Skip to content

fix(support): Add passthrough for ca bundle secret into metrics server #608

fix(support): Add passthrough for ca bundle secret into metrics server

fix(support): Add passthrough for ca bundle secret into metrics server #608

Workflow file for this run

name: CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
types: [ opened, reopened, synchronize, labeled ]
env:
HELM_VERSION: v3.15.2
PGO_VERSION: 5.5.2
jobs:
helm-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: d3adb5/helm-unittest-action@v2
with:
helm-version: ${{ env.HELM_VERSION }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- run: |
cd helm-chart
helm unittest eoapi -f 'tests/*.yaml' -v eoapi/test-helm-values.yaml
k3s-integration-tests:
if: github.event.pull_request.head.repo.full_name == github.repository
permissions:
contents: 'read'
id-token: 'write'
needs: helm-tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Start a local k3s cluster
uses: jupyterhub/action-k3s-helm@v4
with:
# See available:
# - k3s release channels at https://github.com/k3s-io/k3s/blob/HEAD/channel.yaml
# - k3s versions at https://github.com/k3s-io/k3s/tags
# - helm versions at https://github.com/helm/helm/tags
k3s-channel: latest
helm-version: ${{ env.HELM_VERSION }}
metrics-enabled: false
docker-enabled: true
- name: last commit sha if PR
if: ${{ github.event_name == 'pull_request' }}
shell: bash
run: |
echo "LAST_COMMIT_SHA=${{ github.event.pull_request.head.sha }}" >> ${GITHUB_ENV}
- name: last commit sha if push
if: ${{ github.event_name == 'push' }}
shell: bash
run: |
echo "LAST_COMMIT_SHA=${GITHUB_SHA}" >> ${GITHUB_ENV}
- name: set k8s .release.name suffix
run: |
# salt for randomness per test run
COMMITSHA=$(echo $LAST_COMMIT_SHA | cut -c 1-6)
SALT=$(echo "${RANDOM}${RANDOM}${RANDOM}" | cut -c1-3)
echo "RELEASE_NAME=eoapi$COMMITSHA$SALT" >> $GITHUB_ENV
- name: helm install crunchydata postgres operator
run: |
helm upgrade --install \
--set disable_check_for_upgrades=true \
pgo \
oci://registry.developers.crunchydata.com/crunchydata/pgo \
--version ${{ env.PGO_VERSION }}
- name: helm render/install eoapi templates
run: |
export GITSHA='${{github.sha}}'
cd helm-chart
helm dependency build eoapi
helm install $RELEASE_NAME \
--namespace default \
-f ./eoapi/values.yaml \
-f ./eoapi/test-k3s-unittest-values.yaml \
./eoapi
- name: sleep for 10s seconds while services boot
shell: bash
run: sleep 10s
# - name: Setup upterm session
# uses: lhotari/action-upterm@v1
- id: watchservices
name: watch services boot
timeout-minutes: 10
continue-on-error: true
run: |
kubectl config set-context --current --namespace=default
while [[ -z "$(kubectl get pod | grep "^raster-$RELEASE_NAME-.*$" | cut -d' ' -f1 | xargs -I{} kubectl logs pod/{} | grep "GET /.*/healthz" | head -n 1)" ]]; do
echo "still waiting for raster service to start..."
sleep 1
done
echo "raster service has started, moving on..."
while [[ -z "$(kubectl get pod | grep "^vector-$RELEASE_NAME-.*$" | cut -d' ' -f1 | xargs -I{} kubectl logs pod/{} | grep "GET /healthz" | head -n 1)" ]]; do
echo "still waiting for vector service to start..."
sleep 1
done
echo "vector service has started, moving on..."
while [[ -z "$(kubectl get pod | grep "^stac-$RELEASE_NAME-.*$" | cut -d' ' -f1 | xargs -I{} kubectl logs pod/{} | grep "GET /_mgmt/ping" | head -n 1)" ]]; do
echo "still waiting for stac service to start..."
sleep 1
done
echo "all services have started, moving on..."
- name: cleanup if services fail to boot
if: steps.watchservices.outcome == 'failure'
run: |
echo "The previous step failed or timed out."
# force GH action to show failed result
exit 128
- name: install python unit-test dependencies
run: |
python -m pip install pytest httpx
- name: run the tests
id: testrunner
continue-on-error: true
run: |
kubectl get svc --all-namespaces
kubectl get ingress --all-namespaces -o jsonpath='{range .items[0]}kubectl describe ingress {.metadata.name} -n {.metadata.namespace}{end}' | sh
kubectl get middleware.traefik.io --all-namespaces -o custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name' --no-headers | while read -r namespace name; do kubectl describe middleware.traefik.io "$name" -n "$namespace"; done
kubectl config set-context --current --namespace=default
PUBLICIP='http://'$(kubectl -n kube-system get svc traefik -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export VECTOR_ENDPOINT=$PUBLICIP/vector$RELEASE_NAME
export STAC_ENDPOINT=$PUBLICIP/stac$RELEASE_NAME
export RASTER_ENDPOINT=$PUBLICIP/raster$RELEASE_NAME
echo '#################################'
echo $VECTOR_ENDPOINT
echo $STAC_ENDPOINT
echo $RASTER_ENDPOINT
echo '#################################'
pytest .github/workflows/tests/test_vector.py || kubectl logs svc/vector-$RELEASE_NAME
pytest .github/workflows/tests/test_stac.py
# TODO: fix raster tests
#pytest .github/workflows/tests/test_raster.py
- name: error if tests failed
if: steps.testrunner.outcome == 'failure'
run: |
echo "The previous step failed or timed out."
# force GH action to show failed result
exit 128
- name: helm uninstall eoapi templates
run: |
helm uninstall $RELEASE_NAME
gcp-integration-tests:
# run on:
# - a PR was just labeled 'test-integration-gcp'
# - a PR was just labeled 'test-integration'
# - a PR with 'test-integration' label was opened, reopened, or synchronized
if: |
github.event.label.name == 'test-integration-gcp' ||
contains( github.event.pull_request.labels.*.name, 'test-integration-gcp')
permissions:
contents: 'read'
id-token: 'write'
needs: helm-tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: azure/setup-helm@v4
with:
version: ${{ env.HELM_VERSION }}
#token: ${{ secrets.GITHUB_TOKEN }}
- name: last commit sha if PR
if: ${{ github.event_name == 'pull_request' }}
shell: bash
run: |
echo "LAST_COMMIT_SHA=${{ github.event.pull_request.head.sha }}" >> ${GITHUB_ENV}
- name: last commit sha if push
if: ${{ github.event_name == 'push' }}
shell: bash
run: |
echo "LAST_COMMIT_SHA=${GITHUB_SHA}" >> ${GITHUB_ENV}
- name: set k8s .release.name suffix
run: |
# salt for randomness per test run
COMMITSHA=$(echo $LAST_COMMIT_SHA | cut -c 1-6)
SALT=$(echo "${RANDOM}${RANDOM}${RANDOM}" | cut -c1-3)
echo "RELEASE_NAME=eoapi$COMMITSHA$SALT" >> $GITHUB_ENV
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
service_account: 'k8seed-deploy@devseed-labs.iam.gserviceaccount.com'
credentials_json: ${{ secrets.GH_ACTIONS_SA_JSON }}
- name: setup gcloud sdk
uses: google-github-actions/setup-gcloud@v2
with:
version: '>= 363.0.0'
project_id: 'devseed-labs'
- name: configure kubectl context
run: |
gcloud components install gke-gcloud-auth-plugin
gcloud container clusters get-credentials k8seed-labs-cluster --zone us-central1-f
- name: helm install crunchydata postgres operator
run: |
helm upgrade --install \
--set disable_check_for_upgrades=true \
pgo \
oci://registry.developers.crunchydata.com/crunchydata/pgo \
--version ${{ env.PGO_VERSION }}
- name: helm render/install eoapi templates
run: |
HOST='${{ env.RELEASE_NAME }}.k8s.labs.ds.io'
echo $HOST
cd helm-chart
helm dependency build eoapi
helm install $RELEASE_NAME \
--namespace $RELEASE_NAME \
--create-namespace \
--set ingress.host=$HOST \
-f ./eoapi/values.yaml \
-f ./eoapi/test-gcp-unittest-values.yaml \
./eoapi
- name: sleep for 10s seconds while services boot
shell: bash
run: sleep 10s
# - name: Setup upterm session
# uses: lhotari/action-upterm@v1
- id: watchservices
name: watch services boot
timeout-minutes: 10
continue-on-error: true
run: |
kubectl config set-context --current --namespace=$RELEASE_NAME
while [[ -z "$(kubectl get pod | grep "^raster-$RELEASE_NAME-.*$" | cut -d' ' -f1 | xargs -I{} kubectl logs pod/{} | grep "GET /.*/healthz" | head -n 1)" ]]; do
echo "still waiting for raster service to start..."
sleep 1
done
echo "raster service has started, moving on..."
while [[ -z "$(kubectl get pod | grep "^vector-$RELEASE_NAME-.*$" | cut -d' ' -f1 | xargs -I{} kubectl logs pod/{} | grep "GET /healthz" | head -n 1)" ]]; do
echo "still waiting for vector service to start..."
sleep 1
done
echo "vector service has started, moving on..."
while [[ -z "$(kubectl get pod | grep "^stac-$RELEASE_NAME-.*$" | cut -d' ' -f1 | xargs -I{} kubectl logs pod/{} | grep "GET /_mgmt/ping" | head -n 1)" ]]; do
echo "still waiting for stac service to start..."
sleep 1
done
echo "all services have started, moving on..."
- name: cleanup if services fail to boot
if: steps.watchservices.outcome == 'failure'
run: |
echo "The previous step failed or timed out. Running cleanup logic..."
helm uninstall $RELEASE_NAME
kubectl delete ns/$RELEASE_NAME
# force GH action to show failed result
exit 128
- name: install python unit-test dependencies
run: |
python -m pip install pytest httpx
- name: run the tests
id: testrunner
continue-on-error: true
run: |
kubectl config set-context --current --namespace=$RELEASE_NAME
PUBLICIP='https://${{ env.RELEASE_NAME }}.k8s.labs.ds.io'
export VECTOR_ENDPOINT=$PUBLICIP/vector$RELEASE_NAME
export STAC_ENDPOINT=$PUBLICIP/stac$RELEASE_NAME
export RASTER_ENDPOINT=$PUBLICIP/raster$RELEASE_NAME
echo '#################################'
echo $VECTOR_ENDPOINT
echo $STAC_ENDPOINT
echo $RASTER_ENDPOINT
echo '#################################'
pytest .github/workflows/tests/test_vector.py
pytest .github/workflows/tests/test_stac.py
# TODO: fix raster tests
#pytest .github/workflows/tests/test_raster.py
- name: cleanup if tests fail
if: steps.testrunner.outcome == 'failure'
run: |
echo "The previous step failed or timed out. Running cleanup logic..."
helm uninstall $RELEASE_NAME
kubectl delete ns/$RELEASE_NAME
# force GH action to show failed result
exit 128
- name: helm uninstall eoapi templates
run: |
helm uninstall $RELEASE_NAME
kubectl delete ns/$RELEASE_NAME