name: Common Library Tests concurrency: group: ${{ github.workflow }}-${{ github.ref }} on: push: branches: - main pull_request: branches: - main workflow_dispatch: env: DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} jobs: lint: name: Lint Common runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: helm-version: - v3.9.4 - v3.10.3 - v3.11.0 steps: - name: Checkout uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 with: fetch-depth: 1 - name: Install Helm uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3 with: version: ${{ matrix.helm-version }} - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4 with: python-version: "3.10" - name: Set up chart-testing uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 - name: Run chart-testing (lint) id: lint run: | ct lint --config .github/ct-install-config/ct-lint.yaml \ --lint-conf .github/ct-install-config/lint-conf.yaml \ --charts library/common-test \ --debug unittest: needs: - lint name: Unit Tests runs-on: ubuntu-22.04 env: helmUnitVersion: 0.2.11 strategy: fail-fast: false matrix: helm-version: - v3.9.4 - v3.10.3 - v3.11.0 steps: - name: Checkout uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 with: fetch-depth: 1 - name: Install Helm uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 with: version: ${{ matrix.helm-version }} - name: Cache helm plugins uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3 with: path: | /home/runner/.local/share/helm/plugins/helm-unittest /tmp/_dist/ key: helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }} restore-keys: | helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }} - name: Run Unittests shell: bash run: | (helm unittest -h > /dev/null) || helm plugin install https://github.com/quintush/helm-unittest --version v${helmUnitVersion} || (sleep 10 && helm plugin install https://github.com/quintush/helm-unittest --version v${helmUnitVersion}) || echo "finished unittest reinstall tries" # Run tests cd library/common-test/ helm dependency update helm unittest --helm3 -f "tests/**/*.yaml" . install: needs: - lint name: Install Charts runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: # We run tests on k3s version of latest SCALE release and SCALE nightly k3s-version: - v1.25.3+k3s1 # We run tests on Helm version of latest SCALE release helm-version: - v3.9.4 values: - basic-values.yaml - configmap-values.yaml - secrets-values.yaml - imagePullSecret-values.yaml - daemonset-values.yaml - job-values.yaml - cron-values.yaml - statefulset-values.yaml - persistence-values.yaml - extra-containers-values.yaml - rbac-values.yaml - ingress-values.yaml - networkPolicy-values.yaml - codeserver-values.yaml - netshoot-values.yaml - metrics-values.yaml - cnpg-values.yaml - cnpg-multi-values.yaml - manifest-values.yaml - stagingmanifest-values.yaml steps: - name: Checkout uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 with: fetch-depth: 1 - name: Install Helm uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 with: version: ${{ matrix.helm-version }} - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4 with: python-version: "3.10" - name: Set up chart-testing uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 - name: Create k3d cluster - Attempt 1/3 continue-on-error: true id: createc1 uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 with: github-token: ${{ secrets.GITHUB_TOKEN }} version: ${{ matrix.k3s-version }} # Flags found here https://github.com/k3d-io/k3d k3d-args: --k3s-arg --disable=metrics-server@server:* - name: Wait 10 second to retry if: steps.createc1.outcome=='failure' run: | sleep 10 - name: Create k3d cluster - Attempt 2/3 continue-on-error: true if: steps.createc1.outcome=='failure' id: createc2 uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 with: github-token: ${{ secrets.GITHUB_TOKEN }} version: ${{ matrix.k3s-version }} # Flags found here https://github.com/k3d-io/k3d k3d-args: --k3s-arg --disable=metrics-server@server:* - name: Wait 10 second to retry if: steps.createc2.outcome=='failure' run: | sleep 10 - name: Create k3d cluster - Attempt 3/3 id: createc3 if: steps.createc2.outcome=='failure' uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9 with: github-token: ${{ secrets.GITHUB_TOKEN }} version: ${{ matrix.k3s-version }} # Flags found here https://github.com/k3d-io/k3d k3d-args: --k3s-arg --disable=metrics-server@server:* # Install Kail to grab logs from tests, as there are cases ct-install fail to output logs - name: Install Kail run: | export KAIL_VERSION=v0.16.1 wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz chmod +x kail - name: Run chart-testing (install) run: | # Move all ci values on a temp location (or skip if already moved from another matrix job) mv library/common-test/ci library/common-test/runtests || echo "Nothing to move" # Move one values.yaml to the correct location to run the test mv -f library/common-test/runtests/${{ matrix.values }} library/common-test/values.yaml # Stat kail on the background to grab logs from tests ./kail --ignore-ns kube-system --ignore-ns cert-manager --ignore-ns metallb-system --ignore-ns prometheus-operator >> /tmp/output.log & # Actually run the test ct install --config .github/ct-install-config/ct-install.yaml \ --charts library/common-test \ --debug || (echo -e "\n\n--===PODLOGS===--\n\n" && \ cat /tmp/output.log && \ rm -f /tmp/output.log && exit 1) kill $! echo -e "\n\n--===PODLOGS===--\n\n" cat /tmp/output.log rm -f /tmp/output.log security: needs: - lint name: Security Scans runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: # We run tests on k3s version of latest SCALE release and SCALE nightly k3s-version: - v1.25.3+k3s1 # We run tests on Helm version of latest SCALE release helm-version: - v3.9.4 values: - basic-values.yaml - configmap-values.yaml - secrets-values.yaml - imagePullSecret-values.yaml - daemonset-values.yaml - job-values.yaml - cron-values.yaml - statefulset-values.yaml - persistence-values.yaml - extra-containers-values.yaml - rbac-values.yaml - networkPolicy-values.yaml # Runs as root, so test results become obviously red # - codeserver-values.yaml # - netshoot-values.yaml steps: - name: Install Helm uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 with: version: ${{ matrix.helm-version }} - name: Checkout uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 with: fetch-depth: 1 - name: build helm deps run: | cd library/common-test helm dependency update cd - - name: Run Security Scan uses: datreeio/action-datree@main with: path: 'library/common-test' cliArguments: '--ignore-missing-schemas --policy CommonBasic' isHelmChart: true helmArguments: '--values library/common-test/ci/${{ matrix.values }}' security-man: needs: - lint name: Security Scans (manifests) runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: # We run tests on k3s version of latest SCALE release and SCALE nightly k3s-version: - v1.25.3+k3s1 # We run tests on Helm version of latest SCALE release helm-version: - v3.9.4 values: - ingress-values.yaml - metrics-values.yaml - cnpg-values.yaml - cnpg-multi-values.yaml - manifest-values.yaml - stagingmanifest-values.yaml steps: - name: Install Helm uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 with: version: ${{ matrix.helm-version }} - name: Checkout uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 with: fetch-depth: 1 - name: build helm deps run: | cd library/common-test helm dependency update cd - - name: Run Security Scan uses: datreeio/action-datree@main with: path: 'library/common-test' cliArguments: '--ignore-missing-schemas --policy ManifestManager' isHelmChart: true helmArguments: '--values library/common-test/ci/${{ matrix.values }}' security-vpn: needs: - lint name: Security Scans (vpn) runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: # We run tests on k3s version of latest SCALE release and SCALE nightly k3s-version: - v1.25.3+k3s1 # We run tests on Helm version of latest SCALE release helm-version: - v3.9.4 values: - vpn-gluetun-values.yaml - vpn-tailscale-values.yaml # Is deprecated and runs as root, skipping for now # - vpn-openvpn-values.yaml - vpn-wireguard-values.yaml steps: - name: Install Helm uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 with: version: ${{ matrix.helm-version }} - name: Checkout uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 with: fetch-depth: 1 - name: build helm deps run: | cd library/common-test helm dependency update cd - - name: Run Security Scan uses: datreeio/action-datree@main with: path: 'library/common-test' cliArguments: '--ignore-missing-schemas --policy WithVPN' isHelmChart: true helmArguments: '--values library/common-test/ci/${{ matrix.values }}'