Skip to content

chore(deps): update actions/checkout digest to b4ffde6 #64

chore(deps): update actions/checkout digest to b4ffde6

chore(deps): update actions/checkout digest to b4ffde6 #64

name: Common Library Tests
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
lint:
name: Lint Common
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
helm-version:
- v3.9.4
- v3.10.3
- v3.13.0
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 1
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3
with:
version: ${{ matrix.helm-version }}
- uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
with:
python-version: "3.10"
- name: Set up chart-testing
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
- name: Run chart-testing (lint)
id: lint
run: |
ct lint --config .github/ct-install-config/ct-lint.yaml \
--lint-conf .github/ct-install-config/lint-conf.yaml \
--charts library/common-test \
--debug
unittest:
needs:
- lint
name: Unit Tests
runs-on: ubuntu-22.04
env:
helmUnitVersion: 0.3.0
strategy:
fail-fast: false
matrix:
helm-version:
- v3.9.4
- v3.10.3
- v3.13.0
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 1
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- name: Cache helm plugins
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
with:
path: |
/home/runner/.local/share/helm/plugins/helm-unittest
/tmp/_dist/
key: helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }}
restore-keys: |
helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }}
- name: Run Unittests
shell: bash
run: |
(helm unittest -h > /dev/null) || helm plugin install https://github.com/helm-unittest/helm-unittest --version v${helmUnitVersion} || (sleep 10 && helm plugin install https://github.com/helm-unittest/helm-unittest --version v${helmUnitVersion}) || echo "finished unittest reinstall tries"
# Run tests
cd library/common-test/
helm dependency update
helm unittest -f "tests/**/*.yaml" .
install:
needs:
- lint
name: Install Charts
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# We run tests on k3s version of latest SCALE release and SCALE nightly
k3s-version:
- v1.25.3+k3s1
# We run tests on Helm version of latest SCALE release
helm-version:
- v3.9.4
values:
- basic-values.yaml
- configmap-values.yaml
- secrets-values.yaml
- imagePullSecret-values.yaml
- daemonset-values.yaml
- job-values.yaml
- cron-values.yaml
- statefulset-values.yaml
- persistence-values.yaml
- extra-containers-values.yaml
- rbac-values.yaml
- ingress-values.yaml
- networkPolicy-values.yaml
# TODO: broken
# - codeserver-values.yaml
- netshoot-values.yaml
- metrics-values.yaml
- cnpg-values.yaml
- cnpg-multi-values.yaml
- register-operator-values.yaml
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 1
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
with:
python-version: "3.10"
- name: Set up chart-testing
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
- name: Create k3d cluster - Attempt 1/3
continue-on-error: true
id: createc1
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ matrix.k3s-version }}
# Flags found here https://github.com/k3d-io/k3d
k3d-args: --k3s-arg --disable=metrics-server@server:*
- name: Wait 10 second to retry
if: steps.createc1.outcome=='failure'
run: |
sleep 10
- name: Create k3d cluster - Attempt 2/3
continue-on-error: true
if: steps.createc1.outcome=='failure'
id: createc2
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ matrix.k3s-version }}
# Flags found here https://github.com/k3d-io/k3d
k3d-args: --k3s-arg --disable=metrics-server@server:*
- name: Wait 10 second to retry
if: steps.createc2.outcome=='failure'
run: |
sleep 10
- name: Create k3d cluster - Attempt 3/3
id: createc3
if: steps.createc2.outcome=='failure'
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ matrix.k3s-version }}
# Flags found here https://github.com/k3d-io/k3d
k3d-args: --k3s-arg --disable=metrics-server@server:*
# Install Kail to grab logs from tests, as there are cases ct-install fail to output logs
- name: Install Kail
run: |
export KAIL_VERSION=v0.16.1
wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz
tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz
chmod +x kail
- name: Prep Helm
run: |
helm repo add truecharts https://charts.truecharts.org
helm repo add truecharts-deps https://deps.truecharts.org
helm repo add truecharts-library https://library-charts.truecharts.org
helm repo update
- name: Add Dependencies
run: |
if [[ "${{ matrix.values }}" =~ (metrics|cnpg).*-values.yaml ]]; then
helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
fi
if [[ "${{ matrix.values }}" =~ cnpg.*-values.yaml ]]; then
helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
fi
if [[ "${{ matrix.values }}" =~ ingress.*-values.yaml ]]; then
helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
fi
- name: Run chart-testing (install)
run: |
# Move all ci values on a temp location (or skip if already moved from another matrix job)
mv library/common-test/ci library/common-test/runtests || echo "Nothing to move"
# Move one values.yaml to the correct location to run the test
mv -f library/common-test/runtests/${{ matrix.values }} library/common-test/values.yaml
# Stat kail on the background to grab logs from tests
./kail --ignore-ns kube-system --ignore-ns cert-manager --ignore-ns metallb-system --ignore-ns prometheus-operator >> /tmp/output.log &
# Actually run the test
ct install --config .github/ct-install-config/ct-install.yaml \
--charts library/common-test \
--debug || (echo -e "\n\n--===PODLOGS===--\n\n" && \
cat /tmp/output.log && \
rm -f /tmp/output.log && exit 1)
kill $!
echo -e "\n\n--===PODLOGS===--\n\n"
cat /tmp/output.log
rm -f /tmp/output.log
security:
needs:
- lint
name: Security Scans
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# We run tests on k3s version of latest SCALE release and SCALE nightly
k3s-version:
- v1.25.3+k3s1
# We run tests on Helm version of latest SCALE release
helm-version:
- v3.9.4
values:
- basic-values.yaml
- configmap-values.yaml
- secrets-values.yaml
- imagePullSecret-values.yaml
- daemonset-values.yaml
- job-values.yaml
- cron-values.yaml
- statefulset-values.yaml
- persistence-values.yaml
- extra-containers-values.yaml
- rbac-values.yaml
- networkPolicy-values.yaml
- register-operator-values.yaml
# Runs as root, so test results become obviously red
# - codeserver-values.yaml
# - netshoot-values.yaml
steps:
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 1
- name: build helm deps
run: |
cd library/common-test
helm dependency update
cd -
- name: Add namespace
run: |
echo "namespace: common-test" >> library/common-test/ci/${{ matrix.values }}
- name: Run Security Scan
uses: datreeio/action-datree@main
with:
path: 'library/common-test'
cliArguments: '--ignore-missing-schemas --policy CommonBasic'
isHelmChart: true
helmArguments: '--values library/common-test/ci/${{ matrix.values }}'
security-man:
needs:
- lint
name: Security Scans (manifests)
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# We run tests on k3s version of latest SCALE release and SCALE nightly
k3s-version:
- v1.25.3+k3s1
# We run tests on Helm version of latest SCALE release
helm-version:
- v3.9.4
values:
- ingress-values.yaml
- metrics-values.yaml
# - cnpg-values.yaml
# - cnpg-multi-values.yaml
steps:
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- name: Prep Helm
run: |
helm repo add truecharts https://charts.truecharts.org
helm repo add truecharts-deps https://deps.truecharts.org
helm repo add truecharts-library https://library-charts.truecharts.org
helm repo update
- name: Add Dependencies
run: |
helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 1
- name: build helm deps
run: |
cd library/common-test
helm dependency update
cd -
- name: Run Security Scan
uses: datreeio/action-datree@main
with:
path: 'library/common-test'
cliArguments: '--ignore-missing-schemas --policy ManifestManager'
isHelmChart: true
helmArguments: '--values library/common-test/ci/${{ matrix.values }}'
security-vpn:
needs:
- lint
name: Security Scans (vpn)
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# We run tests on k3s version of latest SCALE release and SCALE nightly
k3s-version:
- v1.25.3+k3s1
# We run tests on Helm version of latest SCALE release
helm-version:
- v3.9.4
values:
- vpn-gluetun-values.yaml
- vpn-tailscale-values.yaml
# Is deprecated and runs as root, skipping for now
# - vpn-openvpn-values.yaml
- vpn-wireguard-values.yaml
steps:
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 1
- name: build helm deps
run: |
cd library/common-test
helm dependency update
cd -
- name: Run Security Scan
uses: datreeio/action-datree@main
with:
path: 'library/common-test'
cliArguments: '--ignore-missing-schemas --policy WithVPN'
isHelmChart: true
helmArguments: '--values library/common-test/ci/${{ matrix.values }}'