Merge pull request #11 from plotly/upgrade-harbor-2110 #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Chart Tests | |
on: | |
push: | |
branches: | |
- '**' | |
pull_request: | |
branches: | |
- main | |
- release-* | |
- feature/* | |
jobs: | |
chart-tests: | |
runs-on: ubuntu-latest | |
name: chart K8S v${{ matrix.k8sVersion }} (CM v${{ matrix.certManager }}) | |
env: | |
USE_EXISTING_CLUSTER: true | |
operatorNamespace: harbor-operator-ns | |
dockerImage: harbor-operator:dev_test | |
strategy: | |
fail-fast: false | |
matrix: | |
# https://github.com/jetstack/cert-manager/tags | |
certManager: | |
- "1.9.1" | |
# https://snapcraft.io/microk8s | |
k8sVersion: | |
- "1.21.12" | |
- "1.23.6" | |
- "1.24.0" | |
# https://github.com/kubernetes/ingress-nginx/tags | |
ingress: | |
- "1.3.0" | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: 1.18 | |
- uses: azure/setup-kubectl@v3 | |
with: | |
version: 'latest' | |
- name: Cache go mod | |
uses: actions/cache@v2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Prepare memory storage for etcd of kind cluster | |
run: | | |
# Use memory storage for etcd of the kind cluster, see https://github.com/kubernetes-sigs/kind/issues/845 for more info | |
mkdir -p /tmp/lib/etcd | |
sudo mount -t tmpfs tmpfs /tmp/lib/etcd | |
- name: Install Kubernetes v${{ matrix.k8sVersion }} | |
uses: helm/[email protected] | |
with: | |
version: v0.14.0 | |
node_image: kindest/node:v${{ matrix.k8sVersion }} | |
cluster_name: harbor | |
config: .github/kind.yaml | |
- name: Install CertManager v${{ matrix.certManager }} | |
run: | | |
kubectl apply -f "https://github.com/jetstack/cert-manager/releases/download/v${{ matrix.certManager }}/cert-manager.yaml" | |
sleep 5 | |
time kubectl -n cert-manager wait --for=condition=Available deployment --all --timeout 300s | |
- name: Install Ingress | |
run: | | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v${{ matrix.ingress }}/deploy/static/provider/kind/deploy.yaml | |
time kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s | |
- name: build harbor-operator | |
run: | | |
make manifests docker-build IMG=${dockerImage} | |
kind load docker-image ${dockerImage} --name harbor | |
- name: install harbor-operator | |
run: | | |
set -ex | |
make kustomize | |
./bin/kustomize build --reorder legacy config/helm/crds | kubectl create -f - | |
make helm-install NAMESPACE="${operatorNamespace}" IMG=${dockerImage} | |
kubectl -n "${operatorNamespace}" wait --for=condition=Available deployment --all --timeout 300s | |
if ! time kubectl -n ${operatorNamespace} wait --for=condition=Available deployment --all --timeout 300s; then | |
kubectl get all -n ${operatorNamespace} | |
exit 1 | |
fi | |
- name: install harbor | |
run: | | |
export GITHUB_TOKEN=xxx | |
set -ex | |
IP=`hostname -I | awk '{print $1}'` | |
echo "IP=$IP" >> $GITHUB_ENV | |
CORE_HOST=core.$IP.nip.io | |
NOTARY_HOST=notary.$IP.nip.io | |
echo "CORE_HOST=$CORE_HOST" >> $GITHUB_ENV | |
echo "NOTARY_HOST=$NOTARY_HOST" >> $GITHUB_ENV | |
sed -i "s/core.harbor.domain/$CORE_HOST/g" config/samples/harborcluster-minimal/*.yaml | |
sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" config/samples/harborcluster-minimal/*.yaml | |
sed -i "s/core.harbor.domain/$CORE_HOST/g" config/samples/harborcluster-standard/*.yaml | |
sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" config/samples/harborcluster-standard/*.yaml | |
make sample-harborcluster-standard | |
for i in $(seq 1 7);do | |
sleep 30 | |
echo $i | |
kubectl get all | |
done | |
if ! time kubectl wait --for=condition=Ready -l job-type!=minio-init pod --all --timeout 600s && ! time kubectl wait --for=condition=Ready -l job-type!=minio-init pod --all --timeout 60s; then | |
echo install harbor failed | |
kubectl get all | |
for n in $(kubectl get po |grep -v Running|grep -v NAME|awk '{print $1}');do | |
echo describe $n | |
kubectl describe pod $n | |
echo show log $n | |
kubectl logs --tail 100 $n || true | |
done | |
kubectl logs -l control-plane=harbor-operator -n ${operatorNamespace} --tail 100 | |
free -h | |
exit 1 | |
else | |
kubectl get all | |
kubectl get harbor -o wide | |
kubectl get harborcluster -o wide | |
fi | |
free -h | |
- name: test harbor | |
run: | | |
set -ex | |
curl https://$CORE_HOST/api/v2.0/systeminfo -i -k -f | |
sudo mkdir -p /etc/docker/certs.d/$CORE_HOST | |
kubectl get secret sample-public-certificate -o jsonpath='{.data.ca\.crt}' \ | |
| base64 --decode \ | |
| sudo tee /etc/docker/certs.d/$CORE_HOST/harbor_ca.crt | |
# docker login, create image, docker push, docker pull | |
docker login $CORE_HOST -u admin -p Harbor12345 || (kubectl get po;kubectl logs -l goharbor.io/operator-controller=core;exit 1) | |
docker run busybox dd if=/dev/urandom of=test count=10 bs=1MB | |
DOCKERID=`docker ps -l -q` | |
docker commit $DOCKERID $CORE_HOST/library/busybox:test | |
docker push $CORE_HOST/library/busybox:test | |
docker pull $CORE_HOST/library/busybox:test | |
- name: apidb test | |
run: bash .github/scripts/apidb_test.sh | |
env: | |
DOCKER_USER: ${{ secrets.DOCKER_USER }} | |
DOCKER_PWD: ${{ secrets.DOCKER_TOKEN }} | |
CORE_DEPLOYMENT: sample-harbor-harbor-core | |
- name: fetch harbor logs | |
if: ${{ failure() }} | |
run: | | |
mkdir -p /tmp/harbor | |
for name in core jobservice registry registryctl trivy chartmuseum notaryserver notarysigner portal; do \ | |
kubectl logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ | |
done | |
kubectl logs -l "app.kubernetes.io/instance=harbor-database" --all-containers > /tmp/harbor/db.log | |
kubectl logs -l "release=harbor-redis" --all-containers > /tmp/harbor/redis.log | |
ls -l /tmp/harbor | |
- uses: actions/upload-artifact@v2 | |
if: ${{ failure() }} | |
with: | |
name: harbor_chart | |
path: /tmp/harbor | |
- name: fetch logs | |
if: ${{ failure() }} | |
run: | | |
mkdir -p /tmp/logs | |
kind export logs --name harbor /tmp/logs | |
ls -l /tmp/logs | |
- uses: actions/upload-artifact@v2 | |
if: ${{ failure() }} | |
with: | |
name: kind_chart | |
path: /tmp/logs | |
- name: Get logs for debug | |
if: ${{ failure() }} | |
run: | | |
set -x | |
kubectl get all -n "${operatorNamespace}" -o wide | |
kubectl logs -n "${operatorNamespace}" -l 'control-plane=harbor-operator' --all-containers --tail=1000 |