Don't give read permission to the entire objects directory #569
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Linting and deployment test on K3S | |
on: | |
push: | |
branches: | |
- master | |
- anvil | |
pull_request: {} | |
workflow_dispatch: {} | |
jobs: | |
linting: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Kubectl | |
run: curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" && chmod +x ./kubectl && sudo mv ./kubectl /usr/local/bin/kubectl && kubectl version || true | |
- name: Install Helm | |
run: curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Helm dep update | |
run: cd galaxy/ && helm dep update && cd .. | |
- name: Helm linting | |
run: helm lint galaxy/ | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Helm | |
run: curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Helm dep update | |
run: cd galaxy/ && helm dep update && cd .. | |
- name: Start k8s locally | |
uses: jupyterhub/action-k3s-helm@v3 | |
with: | |
k3s-version: v1.28.7+k3s1 # releases: https://github.com/k3s-io/k3s/tags | |
metrics-enabled: false | |
traefik-enabled: false | |
- name: Verify function of k8s, kubectl, and helm | |
run: | | |
echo "kubeconfig: $KUBECONFIG" | |
kubectl version | |
kubectl get pods --all-namespaces | |
helm version | |
helm list | |
- name: Helm repo add galaxy | |
run: helm repo add galaxy https://github.com/CloudVE/helm-charts/raw/master | |
- name: Helm install Galaxy | |
run: time bash -c 'helm install --create-namespace -n galaxy galaxy ./galaxy --set persistence.accessMode="ReadWriteOnce" --set resources.requests.memory=0Mi,resources.requests.cpu=0m,cvmfs.cvmfscsi.cache.alien.enabled=false --wait --timeout=1200s' | |
- name: Get events | |
run: kubectl get events -n galaxy; kubectl get events -n csi-drivers; | |
if: always() | |
- name: Get pods, pvc, and pv | |
run: kubectl get pods -n galaxy; kubectl get pvc -n galaxy; kubectl get pv -n galaxy | |
if: always() | |
- name: Print web handler log | |
run: bash -c "kubectl logs -n galaxy $(kubectl -n galaxy get pods | grep -o '[^ ]*galaxy-web[^ ]*')" | |
if: always() | |
- name: Print job handler log | |
run: bash -c "kubectl logs -n galaxy $(kubectl -n galaxy get pods | grep -o '[^ ]*galaxy-job[^ ]*')" | |
if: always() | |
- name: Print workflow handler log | |
run: bash -c "kubectl logs -n galaxy $(kubectl -n galaxy get pods | grep -o '[^ ]*galaxy-workflow[^ ]*')" | |
if: always() |