Merge pull request openshift#33 from openshift-cloud-team/rebase-bot-…

…main OCPCLOUD-2721: Merge https://github.com/nutanix-cloud-native/cloud-provider-nutanix:main (efef4e5) into main
yanhua121 · Sep 30, 2024 · d9fe8f3 · d9fe8f3
2 parents 0be97cc + 150c5df
commit d9fe8f3
Show file tree

Hide file tree

Showing 5,681 changed files with 514,617 additions and 189,085 deletions.
diff --git a/.github/workflows/build-dev.yaml b/.github/workflows/build-dev.yaml
@@ -4,21 +4,24 @@ on:
     branches:
       - main
       - 'release-*'
-  pull_request:
+  pull_request_target:
 jobs:
   build-container:
     runs-on: ubuntu-latest
     env:
       EXPORT_RESULT: true
     steps:
-      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
-
-      - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
-
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
 
-      - uses: actions/cache@v3
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@v0.11.0
+        with:
+          enable-cache: "true"
+
+      - uses: actions/cache@v4
         with:
           path: |
             ~/.cache/golangci-lint
@@ -28,12 +31,6 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-go-
 
-      - name: Install devbox
-        run: curl -fsSL https://get.jetpack.io/devbox | bash -s -- -f
-
-      - name: Install devbox deps
-        run: devbox install
-
       - name: Test build
         run: devbox run -- make build
 
@@ -49,19 +46,32 @@ jobs:
         run: devbox run -- make coverage
 
       - name: Codecov
-        uses: codecov/codecov-action@v3.1.4
+        uses: codecov/codecov-action@v4.5.0
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         with:
           file: ./coverage.xml  # Replace with the path to your coverage report
           fail_ci_if_error: true
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           scan-type: "fs"
           ignore-unfixed: true
           format: "table"
           exit-code: "1"
           vuln-type: "os,library"
           severity: "CRITICAL,HIGH"
+  e2e:
+    strategy:
+      matrix:
+        e2e-labels:
+          - "capx"
+      fail-fast: false
+    uses: ./.github/workflows/e2e.yaml
+    with:
+      e2e-labels: ${{ matrix.e2e-labels }}
+    secrets: inherit
+    permissions:
+      contents: read
+      checks: write
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -0,0 +1,66 @@
+on:
+  workflow_call:
+    inputs:
+      e2e-labels:
+        description: Labels to filter e2e tests
+        type: string
+        required: true
+
+jobs:
+  e2e-test:
+    runs-on:
+      - self-hosted-ncn-dind
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+
+      # Install nix using cachix/install-nix-action if running on ARC runners
+      # See: https://github.com/DeterminateSystems/nix-installer-action/issues/68
+      - name: Install Nix on self-hosted ARC runners
+        uses: cachix/install-nix-action@V27
+        with:
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@v0.11.0
+        with:
+          enable-cache: "false"
+          skip-nix-installation: "true"
+
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/golangci-lint
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Get Control Plane endpoint IP
+        id: get-control-plane-endpoint-ip
+        run: |
+          export CONTROL_PLANE_ENDPOINT_RANGE_START="${{ vars.CONTROL_PLANE_ENDPOINT_RANGE_START }}"
+          export CONTROL_PLANE_ENDPOINT_RANGE_END="${{ vars.CONTROL_PLANE_ENDPOINT_RANGE_END }}"
+          control_plane_endpoint_ip="$(devbox run -- make nutanix-cp-endpoint-ip)"
+          echo "control_plane_endpoint_ip=${control_plane_endpoint_ip}" >> "${GITHUB_OUTPUT}"
+
+      - name: Check Control Plane endpoint IP
+        run: |
+          if [[ -z "${{ steps.get-control-plane-endpoint-ip.outputs.control_plane_endpoint_ip }}" ]]; then
+            echo "control_plane_endpoint_ip is empty; cannot proceed with e2e tests"
+            exit 1
+          fi
+
+      - name: Test build
+        run: devbox run -- make test-e2e LABEL_FILTERS='${{ inputs.e2e-labels }}'
+        env:
+          NUTANIX_USER: ${{ secrets.NUTANIX_USER }}
+          NUTANIX_PASSWORD: ${{ secrets.NUTANIX_PASSWORD }}
+          NUTANIX_ENDPOINT: ${{ secrets.NUTANIX_ENDPOINT }}
+          NUTANIX_PRISM_ELEMENT_CLUSTER_NAME: ${{ vars.NUTANIX_PRISM_ELEMENT_CLUSTER_NAME }}
+          NUTANIX_SUBNET_NAME: ${{ vars.NUTANIX_SUBNET_NAME }}
+          LOCAL_IMAGE_REGISTRY: ${{ secrets.LOCAL_IMAGE_REGISTRY }}
+          CONTROL_PLANE_ENDPOINT_IP: ${{ steps.get-control-plane-endpoint-ip.outputs.control_plane_endpoint_ip }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -66,7 +66,7 @@ jobs:
           echo "|Nutanix Cloud Provider|[$NEW_IMG]($NEW_IMG)|" >> ${{ github.workspace }}-CHANGELOG.txt
 
       - name: Create release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           draft: false
           prerelease: false

diff --git a/.github/workflows/synopsys.yaml b/.github/workflows/synopsys.yaml
@@ -1,6 +1,6 @@
 name: Black Duck Policy Check
 on:
-  pull_request:
+  pull_request_target:
   push:
     branches:
       - main
@@ -13,6 +13,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
 
       - name: Install devbox
         run: curl -fsSL https://get.jetpack.io/devbox | bash -s -- -f

diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml
@@ -39,7 +39,7 @@ jobs:
           devbox run -- ko build -B -t ${{ github.sha }} --platform=$PLATFORMS .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: "ko.local/${{ env.REPOSITORY_NAME }}:${{ github.sha }}"
           format: "sarif"

diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 VERSION = $(shell git describe --tags --always --dirty)
 REPO_ROOT := $(shell git rev-parse --show-toplevel)
 ARTIFACTS ?= ${REPO_ROOT}/_artifacts
-PLATFORMS ?= linux/amd64 
+PLATFORMS ?= linux/amd64
 
 EXPORT_RESULT?=false # for CI please set EXPORT_RESULT to true
 
@@ -98,6 +98,15 @@ test-e2e: docker-push ## Run the e2e tests
 		-e2e.artifacts-folder="$(ARTIFACTS)" \
 		-e2e.config="$(E2E_CONF_FILE)" \
 
+##@ Development
+
+## --------------------------------------
+## Dev
+## --------------------------------------
+
+.PHONY: nutanix-cp-endpoint-ip
+nutanix-cp-endpoint-ip: ## Gets a random free IP from the control plane endpoint range set in the environment.
+	@shuf --head-count=1 < <(fping -g -u "$(CONTROL_PLANE_ENDPOINT_RANGE_START)" "$(CONTROL_PLANE_ENDPOINT_RANGE_END)")
 
 ##@ Deployment
 

diff --git a/devbox.json b/devbox.json
@@ -1,13 +1,17 @@
 {
   "packages": [
     "bash@latest",
-    "envsubst@1.4.2",
-    "gnumake@4.4.1",
-    "ginkgo@2.19.0",
-    "go@1.22.2",
-    "gotestsum@1.6.4",
-    "kind@0.22.0",
-    "ko@0.15.2",
+    "coreutils@latest",
+    "clusterctl@latest",
+    "envsubst@latest",
+    "fping@latest",
+    "gnumake@latest",
+    "ginkgo@latest",
+    "go@latest",
+    "gotestsum@latest",
+    "kind@latest",
+    "ko@latest",
+    "kubectl@latest",
     "path:./hack/flakes#go-mod-upgrade",
     "path:./hack/flakes#go-junit-report",
     "path:./hack/flakes#gocov",