From 1214d52fc56730cdd2d62171079722cda18b91f7 Mon Sep 17 00:00:00 2001 From: Kostas Stamatakis Date: Mon, 1 Apr 2024 13:49:44 +0300 Subject: [PATCH] Deprecate unused workflows --- .github/workflows/aws-ci.yml | 81 -------- .github/workflows/azure-ci.yml | 82 -------- .github/workflows/cloudbeat-ci.yml | 154 --------------- .github/workflows/cnvm-ci.yml | 71 ------- .github/workflows/gcp-ci.yml | 80 -------- .github/workflows/k8s-ci.yml | 208 --------------------- .github/workflows/publish-test-results.yml | 112 ----------- .github/workflows/unit-test.yml | 95 ---------- 8 files changed, 883 deletions(-) delete mode 100644 .github/workflows/aws-ci.yml delete mode 100644 .github/workflows/azure-ci.yml delete mode 100644 .github/workflows/cloudbeat-ci.yml delete mode 100644 .github/workflows/cnvm-ci.yml delete mode 100644 .github/workflows/gcp-ci.yml delete mode 100644 .github/workflows/k8s-ci.yml delete mode 100644 .github/workflows/publish-test-results.yml diff --git a/.github/workflows/aws-ci.yml b/.github/workflows/aws-ci.yml deleted file mode 100644 index 6d71e5b0f2..0000000000 --- a/.github/workflows/aws-ci.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: CIS-AWS-CI - -on: - pull_request_target: - branches: - - main - - "[0-9]+.[0-9]+" - types: [opened, synchronize, reopened] - push: - branches: - - main - - "[0-9]+.[0-9]+" - -jobs: - Run-CSPM-AWS-Tests: - if: ${{ false }} - name: CIS AWS integration test - runs-on: ubuntu-22.04 - timeout-minutes: 60 - permissions: - contents: "read" - id-token: "write" - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: "3.9" - - - name: Install Poetry - run: | - curl -sSL https://install.python-poetry.org | python3 - - poetry --version - - - name: Build cloudbeat binary - uses: magefile/mage-action@v3 - with: - version: latest - args: build - - - name: Run Elasticsearch - uses: elastic/elastic-github-actions/elasticsearch@master - with: - stack-version: ${{ env.ELK_VERSION }} - security-enabled: false - - - name: Elasticsearch disable dynamic mapping for findings - run: ./.ci/scripts/disable_dynamic_mapping.sh - - - name: Run cloudbeat in background - env: - ES_HOST: http://localhost:9200 - ES_USERNAME: elastic - ES_PASSWORD: changeme - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_TEST_ACC }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST_ACC }} - AWS_ACCOUNT_TYPE: single-account - run: | - ./cloudbeat -c deploy/aws/cloudbeat-aws.yml -d '*' & - - - name: Wait for cloudbeat to send events - run: sleep 264 - - - name: Check for findings - working-directory: ./tests - env: - USE_K8S: false - run: | - poetry install - poetry run pytest -k "aws" --alluredir=./allure/results/ --clean-alluredir - - - name: Print cloudbeat logs - if: always() - continue-on-error: true - run: | - cat logs/cloudbeat* diff --git a/.github/workflows/azure-ci.yml b/.github/workflows/azure-ci.yml deleted file mode 100644 index 5e422b513b..0000000000 --- a/.github/workflows/azure-ci.yml +++ /dev/null @@ -1,82 +0,0 @@ -name: CIS-AZURE-CI - -on: - pull_request_target: - branches: - - main - - "[0-9]+.[0-9]+" - types: [opened, synchronize, reopened] - push: - branches: - - main - - "[0-9]+.[0-9]+" - -jobs: - Run-CSPM-AZURE-Tests: - if: ${{ false }} - name: CIS AZURE integration test - runs-on: ubuntu-22.04 - timeout-minutes: 60 - permissions: - contents: "read" - id-token: "write" - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: "3.9" - - - name: Install Poetry - run: | - curl -sSL https://install.python-poetry.org | python3 - - poetry --version - - - name: Build cloudbeat binary - uses: magefile/mage-action@v3 - with: - version: latest - args: build - - - name: Run Elasticsearch - uses: elastic/elastic-github-actions/elasticsearch@master - with: - stack-version: ${{ env.ELK_VERSION }} - security-enabled: false - - - name: Elasticsearch disable dynamic mapping for findings - run: ./.ci/scripts/disable_dynamic_mapping.sh - - - name: Run cloudbeat in background - env: - ES_HOST: http://localhost:9200 - ES_USERNAME: elastic - ES_PASSWORD: changeme - AZURE_ACCOUNT_TYPE: single-account - AZURE_CREDENTIALS_TYPE: service_principal_with_client_secret - AZURE_CLIENT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} - AZURE_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} - AZURE_CLIENT_SECRET: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} - run: | - ./cloudbeat -c deploy/azure/cloudbeat-azure.yml -d '*' & - - - name: Wait for cloudbeat to send events - run: sleep 264 - - - name: Check for findings - working-directory: ./tests - env: - USE_K8S: false - run: | - poetry install - poetry run pytest -k "azure" --alluredir=./allure/results/ --clean-alluredir - - - name: Print cloudbeat logs - if: always() - run: | - cat logs/cloudbeat* diff --git a/.github/workflows/cloudbeat-ci.yml b/.github/workflows/cloudbeat-ci.yml deleted file mode 100644 index 544b338cc5..0000000000 --- a/.github/workflows/cloudbeat-ci.yml +++ /dev/null @@ -1,154 +0,0 @@ -name: Cloudbeat-CI - -on: - pull_request: - branches: - - main - - "[0-9]+.[0-9]+" - types: [opened, synchronize, reopened] - -env: - CONTAINER_SUFFIX: ${{ github.run_id }} - CI_ELASTIC_AGENT_DOCKER_TAG: "8.14.0-SNAPSHOT" - CI_ELASTIC_AGENT_DOCKER_IMAGE: "704479110758.dkr.ecr.eu-west-2.amazonaws.com/elastic-agent" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - Lint: - if: ${{ false }} - # for more information see .pre-commit-config.yaml - name: Pre-commit Hooks - runs-on: ubuntu-latest - timeout-minutes: 40 - steps: - # Disk cleanup - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main - with: - tool-cache: false - android: true - dotnet: true - haskell: true - large-packages: false - docker-images: true - swap-storage: true - - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Set up GO (with caching) - uses: magnetikonline/action-golang-cache@v5 - with: - go-version-file: .go-version - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Install poetry - run: | - pip3 install poetry - cd security-policies - poetry install - - - name: Pre-commit Hooks - env: - # Skipping golangci-lint as it's tested by golangci/golangci-lint-action - SKIP: golangci-lint - run: | - pre-commit run --all-files - shell: bash - - - name: Mage Check - run: mage check - - - name: Mage checkLicenseHeaders - run: mage checkLicenseHeaders - - - name: Validate mocks - run: just validate-mocks - - Build: - if: ${{ false }} - name: Build - runs-on: ubuntu-20.04 - timeout-minutes: 20 - steps: - # Disk cleanup - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main - with: - tool-cache: false - android: true - dotnet: true - haskell: true - large-packages: false - docker-images: true - swap-storage: true - - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Setup GO (with caching) - uses: magnetikonline/action-golang-cache@v5 - with: - go-version-file: .go-version - - - name: build cloudbeat binary - uses: magefile/mage-action@v3 - with: - version: latest - args: build - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Cache Build dependencies - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.workflow }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build cloudbeat-docker - uses: docker/build-push-action@v5 - with: - context: . - file: ./deploy/Dockerfile - push: false - tags: cloudbeat:latest - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Build elastic-agent - env: - BASE_IMAGE: docker.elastic.co/beats/elastic-agent:${{ env.CI_ELASTIC_AGENT_DOCKER_TAG }} - GOOS: linux - GOARCH: amd64 - run: ./scripts/packaging/docker/elastic-agent/build.sh -t ${{ env.CI_ELASTIC_AGENT_DOCKER_IMAGE }}:${{ env.CI_ELASTIC_AGENT_DOCKER_TAG }} - shell: bash - - - name: Build pytest-docker - uses: docker/build-push-action@v5 - with: - context: ./tests/. - push: false - tags: cloudbeat-test:latest - cache-from: type=local,mode=max,src=/tmp/.buildx-cache - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Cache docker images - uses: actions/cache@v4 - with: - path: /tmp/*.tar - key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} - - - name: Move cache - run: | - ./.ci/scripts/gh-cache.sh - shell: bash diff --git a/.github/workflows/cnvm-ci.yml b/.github/workflows/cnvm-ci.yml deleted file mode 100644 index 6f868f8fc3..0000000000 --- a/.github/workflows/cnvm-ci.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: CNVM-CI - -on: - pull_request_target: - branches: - - main - - "[0-9]+.[0-9]+" - types: [opened, synchronize, reopened] - -jobs: - Run-CNVM-Tests: - if: ${{ false }} - name: CNVM integration test - runs-on: ubuntu-22.04 - timeout-minutes: 15 - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.9' - - - name: Install Poetry - run: | - curl -sSL https://install.python-poetry.org | python3 - - poetry --version - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: 'us-east-2' - - - name: Build cloudbeat binary - uses: magefile/mage-action@v3 - with: - version: latest - args: build - - - name: Run Elasticsearch - uses: elastic/elastic-github-actions/elasticsearch@master - with: - stack-version: ${{ env.ELK_VERSION }} - security-enabled: false - - - name: Run cloudbeat CNVM in background - env: - ES_HOST: http://localhost:9200 - ES_USERNAME: elastic - ES_PASSWORD: changeme - run: | - ./cloudbeat -c deploy/vulnerability/cloudbeat-vuln-mgmt.yml -d '*' & - - - name: Check for vulnerabilities - working-directory: ./tests - env: - USE_K8S: false - run: | - poetry install - poetry run pytest -k "cnvm" - - - name: Print cloudbeat logs - if: always() - run: | - cat logs/cloudbeat* diff --git a/.github/workflows/gcp-ci.yml b/.github/workflows/gcp-ci.yml deleted file mode 100644 index e5baf60843..0000000000 --- a/.github/workflows/gcp-ci.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: CIS-GCP-CI - -on: - pull_request_target: - branches: - - main - - "[0-9]+.[0-9]+" - types: [opened, synchronize, reopened] - -jobs: - Run-CSPM-GCP-Tests: - if: ${{ false }} - name: CIS GCP integration test - runs-on: ubuntu-22.04 - timeout-minutes: 60 - permissions: - contents: 'read' - id-token: 'write' - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.9' - - - name: Install Poetry - run: | - curl -sSL https://install.python-poetry.org | python3 - - poetry --version - - - id: google-auth - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v2 - with: - workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} - - - name: Build cloudbeat binary - uses: magefile/mage-action@v3 - with: - version: latest - args: build - - - name: Run Elasticsearch - uses: elastic/elastic-github-actions/elasticsearch@master - with: - stack-version: ${{ env.ELK_VERSION }} - security-enabled: false - - - name: Elasticsearch disable dynamic mapping for findings - run: ./.ci/scripts/disable_dynamic_mapping.sh - - - name: Run cloudbeat in background - env: - ES_HOST: http://localhost:9200 - ES_USERNAME: elastic - ES_PASSWORD: changeme - GCP_PROJECT_ID: elastic-security-test - GCP_ACCOUNT_TYPE: single-account - run: | - ./cloudbeat -c deploy/gcp/cloudbeat-gcp.yml -d '*' & - - - name: Check for findings - working-directory: ./tests - env: - USE_K8S: false - run: | - poetry install - poetry run pytest -k "cspm_gcp" --alluredir=./allure/results/ --clean-alluredir --maxfail=4 - - - name: Print cloudbeat logs - if: always() - continue-on-error: true # Due to logs oversized this step can fail; Workflow run should not fail because of this step - run: | - cat logs/cloudbeat* diff --git a/.github/workflows/k8s-ci.yml b/.github/workflows/k8s-ci.yml deleted file mode 100644 index eec15d358f..0000000000 --- a/.github/workflows/k8s-ci.yml +++ /dev/null @@ -1,208 +0,0 @@ -name: K8s-CI - -on: - pull_request: - branches: - - main - - "[0-9]+.[0-9]+" - types: [ opened, synchronize, reopened ] - - push: - branches: - - main - - "[0-9]+.[0-9]+" - -env: - CONTAINER_SUFFIX: ${{ github.run_id }} - CI_ELASTIC_AGENT_DOCKER_TAG: "8.14.0-SNAPSHOT" - CI_ELASTIC_AGENT_DOCKER_IMAGE: "704479110758.dkr.ecr.eu-west-2.amazonaws.com/elastic-agent" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - Build: - name: Build - runs-on: ubuntu-20.04 - timeout-minutes: 40 - steps: - # Disk cleanup - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main - with: - tool-cache: false - android: true - dotnet: true - haskell: true - large-packages: false - docker-images: true - swap-storage: true - - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Setup GO (with caching) - uses: magnetikonline/action-golang-cache@v5 - with: - go-version-file: .go-version - - - name: build cloudbeat binary - uses: magefile/mage-action@v3 - with: - version: latest - args: build - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Cache Build dependencies - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.workflow }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build cloudbeat-docker - uses: docker/build-push-action@v5 - with: - context: . - file: ./deploy/Dockerfile - push: false - tags: cloudbeat:latest - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/cloudbeat-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Build elastic-agent - env: - BASE_IMAGE: docker.elastic.co/beats/elastic-agent:${{ env.CI_ELASTIC_AGENT_DOCKER_TAG }} - GOOS: linux - GOARCH: amd64 - run: ./scripts/packaging/docker/elastic-agent/build.sh -t ${{ env.CI_ELASTIC_AGENT_DOCKER_IMAGE }}:${{ env.CI_ELASTIC_AGENT_DOCKER_TAG }} - shell: bash - - - name: Build pytest-docker - uses: docker/build-push-action@v5 - with: - context: ./tests/. - push: false - tags: cloudbeat-test:latest - cache-from: type=local,mode=max,src=/tmp/.buildx-cache - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new - outputs: type=docker,dest=/tmp/pytest-${{ env.CONTAINER_SUFFIX }}.tar - - - name: Cache docker images - uses: actions/cache@v4 - with: - path: /tmp/*.tar - key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} - - - name: Move cache - run: | - ./.ci/scripts/gh-cache.sh - shell: bash - - k8s_functional_tests: - # Run only selected tests on PRs - # if: github.event_name == 'pull_request' - if: ${{ false }} - name: ${{ matrix.test-target }}-${{ matrix.kind-config }} - needs: [ Build ] - runs-on: ubuntu-22.04 - timeout-minutes: 55 - strategy: - fail-fast: false - matrix: - include: - - test-target: pre_merge - range: "" - kind-config: kind-multi - - test-target: pre_merge_agent - range: '' - values_file: tests/test_environments/values/ci-sa-agent.yml - kind-config: kind-multi - - test-target: k8s_file_system_rules - range: '' - values_file: tests/test_environments/values/ci-test-k8s-files.yml - kind-config: kind-test-files - - test-target: k8s_object_psp_rules - range: '' - values_file: tests/test_environments/values/ci-test-k8s-objects.yml - kind-config: kind-multi - - test-target: k8s_process_rules - range: '' - values_file: tests/test_environments/values/ci-test-k8s-proc-conf1.yml - kind-config: kind-test-proc-conf1 - - test-target: k8s_process_rules - range: '' - values_file: tests/test_environments/values/ci-test-k8s-proc-conf2.yml - kind-config: kind-test-proc-conf2 - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main - with: - tool-cache: false - android: true - dotnet: true - haskell: true - large-packages: false - docker-images: true - swap-storage: true - - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Prepare Kind Cluster for Process Tests - if: contains(matrix.kind-config, 'conf2') - run: | - # Workaround: Direct creation of a Kind cluster for config2 fails to start control-plane (kubelet fails) - # Creating and deleting a kind-mono cluster as a preparation for configuring Kind for process tests - just create-kind-cluster kind-mono - just delete-kind-cluster kind-mono - - - name: Create k8s Kind Cluster - run: | - just create-kind-cluster ${{ matrix.kind-config }} - - - name: Cache docker images - uses: actions/cache@v4 - with: - path: /tmp/*.tar - key: ${{ runner.os }}-dockers-cache-${{ env.CONTAINER_SUFFIX }} - - - name: Load images to kind - run: | - ./.ci/scripts/kind-images.sh ${{ env.CONTAINER_SUFFIX }} ${{ matrix.kind-config }} - shell: bash - - - name: Deploy tests Helm chart - id: deploy_helm - run: | - just deploy-tests-helm ${{ matrix.test-target }} ${{ matrix.values_file }} ${{ matrix.range }} - - - name: Deploy K8s Objects - if: contains(matrix.test-target, 'object_psp') - run: | - just apply-k8s-test-objects - - - name: Run Tests - id: run_tests - run: | - just run-tests ${{ matrix.test-target }} kind-${{ matrix.kind-config }} - - - name: Upload Test Results - if: always() - uses: actions/upload-artifact@v3 - with: - name: allure_results-${{ matrix.test-target}} - path: tests/allure/results/ - - - name: clear cache - id: clear_cache - if: always() - run: rm -rf /tmp/*-${{ env.CONTAINER_SUFFIX }}.tar diff --git a/.github/workflows/publish-test-results.yml b/.github/workflows/publish-test-results.yml deleted file mode 100644 index 465d992f33..0000000000 --- a/.github/workflows/publish-test-results.yml +++ /dev/null @@ -1,112 +0,0 @@ -name: Publish-Test-Results - -on: - workflow_run: - workflows: ["K8s-CI"] - types: - - completed - -env: - AWS_REGION: "eu-west-1" - ALLURE_S3_BUCKET: "s3://csp-allure-reports/allure_reports/cloudbeat/prs" - S3_BUCKET_ALLURE_REPORT_AP: "http://csp-allure-reports.s3.amazonaws.com/allure_reports/cloudbeat/prs" - -jobs: - publish_results: - timeout-minutes: 40 - name: Publish Results - runs-on: ubuntu-20.04 - if: github.event.workflow_run.conclusion != 'skipped' - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - permissions: - checks: write - # needed unless run with comment_mode: off - pull-requests: write - # required by download step to access artifacts API - actions: read - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Download and Extract Artifacts - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - mkdir -p tests/allure/results - mkdir -p artifacts && cd artifacts - - artifacts_url=${{ github.event.workflow_run.artifacts_url }} - - gh api "$artifacts_url" -q '.artifacts[] | [.name, .archive_download_url] | @tsv' | while read artifact - do - IFS=$'\t' read name url <<< "$artifact" - gh api $url > "$name.zip" - unzip -o "$name.zip" -d "../tests/allure/results" - done - - - name: Get pr info - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - PR_NUM=$(gh api -X GET search/issues -f q='elastic/cloudbeat is:open is:pr is:unmerged ${{ github.event.workflow_run.head_sha }}' | jq '.items[0].number' ) - echo "PR_NUMBER=$PR_NUM" - echo "PR_NUMBER=$PR_NUM" >> $GITHUB_ENV - - - name: Publish allure report - if: always() - uses: andrcuns/allure-publish-action@v2.6.0 - env: - GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - storageType: s3 - resultsGlob: "tests/allure/results" - updatePr: actions - collapseSummary: false - summary: suites - summaryTableType: markdown - copyLatest: true - bucket: csp-allure-reports - prefix: allure_reports/cloudbeat/prs/${{ env.PR_NUMBER }} - ignoreMissingResults: true - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - - name: Copy allure report json from S3 - run: | - aws s3 cp ${{ env.ALLURE_S3_BUCKET }}/${{ env.PR_NUMBER }}/history/history-trend.json . - - - name: Output to Job Summary - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - allure_result=./history-trend.json - allure_url=${{ env.S3_BUCKET_ALLURE_REPORT_AP }}/${{ env.PR_NUMBER }}/index.html - - ./.ci/scripts/allure-report-summary.sh "$allure_result" "$allure_url" - allure_summary=$(./.ci/scripts/allure-report-summary.sh "$allure_result" "$allure_url") - # posting result into job summary - echo "$allure_summary" >> $GITHUB_STEP_SUMMARY - - # saving result into env variable (with multiline handling) - echo "ALLURE_SUMMARY<> $GITHUB_ENV - echo "$allure_summary" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - - - - name: Comment test success result - uses: marocchino/sticky-pull-request-comment@v2 - if: ${{ github.event.workflow_run.event == 'pull_request' }} - with: - header: Test Results - number: ${{ env.PR_NUMBER }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - message: | - ${{ env.ALLURE_SUMMARY }} diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 23b68fc898..d3549de7be 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -18,62 +18,6 @@ concurrency: cancel-in-progress: true jobs: - unit_tests: - if: ${{ false }} - name: Unit Tests - runs-on: ubuntu-20.04 - timeout-minutes: 40 - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Set up GO (with caching) - uses: magnetikonline/action-golang-cache@v5 - with: - go-version-file: .go-version - - - name: Mage build bundle before unit tests - uses: magefile/mage-action@v3 - with: - args: buildOpaBundle - - - name: Unit-Test - run: | - go install gotest.tools/gotestsum - GOOS=linux TEST_DIRECTORY=./... gotestsum --format pkgname -- -race -coverpkg=./... -coverprofile=cover.out.tmp - cat cover.out.tmp | grep -v "mock_.*.go" > cover.out # remove mock files from coverage report - - - name: Upload coverage artifact - uses: actions/upload-artifact@v3 - with: - name: coverage-file - path: cover.out - - coverage: - if: ${{ false }} - name: Coverage report - needs: unit_tests - runs-on: ubuntu-20.04 - timeout-minutes: 10 - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Install goveralls - run: go install github.com/mattn/goveralls@latest - - - name: Download coverage artifact - uses: actions/download-artifact@v3 - with: - name: coverage-file - - - name: Send coverage - env: - COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: goveralls -coverprofile=cover.out -service=github manifest_tests: name: Manifest Tests @@ -96,42 +40,3 @@ jobs: kubeval: v0.16.1 command: | kubeval --strict -d ${{ env.K8S_MANIFEST_DIR }} --ignore-missing-schemas --ignored-filename-patterns kustomization,kind,patch,cloudbeat,cloudformation,deployment-manager --skip-kinds ClusterConfig - - golangci: - if: ${{ false }} - name: golangci-lint - runs-on: ubuntu-20.04 - timeout-minutes: 15 - steps: - - name: Check out the repo - uses: actions/checkout@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ (github.event.pull_request_target || github.event.pull_request).head.repo.full_name }} - ref: ${{ (github.event.pull_request_target || github.event.pull_request).head.sha }} - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: .go-version - cache: false - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Go linter - run: golangci-lint run --whole-files --out-format github-actions - - terraform-linter: - if: ${{ false }} - name: terraform-lint - runs-on: ubuntu-20.04 - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - - name: Init Hermit - run: ./bin/hermit env -r >> $GITHUB_ENV - - - name: Terraform fmt - run: terraform fmt -check -recursive