Merge pull request #55 from 2i2c-org/update-image-requirements #89
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a GitHub workflow defining a set of jobs with a set of steps. | |
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
# | |
name: Test chart | |
on: | |
pull_request: | |
paths-ignore: | |
- "docs/**" | |
- "**.md" | |
- ".github/workflows/*" | |
- "!.github/workflows/test-chart.yaml" | |
push: | |
paths-ignore: | |
- "docs/**" | |
- "**.md" | |
- ".github/workflows/*" | |
- "!.github/workflows/test-chart.yaml" | |
branches-ignore: | |
- "dependabot/**" | |
- "pre-commit-ci-update-config" | |
- "update-*" | |
workflow_dispatch: | |
jobs: | |
lint_and_validate_rendered_templates: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Install dependencies | |
run: pip install -r dev-requirements.txt | |
- name: Lint and validate | |
run: tools/templates/lint-and-validate.py | |
- name: Lint and validate (--strict, accept failure) | |
run: tools/templates/lint-and-validate.py --strict | |
continue-on-error: true | |
lint_and_validate_templates_with_schema: | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
# We run this job with the latest lowest helm version we support. | |
# | |
include: | |
- helm-version: "" # latest | |
- helm-version: v3.8.0 # minimal required version | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Install helm ${{ matrix.helm-version }} | |
run: | | |
curl -sf https://raw.githubusercontent.com/helm/helm/HEAD/scripts/get-helm-3 | DESIRED_VERSION=${{ matrix.helm-version }} bash | |
- name: Install dependencies | |
run: | | |
pip install pyyaml | |
- name: Generate values.schema.json | |
run: tools/generate-json-schema.py | |
- name: Helm lint (values.yaml) | |
run: helm lint ./binderhub-service | |
- name: Helm lint (lint-and-validate-values.yaml) | |
run: helm lint ./binderhub-service --values tools/templates/lint-and-validate-values.yaml | |
# FIXME: We can probably emit a GitHub workflow warning if these fail | |
# instead having them show as green without a warning or similar | |
# | |
# NOTE: --strict means that any warning is considered an error, and there | |
# are several warnings that we should ignore. | |
# | |
- name: Helm lint --strict (values.yaml) | |
run: helm lint --strict ./binderhub-service | |
continue-on-error: true | |
- name: Helm lint --strict (lint-and-validate-values.yaml) | |
run: helm lint --strict ./binderhub-service | |
continue-on-error: true | |
test: | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 20 | |
# Start a local container registry that the binderhub build pods can push | |
# to, and the k8s cluster can pull images from for use by pods. | |
services: | |
registry: | |
image: docker.io/library/registry:latest | |
ports: | |
- 5000:5000 | |
strategy: | |
fail-fast: false | |
matrix: | |
# We run this job multiple times with different parameterization | |
# specified below, these parameters have no meaning on their own and | |
# gain meaning on how job steps use them. | |
# | |
# k3s-version: https://github.com/rancher/k3s/tags | |
# k3s-channel: https://update.k3s.io/v1-release/channels | |
# | |
include: | |
- k3s-channel: latest | |
- k3s-channel: stable | |
- k3s-channel: v1.24 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
# chartpress needs git history | |
fetch-depth: 0 | |
- name: Determine how to reference local container registry | |
run: | | |
LOCAL_REGISTRY_HOST=$(hostname --all-ip-addresses | awk '{print $1}'):5000 | |
echo LOCAL_REGISTRY_HOST="$LOCAL_REGISTRY_HOST" >> $GITHUB_ENV | |
- name: Configure k3s to pull from local container registry | |
run: | | |
# Allow k3s to pull from private registry | |
# https://docs.k3s.io/installation/private-registry | |
sudo mkdir -p /etc/rancher/k3s/ | |
cat << EOF | sudo tee /etc/rancher/k3s/registries.yaml | |
mirrors: | |
"$LOCAL_REGISTRY_HOST": | |
endpoint: | |
- "http://$LOCAL_REGISTRY_HOST" | |
EOF | |
# Starts a k8s cluster with NetworkPolicy enforcement and installs both | |
# kubectl and helm | |
# | |
# ref: https://github.com/jupyterhub/action-k3s-helm/ | |
- uses: jupyterhub/action-k3s-helm@v3 | |
with: | |
k3s-channel: ${{ matrix.k3s-channel }} | |
metrics-enabled: false | |
traefik-enabled: false | |
docker-enabled: true | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Install dependencies | |
run: | | |
pip install -r dev-requirements.txt | |
- name: List dependencies | |
run: | | |
pip freeze | |
# Build our images if needed and update Chart.yaml and values.yaml with | |
# version and tags | |
- run: chartpress | |
env: | |
DOCKER_BUILDKIT: "1" | |
- name: Generate values.schema.json from values.schema.yaml | |
run: tools/generate-json-schema.py | |
# Validate rendered helm templates against the k8s api-server with the | |
# dedicated lint-and-validate-values.yaml config. | |
- name: "Helm template --validate (with lint and validate config)" | |
run: | | |
helm template --validate binderhub-service ./binderhub-service \ | |
--values tools/templates/lint-and-validate-values.yaml | |
- name: Install local chart | |
run: | | |
helm upgrade --install binderhub-service ./binderhub-service \ | |
--values dev-config.yaml \ | |
--set config.BinderHub.image_prefix=$LOCAL_REGISTRY_HOST/binderhub-service/ \ | |
--set config.DockerRegistry.url=http://$LOCAL_REGISTRY_HOST \ | |
--set buildPodsRegistryCredentials.server=http://$LOCAL_REGISTRY_HOST \ | |
--set dockerApi.extraFiles.daemon-json.data.insecure-registries[0]=$LOCAL_REGISTRY_HOST | |
# ref: https://github.com/jupyterhub/action-k8s-await-workloads | |
- uses: jupyterhub/action-k8s-await-workloads@v2 | |
with: | |
timeout: 150 | |
max-restarts: 1 | |
- name: Test image build/push via binderhub REST API using curl | |
run: | | |
curl http://localhost:30080/build/gh/binderhub-ci-repos/cached-minimal-dockerfile/HEAD?build_only=true | |
# ref: https://github.com/jupyterhub/action-k8s-namespace-report | |
- uses: jupyterhub/action-k8s-namespace-report@v1 | |
if: always() | |
with: | |
important-workloads: deploy/binderhub-service daemonset/binderhub-service-docker-api |