[WIP] Cleanup Part 2 - Rewrite #2103
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR | |
on: | |
pull_request: | |
push: | |
jobs: | |
pr-short-tests: | |
name: Run short go tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: Ensure go version | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
- name: run tests | |
run: make test | |
- name: Annotate tests | |
if: always() | |
uses: guyarb/golang-test-annoations@v0.8.0 | |
with: | |
test-results: test.json | |
pr-check-docs-links: | |
name: Check docs for incorrect links | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Link Checker | |
uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 | |
env: | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
with: | |
args: --verbose --no-progress '*.md' '*.yaml' '*/*/*.go' --exclude-link-local | |
fail: true | |
# This should not be made a mandatory test | |
# It is only used to make us aware of any potential security failure, that | |
# should trigger a bump of the image in build/. | |
pr-vuln-scan: | |
name: Build image and scan it against known vulnerabilities | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Ensure go version | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Setup GoReleaser | |
run: make bootstrap-tools | |
- name: Find current tag version | |
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
id: tags | |
- name: Build image | |
run: VERSION="${{ steps.tags.outputs.sha_short }}" DH_ORG="${{ github.repository_owner }}" make image | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 | |
with: | |
image-ref: 'ghcr.io/${{ github.repository }}:${{ steps.tags.outputs.sha_short }}' | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' | |
# This ensures the latest code works with the manifests built from tree. | |
# It is useful for two things: | |
# - Test manifests changes (obviously), ensuring they don't break existing clusters | |
# - Ensure manifests work with the latest versions even with no manifest change | |
# (compared to helm charts, manifests cannot easily template changes based on versions) | |
# Helm charts are _trailing_ releases, while manifests are done during development. | |
# This test uses the "command" reboot-method. | |
e2e-manifests: | |
name: End-to-End test with kured with code and manifests from HEAD | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
testname: | |
- "TestE2EWithCommand" | |
- "TestE2EWithSignal" | |
- "TestE2EConcurrentWithCommand" | |
- "TestE2EConcurrentWithSignal" | |
kubernetes_version: | |
- "previous" | |
- "current" | |
- "next" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Ensure go version | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Setup GoReleaser | |
run: make bootstrap-tools | |
- name: Find current tag version | |
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
id: tags | |
- name: Install kind | |
uses: helm/kind-action@v1.10.0 | |
with: | |
install_only: true | |
version: v0.22.0 | |
- name: Run specific e2e tests | |
run: make e2e-test ARGS="-run ^${{ matrix.testname }}/${{ matrix.kubernetes_version }}" | |
e2e-tests-singleversion: | |
name: End-to-End test targetting a single version of kubernetes | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
testname: | |
- "TestCordonningIsKept/concurrency1" | |
- "TestCordonningIsKept/concurrency2" | |
- "TestE2EBlocker/podblocker" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Ensure go version | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Setup GoReleaser | |
run: make bootstrap-tools | |
- name: Find current tag version | |
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
id: tags | |
- name: Install kind | |
uses: helm/kind-action@v1.10.0 | |
with: | |
install_only: true | |
version: v0.22.0 | |
# Keep this until v1.31 (or superior) becomes the default kubectl version for the kind-action. | |
# It is used in podblocker shell script test to use --all-pods. | |
# If the podblocker e2e test relies on another way, this can also be removed. | |
kubectl_version: v1.31.0 | |
- name: Run specific e2e tests | |
run: make e2e-test ARGS="-run ^${{ matrix.testname }}" |