Skip to content

fix(rbac): adds resourceNames (#662) #89

fix(rbac): adds resourceNames (#662)

fix(rbac): adds resourceNames (#662) #89

name: Common Library Tests
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
lint:
name: Lint Common
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
helm-version:
- v3.12.3
- v3.13.3
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 1
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3
with:
version: ${{ matrix.helm-version }}
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
with:
python-version: "3.10"
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Run chart-testing (lint)
id: lint
run: |
ct lint --config .github/ct-install-config/ct-lint.yaml \
--lint-conf .github/ct-install-config/lint-conf.yaml \
--charts library/common-test \
--debug
unittest:
needs:
- lint
name: Unit Tests
runs-on: ubuntu-22.04
env:
helmUnitVersion: 0.3.0
strategy:
fail-fast: false
matrix:
helm-version:
- v3.12.3
- v3.13.3
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 1
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- name: Cache helm plugins
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
with:
path: |
/home/runner/.local/share/helm/plugins/helm-unittest
/tmp/_dist/
key: helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }}
restore-keys: |
helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }}
- name: Run Unittests
shell: bash
run: |
(helm unittest -h > /dev/null) || helm plugin install https://github.com/helm-unittest/helm-unittest --version v${helmUnitVersion} || (sleep 10 && helm plugin install https://github.com/helm-unittest/helm-unittest --version v${helmUnitVersion}) || echo "finished unittest reinstall tries"
# Run tests
cd library/common-test/
helm dependency update
helm unittest -f "tests/**/*.yaml" .
install:
needs:
- lint
name: Install Charts
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# We run tests on k3s version of latest SCALE release and SCALE nightly
k3s-version:
- v1.26
- v1.27
- v1.28
# We run tests on Helm version of latest SCALE, fluxcd and latest helm release
helm-version:
- v3.12.3
- v3.13.3
values:
- basic-values.yaml
- configmap-values.yaml
- secrets-values.yaml
- imagePullSecret-values.yaml
- daemonset-values.yaml
- job-values.yaml
- cron-values.yaml
- statefulset-values.yaml
- persistence-values.yaml
- extra-containers-values.yaml
- rbac-values.yaml
- ingress-values.yaml
- networkPolicy-values.yaml
# TODO: broken
# - codeserver-values.yaml
- netshoot-values.yaml
- metrics-values.yaml
- cnpg-values.yaml
- cnpg-multi-values.yaml
- register-operator-values.yaml
- portal-svc-values.yaml
- portal-ingress-values.yaml
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 1
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
with:
python-version: "3.10"
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Create k3d cluster - Attempt 1/3
continue-on-error: true
id: createc1
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ matrix.k3s-version }}
# Flags found here https://github.com/k3d-io/k3d
k3d-args: --k3s-arg --disable=metrics-server@server:*
- name: Wait 10 second to retry
if: steps.createc1.outcome=='failure'
run: |
sleep 10
- name: Create k3d cluster - Attempt 2/3
continue-on-error: true
if: steps.createc1.outcome=='failure'
id: createc2
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ matrix.k3s-version }}
# Flags found here https://github.com/k3d-io/k3d
k3d-args: --k3s-arg --disable=metrics-server@server:*
- name: Wait 10 second to retry
if: steps.createc2.outcome=='failure'
run: |
sleep 10
- name: Create k3d cluster - Attempt 3/3
id: createc3
if: steps.createc2.outcome=='failure'
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ matrix.k3s-version }}
# Flags found here https://github.com/k3d-io/k3d
k3d-args: --k3s-arg --disable=metrics-server@server:*
# Install Kail to grab logs from tests, as there are cases ct-install fail to output logs
- name: Install Kail
run: |
export KAIL_VERSION=v0.16.1
wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz
tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz
chmod +x kail
- name: Prep Helm
run: |
helm repo add truecharts https://charts.truecharts.org
helm repo add truecharts-deps https://deps.truecharts.org
helm repo add truecharts-library https://library-charts.truecharts.org
helm repo update
- name: Add Dependencies
run: |
if [[ "${{ matrix.values }}" =~ (metrics|cnpg).*-values.yaml ]]; then
helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
fi
if [[ "${{ matrix.values }}" =~ cnpg.*-values.yaml ]]; then
helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
fi
if [[ "${{ matrix.values }}" =~ ingress.*-values.yaml ]]; then
helm install cert-manager truecharts/cert-manager --namespace cert-manager --create-namespace --wait
helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
fi
- name: Run chart-testing (install)
run: |
# Move all ci values on a temp location (or skip if already moved from another matrix job)
mv library/common-test/ci library/common-test/runtests || echo "Nothing to move"
# Move one values.yaml to the correct location to run the test
mv -f library/common-test/runtests/${{ matrix.values }} library/common-test/values.yaml
# Stat kail on the background to grab logs from tests
./kail --ignore-ns kube-system --ignore-ns cert-manager --ignore-ns metallb-system --ignore-ns prometheus-operator >> /tmp/output.log &
# Actually run the test
ct install --config .github/ct-install-config/ct-install.yaml \
--charts library/common-test \
--debug || (echo -e "\n\n--===PODLOGS===--\n\n" && \
cat /tmp/output.log && \
rm -f /tmp/output.log && exit 1)
kill $!
echo -e "\n\n--===PODLOGS===--\n\n"
cat /tmp/output.log
rm -f /tmp/output.log
# security:
# needs:
# - lint
# name: Security Scans
# runs-on: ubuntu-22.04
# strategy:
# fail-fast: false
# matrix:
# # We run tests on k3s version of latest SCALE release and SCALE nightly
# k3s-version:
# - v1.26
# - v1.27
# - v1.28
# # We run tests on Helm version of latest SCALE release
# helm-version:
# - v3.12.3
# - v3.13.3
# values:
# - basic-values.yaml
# - configmap-values.yaml
# - secrets-values.yaml
# - imagePullSecret-values.yaml
# - daemonset-values.yaml
# - job-values.yaml
# - cron-values.yaml
# - statefulset-values.yaml
# - persistence-values.yaml
# - extra-containers-values.yaml
# - rbac-values.yaml
# - networkPolicy-values.yaml
# - register-operator-values.yaml
# # Runs as root, so test results become obviously red
# # - codeserver-values.yaml
# # - netshoot-values.yaml
#
#
# steps:
# - name: Install Helm
# uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
# with:
# version: ${{ matrix.helm-version }}
#
# - name: Checkout
# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
# with:
# fetch-depth: 1
#
# - name: build helm deps
# run: |
# cd library/common-test
# helm dependency update
# cd -
# - name: Add namespace
# run: |
# echo "namespace: common-test" >> library/common-test/ci/${{ matrix.values }}
#
# - name: Run Security Scan
# uses: datreeio/action-datree@main
# with:
# path: 'library/common-test'
# cliArguments: '--ignore-missing-schemas --policy CommonBasic'
# isHelmChart: true
# helmArguments: '--values library/common-test/ci/${{ matrix.values }}'
#
# security-man:
# needs:
# - lint
# name: Security Scans (manifests)
# runs-on: ubuntu-22.04
# strategy:
# fail-fast: false
# matrix:
# # We run tests on k3s version of latest SCALE release and SCALE nightly
# k3s-version:
# - v1.26
# - v1.27
# - v1.28
# # We run tests on Helm version of latest SCALE release
# helm-version:
# - v3.12.3
# - v3.13.3
# values:
# - ingress-values.yaml
# - metrics-values.yaml
# # - cnpg-values.yaml
# # - cnpg-multi-values.yaml
#
# steps:
# - name: Install Helm
# uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
# with:
# version: ${{ matrix.helm-version }}
#
# - name: Prep Helm
# run: |
# helm repo add truecharts https://charts.truecharts.org
# helm repo add truecharts-deps https://deps.truecharts.org
# helm repo add truecharts-library https://library-charts.truecharts.org
# helm repo update
# - name: Add Dependencies
# run: |
# helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
# helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
# helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
#
# - name: Checkout
# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
# with:
# fetch-depth: 1
#
# - name: build helm deps
# run: |
# cd library/common-test
# helm dependency update
# cd -
#
# - name: Run Security Scan
# uses: datreeio/action-datree@main
# with:
# path: 'library/common-test'
# cliArguments: '--ignore-missing-schemas --policy ManifestManager'
# isHelmChart: true
# helmArguments: '--values library/common-test/ci/${{ matrix.values }}'
#
# security-vpn:
# needs:
# - lint
# name: Security Scans (vpn)
# runs-on: ubuntu-22.04
# strategy:
# fail-fast: false
# matrix:
# # We run tests on k3s version of latest SCALE release and SCALE nightly
# k3s-version:
# - v1.26
# - v1.27
# - v1.28
# # We run tests on Helm version of latest SCALE release
# helm-version:
# - v3.12.3
# - v3.13.3
# values:
# - vpn-gluetun-values.yaml
# - vpn-tailscale-values.yaml
# # Is deprecated and runs as root, skipping for now
# # - vpn-openvpn-values.yaml
# - vpn-wireguard-values.yaml
#
# steps:
# - name: Install Helm
# uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
# with:
# version: ${{ matrix.helm-version }}
#
# - name: Checkout
# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
# with:
# fetch-depth: 1
#
# - name: build helm deps
# run: |
# cd library/common-test
# helm dependency update
# cd -
#
# - name: Run Security Scan
# uses: datreeio/action-datree@main
# with:
# path: 'library/common-test'
# cliArguments: '--ignore-missing-schemas --policy WithVPN'
# isHelmChart: true
# helmArguments: '--values library/common-test/ci/${{ matrix.values }}'