Skip to content

chore(deps): update aquasec/trivy docker tag to v0.58.1 #1846

chore(deps): update aquasec/trivy docker tag to v0.58.1

chore(deps): update aquasec/trivy docker tag to v0.58.1 #1846

Workflow file for this run

name: Lagoon tests
on: pull_request
jobs:
# runs for lagoon-core, lagoon-remote, lagoon-test
test-suite:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
test:
- active-standby-kubernetes
- api
- deploytarget
- features-kubernetes
- features-kubernetes-2
- features-variables
- services
- tasks
## Re-enable any of these tests in your branch for specific testing
## - bitbucket
## - bulk-deployment
## - drush
## - generic
## - github
## - gitlab
## - image-cache
## - nginx
## - node
## - python
## - ssh-legacy
## - workflows
steps:
# Continue after getting a shell via: `touch continue`
- name: Setup tmate session
uses: mxschmitt/action-tmate@e5c7151931ca95bad1c6f4190c730ecf8c7dde48 # v3
timeout-minutes: 1
continue-on-error: true
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: "0"
- name: Set up chart-testing dependencies
run: sudo apt-get -y install python3-wheel
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --config ./test-suite-lint.ct.yaml)
if [[ "$changed" ]]; then
echo "changed=true" >> $GITHUB_OUTPUT
echo "$changed"
fi
- name: Configure node IP in kind-config.yaml
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
docker network create kind
LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"')
export KIND_NODE_IP=$(echo ${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $1,$2,$3,240}' OFS='.')
envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml
- name: Create kind cluster
uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
with:
version: v0.24.0
node_image: kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114
kubectl_version: v1.30.4
config: test-suite.kind-config.yaml
- name: Check node IP matches kind configuration
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"')
NODE_IP=$(echo ${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $1,$2,$3,240}' OFS='.')
echo Checking for NODE_IP "$NODE_IP"
grep $NODE_IP test-suite.kind-config.yaml
- name: Add dependency chart repos
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
helm repo add harbor https://helm.goharbor.io
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add stable https://charts.helm.sh/stable
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add amazeeio https://amazeeio.github.io/charts/
helm repo add lagoon https://uselagoon.github.io/lagoon-charts/
helm repo add nats https://nats-io.github.io/k8s/helm/charts/
helm repo add metallb https://metallb.github.io/metallb
helm repo add jetstack https://charts.jetstack.io
helm repo add jouve https://jouve.github.io/charts/
- name: Install gojq
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
cd /tmp
curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.12.16/gojq_v0.12.16_linux_amd64.tar.gz
tar -xf ./gojq_v0.12.16_linux_amd64.tar.gz
sudo cp /tmp/gojq_v0.12.16_linux_amd64/gojq /usr/local/bin/jq
- name: Install kubens and kubectl alias
run: |
cd /tmp
curl -sSLO https://github.com/ahmetb/kubectx/releases/download/v0.9.5/kubens_v0.9.5_linux_x86_64.tar.gz
tar -xf ./kubens_v0.9.5_linux_x86_64.tar.gz
sudo cp /tmp/kubens /usr/local/bin/kubens
sudo ln -s $(which kubectl) /usr/local/bin/kc
- name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml (needs-testing)
if: |
(steps.list-changed.outputs.changed == 'true' && !contains(github.event.pull_request.labels.*.name, 'next-release')) ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing'))
run: |
make install-lagoon
make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}]
- name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml (next-release)
if: |
(steps.list-changed.outputs.changed == 'true') &&
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' ./charts/lagoon-core/ci/linter-values.yaml ./charts/lagoon-core/ci/testlagoon-main-override.yaml
make install-lagoon IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main
make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main
- name: Free up some disk space
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: docker system prune -f -a --volumes
- name: Run chart-testing (install) on lagoon-test
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
ct lint --config ./test-suite-run.ct.yaml
ct install --config ./test-suite-run.ct.yaml --helm-extra-args "--timeout 60m"
# the following steps gather various debug information on test failure
- name: Inspect lagoon-test pods
if: failure()
run: |
kubectl get pods -A --selector=app.kubernetes.io/name=lagoon-test
kubectl describe pods --namespace=lagoon-core --selector=app.kubernetes.io/name=lagoon-test
kubectl logs --namespace=lagoon-core --prefix --timestamps --tail=-1 --all-containers --selector=app.kubernetes.io/name=lagoon-test
- name: Inspect lagoon-remote and lagoon-build-deploy pods
if: failure()
run: |
kubectl get pods -A -l 'app.kubernetes.io/instance in (lagoon-remote, lagoon-build-deploy)'
kubectl describe pods --namespace=lagoon -l 'app.kubernetes.io/instance in (lagoon-remote, lagoon-build-deploy)'
kubectl logs --namespace=lagoon --prefix --timestamps --tail=-1 --all-containers -l 'app.kubernetes.io/instance in (lagoon-remote, lagoon-build-deploy)'
- name: Inspect lagoon-core pods
if: failure()
run: |
kubectl get pods -A --selector=app.kubernetes.io/instance=lagoon-core
kubectl describe pods --namespace=lagoon-core --selector=app.kubernetes.io/instance=lagoon-core
kubectl logs --namespace=lagoon-core --prefix --timestamps --tail=-1 --all-containers --selector=app.kubernetes.io/instance=lagoon-core
- name: Inspect any remaining CI namespaces
if: failure()
run: |
for ns in $(kubectl get ns -o json | jq -r '.items[].metadata.name | select(match("^ci"))'); do
kubectl get events --sort-by=metadata.creationTimestamp --namespace=$ns
kubectl get pods --output=wide --namespace=$ns
kubectl describe pods --namespace=$ns
done
- name: Gather build logs of any remaining CI namespaces
if: failure()
run: |
for ns in $(kubectl get ns -o json | jq -r '.items[].metadata.name | select(match("^ci"))'); do
kubectl logs --tail=80 --namespace=$ns --prefix --timestamps --all-containers --selector=lagoon.sh/jobType
done
- name: Gather workload logs of any remaining CI namespaces
if: failure()
run: |
for ns in $(kubectl get ns -o json | jq -r '.items[].metadata.name | select(match("^ci"))'); do
kubectl logs --tail=80 --namespace=$ns --prefix --timestamps --all-containers --selector=lagoon.sh/version
done