chore(deps): update aquasec/trivy docker tag to v0.58.0 #1830
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lagoon tests | |
on: pull_request | |
jobs: | |
# runs for lagoon-core, lagoon-remote, lagoon-test | |
test-suite: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
test: | |
- active-standby-kubernetes | |
- api | |
- deploytarget | |
- features-kubernetes | |
- features-kubernetes-2 | |
- features-variables | |
- services | |
- tasks | |
## Re-enable any of these tests in your branch for specific testing | |
## - bitbucket | |
## - bulk-deployment | |
## - drush | |
## - generic | |
## - github | |
## - gitlab | |
## - image-cache | |
## - nginx | |
## - node | |
## - python | |
## - ssh-legacy | |
## - workflows | |
steps: | |
# Continue after getting a shell via: `touch continue` | |
- name: Setup tmate session | |
uses: mxschmitt/action-tmate@e5c7151931ca95bad1c6f4190c730ecf8c7dde48 # v3 | |
timeout-minutes: 1 | |
continue-on-error: true | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
fetch-depth: "0" | |
- name: Set up chart-testing dependencies | |
run: sudo apt-get -y install python3-wheel | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --config ./test-suite-lint.ct.yaml) | |
if [[ "$changed" ]]; then | |
echo "changed=true" >> $GITHUB_OUTPUT | |
echo "$changed" | |
fi | |
- name: Configure node IP in kind-config.yaml | |
if: | | |
(steps.list-changed.outputs.changed == 'true') || | |
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) || | |
(contains(github.event.pull_request.labels.*.name, 'next-release')) | |
run: | | |
docker network create kind | |
LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"') | |
export KIND_NODE_IP=$(echo ${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $1,$2,$3,240}' OFS='.') | |
envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml | |
- name: Create kind cluster | |
uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 | |
if: | | |
(steps.list-changed.outputs.changed == 'true') || | |
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) || | |
(contains(github.event.pull_request.labels.*.name, 'next-release')) | |
with: | |
version: v0.24.0 | |
node_image: kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114 | |
kubectl_version: v1.30.4 | |
config: test-suite.kind-config.yaml | |
- name: Check node IP matches kind configuration | |
if: | | |
(steps.list-changed.outputs.changed == 'true') || | |
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) || | |
(contains(github.event.pull_request.labels.*.name, 'next-release')) | |
run: | | |
LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"') | |
NODE_IP=$(echo ${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $1,$2,$3,240}' OFS='.') | |
echo Checking for NODE_IP "$NODE_IP" | |
grep $NODE_IP test-suite.kind-config.yaml | |
- name: Add dependency chart repos | |
if: | | |
(steps.list-changed.outputs.changed == 'true') || | |
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) || | |
(contains(github.event.pull_request.labels.*.name, 'next-release')) | |
run: | | |
helm repo add harbor https://helm.goharbor.io | |
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx | |
helm repo add stable https://charts.helm.sh/stable | |
helm repo add bitnami https://charts.bitnami.com/bitnami | |
helm repo add amazeeio https://amazeeio.github.io/charts/ | |
helm repo add lagoon https://uselagoon.github.io/lagoon-charts/ | |
helm repo add nats https://nats-io.github.io/k8s/helm/charts/ | |
helm repo add metallb https://metallb.github.io/metallb | |
helm repo add jetstack https://charts.jetstack.io | |
helm repo add jouve https://jouve.github.io/charts/ | |
- name: Install gojq | |
if: | | |
(steps.list-changed.outputs.changed == 'true') || | |
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) || | |
(contains(github.event.pull_request.labels.*.name, 'next-release')) | |
run: | | |
cd /tmp | |
curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.12.16/gojq_v0.12.16_linux_amd64.tar.gz | |
tar -xf ./gojq_v0.12.16_linux_amd64.tar.gz | |
sudo cp /tmp/gojq_v0.12.16_linux_amd64/gojq /usr/local/bin/jq | |
- name: Install kubens and kubectl alias | |
run: | | |
cd /tmp | |
curl -sSLO https://github.com/ahmetb/kubectx/releases/download/v0.9.5/kubens_v0.9.5_linux_x86_64.tar.gz | |
tar -xf ./kubens_v0.9.5_linux_x86_64.tar.gz | |
sudo cp /tmp/kubens /usr/local/bin/kubens | |
sudo ln -s $(which kubectl) /usr/local/bin/kc | |
- name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml (needs-testing) | |
if: | | |
(steps.list-changed.outputs.changed == 'true' && !contains(github.event.pull_request.labels.*.name, 'next-release')) || | |
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) | |
run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] | |
- name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml (next-release) | |
if: | | |
(steps.list-changed.outputs.changed == 'true') && | |
(contains(github.event.pull_request.labels.*.name, 'next-release')) | |
run: | | |
yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' ./charts/lagoon-core/ci/linter-values.yaml ./charts/lagoon-core/ci/testlagoon-main-override.yaml | |
make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main | |
- name: Free up some disk space | |
if: | | |
(steps.list-changed.outputs.changed == 'true') || | |
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) || | |
(contains(github.event.pull_request.labels.*.name, 'next-release')) | |
run: docker system prune -f -a --volumes | |
- name: Run chart-testing (install) on lagoon-test | |
if: | | |
(steps.list-changed.outputs.changed == 'true') || | |
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) || | |
(contains(github.event.pull_request.labels.*.name, 'next-release')) | |
run: | | |
ct lint --config ./test-suite-run.ct.yaml | |
ct install --config ./test-suite-run.ct.yaml --helm-extra-args "--timeout 60m" | |
# the following steps gather various debug information on test failure | |
- name: Inspect lagoon-test pods | |
if: failure() | |
run: | | |
kubectl get pods -A --selector=app.kubernetes.io/name=lagoon-test | |
kubectl describe pods --namespace=lagoon-core --selector=app.kubernetes.io/name=lagoon-test | |
kubectl logs --namespace=lagoon-core --prefix --timestamps --tail=-1 --all-containers --selector=app.kubernetes.io/name=lagoon-test | |
- name: Inspect lagoon-remote and lagoon-build-deploy pods | |
if: failure() | |
run: | | |
kubectl get pods -A -l 'app.kubernetes.io/instance in (lagoon-remote, lagoon-build-deploy)' | |
kubectl describe pods --namespace=lagoon -l 'app.kubernetes.io/instance in (lagoon-remote, lagoon-build-deploy)' | |
kubectl logs --namespace=lagoon --prefix --timestamps --tail=-1 --all-containers -l 'app.kubernetes.io/instance in (lagoon-remote, lagoon-build-deploy)' | |
- name: Inspect lagoon-core pods | |
if: failure() | |
run: | | |
kubectl get pods -A --selector=app.kubernetes.io/instance=lagoon-core | |
kubectl describe pods --namespace=lagoon-core --selector=app.kubernetes.io/instance=lagoon-core | |
kubectl logs --namespace=lagoon-core --prefix --timestamps --tail=-1 --all-containers --selector=app.kubernetes.io/instance=lagoon-core | |
- name: Inspect any remaining CI namespaces | |
if: failure() | |
run: | | |
for ns in $(kubectl get ns -o json | jq -r '.items[].metadata.name | select(match("^ci"))'); do | |
kubectl get events --sort-by=metadata.creationTimestamp --namespace=$ns | |
kubectl get pods --output=wide --namespace=$ns | |
kubectl describe pods --namespace=$ns | |
done | |
- name: Gather build logs of any remaining CI namespaces | |
if: failure() | |
run: | | |
for ns in $(kubectl get ns -o json | jq -r '.items[].metadata.name | select(match("^ci"))'); do | |
kubectl logs --tail=80 --namespace=$ns --prefix --timestamps --all-containers --selector=lagoon.sh/jobType | |
done | |
- name: Gather workload logs of any remaining CI namespaces | |
if: failure() | |
run: | | |
for ns in $(kubectl get ns -o json | jq -r '.items[].metadata.name | select(match("^ci"))'); do | |
kubectl logs --tail=80 --namespace=$ns --prefix --timestamps --all-containers --selector=lagoon.sh/version | |
done |