Kube Integration Tests (Non-root) - 11881706991 - @zmb3 #69496
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Kube Integration Tests (Non-root) | |
run-name: Kube Integration Tests (Non-root) - ${{ github.run_id }} - @${{ github.actor }} | |
on: | |
pull_request: | |
merge_group: | |
env: | |
TEST_KUBE: true | |
KUBECONFIG: /home/.kube/config | |
ALPINE_VERSION: 3.20.3 | |
jobs: | |
changes: | |
name: Check for relevant changes | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: read | |
outputs: | |
changed: ${{ steps.changes.outputs.changed }} | |
steps: | |
- name: Checkout | |
if: ${{ github.event_name == 'merge_group' }} | |
uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
id: changes | |
with: | |
base: ${{ github.event.pull_request.base.ref || github.event.merge_group.base_ref }} | |
ref: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref }} | |
filters: | | |
changed: | |
- '.github/workflows/kube-integration-tests-non-root.yaml' | |
- '**.go' | |
- 'go.mod' | |
- 'go.sum' | |
- 'build.assets/Makefile' | |
- 'build.assets/Dockerfile*' | |
- 'Makefile' | |
test: | |
name: Kube Integration Tests (Non-root) | |
needs: changes | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.changed == 'true' }} | |
runs-on: ubuntu-22.04-16core | |
permissions: | |
contents: read | |
packages: read | |
container: | |
image: ghcr.io/gravitational/teleport-buildbox:teleport17 | |
env: | |
WEBASSETS_SKIP_BUILD: 1 | |
options: --cap-add=SYS_ADMIN --privileged | |
steps: | |
- name: Checkout Teleport | |
uses: actions/checkout@v4 | |
- name: Prepare workspace | |
uses: ./.github/actions/prepare-workspace | |
- name: Chown | |
run: | | |
mkdir -p $(go env GOMODCACHE) | |
mkdir -p $(go env GOCACHE) | |
chown -Rf ci:ci ${GITHUB_WORKSPACE} $(go env GOMODCACHE) $(go env GOCACHE) | |
continue-on-error: true | |
- name: Create KinD cluster | |
uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 | |
with: | |
cluster_name: kind | |
config: fixtures/kind/config.yaml | |
# The current container where tests run isn't linked to the KinD network and | |
# we won't be able to access the KinD control plane without linking them. | |
# This step is required because our tests run in teleport-buildbox container | |
# and by default the KinD container network isn't exposed to it. | |
# Connecting the network allow us to access the control plane using DNS kind-control-plane. | |
# It also copies the default kubeconfig and places it in /home/.kube so ci user | |
# is able to access it. | |
- name: Link test container to KinD network | |
run: | | |
docker network connect kind $(cat /etc/hostname) | |
kubectl config set-cluster kind-kind --server=https://kind-control-plane:6443 | |
kubectl cluster-info | |
kubectl apply -f fixtures/ci-teleport-rbac/ci-teleport.yaml | |
cp -r $HOME/.kube /home/ | |
chown -R ci:ci /home/.kube | |
- name: Build Alpine image with webserver | |
run: | | |
export SHORT_VERSION=${ALPINE_VERSION%.*} | |
# download the alpine image | |
# store the files in the fixtures/alpine directory | |
# to avoid passing all the repository files to the docker build context. | |
cd ./fixtures/alpine | |
# download alpine minirootfs and signature | |
curl -fSsLO https://dl-cdn.alpinelinux.org/alpine/v$SHORT_VERSION/releases/x86_64/alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz | |
curl -fSsLO https://dl-cdn.alpinelinux.org/alpine/v$SHORT_VERSION/releases/x86_64/alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.asc | |
curl -fSsLO https://dl-cdn.alpinelinux.org/alpine/v$SHORT_VERSION/releases/x86_64/alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.sha256 | |
# verify the checksum | |
sha256sum -c alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.sha256 | |
# verify the signature | |
gpg --import ./alpine-ncopa.at.alpinelinux.org.asc | |
gpg --verify ./alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz.asc ./alpine-minirootfs-$ALPINE_VERSION-x86_64.tar.gz | |
# build the webserver | |
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ./webserver ./webserver.go | |
docker build -t alpine-webserver:v1 --build-arg=ALPINE_VERSION=$ALPINE_VERSION -f ./Dockerfile . | |
# load the image into the kind cluster | |
kind load docker-image alpine-webserver:v1 | |
cd - | |
- name: Run tests | |
timeout-minutes: 40 | |
run: | | |
runuser -u ci -g ci make integration-kube RDPCLIENT_SKIP_BUILD=1 |