Fix GitHub bootstrap for repositories with custom properties #2016
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: e2e-bootstrap | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ 'main', 'release/**' ] | |
pull_request: | |
branches: [ 'main', 'release/**' ] | |
paths-ignore: [ 'docs/**', 'rfcs/**' ] | |
permissions: | |
contents: read | |
jobs: | |
e2e-boostrap-github: | |
runs-on: ubuntu-latest | |
if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Setup Go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 1.23.x | |
cache-dependency-path: | | |
**/go.sum | |
**/go.mod | |
- name: Setup Kubernetes | |
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 | |
with: | |
version: v0.22.0 | |
cluster_name: kind | |
# The versions below should target the newest Kubernetes version | |
# Keep this up-to-date with https://endoflife.date/kubernetes | |
node_image: ghcr.io/fluxcd/kindest/node:v1.30.0-amd64 | |
kubectl_version: v1.30.0 | |
- name: Setup Kustomize | |
uses: fluxcd/pkg/actions/kustomize@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main | |
- name: Setup yq | |
uses: fluxcd/pkg/actions/yq@e40e7ed2bc31c6b6e36d263b6299e5082d9fef12 # main | |
- name: Build | |
run: make build-dev | |
- name: Set outputs | |
id: vars | |
run: | | |
REPOSITORY_NAME=${{ github.event.repository.name }} | |
BRANCH_NAME=${GITHUB_REF##*/} | |
COMMIT_SHA=$(git rev-parse HEAD) | |
PSEUDO_RAND_SUFFIX=$(echo "${BRANCH_NAME}-${COMMIT_SHA}" | shasum | awk '{print $1}') | |
TEST_REPO_NAME="${REPOSITORY_NAME}-${PSEUDO_RAND_SUFFIX}" | |
echo "test_repo_name=$TEST_REPO_NAME" >> $GITHUB_OUTPUT | |
- name: bootstrap init | |
run: | | |
./bin/flux bootstrap github --manifests ./manifests/install/ \ | |
--owner=fluxcd-testing \ | |
--image-pull-secret=ghcr-auth \ | |
--registry-creds=fluxcd:$GITHUB_TOKEN \ | |
--repository=${{ steps.vars.outputs.test_repo_name }} \ | |
--branch=main \ | |
--path=test-cluster \ | |
--team=team-z | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }} | |
- name: verify image pull secret | |
run: | | |
kubectl -n flux-system get secret ghcr-auth | grep dockerconfigjson | |
- name: bootstrap no-op | |
run: | | |
./bin/flux bootstrap github --manifests ./manifests/install/ \ | |
--owner=fluxcd-testing \ | |
--image-pull-secret=ghcr-auth \ | |
--repository=${{ steps.vars.outputs.test_repo_name }} \ | |
--branch=main \ | |
--path=test-cluster \ | |
--team=team-z | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }} | |
- name: bootstrap customize | |
run: | | |
make setup-bootstrap-patch | |
./bin/flux bootstrap github --manifests ./manifests/install/ \ | |
--owner=fluxcd-testing \ | |
--repository=${{ steps.vars.outputs.test_repo_name }} \ | |
--branch=main \ | |
--path=test-cluster \ | |
--team=team-z | |
if [ $(kubectl get deployments.apps source-controller -o jsonpath='{.spec.template.spec.securityContext.runAsUser}') != "10000" ]; then | |
echo "Bootstrap not customized as controller is not running as user 10000" && exit 1 | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }} | |
GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }} | |
GITHUB_ORG_NAME: fluxcd-testing | |
- name: uninstall | |
run: | | |
./bin/flux uninstall -s --keep-namespace | |
kubectl delete ns flux-system --timeout=10m --wait=true | |
- name: test image automation | |
run: | | |
make setup-image-automation | |
./bin/flux bootstrap github --manifests ./manifests/install/ \ | |
--owner=fluxcd-testing \ | |
--repository=${{ steps.vars.outputs.test_repo_name }} \ | |
--branch=main \ | |
--path=test-cluster \ | |
--read-write-key | |
./bin/flux reconcile image repository podinfo | |
./bin/flux reconcile image update flux-system | |
./bin/flux get images all | |
kubectl -n flux-system get -o yaml ImageUpdateAutomation flux-system | \ | |
yq '.status.lastPushCommit | length > 1' | grep 'true' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }} | |
GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }} | |
GITHUB_ORG_NAME: fluxcd-testing | |
- name: delete repository | |
if: ${{ always() }} | |
continue-on-error: true | |
run: | | |
gh repo delete fluxcd-testing/${{ steps.vars.outputs.test_repo_name }} --yes | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }} | |
- name: Debug failure | |
if: failure() | |
run: | | |
kubectl -n flux-system get all | |
kubectl -n flux-system logs deploy/source-controller | |
kubectl -n flux-system logs deploy/kustomize-controller |