forked from lsst-sqre/phalanx
-
Notifications
You must be signed in to change notification settings - Fork 2
160 lines (134 loc) · 4.91 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: CI
"on":
merge_group: {}
pull_request: {}
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up go
uses: actions/setup-go@v5
with:
go-version: '>=1.22'
- name: Install helm-docs
run: go install github.com/norwoodj/helm-docs/cmd/[email protected]
env:
GOBIN: /usr/local/bin/
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Run pre-commit
uses: pre-commit/[email protected]
test:
runs-on: ubuntu-latest
timeout-minutes: 10
strategy:
matrix:
python:
- "3.11"
- "3.12"
steps:
- uses: actions/checkout@v4
- uses: lsst-sqre/run-tox@v1
with:
python-version: ${{ matrix.python }}
tox-envs: "typing,py,coverage-report"
tox-requirements: requirements/tox.txt
cache-key-prefix: test
helm:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: azure/setup-helm@v4
with:
# Used to query GitHub for the latest Helm release.
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install helm-unittest plugin
run: helm plugin install https://github.com/helm-unittest/helm-unittest
- name: Run helm unittest
run: helm unittest {applications,charts}/*/tests/..
- uses: lsst-sqre/run-tox@v1
with:
python-version: "3.12"
tox-envs: phalanx-lint-change
tox-requirements: requirements/tox.txt
cache-key-prefix: helm
# The minikube job always runs, but it quickly does nothing if no files that
# would affect minikube were changed. This unfortunately requires a lot of
# if conditionals on all the steps of the job, but we need the job to run so
# that we can make it mandatory before merging, which in turn allows us to
# use merge queues.
minikube:
name: Test deploy
runs-on: ubuntu-latest
timeout-minutes: 30
needs: [helm]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Filter paths
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
minikube:
- ".github/workflows/ci.yaml"
- "applications/{argocd,gafaelfawr,ingress-nginx,mobu,postgres,vault-secrets-operator}/Chart.yaml"
- "applications/{argocd,gafaelfawr,ingress-nginx,mobu,postgres,vault-secrets-operator}/templates/**"
- "applications/{argocd,gafaelfawr,ingress-nginx,mobu,postgres,vault-secrets-operator}/values.yaml"
- "applications/{argocd,gafaelfawr,ingress-nginx,mobu,postgres,vault-secrets-operator}/values-minikube.yaml"
- "environments/Chart.yaml"
- "environments/templates/applications/infrastructure/*"
- "environments/values-minikube.yaml"
- "src/phalanx/**"
- name: Download installer dependencies
if: steps.filter.outputs.minikube == 'true'
run: |
curl -sSL -o /tmp/vault.zip https://releases.hashicorp.com/vault/1.15.4/vault_1.15.4_linux_amd64.zip
unzip /tmp/vault.zip
sudo mv vault /usr/local/bin/vault
sudo chmod +x /usr/local/bin/vault
sudo curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.8.6/argocd-linux-amd64
sudo chmod +x /usr/local/bin/argocd
sudo apt-get install socat
- name: Setup Minikube
if: steps.filter.outputs.minikube == 'true'
uses: medyagh/[email protected]
with:
kubernetes-version: "v1.27.3"
cpus: max
memory: 5500m # Linux virtual machines have 7GB of RAM
- name: Test interaction with the cluster
if: steps.filter.outputs.minikube == 'true'
run: kubectl get nodes
- uses: lsst-sqre/run-tox@v1
if: steps.filter.outputs.minikube == 'true'
timeout-minutes: 15
with:
python-version: "3.12"
tox-envs: install
tox-requirements: requirements/tox.txt
tox-posargs: >-
--force-noninteractive
--vault-role-id=${{ secrets.MINIKUBE_VAULT_ROLE_ID }}
--vault-secret-id=${{ secrets.MINIKUBE_VAULT_SECRET_ID }}
minikube
cache-key-prefix: test
- name: Get final list of resources
if: steps.filter.outputs.minikube == 'true'
run: |
kubectl get all -A
kubectl get ingress -A
- name: Wait for all applications to be healthy
timeout-minutes: 15
if: steps.filter.outputs.minikube == 'true'
run: |
argocd app wait -l "argocd.argoproj.io/instance=science-platform" \
--port-forward \
--port-forward-namespace argocd \
--timeout 300