mirror of
https://github.com/truecharts/library-charts.git
synced 2026-07-03 15:39:18 -03:00
376 lines
12 KiB
YAML
376 lines
12 KiB
YAML
name: Common Library Tests
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
|
|
|
|
jobs:
|
|
lint:
|
|
name: Lint Common
|
|
runs-on: ubuntu-22.04
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
helm-version:
|
|
- v3.9.4
|
|
- v3.10.3
|
|
- v3.11.0
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Install Helm
|
|
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # tag=v3
|
|
with:
|
|
version: ${{ matrix.helm-version }}
|
|
|
|
- uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4
|
|
with:
|
|
python-version: "3.10"
|
|
|
|
- name: Set up chart-testing
|
|
uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # tag=v2.3.1
|
|
|
|
- name: Run chart-testing (lint)
|
|
id: lint
|
|
run: |
|
|
ct lint --config .github/ct-install-config/ct-lint.yaml \
|
|
--lint-conf .github/ct-install-config/lint-conf.yaml \
|
|
--charts library/common-test \
|
|
--debug
|
|
|
|
unittest:
|
|
needs:
|
|
- lint
|
|
name: Unit Tests
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
helmUnitVersion: 0.2.11
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
helm-version:
|
|
- v3.9.4
|
|
- v3.10.3
|
|
- v3.11.0
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Install Helm
|
|
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
|
|
with:
|
|
version: ${{ matrix.helm-version }}
|
|
|
|
- name: Cache helm plugins
|
|
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3
|
|
with:
|
|
path: |
|
|
/home/runner/.local/share/helm/plugins/helm-unittest
|
|
/tmp/_dist/
|
|
key: helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }}
|
|
restore-keys: |
|
|
helm-${{ matrix.helm-version }}-unittest-v${{ env.helmUnitVersion }}
|
|
|
|
- name: Run Unittests
|
|
shell: bash
|
|
run: |
|
|
(helm unittest -h > /dev/null) || helm plugin install https://github.com/quintush/helm-unittest --version v${helmUnitVersion} || (sleep 10 && helm plugin install https://github.com/quintush/helm-unittest --version v${helmUnitVersion}) || echo "finished unittest reinstall tries"
|
|
|
|
# Run tests
|
|
cd library/common-test/
|
|
helm dependency update
|
|
helm unittest --helm3 -f "tests/**/*.yaml" .
|
|
|
|
install:
|
|
needs:
|
|
- lint
|
|
name: Install Charts
|
|
runs-on: ubuntu-22.04
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
# We run tests on k3s version of latest SCALE release and SCALE nightly
|
|
k3s-version:
|
|
- v1.25.3+k3s1
|
|
# We run tests on Helm version of latest SCALE release
|
|
helm-version:
|
|
- v3.9.4
|
|
values:
|
|
- basic-values.yaml
|
|
- configmap-values.yaml
|
|
- secrets-values.yaml
|
|
- imagePullSecret-values.yaml
|
|
- daemonset-values.yaml
|
|
- job-values.yaml
|
|
- cron-values.yaml
|
|
- statefulset-values.yaml
|
|
- persistence-values.yaml
|
|
- extra-containers-values.yaml
|
|
- rbac-values.yaml
|
|
- ingress-values.yaml
|
|
- networkPolicy-values.yaml
|
|
- codeserver-values.yaml
|
|
- netshoot-values.yaml
|
|
- metrics-values.yaml
|
|
- cnpg-values.yaml
|
|
- cnpg-multi-values.yaml
|
|
- manifest-values.yaml
|
|
- stagingmanifest-values.yaml
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Install Helm
|
|
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
|
|
with:
|
|
version: ${{ matrix.helm-version }}
|
|
|
|
- uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4
|
|
with:
|
|
python-version: "3.10"
|
|
|
|
- name: Set up chart-testing
|
|
uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # tag=v2.3.1
|
|
|
|
- name: Create k3d cluster - Attempt 1/3
|
|
continue-on-error: true
|
|
id: createc1
|
|
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
version: ${{ matrix.k3s-version }}
|
|
# Flags found here https://github.com/k3d-io/k3d
|
|
k3d-args: --k3s-arg --disable=metrics-server@server:*
|
|
|
|
- name: Wait 10 second to retry
|
|
if: steps.createc1.outcome=='failure'
|
|
run: |
|
|
sleep 10
|
|
- name: Create k3d cluster - Attempt 2/3
|
|
continue-on-error: true
|
|
if: steps.createc1.outcome=='failure'
|
|
id: createc2
|
|
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
version: ${{ matrix.k3s-version }}
|
|
# Flags found here https://github.com/k3d-io/k3d
|
|
k3d-args: --k3s-arg --disable=metrics-server@server:*
|
|
|
|
- name: Wait 10 second to retry
|
|
if: steps.createc2.outcome=='failure'
|
|
run: |
|
|
sleep 10
|
|
- name: Create k3d cluster - Attempt 3/3
|
|
id: createc3
|
|
if: steps.createc2.outcome=='failure'
|
|
uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # tag=v1.0.9
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
version: ${{ matrix.k3s-version }}
|
|
# Flags found here https://github.com/k3d-io/k3d
|
|
k3d-args: --k3s-arg --disable=metrics-server@server:*
|
|
|
|
# Install Kail to grab logs from tests, as there are cases ct-install fail to output logs
|
|
- name: Install Kail
|
|
run: |
|
|
export KAIL_VERSION=v0.16.1
|
|
wget https://github.com/boz/kail/releases/download/${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz
|
|
tar -xvzf kail_${KAIL_VERSION}_linux_amd64.tar.gz
|
|
chmod +x kail
|
|
|
|
- name: Run chart-testing (install)
|
|
run: |
|
|
# Move all ci values on a temp location (or skip if already moved from another matrix job)
|
|
mv library/common-test/ci library/common-test/runtests || echo "Nothing to move"
|
|
|
|
# Move one values.yaml to the correct location to run the test
|
|
mv -f library/common-test/runtests/${{ matrix.values }} library/common-test/values.yaml
|
|
|
|
# Stat kail on the background to grab logs from tests
|
|
./kail --ignore-ns kube-system --ignore-ns cert-manager --ignore-ns metallb-system --ignore-ns prometheus-operator >> /tmp/output.log &
|
|
|
|
# Actually run the test
|
|
ct install --config .github/ct-install-config/ct-install.yaml \
|
|
--charts library/common-test \
|
|
--debug || (echo -e "\n\n--===PODLOGS===--\n\n" && \
|
|
cat /tmp/output.log && \
|
|
rm -f /tmp/output.log && exit 1)
|
|
|
|
kill $!
|
|
echo -e "\n\n--===PODLOGS===--\n\n"
|
|
cat /tmp/output.log
|
|
rm -f /tmp/output.log
|
|
|
|
security:
|
|
needs:
|
|
- lint
|
|
name: Security Scans
|
|
runs-on: ubuntu-22.04
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
# We run tests on k3s version of latest SCALE release and SCALE nightly
|
|
k3s-version:
|
|
- v1.25.3+k3s1
|
|
# We run tests on Helm version of latest SCALE release
|
|
helm-version:
|
|
- v3.9.4
|
|
values:
|
|
- basic-values.yaml
|
|
- configmap-values.yaml
|
|
- secrets-values.yaml
|
|
- imagePullSecret-values.yaml
|
|
- daemonset-values.yaml
|
|
- job-values.yaml
|
|
- cron-values.yaml
|
|
- statefulset-values.yaml
|
|
- persistence-values.yaml
|
|
- extra-containers-values.yaml
|
|
- rbac-values.yaml
|
|
- networkPolicy-values.yaml
|
|
# Runs as root, so test results become obviously red
|
|
# - codeserver-values.yaml
|
|
# - netshoot-values.yaml
|
|
|
|
|
|
steps:
|
|
- name: Install Helm
|
|
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
|
|
with:
|
|
version: ${{ matrix.helm-version }}
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
|
|
- name: build helm deps
|
|
run: |
|
|
cd library/common-test
|
|
helm dependency update
|
|
cd -
|
|
|
|
- name: Run Security Scan
|
|
uses: datreeio/action-datree@main
|
|
with:
|
|
path: 'library/common-test'
|
|
cliArguments: '--ignore-missing-schemas --policy CommonBasic'
|
|
isHelmChart: true
|
|
helmArguments: '--values library/common-test/ci/${{ matrix.values }}'
|
|
|
|
|
|
security-man:
|
|
needs:
|
|
- lint
|
|
name: Security Scans (manifests)
|
|
runs-on: ubuntu-22.04
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
# We run tests on k3s version of latest SCALE release and SCALE nightly
|
|
k3s-version:
|
|
- v1.25.3+k3s1
|
|
# We run tests on Helm version of latest SCALE release
|
|
helm-version:
|
|
- v3.9.4
|
|
values:
|
|
- ingress-values.yaml
|
|
- metrics-values.yaml
|
|
- cnpg-values.yaml
|
|
- cnpg-multi-values.yaml
|
|
- manifest-values.yaml
|
|
- stagingmanifest-values.yaml
|
|
|
|
steps:
|
|
- name: Install Helm
|
|
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
|
|
with:
|
|
version: ${{ matrix.helm-version }}
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
|
|
- name: build helm deps
|
|
run: |
|
|
cd library/common-test
|
|
helm dependency update
|
|
cd -
|
|
|
|
- name: Run Security Scan
|
|
uses: datreeio/action-datree@main
|
|
with:
|
|
path: 'library/common-test'
|
|
cliArguments: '--ignore-missing-schemas --policy ManifestManager'
|
|
isHelmChart: true
|
|
helmArguments: '--values library/common-test/ci/${{ matrix.values }}'
|
|
|
|
security-vpn:
|
|
needs:
|
|
- lint
|
|
name: Security Scans (vpn)
|
|
runs-on: ubuntu-22.04
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
# We run tests on k3s version of latest SCALE release and SCALE nightly
|
|
k3s-version:
|
|
- v1.25.3+k3s1
|
|
# We run tests on Helm version of latest SCALE release
|
|
helm-version:
|
|
- v3.9.4
|
|
values:
|
|
- vpn-gluetun-values.yaml
|
|
- vpn-tailscale-values.yaml
|
|
# Is deprecated and runs as root, skipping for now
|
|
# - vpn-openvpn-values.yaml
|
|
- vpn-wireguard-values.yaml
|
|
|
|
steps:
|
|
- name: Install Helm
|
|
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
|
|
with:
|
|
version: ${{ matrix.helm-version }}
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
|
|
- name: build helm deps
|
|
run: |
|
|
cd library/common-test
|
|
helm dependency update
|
|
cd -
|
|
|
|
- name: Run Security Scan
|
|
uses: datreeio/action-datree@main
|
|
with:
|
|
path: 'library/common-test'
|
|
cliArguments: '--ignore-missing-schemas --policy WithVPN'
|
|
isHelmChart: true
|
|
helmArguments: '--values library/common-test/ci/${{ matrix.values }}'
|