Skip to content

E2E Nightly Fleet

E2E Nightly Fleet #139

# Nightly workflow tests more k8s versions than the e2e-ci workflow for PR does
name: E2E Nightly Fleet
on:
schedule:
# Run everyday day at 7:00 AM
- cron: '0 7 * * *'
env:
GOARCH: amd64
CGO_ENABLED: 0
SETUP_K3D_VERSION: 'v5.7.4'
jobs:
e2e-fleet-nightly-test:
runs-on: runs-on,runner=8cpu-linux-x64,mem=16,run-id=${{ github.run_id }}
strategy:
matrix:
k3s_version:
# k3d version list k3s | sed 's/+/-/' | sort -h
# https://hub.docker.com/r/rancher/k3s/tags
- v1.31.1-k3s1
- v1.27.5-k3s1
- v1.27.16-k3s1
test_type:
- acceptance
- e2e-secrets
- e2e-nosecrets
steps:
-
uses: actions/checkout@v4
with:
fetch-depth: 0
-
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
check-latest: true
-
name: Install Ginkgo CLI
run: go install github.com/onsi/ginkgo/v2/ginkgo
-
name: Install crust-gather CLI
run: curl -sSfL https://github.com/crust-gather/crust-gather/raw/main/install.sh | sh -s -- --yes
-
name: Build Fleet Binaries
run: |
./.github/scripts/build-fleet-binaries.sh
cd e2e/testenv/infra
go build
-
name: Build Docker Images
run: |
./.github/scripts/build-fleet-images.sh
DOCKER_BUILDKIT=1 docker build -f e2e/assets/gitrepo/Dockerfile.gitserver -t nginx-git:test --build-arg="passwd=$(openssl passwd foo)" e2e/assets/gitrepo
-
name: Install k3d
run: curl --silent --fail https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=${{ env.SETUP_K3D_VERSION }} bash
-
name: Provision k3d Cluster
run: |
k3d cluster create upstream --wait \
--agents 1 \
--network "nw01" \
--image docker.io/rancher/k3s:${{matrix.k3s_version}}
-
name: Import Images Into k3d
run: |
./.github/scripts/k3d-import-retry.sh rancher/fleet:dev rancher/fleet-agent:dev nginx-git:test -c upstream
-
name: Deploy Fleet
run: |
SHARDS='[{"id":"shard0"},{"id":"shard1"},{"id":"shard2"}]' ./.github/scripts/deploy-fleet.sh
-
name: Create Zot certificates for OCI tests
if: ${{ matrix.test_type == 'e2e-nosecrets' }}
env:
FLEET_E2E_NS: fleet-local
run: |
# Generate cert and key for TLS
./.github/scripts/create-zot-certs.sh "FleetCI-RootCA"
-
name: E2E Tests
if: ${{ matrix.test_type == 'e2e-nosecrets' }}
env:
FLEET_E2E_NS: fleet-local
# Git and OCI credentials are here used in a local, ephemeral environment. Leaks would be harmless.
GIT_HTTP_USER: "fleet-ci"
GIT_HTTP_PASSWORD: "foo"
CI_OCI_USERNAME: "fleet-ci"
CI_OCI_PASSWORD: "foo"
HELM_PATH: /usr/local/bin/helm
run: |
export CI_OCI_CERTS_DIR="$(git rev-parse --show-toplevel)/FleetCI-RootCA"
# 1. Run test cases not needing infra
ginkgo --github-output --label-filter='!infra-setup' e2e/single-cluster e2e/keep-resources
# 2. Run tests for metrics
ginkgo --github-output e2e/metrics
SHARD=shard1 ginkgo --github-output e2e/metrics
# 3. Run tests requiring only the git server
e2e/testenv/infra/infra setup --git-server=true
ginkgo --github-output --label-filter='infra-setup && !helm-registry && !oci-registry' e2e/single-cluster/
# 4. Run tests requiring a Helm registry
e2e/testenv/infra/infra setup --helm-registry=true
ginkgo --github-output --label-filter='helm-registry' e2e/single-cluster
e2e/testenv/infra/infra teardown --helm-registry=true
# 5. Run tests requiring an OCI registry
e2e/testenv/infra/infra setup --oci-registry=true
ginkgo --github-output --label-filter='oci-registry' e2e/single-cluster
# 6. Tear down all infra
e2e/testenv/infra/infra teardown
-
name: Acceptance Tests for Examples
if: ${{ matrix.test_type == 'acceptance' }}
env:
FLEET_E2E_NS: fleet-local
run: |
ginkgo --github-output e2e/acceptance/single-cluster-examples
-
name: Fleet Tests Requiring Github Secrets
if: ${{ matrix.test_type == 'e2e-secrets' }}
env:
FLEET_E2E_NS: fleet-local
GIT_REPO_URL: "[email protected]:fleetrepoci/test.git"
GIT_REPO_HOST: "github.com"
GIT_REPO_USER: "git"
GIT_REPO_BRANCH: ${{ matrix.k3s_version }}
CI_OCI_USERNAME: ${{ secrets.CI_OCI_USERNAME }}
CI_OCI_PASSWORD: ${{ secrets.CI_OCI_PASSWORD }}
run: |
export GIT_SSH_KEY="$GITHUB_WORKSPACE/id_ecdsa"
export GIT_SSH_PUBKEY="$GITHUB_WORKSPACE/id_ecdsa.pub"
echo "${{ secrets.CI_SSH_KEY }}" > "$GIT_SSH_KEY"
echo "${{ secrets.CI_SSH_PUBKEY }}" > "$GIT_SSH_PUBKEY"
ginkgo --github-output e2e/require-secrets
-
name: Upload Logs
uses: actions/upload-artifact@v4
if: failure()
with:
name: gha-nightly-e2e-logs-${{ github.sha }}-${{ matrix.k3s_version }}-${{ matrix.test_type }}-${{ github.run_id }}
path: |
tmp/upstream
retention-days: 2