Files
library-charts/.github/workflows/common_library_tests.yaml

376 lines
12 KiB
YAML

name: Common Library Tests
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
lint:
name: Lint Common
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
helm-version:
- v3.9.4
- v3.10.3
- v3.11.0
steps:
- name: Checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3
with:
fetch-depth: 1
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3
with:
version: ${{ matrix.helm-version }}
- uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4
with:
python-version: "3.10"
- name: Set up chart-testing
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
- name: Run chart-testing (lint)
id: lint
run: |
ct lint --config .github/ct-install-config/ct-lint.yaml \
--lint-conf .github/ct-install-config/lint-conf.yaml \
--charts library/common-test \
--debug
unittest:
needs:
- lint
name: Unit Tests
runs-on: ubuntu-22.04
env:
helmUnitVersion: 0.2.11
strategy:
fail-fast: false
matrix:
helm-version:
- v3.9.4
- v3.10.3
- v3.11.0
steps:
- name: Checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3
with:
fetch-depth: 1
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- name: Cache helm plugins
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
with:
path: |
/home/runner/.local/share/helm/plugins/helm-unittest
/tmp/_dist/
key: helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }}
restore-keys: |
helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }}
- name: Run Unittests
shell: bash
run: |
(helm unittest -h > /dev/null) || helm plugin install https://github.com/quintush/helm-unittest --version v${helmUnitVersion} || (sleep 10 && helm plugin install https://github.com/quintush/helm-unittest --version v${helmUnitVersion}) || echo "finished unittest reinstall tries"
# Run tests
cd library/common-test/
helm dependency update
helm unittest --helm3 -f "tests/**/*.yaml" .
install:
needs:
- lint
name: Install Charts
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# We run tests on k3s version of latest SCALE release and SCALE nightly
k3s-version:
- v1.25.3+k3s1
# We run tests on Helm version of latest SCALE release
helm-version:
- v3.9.4
values:
- basic-values.yaml
- configmap-values.yaml
- secrets-values.yaml
- imagePullSecret-values.yaml
- daemonset-values.yaml
- job-values.yaml
- cron-values.yaml
- statefulset-values.yaml
- persistence-values.yaml
- extra-containers-values.yaml
- rbac-values.yaml
- ingress-values.yaml
- networkPolicy-values.yaml
- codeserver-values.yaml
- netshoot-values.yaml
- metrics-values.yaml
- cnpg-values.yaml
- cnpg-multi-values.yaml
- manifest-values.yaml
- stagingmanifest-values.yaml
steps:
- name: Checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3
with:
fetch-depth: 1
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4
with:
python-version: "3.10"
- name: Set up chart-testing
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
- name: Create k3d cluster - Attempt 1/3
continue-on-error: true
id: createc1
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ matrix.k3s-version }}
# Flags found here https://github.com/k3d-io/k3d
k3d-args: --k3s-arg --disable=metrics-server@server:*
- name: Wait 10 second to retry
if: steps.createc1.outcome=='failure'
run: |
sleep 10
- name: Create k3d cluster - Attempt 2/3
continue-on-error: true
if: steps.createc1.outcome=='failure'
id: createc2
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ matrix.k3s-version }}
# Flags found here https://github.com/k3d-io/k3d
k3d-args: --k3s-arg --disable=metrics-server@server:*
- name: Wait 10 second to retry
if: steps.createc2.outcome=='failure'
run: |
sleep 10
- name: Create k3d cluster - Attempt 3/3
id: createc3
if: steps.createc2.outcome=='failure'
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ matrix.k3s-version }}
# Flags found here https://github.com/k3d-io/k3d
k3d-args: --k3s-arg --disable=metrics-server@server:*
# Install Kail to grab logs from tests, as there are cases ct-install fail to output logs
- name: Install Kail
run: |
export KAIL_VERSION=v0.16.1
wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz
tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz
chmod +x kail
- name: Run chart-testing (install)
run: |
# Move all ci values on a temp location (or skip if already moved from another matrix job)
mv library/common-test/ci library/common-test/runtests || echo "Nothing to move"
# Move one values.yaml to the correct location to run the test
mv -f library/common-test/runtests/${{ matrix.values }} library/common-test/values.yaml
# Stat kail on the background to grab logs from tests
./kail --ignore-ns kube-system --ignore-ns cert-manager --ignore-ns metallb-system --ignore-ns prometheus-operator >> /tmp/output.log &
# Actually run the test
ct install --config .github/ct-install-config/ct-install.yaml \
--charts library/common-test \
--debug || (echo -e "\n\n--===PODLOGS===--\n\n" && \
cat /tmp/output.log && \
rm -f /tmp/output.log && exit 1)
kill $!
echo -e "\n\n--===PODLOGS===--\n\n"
cat /tmp/output.log
rm -f /tmp/output.log
security:
needs:
- lint
name: Security Scans
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# We run tests on k3s version of latest SCALE release and SCALE nightly
k3s-version:
- v1.25.3+k3s1
# We run tests on Helm version of latest SCALE release
helm-version:
- v3.9.4
values:
- basic-values.yaml
- configmap-values.yaml
- secrets-values.yaml
- imagePullSecret-values.yaml
- daemonset-values.yaml
- job-values.yaml
- cron-values.yaml
- statefulset-values.yaml
- persistence-values.yaml
- extra-containers-values.yaml
- rbac-values.yaml
- networkPolicy-values.yaml
# Runs as root, so test results become obviously red
# - codeserver-values.yaml
# - netshoot-values.yaml
steps:
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- name: Checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3
with:
fetch-depth: 1
- name: build helm deps
run: |
cd library/common-test
helm dependency update
cd -
- name: Run Security Scan
uses: datreeio/action-datree@main
with:
path: 'library/common-test'
cliArguments: '--ignore-missing-schemas --policy CommonBasic'
isHelmChart: true
helmArguments: '--values library/common-test/ci/${{ matrix.values }}'
security-man:
needs:
- lint
name: Security Scans (manifests)
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# We run tests on k3s version of latest SCALE release and SCALE nightly
k3s-version:
- v1.25.3+k3s1
# We run tests on Helm version of latest SCALE release
helm-version:
- v3.9.4
values:
- ingress-values.yaml
- metrics-values.yaml
- cnpg-values.yaml
- cnpg-multi-values.yaml
- manifest-values.yaml
- stagingmanifest-values.yaml
steps:
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- name: Checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3
with:
fetch-depth: 1
- name: build helm deps
run: |
cd library/common-test
helm dependency update
cd -
- name: Run Security Scan
uses: datreeio/action-datree@main
with:
path: 'library/common-test'
cliArguments: '--ignore-missing-schemas --policy ManifestManager'
isHelmChart: true
helmArguments: '--values library/common-test/ci/${{ matrix.values }}'
security-vpn:
needs:
- lint
name: Security Scans (vpn)
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# We run tests on k3s version of latest SCALE release and SCALE nightly
k3s-version:
- v1.25.3+k3s1
# We run tests on Helm version of latest SCALE release
helm-version:
- v3.9.4
values:
- vpn-gluetun-values.yaml
- vpn-tailscale-values.yaml
# Is deprecated and runs as root, skipping for now
# - vpn-openvpn-values.yaml
- vpn-wireguard-values.yaml
steps:
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
with:
version: ${{ matrix.helm-version }}
- name: Checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3
with:
fetch-depth: 1
- name: build helm deps
run: |
cd library/common-test
helm dependency update
cd -
- name: Run Security Scan
uses: datreeio/action-datree@main
with:
path: 'library/common-test'
cliArguments: '--ignore-missing-schemas --policy WithVPN'
isHelmChart: true
helmArguments: '--values library/common-test/ci/${{ matrix.values }}'