DEVOPS-2178 add Wallarm Node group 4.8 #597
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: ['main'] | |
| types: ['opened', 'reopened', 'synchronize'] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| changes: | |
| name: Changes | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| base: ${{ steps.filter.outputs.base }} | |
| go: ${{ steps.filter.outputs.go }} | |
| helm: ${{ steps.filter.outputs.helm }} | |
| runner: ${{ steps.runner.outputs.type }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.0.2 | |
| - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 | |
| id: filter | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| filters: | | |
| base: | |
| - 'NGINX_BASE' | |
| go: | |
| - '**/*.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'rootfs/**/*' | |
| - 'TAG' | |
| - 'test/e2e/**/*' | |
| - 'NGINX_BASE' | |
| helm: | |
| - 'charts/ingress-nginx/Chart.yaml' | |
| - 'charts/ingress-nginx/**/*' | |
| - name: Prepare runner type | |
| id: runner | |
| run: | | |
| RUNNER="self-hosted-4cpu" | |
| if [ ${{ steps.filter.outputs.base }} == 'true' ]; then | |
| RUNNER="self-hosted-32cpu" | |
| fi | |
| echo "Runner: ${RUNNER}" | |
| echo "type=${RUNNER}" >> $GITHUB_OUTPUT | |
| build: | |
| name: Build images | |
| runs-on: ${{ needs.changes.outputs.runner }} | |
| if: | | |
| (needs.changes.outputs.base == 'true' || needs.changes.outputs.go == 'true' || needs.changes.outputs.helm == 'true') | |
| needs: | |
| - changes | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@cb841f2c86fb6d07cff94fda240828c1abc5ba43 # v2.7.3 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| secrets: kv-gitlab-ci/data/github/shared/node-repo-key key | NODE_REPO_KEY | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.0.2 | |
| - name: Setup Docker Buildx | |
| if: needs.changes.outputs.base == 'true' | |
| uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.0.0 | |
| with: | |
| version: latest | |
| use: false | |
| - name: Build base image | |
| if: needs.changes.outputs.base == 'true' | |
| run: | | |
| eval $(ssh-agent -s) | |
| echo "${{ steps.secrets.outputs.NODE_REPO_KEY }}" | tr -d '\r' | ssh-add - | |
| make -C images/nginx OUTPUT=--load build | |
| docker save -o base.tar $(cat NGINX_BASE) | |
| - name: Build controller images | |
| env: | |
| ARCH: amd64 | |
| REGISTRY: wallarm | |
| TAG: 1.0.0-dev | |
| USER: runner | |
| run: | | |
| echo "Building controller images ..." | |
| make clean-image build image image-chroot | |
| echo "Building E2E image ..." | |
| make -C test/e2e-image image | |
| docker save -o controller.tar \ | |
| wallarm/ingress-controller:1.0.0-dev \ | |
| wallarm/ingress-controller-chroot:1.0.0-dev \ | |
| nginx-ingress-controller:e2e | |
| - name: Cache controller images | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce | |
| with: | |
| retention-days: 1 | |
| name: controller.tar | |
| path: controller.tar | |
| - name: Cache base image | |
| if: needs.changes.outputs.base == 'true' | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce | |
| with: | |
| retention-days: 1 | |
| name: base.tar | |
| path: base.tar | |
| smoke: | |
| name: Smoke | |
| runs-on: self-hosted-2cpu | |
| needs: | |
| - build | |
| - changes | |
| if: | | |
| (needs.changes.outputs.helm == 'true' || needs.changes.outputs.go == 'true') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| k8s: [v1.23.13, v1.24.12, v1.25.8, v1.26.3, v1.27.1] | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@cb841f2c86fb6d07cff94fda240828c1abc5ba43 # v2.7.3 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| secrets: | | |
| kv-gitlab-ci/data/github/ingress api_token ; | |
| kv-gitlab-ci/data/github/ingress user_secret ; | |
| kv-gitlab-ci/data/github/ingress user_uuid ; | |
| kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_name ; | |
| kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ; | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.0.2 | |
| - name: Load cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller.tar | |
| - name: Load images | |
| run: docker load -i controller.tar | |
| - name: Create cluster | |
| run: kind create cluster --image=kindest/node:${{ matrix.k8s }} | |
| - name: Run smoke tests | |
| env: | |
| ARCH: amd64 | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_IMAGE_CREATION: true | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| USER_UUID: ${{ steps.secrets.outputs.user_uuid }} | |
| USER_SECRET: ${{ steps.secrets.outputs.user_secret }} | |
| SMOKE_REGISTRY_TOKEN: ${{ steps.secrets.outputs.token_name }} | |
| SMOKE_REGISTRY_SECRET: ${{ steps.secrets.outputs.token_secret }} | |
| CLIENT_ID: 4 | |
| run: | | |
| kind get kubeconfig > $HOME/.kube/kind-config-kind | |
| export KUBECONFIG=$HOME/.kube/kind-config-kind | |
| make kind-smoke-test | |
| chart-testing: | |
| name: Chart testing | |
| runs-on: self-hosted-2cpu | |
| needs: | |
| - build | |
| - changes | |
| if: needs.changes.outputs.helm == 'true' | |
| strategy: | |
| matrix: | |
| # "upgrade" is disabled, there is an issue with this mode if values.yaml changed https://github.com/helm/chart-testing/issues/525 | |
| method: [ "install" ] | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@cb841f2c86fb6d07cff94fda240828c1abc5ba43 # v2.7.3 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| secrets: kv-gitlab-ci/data/github/ingress api_token | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Load cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller.tar | |
| - name: Load images | |
| run: docker load -i controller.tar | |
| - name: Create cluster | |
| run: kind create cluster --image=kindest/node:v1.25.8 --config test/e2e/kind.yaml | |
| - name: Run chart testing ${{ matrix.method }} | |
| env: | |
| ARCH: amd64 | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_IMAGE_CREATION: true | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| CT_MODE: ${{ matrix.method }} | |
| run: | | |
| kind get kubeconfig > $HOME/.kube/kind-config-kind | |
| export KUBECONFIG=$HOME/.kube/kind-config-kind | |
| make kind-e2e-chart-tests | |
| e2e: | |
| name: E2E | |
| runs-on: self-hosted-4cpu | |
| needs: | |
| - build | |
| - changes | |
| if: needs.changes.outputs.go == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.0.2 | |
| - name: Load base build cache | |
| if: needs.changes.outputs.base == 'true' | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: base.tar | |
| - name: Load base image | |
| if: needs.changes.outputs.base == 'true' | |
| run: docker load -i base.tar | |
| - name: Load controller build cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller.tar | |
| - name: Load controller images | |
| run: docker load -i controller.tar | |
| - name: Create cluster | |
| run: kind create cluster --image=kindest/node:v1.25.8 --config test/e2e/kind.yaml | |
| - name: Run e2e tests | |
| env: | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_INGRESS_IMAGE_CREATION: true | |
| SKIP_E2E_IMAGE_CREATION: true | |
| ARCH: amd64 | |
| run: | | |
| kind get kubeconfig > $HOME/.kube/kind-config-kind | |
| make kind-e2e-test | |
| e2e-wallarm: | |
| name: E2E - Wallarm | |
| runs-on: self-hosted-4cpu | |
| needs: | |
| - changes | |
| - build | |
| if: needs.changes.outputs.go == 'true' | |
| strategy: | |
| matrix: | |
| k8s: [v1.24.12, v1.25.8, v1.26.3, v1.27.1] | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@cb841f2c86fb6d07cff94fda240828c1abc5ba43 # v2.7.3 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| secrets: kv-gitlab-ci/data/github/ingress api_token | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.0.2 | |
| - name: Load base build cache | |
| if: needs.changes.outputs.base == 'true' | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: base.tar | |
| - name: Load base image | |
| if: needs.changes.outputs.base == 'true' | |
| run: docker load -i base.tar | |
| - name: Load controller build cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller.tar | |
| - name: Load controller images | |
| run: docker load -i controller.tar | |
| - name: Create cluster ${{ matrix.k8s }} | |
| run: kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml | |
| - name: Run e2e tests | |
| env: | |
| ARCH: amd64 | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_INGRESS_IMAGE_CREATION: true | |
| SKIP_E2E_IMAGE_CREATION: true | |
| WALLARM_ENABLED: true | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| run: | | |
| kind get kubeconfig > $HOME/.kube/kind-config-kind | |
| make E2E_NODES=5 kind-e2e-test | |
| scan: | |
| name: Scan images | |
| runs-on: self-hosted-1cpu | |
| continue-on-error: true | |
| needs: | |
| - changes | |
| - build | |
| if: | | |
| (needs.changes.outputs.base == 'true' || needs.changes.outputs.go == 'true') | |
| steps: | |
| - name: Load controller build cache | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
| with: | |
| name: controller.tar | |
| - name: Load controller images | |
| run: docker load -i controller.tar | |
| - name: Scan controller image | |
| uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4 | |
| with: | |
| image: "wallarm/ingress-controller:1.0.0-dev" | |
| fail-build: true | |
| output-format: 'table' | |
| severity-cutoff: 'critical' |