Security contact for vulnerability report #535
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Usage: /ok-to-test [k8s-version] | |
# Examples: | |
# /ok-to-test | |
# /ok-to-test v1.18.4 | |
name: e2e | |
on: | |
issue_comment: | |
types: [created] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
if: contains(github.event.issue.html_url, '/pull/') && startsWith(github.event.comment.body, '/ok-to-test') | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Set up QEMU | |
id: qemu | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Checkout pr | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PR_NUMBER: ${{ github.event.issue.number }} | |
run: | | |
curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1 | |
sudo mv bin/hub /usr/local/bin | |
hub pr checkout $PR_NUMBER | |
- name: Login Docker | |
env: | |
DOCKER_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
USERNAME: 1gtm | |
run: | | |
docker login --username ${USERNAME} --password ${DOCKER_TOKEN} | |
- name: Build | |
env: | |
REGISTRY: appscodeci | |
run: | | |
make push | |
config: | |
runs-on: ubuntu-20.04 | |
needs: build | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- id: set-matrix | |
name: Generate test matrix | |
run: | | |
k8s=(v1.20.15 v1.22.15 v1.24.7 v1.26.0) | |
IFS=' ' | |
read -ra COMMENT <<< "${{ github.event.comment.body }}" | |
if [ ! -z ${COMMENT[1]} ]; then | |
k8s=(${COMMENT[1]}) | |
fi | |
matrix=() | |
for x in ${k8s[@]}; do | |
matrix+=( $( jq -n -c --arg x "$x" '{"k8s":$x}' ) ) | |
done | |
# https://stackoverflow.com/a/63046305/244009 | |
function join { local IFS="$1"; shift; echo "$*"; } | |
matrix=$(echo "{"include":[$(join , ${matrix[@]})]}") | |
echo $matrix | |
echo "::set-output name=matrix::$matrix" | |
kubernetes: | |
name: Kubernetes | |
needs: config | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: ${{ fromJson(needs.config.outputs.matrix) }} | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Checkout pr | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PR_NUMBER: ${{ github.event.issue.number }} | |
run: | | |
curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1 | |
sudo mv bin/hub /usr/local/bin | |
hub pr checkout $PR_NUMBER | |
- name: Create Kubernetes ${{ matrix.k8s }} cluster | |
id: kind | |
uses: engineerd/[email protected] | |
with: | |
version: v0.17.0 | |
config: hack/kubernetes/kind.yaml | |
image: kindest/node:${{ matrix.k8s }} | |
- name: Prepare cluster for testing | |
id: local-path | |
env: | |
DOCKER_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
USERNAME: 1gtm | |
REGISTRY_SECRET: regcred | |
run: | | |
echo "waiting for nodes to be ready ..." | |
kubectl wait --for=condition=Ready nodes --all --timeout=5m | |
kubectl get nodes | |
echo | |
kubectl version | |
echo | |
echo "create docker-registry secret" | |
kubectl create secret docker-registry ${REGISTRY_SECRET} --namespace=kube-system --docker-server=https://index.docker.io/v1/ --docker-username=${USERNAME} --docker-password=${DOCKER_TOKEN} | |
- name: Install NFS server dependencies | |
run: | | |
nodes=$(kubectl get nodes -o=jsonpath='{range .items[*]}{.metadata.name}{"\t"}{end}') | |
for i in $nodes | |
do | |
echo "Installing NFS server dependencies in node: $i ...." | |
docker exec $i apt-get update | |
docker exec $i apt-get install -y nfs-kernel-server | |
done | |
- name: Check out installer | |
run: | | |
cd .. | |
git clone https://github.com/stashed/installer.git | |
cd installer | |
git checkout master | |
- name: Run e2e tests | |
env: | |
REGISTRY: appscodeci | |
REGISTRY_SECRET: regcred | |
TEST_CREDENTIALS: ${{ secrets.TEST_CREDENTIALS }} | |
GOOGLE_SERVICE_ACCOUNT_JSON_KEY: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_JSON_KEY }} | |
run: | | |
echo "preparing test credentials" | |
mkdir -p hack/config | |
echo -n "$TEST_CREDENTIALS" > hack/config/.env | |
echo >> hack/config/.env | |
echo "GOOGLE_SERVICE_ACCOUNT_JSON_KEY=$(echo $GOOGLE_SERVICE_ACCOUNT_JSON_KEY)" >> hack/config/.env | |
make install | |
echo | |
sleep 10 | |
make e2e-parallel |