Skip to content

chore: Revisit RBAC permissions to remove not needed permissions #11574

chore: Revisit RBAC permissions to remove not needed permissions

chore: Revisit RBAC permissions to remove not needed permissions #11574

Workflow file for this run

name: pr-e2e-tests
on:
issue_comment:
types: [created]
env:
E2E_CHECK_NAME: e2e tests
jobs:
triage:
runs-on: ubuntu-latest
name: Comment evaluate
outputs:
run-e2e: ${{ startsWith(github.event.comment.body,'/run-e2e') && steps.checkUserMember.outputs.isTeamMember == 'true' }}
pr_num: ${{ steps.parser.outputs.pr_num }}
image_tag: "pr-${{ steps.parser.outputs.pr_num }}-${{ steps.parser.outputs.commit_sha }}"
commit_sha: ${{ steps.parser.outputs.commit_sha }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- uses: tspascoal/get-user-teams-membership@v2
id: checkUserMember
with:
username: ${{ github.actor }}
team: 'keda-e2e-test-executors'
GITHUB_TOKEN: ${{ secrets.GH_CHECKING_USER_AUTH }}
- name: Update comment with the execution url
if: ${{ startsWith(github.event.comment.body,'/run-e2e') && steps.checkUserMember.outputs.isTeamMember == 'true' }}
uses: peter-evans/create-or-update-comment@v2
with:
comment-id: ${{ github.event.comment.id }}
body: |
**Update:** You can check the progress [here](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}})
reactions: rocket
- name: Add label to skip e2e test
if: ${{ startsWith(github.event.comment.body,'/skip-e2e') && steps.checkUserMember.outputs.isTeamMember == 'true' }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
with:
github-token: ${{ secrets.GH_AUTOMATION_PAT }}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ["skip-e2e"]
})
- name: Parse git info
if: ${{ startsWith(github.event.comment.body,'/run-e2e') && steps.checkUserMember.outputs.isTeamMember == 'true' }}
id: parser
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Get PR number
PR_URL="${{ github.event.issue.pull_request.url }}"
PR_NUM=${PR_URL##*/}
echo "Checking out from PR #$PR_NUM based on URL: $PR_URL"
echo "pr_num=$PR_NUM" >> $GITHUB_OUTPUT
# Get commit SHA
git config --global --add safe.directory "$GITHUB_WORKSPACE"
gh pr checkout $PR_NUM
SHA=$(git log -n 1 --pretty=format:"%H")
echo "commit_sha=$SHA" >> $GITHUB_OUTPUT
build-test-images:
needs: triage
runs-on: ubuntu-latest
name: Build images
container: ghcr.io/kedacore/keda-tools:1.21.5
if: needs.triage.outputs.run-e2e == 'true'
steps:
- name: Set status in-progress
uses: LouisBrunner/checks-action@v1.6.2
with:
token: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ needs.triage.outputs.commit_sha }}
name: ${{ env.E2E_CHECK_NAME }}
status: in_progress
details_url: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Register workspace path
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Checkout Pull Request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
id: checkout
run: |
gh pr checkout ${{ needs.triage.outputs.pr_num }}
git checkout ${{ needs.triage.outputs.commit_sha }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
# Username used to log in to a Docker registry. If not set then no login will occur
username: ${{ github.repository_owner }}
# Password or personal access token used to log in to a Docker registry. If not set then no login will occur
password: ${{ secrets.GHCR_AUTH_PAT }}
# Server address of Docker registry. If not set then will default to Docker Hub
registry: ghcr.io
- name: Publish on GitHub Container Registry
run: make publish
env:
E2E_IMAGE_TAG: ${{ needs.triage.outputs.image_tag }}
run-test:
needs: [triage, build-test-images]
runs-on: e2e
name: Execute e2e tests
container: ghcr.io/kedacore/keda-tools:1.21.5
if: needs.triage.outputs.run-e2e == 'true'
steps:
- name: Set status in-progress
uses: LouisBrunner/checks-action@v1.6.2
with:
token: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ needs.triage.outputs.commit_sha }}
name: ${{ env.E2E_CHECK_NAME }}
status: in_progress
details_url: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Register workspace path
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Checkout Pull Request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
id: checkout
run: |
gh pr checkout ${{ needs.triage.outputs.pr_num }}
git checkout ${{ needs.triage.outputs.commit_sha }}
- uses: oNaiPs/secrets-to-env-action@v1
with:
secrets: ${{ toJSON(secrets) }}
- name: Scale cluster
run: make scale-node-pool
env:
NODE_POOL_SIZE: 2
TEST_CLUSTER_NAME: keda-e2e-cluster-pr
- name: Run end to end tests
continue-on-error: true
id: test
env:
AWS_RUN_IDENTITY_TESTS: true
AZURE_RUN_AAD_POD_IDENTITY_TESTS: true
AZURE_RUN_WORKLOAD_IDENTITY_TESTS: true
GCP_RUN_IDENTITY_TESTS: true
E2E_IMAGE_TAG: ${{ needs.triage.outputs.image_tag }}
TEST_CLUSTER_NAME: keda-e2e-cluster-pr
COMMENT_BODY: ${{ github.event.comment.body }}
run: |
MESSAGE="$COMMENT_BODY"
REGEX='/run-e2e (.+)'
if [[ "$MESSAGE" =~ $REGEX ]]
then
export E2E_TEST_REGEX="$(echo ${BASH_REMATCH[1]} | head -1)"
fi
echo "${{ needs.triage.outputs.pr_num }}"
make e2e-test
- name: Delete all e2e related namespaces
if: ${{ always() }}
run: make e2e-test-clean
env:
TEST_CLUSTER_NAME: keda-e2e-cluster-pr
- name: Scale cluster
if: ${{ always() }}
run: make scale-node-pool
env:
NODE_POOL_SIZE: 1
TEST_CLUSTER_NAME: keda-e2e-cluster-pr
- name: React to comment with success
uses: dkershner6/reaction-action@v1
if: steps.test.outcome == 'success'
with:
token: ${{ secrets.GITHUB_TOKEN }}
commentId: ${{ github.event.comment.id }}
reaction: "+1"
- name: Set status success
uses: LouisBrunner/checks-action@v1.6.2
if: steps.test.outcome == 'success'
with:
token: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ needs.triage.outputs.commit_sha }}
name: ${{ env.E2E_CHECK_NAME }}
conclusion: success
details_url: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
- name: React to comment with failure
uses: dkershner6/reaction-action@v1
if: steps.test.outcome != 'success'
with:
token: ${{ secrets.GITHUB_TOKEN }}
commentId: ${{ github.event.comment.id }}
reaction: "-1"
- name: Set status failure
uses: LouisBrunner/checks-action@v1.6.2
if: steps.test.outcome != 'success'
with:
token: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ needs.triage.outputs.commit_sha }}
name: ${{ env.E2E_CHECK_NAME }}
conclusion: failure
details_url: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
- name: Upload test logs
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
with:
name: e2e-test-logs
path: '${{ github.workspace }}/tests/**/*.log'
if-no-files-found: ignore