fix(rbac): adds resourceNames (#662) #89
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Common Library Tests | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} | |
jobs: | |
lint: | |
name: Lint Common | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
helm-version: | |
- v3.12.3 | |
- v3.13.3 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
fetch-depth: 1 | |
- name: Install Helm | |
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3 | |
with: | |
version: ${{ matrix.helm-version }} | |
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5 | |
with: | |
python-version: "3.10" | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 | |
- name: Run chart-testing (lint) | |
id: lint | |
run: | | |
ct lint --config .github/ct-install-config/ct-lint.yaml \ | |
--lint-conf .github/ct-install-config/lint-conf.yaml \ | |
--charts library/common-test \ | |
--debug | |
unittest: | |
needs: | |
- lint | |
name: Unit Tests | |
runs-on: ubuntu-22.04 | |
env: | |
helmUnitVersion: 0.3.0 | |
strategy: | |
fail-fast: false | |
matrix: | |
helm-version: | |
- v3.12.3 | |
- v3.13.3 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
fetch-depth: 1 | |
- name: Install Helm | |
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
with: | |
version: ${{ matrix.helm-version }} | |
- name: Cache helm plugins | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3 | |
with: | |
path: | | |
/home/runner/.local/share/helm/plugins/helm-unittest | |
/tmp/_dist/ | |
key: helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }} | |
restore-keys: | | |
helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }} | |
- name: Run Unittests | |
shell: bash | |
run: | | |
(helm unittest -h > /dev/null) || helm plugin install https://github.com/helm-unittest/helm-unittest --version v${helmUnitVersion} || (sleep 10 && helm plugin install https://github.com/helm-unittest/helm-unittest --version v${helmUnitVersion}) || echo "finished unittest reinstall tries" | |
# Run tests | |
cd library/common-test/ | |
helm dependency update | |
helm unittest -f "tests/**/*.yaml" . | |
install: | |
needs: | |
- lint | |
name: Install Charts | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
# We run tests on k3s version of latest SCALE release and SCALE nightly | |
k3s-version: | |
- v1.26 | |
- v1.27 | |
- v1.28 | |
# We run tests on Helm version of latest SCALE, fluxcd and latest helm release | |
helm-version: | |
- v3.12.3 | |
- v3.13.3 | |
values: | |
- basic-values.yaml | |
- configmap-values.yaml | |
- secrets-values.yaml | |
- imagePullSecret-values.yaml | |
- daemonset-values.yaml | |
- job-values.yaml | |
- cron-values.yaml | |
- statefulset-values.yaml | |
- persistence-values.yaml | |
- extra-containers-values.yaml | |
- rbac-values.yaml | |
- ingress-values.yaml | |
- networkPolicy-values.yaml | |
# TODO: broken | |
# - codeserver-values.yaml | |
- netshoot-values.yaml | |
- metrics-values.yaml | |
- cnpg-values.yaml | |
- cnpg-multi-values.yaml | |
- register-operator-values.yaml | |
- portal-svc-values.yaml | |
- portal-ingress-values.yaml | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
fetch-depth: 1 | |
- name: Install Helm | |
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
with: | |
version: ${{ matrix.helm-version }} | |
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5 | |
with: | |
python-version: "3.10" | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 | |
- name: Create k3d cluster - Attempt 1/3 | |
continue-on-error: true | |
id: createc1 | |
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
version: ${{ matrix.k3s-version }} | |
# Flags found here https://github.com/k3d-io/k3d | |
k3d-args: --k3s-arg --disable=metrics-server@server:* | |
- name: Wait 10 second to retry | |
if: steps.createc1.outcome=='failure' | |
run: | | |
sleep 10 | |
- name: Create k3d cluster - Attempt 2/3 | |
continue-on-error: true | |
if: steps.createc1.outcome=='failure' | |
id: createc2 | |
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
version: ${{ matrix.k3s-version }} | |
# Flags found here https://github.com/k3d-io/k3d | |
k3d-args: --k3s-arg --disable=metrics-server@server:* | |
- name: Wait 10 second to retry | |
if: steps.createc2.outcome=='failure' | |
run: | | |
sleep 10 | |
- name: Create k3d cluster - Attempt 3/3 | |
id: createc3 | |
if: steps.createc2.outcome=='failure' | |
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
version: ${{ matrix.k3s-version }} | |
# Flags found here https://github.com/k3d-io/k3d | |
k3d-args: --k3s-arg --disable=metrics-server@server:* | |
# Install Kail to grab logs from tests, as there are cases ct-install fail to output logs | |
- name: Install Kail | |
run: | | |
export KAIL_VERSION=v0.16.1 | |
wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz | |
tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz | |
chmod +x kail | |
- name: Prep Helm | |
run: | | |
helm repo add truecharts https://charts.truecharts.org | |
helm repo add truecharts-deps https://deps.truecharts.org | |
helm repo add truecharts-library https://library-charts.truecharts.org | |
helm repo update | |
- name: Add Dependencies | |
run: | | |
if [[ "${{ matrix.values }}" =~ (metrics|cnpg).*-values.yaml ]]; then | |
helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait | |
fi | |
if [[ "${{ matrix.values }}" =~ cnpg.*-values.yaml ]]; then | |
helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait | |
fi | |
if [[ "${{ matrix.values }}" =~ ingress.*-values.yaml ]]; then | |
helm install cert-manager truecharts/cert-manager --namespace cert-manager --create-namespace --wait | |
helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait | |
fi | |
- name: Run chart-testing (install) | |
run: | | |
# Move all ci values on a temp location (or skip if already moved from another matrix job) | |
mv library/common-test/ci library/common-test/runtests || echo "Nothing to move" | |
# Move one values.yaml to the correct location to run the test | |
mv -f library/common-test/runtests/${{ matrix.values }} library/common-test/values.yaml | |
# Stat kail on the background to grab logs from tests | |
./kail --ignore-ns kube-system --ignore-ns cert-manager --ignore-ns metallb-system --ignore-ns prometheus-operator >> /tmp/output.log & | |
# Actually run the test | |
ct install --config .github/ct-install-config/ct-install.yaml \ | |
--charts library/common-test \ | |
--debug || (echo -e "\n\n--===PODLOGS===--\n\n" && \ | |
cat /tmp/output.log && \ | |
rm -f /tmp/output.log && exit 1) | |
kill $! | |
echo -e "\n\n--===PODLOGS===--\n\n" | |
cat /tmp/output.log | |
rm -f /tmp/output.log | |
# security: | |
# needs: | |
# - lint | |
# name: Security Scans | |
# runs-on: ubuntu-22.04 | |
# strategy: | |
# fail-fast: false | |
# matrix: | |
# # We run tests on k3s version of latest SCALE release and SCALE nightly | |
# k3s-version: | |
# - v1.26 | |
# - v1.27 | |
# - v1.28 | |
# # We run tests on Helm version of latest SCALE release | |
# helm-version: | |
# - v3.12.3 | |
# - v3.13.3 | |
# values: | |
# - basic-values.yaml | |
# - configmap-values.yaml | |
# - secrets-values.yaml | |
# - imagePullSecret-values.yaml | |
# - daemonset-values.yaml | |
# - job-values.yaml | |
# - cron-values.yaml | |
# - statefulset-values.yaml | |
# - persistence-values.yaml | |
# - extra-containers-values.yaml | |
# - rbac-values.yaml | |
# - networkPolicy-values.yaml | |
# - register-operator-values.yaml | |
# # Runs as root, so test results become obviously red | |
# # - codeserver-values.yaml | |
# # - netshoot-values.yaml | |
# | |
# | |
# steps: | |
# - name: Install Helm | |
# uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
# with: | |
# version: ${{ matrix.helm-version }} | |
# | |
# - name: Checkout | |
# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
# with: | |
# fetch-depth: 1 | |
# | |
# - name: build helm deps | |
# run: | | |
# cd library/common-test | |
# helm dependency update | |
# cd - | |
# - name: Add namespace | |
# run: | | |
# echo "namespace: common-test" >> library/common-test/ci/${{ matrix.values }} | |
# | |
# - name: Run Security Scan | |
# uses: datreeio/action-datree@main | |
# with: | |
# path: 'library/common-test' | |
# cliArguments: '--ignore-missing-schemas --policy CommonBasic' | |
# isHelmChart: true | |
# helmArguments: '--values library/common-test/ci/${{ matrix.values }}' | |
# | |
# security-man: | |
# needs: | |
# - lint | |
# name: Security Scans (manifests) | |
# runs-on: ubuntu-22.04 | |
# strategy: | |
# fail-fast: false | |
# matrix: | |
# # We run tests on k3s version of latest SCALE release and SCALE nightly | |
# k3s-version: | |
# - v1.26 | |
# - v1.27 | |
# - v1.28 | |
# # We run tests on Helm version of latest SCALE release | |
# helm-version: | |
# - v3.12.3 | |
# - v3.13.3 | |
# values: | |
# - ingress-values.yaml | |
# - metrics-values.yaml | |
# # - cnpg-values.yaml | |
# # - cnpg-multi-values.yaml | |
# | |
# steps: | |
# - name: Install Helm | |
# uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
# with: | |
# version: ${{ matrix.helm-version }} | |
# | |
# - name: Prep Helm | |
# run: | | |
# helm repo add truecharts https://charts.truecharts.org | |
# helm repo add truecharts-deps https://deps.truecharts.org | |
# helm repo add truecharts-library https://library-charts.truecharts.org | |
# helm repo update | |
# - name: Add Dependencies | |
# run: | | |
# helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait | |
# helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait | |
# helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait | |
# | |
# - name: Checkout | |
# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
# with: | |
# fetch-depth: 1 | |
# | |
# - name: build helm deps | |
# run: | | |
# cd library/common-test | |
# helm dependency update | |
# cd - | |
# | |
# - name: Run Security Scan | |
# uses: datreeio/action-datree@main | |
# with: | |
# path: 'library/common-test' | |
# cliArguments: '--ignore-missing-schemas --policy ManifestManager' | |
# isHelmChart: true | |
# helmArguments: '--values library/common-test/ci/${{ matrix.values }}' | |
# | |
# security-vpn: | |
# needs: | |
# - lint | |
# name: Security Scans (vpn) | |
# runs-on: ubuntu-22.04 | |
# strategy: | |
# fail-fast: false | |
# matrix: | |
# # We run tests on k3s version of latest SCALE release and SCALE nightly | |
# k3s-version: | |
# - v1.26 | |
# - v1.27 | |
# - v1.28 | |
# # We run tests on Helm version of latest SCALE release | |
# helm-version: | |
# - v3.12.3 | |
# - v3.13.3 | |
# values: | |
# - vpn-gluetun-values.yaml | |
# - vpn-tailscale-values.yaml | |
# # Is deprecated and runs as root, skipping for now | |
# # - vpn-openvpn-values.yaml | |
# - vpn-wireguard-values.yaml | |
# | |
# steps: | |
# - name: Install Helm | |
# uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
# with: | |
# version: ${{ matrix.helm-version }} | |
# | |
# - name: Checkout | |
# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
# with: | |
# fetch-depth: 1 | |
# | |
# - name: build helm deps | |
# run: | | |
# cd library/common-test | |
# helm dependency update | |
# cd - | |
# | |
# - name: Run Security Scan | |
# uses: datreeio/action-datree@main | |
# with: | |
# path: 'library/common-test' | |
# cliArguments: '--ignore-missing-schemas --policy WithVPN' | |
# isHelmChart: true | |
# helmArguments: '--values library/common-test/ci/${{ matrix.values }}' |