Skip to content

Consolidate policy types into a spoofed type for simplified list and creation #1090

Consolidate policy types into a spoofed type for simplified list and creation

Consolidate policy types into a spoofed type for simplified list and creation #1090

Workflow file for this run

name: Playwright Tests
on:
workflow_dispatch:
inputs:
kubewarden:
description: Kubewarden version
type: choice
default: 'rc'
required: true
options:
- source
- rc
- released
rancher:
description: Rancher version
type: choice
default: 'released'
options:
- 'released' # released versions
- '~ 2.7'
- '~ 2.8'
- '~ 2.9'
- 'rc' # rc versions
- '~ 2.7-0'
- '~ 2.8-0'
- '~ 2.9-0'
k3s:
description: Kubernetes version
type: choice
default: 'v1.28.11-k3s2'
required: true
options:
- v1.26.15-k3s1
- v1.27.15-k3s2
- v1.28.11-k3s2
- v1.29.6-k3s2
- v1.30.2-k3s2
mode:
description: Installation mode
type: choice
default: 'base'
required: true
options:
- base
- fleet
- upgrade
testbase:
description: Run base tests
type: boolean
default: true
testpolicies:
description: Run policy tests
type: boolean
default: false
pull_request:
branches: main
paths:
- pkg/kubewarden/**
- package.json
workflow_run:
workflows: ["Build and Release Extension Charts"]
types:
- completed
schedule:
- cron: "0 21 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
# Github -> Secrets and variables -> Actions -> New repository variable
KUBEWARDEN: ${{ inputs.kubewarden || 'rc' }}
K3D_VERSION: # 'v5.6.3' - optionally pin version
K3S_VERSION: ${{ inputs.k3s || 'v1.28.11-k3s2' }}
K3D_CLUSTER_NAME: ${{ github.repository_owner }}-${{ github.event.repository.name }}-runner
# First value after the && must be truthy. Otherwise, the value after the || will always be returned
TESTBASE: ${{ github.event_name != 'workflow_dispatch' && true || inputs.testbase }}
TESTPOLICIES: ${{ inputs.testpolicies || false }}
# Enable QASE integration only for original repo
QASE: ${{ github.repository_owner == 'rancher' && github.event_name != 'pull_request' }}
defaults:
run:
shell: bash
jobs:
e2e:
strategy:
fail-fast: false
matrix:
rancher: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_run') && fromJSON('["2.7", "2.8"]') || fromJSON(format('["{0}"]', inputs.rancher || 'released')) }}
mode: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_run') && fromJSON('["base", "upgrade", "fleet"]') || fromJSON(format('["{0}"]', inputs.mode || 'base')) }}
exclude:
- rancher: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_run') && '2.7' }}
mode: upgrade
- rancher: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_run') && '2.7' }}
mode: fleet
# Run schedule workflows only on original repo, not forks
if: |
(github.event_name != 'schedule' || github.repository_owner == 'rancher') &&
(github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success')
runs-on: self-hosted
steps:
# ==================================================================================================
# Check out code and install requirements
# Use local kuberlr to avoid version skew
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '16'
- name: Install playwright
working-directory: tests
run: |
yarn install
yarn playwright install chromium # --with-deps not supported on opensuse
# ==================================================================================================
# Set up parameters and ENV
- name: Setup global ENV
run: |
# Override KUBEWARDEN for automated triggers
case ${{github.event_name}} in
pull_request)
KUBEWARDEN=source;;
schedule)
# Rancher 2.7 chart requires kubeVersion: < 1.28.0-0
[[ "${{ matrix.rancher }}" == "2.7" ]] && echo K3S_VERSION="v1.27.15-k3s2" | tee -a $GITHUB_ENV
KUBEWARDEN=released;;
workflow_run)
KUBEWARDEN=rc;;
esac
# KW extension is prime since 2.8.3
[[ "$KUBEWARDEN" == "source" ]] && REPO=rancher-latest || REPO=rancher-prime
# Print matrix
echo "Event: ${{github.event_name}}"
echo "Mode: ${{matrix.mode}}"
echo "Rancher: ${{matrix.rancher}}"
echo REPO="$REPO" | tee -a $GITHUB_ENV
echo KUBEWARDEN="$KUBEWARDEN" | tee -a $GITHUB_ENV
echo TESTBASE=$TESTBASE
echo TESTPOLICIES="$TESTPOLICIES" | tee -a $GITHUB_ENV
# ==================================================================================================
# Create k3d cluster and install rancher
- name: "Create kubernetes cluster"
run: |
TAG=${{ env.K3D_VERSION }} sudo --preserve-env=TAG k3d-install
k3d cluster create ${{ env.K3D_CLUSTER_NAME }} --agents 1 --image rancher/k3s:${{ env.K3S_VERSION }}
- name: Install Rancher
run: |
RANCHER_FQDN=$(k3d cluster list ${{ env.K3D_CLUSTER_NAME }} -o json | jq -r '[.[].nodes[] | select(.role == "server").IP.IP] | first').nip.io
# Wait for kube-system
for i in {1..20}; do
output=$(kubectl get pods --no-headers -o wide -n kube-system | grep -vw Completed || echo 'Fail')
grep -vE '([0-9]+)/\1 +Running' <<< $output || break
[ $i -ne 20 ] && sleep 10 || { echo "Godot: pods not running"; exit 1; }
done
# Wait for cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
kubectl wait --for=condition=Available deployment --timeout=2m -n cert-manager --all
# Translate to sematic version
[ "$RANCHER" == "rc" ] && RANCHER='*-0'
[ "$RANCHER" == "released" ] && RANCHER='*'
# Workaround for rancher 2.9 in alpha
if [ "$KUBEWARDEN" == "source" ]; then
RANCHER='~2.9-0'
fi
# Rancher PSP is based on kubernetes version
RANCHER_PSP=$(kubectl version -o json | jq -r '.serverVersion.minor <= "24"')
helm repo add --force-update rancher-latest https://releases.rancher.com/server-charts/latest
helm repo add --force-update rancher-alpha https://releases.rancher.com/server-charts/alpha
helm repo add --force-update rancher-prime https://charts.rancher.com/server-charts/prime
helm search repo $REPO/rancher ${RANCHER:+--version "$RANCHER"}
helm upgrade --install rancher $REPO/rancher --wait \
--namespace cattle-system --create-namespace \
--set hostname=$RANCHER_FQDN \
--set bootstrapPassword=sa \
--set global.cattle.psp.enabled=$RANCHER_PSP \
${RANCHER:+--version "$RANCHER"}
# Wait for rancher
for i in {1..20}; do
output=$(kubectl get pods --no-headers -o wide -n cattle-system -l app=rancher-webhook | grep -vw Completed || echo 'Wait: cattle-system')$'\n'
output+=$(kubectl get pods --no-headers -o wide -n cattle-system | grep -vw Completed || echo 'Wait: cattle-system')$'\n'
output+=$(kubectl get pods --no-headers -o wide -n cattle-fleet-system | grep -vw Completed || echo 'Wait: cattle-fleet-system')$'\n'
grep -vE '([0-9]+)/\1 +Running|^$' <<< $output || break
[ $i -ne 20 ] && sleep 30 || { echo "Godot: pods not running"; exit 1; }
done
echo "RANCHER_FQDN=$RANCHER_FQDN" | tee -a $GITHUB_ENV
env:
RANCHER: ${{ matrix.rancher }}
# ==================================================================================================
# Setup playwright ENV and run tests
# https://rancher.github.io/dashboard/testing/e2e-test#setup-for-local-tests
- name: Build Kubewarden extension
if: env.KUBEWARDEN == 'source'
run: |
yarn install --ignore-engines
VERSION=0.0.1 yarn build-pkg kubewarden
- name: Install & Execute tests
timeout-minutes: 120
working-directory: tests
run: |
# Policy tests are hitting artifacthub rate limits
# Filter to exclude policies except those starting with random letter
EXCLUDE=$(yarn playwright test "\/90-" --reporter=list --list | grep -o 'install: .' | cut -d' ' -f2 | sort -fRu | sed 1d | paste -sd '')
EXCLUDE="90-.*install: [$EXCLUDE]"
TFILTER="\/00" # Always run installation tests
[[ "$TESTBASE" == "true" ]] && TFILTER+=" \/[1-9]" # Schedule everything else as base test
[[ "$TESTPOLICIES" != "true" ]] && GFILTER="$EXCLUDE" # Limit number of tested policies
# List tests and execute
echo yarn playwright test ${TFILTER:-} ${GFILTER:+-gv "$GFILTER"} -x
yarn playwright test ${TFILTER:-} ${GFILTER:+-gv "$GFILTER"} -x | tee qase-report.log
env:
MODE: ${{ matrix.mode }}
RANCHER_URL: https://${{ env.RANCHER_FQDN }}
ORIGIN: ${{ env.KUBEWARDEN }}
QASE_MODE: ${{ env.QASE == 'true' && 'testops' || 'off' }}
QASE_TESTOPS_API_TOKEN: ${{ secrets.QASE_APITOKEN }}
QASE_TESTOPS_RUN_TITLE: "Run[${{github.event_name}}]: UI[${{ env.KUBEWARDEN }}] - MODE[${{ matrix.mode }}] - RANCHER[${{ matrix.rancher }}] "
QASE_TESTOPS_RUN_DESCRIPTION: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
# ==================================================================================================
# QASE Integration
# Delete previous run if we have new one
- name: Delete previous QASE run
if: ${{ env.QASE == 'true' && !cancelled() && github.run_attempt > 1 }}
run: |
gh run download ${{ github.run_id }} -n QASE_RUN_ID-${{ matrix.rancher }}-${{ matrix.mode }} ||:
if [ -f QASE_RUN_ID.txt ]; then
qid=$(< QASE_RUN_ID.txt)
curl --request DELETE --url https://api.qase.io/v1/run/KUBEWARDEN/$qid --header 'Token: ${{secrets.QASE_APITOKEN_MKRAVEC}}' --header 'accept: application/json'
fi
env:
GH_TOKEN: ${{ github.token }}
# Delete current run if it was canceled
- name: Find current QASE run
if: ${{ env.QASE == 'true' && always() && hashFiles('tests/qase-report.log') != '' }}
run: |
grep -Eom1 'qase:.* [Rr]un.* [0-9]+' tests/qase-report.log | awk '{print $NF}' | tee QASE_RUN_ID.txt
- name: Delete current QASE run if job was canceled
if: ${{ env.QASE == 'true' && cancelled() && hashFiles('tests/qase-report.log') != '' }}
run: |
qid=$(< QASE_RUN_ID.txt)
curl --request DELETE --url https://api.qase.io/v1/run/KUBEWARDEN/$qid --header 'Token: ${{secrets.QASE_APITOKEN_MKRAVEC}}' --header 'accept: application/json'
# Set current run ID
- name: Upload current QASE_RUN_ID
if: ${{ env.QASE == 'true' && !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: QASE_RUN_ID-${{ matrix.rancher }}-${{ matrix.mode }}
path: QASE_RUN_ID.txt
overwrite: true
if-no-files-found: ignore
# ==================================================================================================
# Artifacts & Summary
- uses: actions/upload-artifact@v4
if: always()
with:
name: playwright-report-${{ matrix.rancher }}-${{ matrix.mode }}
path: tests/playwright-report/
retention-days: 15
- name: Clean Up
if: always()
run: |
k3d cluster delete ${{ env.K3D_CLUSTER_NAME }}