudo -- sh -c -e "echo '${{ env.ECLWATCH_IP }} eclwatch.default' >> /etc/hosts"; | |
sudo -- sh -c -e "echo '${{ env.ROWSERVICE_IP }} rowservice.default' >> /etc/hosts"; | |
sudo -- sh -c -e "echo '${{ env.SQL_TO_ECL_IP }} sql2ecl.default' >> /etc/hosts"; | |
# Notes: | |
# Using keytool -import -cacerts doesn't work as expected, need to specify the cacerts path explicitly | |
# Path changed between JDK 8 & 11, Command for JDK 8: | |
# sudo keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias eclwatch-tls -file cert.der | |
- name: Trust Certs | |
run: | | |
openssl s_client -showcerts -connect eclwatch.default:8010 < /dev/null | openssl x509 -outform DER > cert.der | |
sudo keytool -import -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt -alias eclwatch-tls -file cert.der | |
openssl s_client -showcerts -connect rowservice.default:7600 < /dev/null | openssl x509 -outform DER > cert.der | |
sudo keytool -import -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt -alias dafilesrv-tls -file cert.der | |
openssl s_client -showcerts -connect sql2ecl.default:8510 < /dev/null | openssl x509 -outform DER > cert.der | |
sudo keytool -import -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt -alias sqltoecl-tls -file cert.der | |
# speed things up with caching from https://docs.github.com/en/actions/guides/building-and-testing-java-with-maven | |
- name: Cache Maven packages | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Build with Maven | |
run: mvn -B --activate-profiles jenkins-on-demand -Dmaven.gpg.skip=true -Dmaven.javadoc.skip=true -Dmaven.test.failure.ignore=false -Dhpccconn=https://eclwatch.default:8010 -Dwssqlconn=https://sql2ecl.default:8510 -DHPCC30117=open install |