Support hybrid nodes with different attestors or config #978
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Helm Chart CI | |
on: | |
workflow_dispatch: | |
pull_request: | |
types: [synchronize, opened, reopened] | |
paths: | |
- 'charts/**' | |
- '.github/workflows/helm-chart-ci.yaml' | |
- '.github/kind/conf/kind-config.yaml' | |
- '.github/tests/**/*.yaml' | |
- '.github/tests/**/*.sh' | |
- '.github/tests/**/*.json' | |
- 'examples/**/*.yaml' | |
- 'examples/**/*.sh' | |
- 'tests/**/*' | |
- 'helm-docs.sh' | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
HELM_VERSION: v3.12.0 | |
PYTHON_VERSION: 3.11.3 | |
KIND_VERSION: v0.19.0 | |
CHART_TESTING_VERSION: v3.8.0 | |
jobs: | |
checks: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.1.1 | |
- name: Verify Docs updated | |
run: ./helm-docs.sh | |
- name: Verify Spire appVersion | |
run: | | |
set +e | |
BASEVER=$(yq e .appVersion Chart.yaml) | |
for FILE in spiffe-oidc-discovery-provider spire-agent spire-server; do | |
VER=$(yq .appVersion charts/$FILE/Chart.yaml) | |
if [ "$VER" != "$BASEVER" ]; then | |
{ | |
echo "## Version mismatch" | |
echo | |
echo "There is a mismatch between the chart version ($BASEVER) and subchart version ($VER). The issue may be in file $FILE. Please fix." | |
} >> "$GITHUB_STEP_SUMMARY" | |
exit 1 | |
fi | |
done | |
- name: Check objects for images without overrides | |
run: | | |
set +e | |
set -o pipefail | |
# Look for image: definitions that are not templated. If we find none, exit is not 0 and we invert the error code to get the | |
# test to pass. Ignore tests for now... | |
grep -r "image:" charts/spire | grep "templates/" | grep -v 'image: {{ template "' > /tmp/findings | |
res=$? | |
if [ $res -eq 0 ]; then | |
{ | |
echo "## Hardcoded images" | |
echo | |
echo ":x: These templates were found to be using statically defined images and not overridable ones. Please fix." | |
echo | |
cat /tmp/findings | |
} >> "$GITHUB_STEP_SUMMARY" | |
exit 1 | |
fi | |
- name: Setup Go | |
uses: actions/setup-go@v5.0.0 | |
with: | |
go-version-file: tests/go.mod | |
cache-dependency-path: tests/go.sum | |
check-latest: true | |
- name: Install do dependencies | |
run: | | |
go mod download | |
go install github.com/onsi/ginkgo/v2/ginkgo@latest | |
working-directory: ./tests/unit | |
- name: Run Unit Tests | |
run: ginkgo | |
working-directory: ./tests/unit | |
lint-chart: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3.5 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Setup chart-testing | |
uses: helm/chart-testing-action@v2.6.1 | |
with: | |
version: ${{ env.CHART_TESTING_VERSION }} | |
- name: Run chart-testing (lint) | |
run: TARGET_BRANCH=${{ github.base_ref }} make lint${{ github.base_ref == 'release' && '-release' || '' }} | |
test: | |
runs-on: ubuntu-22.04 | |
needs: | |
- lint-chart | |
strategy: | |
fail-fast: false | |
matrix: | |
# Choose tags corresponding to the version of Kind being used. | |
# At a minimum, we should test the currently supported versions of | |
# Kubernetes, but can go back farther as long as we don't need heroics | |
# to pull it off (i.e. kubectl version juggling). | |
k8s: | |
- v1.28.0 | |
- v1.27.3 | |
- v1.26.6 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3.5 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Setup chart-testing | |
uses: helm/chart-testing-action@v2.6.1 | |
with: | |
version: ${{ env.CHART_TESTING_VERSION }} | |
- name: Create kind ${{ matrix.k8s }} cluster | |
uses: helm/kind-action@v1.8.0 | |
# Only build a kind cluster if there are chart changes to test. | |
with: | |
version: ${{ env.KIND_VERSION }} | |
node_image: kindest/node:${{ matrix.k8s }} | |
config: .github/kind/conf/kind-config.yaml | |
verbosity: 1 | |
- name: Setup Test dependencies | |
run: ./pre-install.sh | |
working-directory: .github/tests | |
- name: Run chart-testing (install) | |
run: | | |
helm install -n spire-server spire-crds charts/spire-crds | |
ct install --config ct.yaml --excluded-charts spire-crds \ | |
--target-branch ${{ github.base_ref }} | |
- name: Test summary | |
if: always() | |
run: ./post-install.sh | |
working-directory: .github/tests | |
build-matrix: | |
name: Build matrix | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.1.1 | |
- id: set-matrix | |
name: Collect all examples | |
run: | | |
examples="$(find examples -maxdepth 2 -type f -name run-tests.sh | xargs -I % dirname %)" | |
examples_json="$(echo "$examples" | jq -c --slurp --raw-input 'split("\n") | map(select(. != ""))')" | |
echo "${examples_json}" | |
echo "examples=$examples_json" >>"$GITHUB_OUTPUT" | |
outputs: | |
examples: ${{ steps.set-matrix.outputs.examples }} | |
example-test: | |
runs-on: ubuntu-22.04 | |
needs: | |
- lint-chart | |
- build-matrix | |
strategy: | |
fail-fast: false | |
matrix: | |
k8s: | |
- v1.28.0 | |
- v1.27.3 | |
- v1.26.6 | |
example: | |
- ${{ fromJson(needs.build-matrix.outputs.examples) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.1.1 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3.5 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Create kind cluster | |
uses: helm/kind-action@v1.8.0 | |
# Only build a kind cluster if there are chart changes to test. | |
with: | |
version: ${{ env.KIND_VERSION }} | |
node_image: kindest/node:v1.26.4 | |
config: .github/kind/conf/kind-config.yaml | |
verbosity: 1 | |
- name: Install and test example | |
run: | | |
if [ "${{ matrix.example }}" = "examples/federation" ]; then | |
kubectl create namespace spire-mgmt | |
helm install -n spire-mgmt spire-crds charts/spire-crds | |
else | |
kubectl create namespace spire-server | |
helm install -n spire-server spire-crds charts/spire-crds | |
fi | |
${{ matrix.example }}/run-tests.sh | |
upgrade-test: | |
runs-on: ubuntu-22.04 | |
needs: | |
- lint-chart | |
- build-matrix | |
strategy: | |
fail-fast: false | |
matrix: | |
k8s: | |
- v1.28.0 | |
- v1.27.3 | |
- v1.26.6 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.1.1 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3.5 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Create kind cluster | |
uses: helm/kind-action@v1.8.0 | |
# Only build a kind cluster if there are chart changes to test. | |
with: | |
version: ${{ env.KIND_VERSION }} | |
node_image: kindest/node:v1.26.4 | |
config: .github/kind/conf/kind-config.yaml | |
verbosity: 1 | |
- name: Install and test example | |
run: examples/production/run-tests.sh -u |