-
Notifications
You must be signed in to change notification settings - Fork 1.9k
144 lines (143 loc) · 4.08 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: ci
on:
- push
- pull_request
env:
golang-version: '1.18'
kind-version: 'v0.16.0'
jobs:
generate:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- macos-latest
- ubuntu-latest
name: Generate
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: actions/setup-go@v4
with:
go-version: ${{ env.golang-version }}
- run: make --always-make generate validate && git diff --exit-code
check-docs:
runs-on: ubuntu-latest
name: Check Documentation formatting and links
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: actions/setup-go@v4
with:
go-version: ${{ env.golang-version }}
- run: make check-docs
lint:
runs-on: ubuntu-latest
name: Jsonnet linter
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: actions/setup-go@v4
with:
go-version: ${{ env.golang-version }}
- run: make --always-make lint
fmt:
runs-on: ubuntu-latest
name: Jsonnet formatter
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: actions/setup-go@v4
with:
go-version: ${{ env.golang-version }}
- run: make --always-make fmt && git diff --exit-code
unit-tests:
runs-on: ubuntu-latest
name: Unit tests
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: actions/setup-go@v4
with:
go-version: ${{ env.golang-version }}
- run: make --always-make test
security-audit:
runs-on: ubuntu-latest
name: Run security analysis on manifests
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: actions/setup-go@v4
with:
go-version: ${{ env.golang-version }}
- run: make --always-make kubescape
e2e-tests:
name: E2E tests
runs-on: ubuntu-latest
strategy:
matrix:
kind-image:
- 'kindest/node:v1.25.2'
- 'kindest/node:v1.24.6'
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: actions/setup-go@v4
with:
go-version: ${{ env.golang-version }}
- name: Start KinD
uses: engineerd/setup-kind@v0.5.0
with:
version: ${{ env.kind-version }}
image: ${{ matrix.kind-image }}
wait: 10s # Without default CNI, control-plane doesn't get ready until Cilium is installed
config: .github/workflows/kind/config.yml
- name: Setup Helm
uses: azure/setup-helm@v3.5
- name: Install Cilium
run: |
helm repo add cilium https://helm.cilium.io/
helm install cilium cilium/cilium --version 1.9.13 \
--namespace kube-system \
--set nodeinit.enabled=true \
--set kubeProxyReplacement=partial \
--set hostServices.enabled=false \
--set externalIPs.enabled=true \
--set nodePort.enabled=true \
--set hostPort.enabled=true \
--set bpf.masquerade=false \
--set image.pullPolicy=IfNotPresent \
--set ipam.mode=kubernetes \
--set operator.replicas=1
- name: Wait for cluster to finish bootstraping
run: kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s
- name: Create kube-prometheus stack
run: |
kubectl create -f manifests/setup
until kubectl get servicemonitors --all-namespaces ; do date; sleep 1; echo ""; done
kubectl create -f manifests/
- name: Run tests
run: |
export KUBECONFIG="${HOME}/.kube/config"
make test-e2e
# Added to summarize the matrix and allow easy branch protection rules setup
e2e-tests-result:
name: End-to-End Test Results
if: always()
needs:
- e2e-tests
runs-on: ubuntu-latest
steps:
- name: Mark the job as a success
if: needs.e2e-tests.result == 'success'
run: exit 0
- name: Mark the job as a failure
if: needs.e2e-tests.result != 'success'
run: exit 1