.github/workflows: backport e2e workflows

This commit backports the e2e workflows from the mani branch as we move from prow jobs to these. Signed-off-by: Vincent Demeester <[email protected]>
tektoncd · Dec 20, 2024 · 45b4ddd · 45b4ddd
1 parent ea3ea29
commit 45b4ddd
Show file tree

Hide file tree

Showing 4 changed files with 261 additions and 0 deletions.
diff --git a/.github/workflows/chatops_retest.yaml b/.github/workflows/chatops_retest.yaml
@@ -0,0 +1,81 @@
+# The _chatops_retest workflow reruns failed GHA for a PR
+#
+# This workflow is triggered by leaving a "/retest" comment on
+# a pull request. If the required preconditions are met, it will
+# rerun failed GitHub actions checks on that PR
+#
+# Condition for the "/retest" command are:
+# - either the issuer is a maintainer
+# - or the issuer is the owner the PR
+
+name: Rerun Failed Actions
+on:
+  repository_dispatch:
+    types: [retest-command]
+
+jobs:
+  retest:
+    name: Rerun Failed Actions
+    runs-on: ubuntu-latest
+    steps:
+    - name: Show Environment Variables
+      run: env
+    - name: Show Github Object
+      run: |
+        cat <<'EOF'
+        ${{ toJson(github) }}
+        EOF
+    - name: Show Github Event Path Json
+      run: 'cat $GITHUB_EVENT_PATH || true'
+    - name: Rerun Failed Actions
+      run: |
+        echo '::group:: Get the PR commit sha'
+        # Get the sha of the HEAD commit in the PR
+        GITHUB_COMMIT_SHA=$(gh api $(echo ${GITHUB_PULL_URL#https://api.github.com/}) | \
+            jq -r .head.sha)
+        echo GITHUB_COMMIT_SHA=${GITHUB_COMMIT_SHA}
+        echo '::endgroup::'
+
+        echo '::group:: Get the list of run IDs'
+        # Get a list of run IDs
+        RUN_IDS=$(gh api repos/${GITHUB_REPO}/commits/${GITHUB_COMMIT_SHA}/check-runs | \
+            jq -r '.check_runs[] | select(.name != "Rerun Failed Actions") | .html_url | capture("/runs/(?<number>[0-9]+)/job") | .number' | \
+            sort -u)
+        echo RUN_IDS=${RUN_IDS}
+        echo '::endgroup::'
+
+        echo '::group:: Rerun failed runs'
+        # For each run, retrigger faild jobs
+        for runid in ${RUN_IDS}; do
+            echo Restarting run ${runid} for commit ${GITHUB_COMMIT_SHA}
+            gh run \
+                --repo ${GITHUB_REPO} \
+                rerun ${runid} \
+                --failed || true
+        done
+        echo '::endgroup::'
+      env:
+        GITHUB_TOKEN: ${{ secrets.CHATOPS_TOKEN }}
+        GITHUB_REPO: ${{ github.event.client_payload.github.payload.repository.full_name }}
+        GITHUB_PULL_URL: ${{ github.event.client_payload.github.payload.issue.pull_request.url }}
+
+    - name: Create comment
+      if: ${{ failure() && steps.landStack.outcome == 'failure' }}
+      uses: peter-evans/create-or-update-comment@v4
+      with:
+        token: ${{ secrets.CHATOPS_TOKEN }}
+        repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
+        issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
+        body: |
+          Something went wrong with your `/${{ github.event.client_payload.slash_command.command }}` command: [please check the logs][1].
+
+          [1]: ${{ steps.vars.outputs.run-url }}
+
+    - name: Add reaction
+      if: ${{ success() }}
+      uses: peter-evans/create-or-update-comment@v4
+      with:
+        token: ${{ secrets.CHATOPS_TOKEN }}
+        repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
+        comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
+        reactions: hooray
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,29 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+        with:
+          fail-on-severity: low
diff --git a/.github/workflows/e2e-matrix.yml b/.github/workflows/e2e-matrix.yml
@@ -0,0 +1,110 @@
+name: Tekton Integration
+# Adapted from https://github.com/mattmoor/mink/blob/master/.github/workflows/minkind.yaml
+
+on:
+  pull_request:
+    branches: [ main ]
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  e2e-tests:
+    name: e2e tests
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false # Keep running if one leg fails.
+      matrix:
+        k8s-name:
+        - k8s-oldest
+        - k8s-plus-one
+
+        feature-flags:
+        - stable
+        - beta
+        - alpha
+        # - prow-feature-flags  - this is tested today as a periodic job, but we could integrate it here
+
+        include:
+        - k8s-name: k8s-oldest
+          k8s-version: v1.28.x
+        - k8s-name: k8s-plus-one
+          k8s-version: v1.29.x
+        - feature-flags: stable
+          env-file: prow
+        - feature-flags: alpha
+          env-file: prow-alpha
+        - feature-flags: beta
+          env-file: prow-beta
+    env:
+      GOPATH: ${{ github.workspace }}
+      GO111MODULE: on
+      KO_DOCKER_REPO: registry.local:5000/tekton
+      CLUSTER_DOMAIN: c${{ github.run_id }}.local
+      ARTIFACTS: ${{ github.workspace }}/artifacts
+
+    steps:
+    - name: Check out code onto GOPATH
+      uses: actions/checkout@v4
+      with:
+        path: ${{ github.workspace }}/src/github.com/tektoncd/pipeline
+
+
+    - name: Set up Go 1.22
+      uses: actions/setup-go@v5
+      with:
+        go-version: 1.22.5
+
+    - name: Install Dependencies
+      working-directory: ./
+      run: |
+        echo '::group:: install ko'
+        curl -L https://github.com/ko-build/ko/releases/download/v0.15.4/ko_0.15.4_Linux_x86_64.tar.gz | tar xzf - ko
+        chmod +x ./ko
+        sudo mv ko /usr/local/bin
+        echo '::endgroup::'
+
+        echo '::group:: install go-junit-report'
+        go install github.com/jstemmer/[email protected]
+        echo '::endgroup::'
+
+        echo '::group:: created required folders'
+        mkdir -p "${ARTIFACTS}"
+        echo '::endgroup::'
+
+        echo "${GOPATH}/bin" >> "$GITHUB_PATH"
+
+    - name: Run tests
+      working-directory: ${{ github.workspace }}/src/github.com/tektoncd/pipeline
+      run: |
+        ./hack/setup-kind.sh \
+          --registry-url $(echo ${KO_DOCKER_REPO} | cut -d'/' -f 1) \
+          --cluster-suffix c${{ github.run_id }}.local \
+          --nodes 3 \
+          --k8s-version ${{ matrix.k8s-version }} \
+          --e2e-script ./test/e2e-tests.sh \
+          --e2e-env ./test/e2e-tests-kind-${{ matrix.env-file }}.env
+
+    - name: Upload test results
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.k8s-version }}-${{ matrix.feature-flags }}
+        path: ${{ env.ARTIFACTS }}
+
+    - uses: chainguard-dev/actions/kind-diag@main
+      if: ${{ failure() }}
+      with:
+        artifact-name: ${{ matrix.k8s-version }}-${{ matrix.feature-flags }}-logs
+
+    - name: Dump Artifacts
+      if: ${{ failure() }}
+      run: |
+        if [[ -d ${{ env.ARTIFACTS }} ]]; then
+          cd ${{ env.ARTIFACTS }}
+          for x in $(find . -type f); do
+            echo "::group:: artifact $x"
+            cat $x
+            echo '::endgroup::'
+          done
+        fi
diff --git a/.github/workflows/slash.yml b/.github/workflows/slash.yml
@@ -0,0 +1,41 @@
+# The slash workflow handles slash commands
+#
+# Slash commands are given through comments on pull requests
+# and may be used only by individuals with "write" access to
+# the repository (i.e. maintainers).
+#
+# Slash commands must be placed at the very beginning of the
+# first line of a comment. More details are available in the
+# action docs: https://github.com/peter-evans/slash-command-dispatch/tree/main?tab=readme-ov-file#how-comments-are-parsed-for-slash-commands
+#
+# The workflow looks for and dispatches to another workflow
+# named <command>-command which must exist in the repository.
+#
+# Supported commands:
+# - /land: invokes the land-command workflow, to land (merge) PRs
+#          stacked through ghstack
+#
+# When a command is recognised, the rocket and eyes emojis are added
+
+name: Slash Command Routing
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  check_comments:
+    runs-on: ubuntu-latest
+    steps:
+    - name: route-land
+      uses: peter-evans/slash-command-dispatch@v4
+      with:
+        token: ${{ secrets.CHATOPS_TOKEN }}
+        config: >
+          [
+            {
+              "command": "retest",
+              "permission": "write",
+              "issue_type": "pull-request",
+              "repository": "tektoncd/pipeline"
+            }
+          ]