name: Common Library Tests concurrency: group: ${{ github.workflow }}-${{ github.ref }} on: push: branches: - main pull_request: branches: - main workflow_dispatch: env: DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} jobs: lint: name: Lint Common runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: helm-version: - v3.12.1 - v3.14.4 steps: - name: Checkout uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 with: fetch-depth: 1 - name: Install Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 with: version: ${{ matrix.helm-version }} - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 with: python-version: "3.10" - name: Set up chart-testing uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (lint) id: lint run: | ct lint --config .github/ct-install-config/ct-lint.yaml \ --lint-conf .github/ct-install-config/lint-conf.yaml \ --charts library/common-test \ --debug unittest: needs: - lint name: Unit Tests runs-on: ubuntu-22.04 env: helmUnitVersion: 0.4.2 strategy: fail-fast: false matrix: helm-version: - v3.14.4 steps: - name: Checkout uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 with: fetch-depth: 1 - name: Install Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 with: version: ${{ matrix.helm-version }} - name: Cache helm plugins uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 with: path: | /home/runner/.local/share/helm/plugins/helm-unittest /tmp/_dist/ key: helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }} restore-keys: | helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }} - name: Run Unittests shell: bash run: | (helm unittest -h > /dev/null) || helm plugin install https://github.com/helm-unittest/helm-unittest --version v${helmUnitVersion} || (sleep 10 && helm plugin install https://github.com/helm-unittest/helm-unittest --version v${helmUnitVersion}) || echo "finished unittest reinstall tries" # Run tests cd library/common-test/ helm dependency update helm unittest -f "tests/**/*.yaml" . -v ./unit-values.yaml install: needs: - lint name: Install Charts runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: # We test the latest k3s version and the lowest supported by either the oldest supported SCALE or FluxCD release k3s-version: - v1.26 - v1.29 # We test the latest k3s version and the lowest supported by either the oldest supported SCALE SCALE or FluxCD release helm-version: - v3.12.1 - v3.14.4 values: - basic-values.yaml - configmap-values.yaml - secrets-values.yaml - imagePullSecret-values.yaml - daemonset-values.yaml - job-values.yaml - cron-values.yaml - statefulset-values.yaml - persistence-values.yaml - extra-containers-values.yaml - rbac-values.yaml - ingress-values.yaml - networkPolicy-values.yaml # TODO: broken # - codeserver-values.yaml - netshoot-values.yaml - metrics-values.yaml - cnpg-values.yaml - cnpg-multi-values.yaml - register-operator-values.yaml - portal-svc-values.yaml - portal-ingress-values.yaml ## TODO: reenable when we've some credentials ready to rock for testing # - volsync-dest-values.yaml # - volsync-src-values.yaml steps: - name: Checkout uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 with: fetch-depth: 1 - name: Install Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 with: version: ${{ matrix.helm-version }} - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 with: python-version: "3.10" - name: Set up chart-testing uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Create k3d cluster - Attempt 1/3 continue-on-error: true id: createc1 uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 with: github-token: ${{ secrets.GITHUB_TOKEN }} version: ${{ matrix.k3s-version }} # Flags found here https://github.com/k3d-io/k3d k3d-args: --k3s-arg --disable=metrics-server@server:* - name: Wait 10 second to retry if: steps.createc1.outcome=='failure' run: | sleep 10 - name: Create k3d cluster - Attempt 2/3 continue-on-error: true if: steps.createc1.outcome=='failure' id: createc2 uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 with: github-token: ${{ secrets.GITHUB_TOKEN }} version: ${{ matrix.k3s-version }} # Flags found here https://github.com/k3d-io/k3d k3d-args: --k3s-arg --disable=metrics-server@server:* - name: Wait 10 second to retry if: steps.createc2.outcome=='failure' run: | sleep 10 - name: Create k3d cluster - Attempt 3/3 id: createc3 if: steps.createc2.outcome=='failure' uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 with: github-token: ${{ secrets.GITHUB_TOKEN }} version: ${{ matrix.k3s-version }} # Flags found here https://github.com/k3d-io/k3d k3d-args: --k3s-arg --disable=metrics-server@server:* # Install Kail to grab logs from tests, as there are cases ct-install fail to output logs - name: Install Kail run: | export KAIL_VERSION=v0.16.1 wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz chmod +x kail - name: Add Dependencies run: | if [[ "${{ matrix.values }}" =~ (ingress|metrics|cnpg|volsync).*-values.yaml ]]; then helm install prometheus-operator oci://tccr.io/truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait fi if [[ "${{ matrix.values }}" =~ cnpg.*-values.yaml ]]; then helm install cloudnative-pg oci://tccr.io/truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait fi if [[ "${{ matrix.values }}" =~ ingress.*-values.yaml ]]; then helm install cert-manager oci://tccr.io/truecharts/cert-manager --namespace cert-manager --create-namespace --wait helm install traefik oci://tccr.io/truecharts/traefik --namespace traefik --create-namespace --wait \ --set service.main.type=ClusterIP --set service.tcp.type=ClusterIP fi if [[ "${{ matrix.values }}" =~ volsync.*-values.yaml ]]; then helm install volumesnapshots oci://tccr.io/truecharts/volumesnapshots --namespace volumesnapshots --create-namespace --wait helm install volsync oci://tccr.io/truecharts/volsync --namespace volsync --create-namespace --wait fi - name: Run chart-testing (install) run: | # Move all ci values on a temp location (or skip if already moved from another matrix job) mv library/common-test/ci library/common-test/runtests || echo "Nothing to move" # Move one values.yaml to the correct location to run the test mv -f library/common-test/runtests/${{ matrix.values }} library/common-test/values.yaml # Stat kail on the background to grab logs from tests ./kail --ignore-ns kube-system --ignore-ns cert-manager --ignore-ns metallb-system --ignore-ns prometheus-operator >> /tmp/output.log & # Actually run the test ct install --config .github/ct-install-config/ct-install.yaml \ --charts library/common-test \ --debug || (echo -e "\n\n--===PODLOGS===--\n\n" && \ cat /tmp/output.log && \ rm -f /tmp/output.log && exit 1) kill $! echo -e "\n\n--===PODLOGS===--\n\n" cat /tmp/output.log rm -f /tmp/output.log # security: # needs: # - lint # name: Security Scans # runs-on: ubuntu-22.04 # strategy: # fail-fast: false # matrix: # # We run tests on k3s version of latest SCALE release and SCALE nightly # k3s-version: # - v1.26 # - v1.27 # - v1.28 # # We run tests on Helm version of latest SCALE release # helm-version: # - v3.12.3 # - v3.14.4 # values: # - basic-values.yaml # - configmap-values.yaml # - secrets-values.yaml # - imagePullSecret-values.yaml # - daemonset-values.yaml # - job-values.yaml # - cron-values.yaml # - statefulset-values.yaml # - persistence-values.yaml # - extra-containers-values.yaml # - rbac-values.yaml # - networkPolicy-values.yaml # - register-operator-values.yaml # # Runs as root, so test results become obviously red # # - codeserver-values.yaml # # - netshoot-values.yaml # # # steps: # - name: Install Helm # uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 # with: # version: ${{ matrix.helm-version }} # # - name: Checkout # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 # with: # fetch-depth: 1 # # - name: build helm deps # run: | # cd library/common-test # helm dependency update # cd - # - name: Add namespace # run: | # echo "namespace: common-test" >> library/common-test/ci/${{ matrix.values }} # # - name: Run Security Scan # uses: datreeio/action-datree@main # with: # path: 'library/common-test' # cliArguments: '--ignore-missing-schemas --policy CommonBasic' # isHelmChart: true # helmArguments: '--values library/common-test/ci/${{ matrix.values }}' # # security-man: # needs: # - lint # name: Security Scans (manifests) # runs-on: ubuntu-22.04 # strategy: # fail-fast: false # matrix: # # We run tests on k3s version of latest SCALE release and SCALE nightly # k3s-version: # - v1.26 # - v1.27 # - v1.28 # # We run tests on Helm version of latest SCALE release # helm-version: # - v3.12.3 # - v3.14.4 # values: # - ingress-values.yaml # - metrics-values.yaml # # - cnpg-values.yaml # # - cnpg-multi-values.yaml # # steps: # - name: Install Helm # uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 # with: # version: ${{ matrix.helm-version }} # # - name: Add Dependencies # run: | # helm install prometheus-operator oci://tccr.io/truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait # helm install cloudnative-pg oci://tccr.io/truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait # helm install traefik oci://tccr.io/truecharts/traefik --namespace traefik --create-namespace --wait \ # --set service.main.type=ClusterIP --set service.tcp.type=ClusterIP # # - name: Checkout # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 # with: # fetch-depth: 1 # # - name: build helm deps # run: | # cd library/common-test # helm dependency update # cd - # # - name: Run Security Scan # uses: datreeio/action-datree@main # with: # path: 'library/common-test' # cliArguments: '--ignore-missing-schemas --policy ManifestManager' # isHelmChart: true # helmArguments: '--values library/common-test/ci/${{ matrix.values }}' # # security-vpn: # needs: # - lint # name: Security Scans (vpn) # runs-on: ubuntu-22.04 # strategy: # fail-fast: false # matrix: # # We run tests on k3s version of latest SCALE release and SCALE nightly # k3s-version: # - v1.26 # - v1.27 # - v1.28 # # We run tests on Helm version of latest SCALE release # helm-version: # - v3.12.3 # - v3.14.4 # values: # - vpn-gluetun-values.yaml # - vpn-tailscale-values.yaml # # Is deprecated and runs as root, skipping for now # # - vpn-openvpn-values.yaml # - vpn-wireguard-values.yaml # # steps: # - name: Install Helm # uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 # with: # version: ${{ matrix.helm-version }} # # - name: Checkout # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 # with: # fetch-depth: 1 # # - name: build helm deps # run: | # cd library/common-test # helm dependency update # cd - # # - name: Run Security Scan # uses: datreeio/action-datree@main # with: # path: 'library/common-test' # cliArguments: '--ignore-missing-schemas --policy WithVPN' # isHelmChart: true # helmArguments: '--values library/common-test/ci/${{ matrix.values }}'