Merge pull request #1417 from splunk/feature/CSPL-3253 #29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Arm AL2023 Smoke Test WorkFlow | |
on: | |
push: | |
branches: | |
- develop | |
- main | |
jobs: | |
check-formating: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Check Source formatting | |
run: make fmt && if [[ $? -ne 0 ]]; then false; fi | |
- name: Lint source code | |
run: make vet && if [[ $? -ne 0 ]]; then false; fi | |
unit-tests: | |
runs-on: ubuntu-latest | |
needs: check-formating | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Install goveralls | |
run: | | |
go version | |
go install github.com/mattn/goveralls@latest | |
- name: Install Ginkgo | |
run: | | |
make setup/ginkgo | |
go mod tidy | |
- name: Run Unit Tests | |
run: make test | |
- name: Run Code Coverage | |
run: goveralls -coverprofile=coverage.out -service=circle-ci -repotoken ${{ secrets.COVERALLS_TOKEN }} | |
- name: Upload Coverage artifacts | |
uses: actions/[email protected] | |
with: | |
name: coverage.out | |
path: coverage.out | |
build-operator-image-arm-al2023: | |
runs-on: ubuntu-latest | |
needs: unit-tests | |
env: | |
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
steps: | |
- name: Set up cosign | |
uses: sigstore/cosign-installer@main | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Install Ginkgo | |
run: | | |
make setup/ginkgo | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Install Operator SDK | |
run: | | |
export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) | |
export OS=$(uname | awk '{print tolower($0)}') | |
export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }} | |
sudo curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} | |
sudo chmod +x operator-sdk_${OS}_${ARCH} | |
sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build and push Splunk Operator Image | |
run: | | |
export PLATFORMS=linux/arm64,linux/amd64 | |
export BASE_IMAGE=public.ecr.aws/amazonlinux/amazonlinux | |
export BASE_IMAGE_VERSION=2023 | |
export IMG=${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA | |
make docker-buildx PLATFORMS=$PLATFORMS BASE_IMAGE=$BASE_IMAGE BASE_IMAGE_VERSION=$BASE_IMAGE_VERSION IMG=$IMG | |
- name: Sign Splunk Operator image with a key | |
run: | | |
cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ github.sha }} | |
env: | |
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
vulnerability-scan: | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
runs-on: ubuntu-latest | |
needs: build-operator-image-arm-al2023 | |
env: | |
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
IMAGE_NAME: ${{ secrets.ECR_REPOSITORY }}/splunk/splunk-operator:${{ github.sha }} | |
steps: | |
- name: Set up cosign | |
uses: sigstore/cosign-installer@main | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Pull Splunk Operator Image Locally | |
run: | | |
docker pull ${{ env.IMAGE_NAME }} | |
- name: Verify Signed Splunk Operator image | |
run: | | |
cosign verify --key env://COSIGN_PUBLIC_KEY ${{ env.IMAGE_NAME }} | |
env: | |
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: '${{ env.IMAGE_NAME }}' | |
format: sarif | |
#exit-code: 1 | |
severity: 'CRITICAL' | |
ignore-unfixed: true | |
output: 'trivy-results.sarif' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
smoke-tests-arm-al2023: | |
needs: vulnerability-scan | |
strategy: | |
fail-fast: false | |
matrix: | |
test: [ | |
basic, | |
appframeworksS1, | |
managerappframeworkc3, | |
managerappframeworkm4, | |
managersecret, | |
managermc, | |
] | |
runs-on: ubuntu-latest | |
env: | |
CLUSTER_NODES: 1 | |
CLUSTER_WORKERS: 3 | |
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE_ARM64 }} | |
SPLUNK_ENTERPRISE_RELEASE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE_ARM64 }} | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
SPLUNK_OPERATOR_IMAGE_FILENAME: splunk-operator | |
TEST_FOCUS: "${{ matrix.test }}" | |
# This regex matches any string not containing smoke keyword | |
TEST_TO_SKIP: "^(?:[^s]+|s(?:$|[^m]|m(?:$|[^o]|o(?:$|[^k]|k(?:$|[^e])))))*$" | |
TEST_CLUSTER_PLATFORM: eks | |
EKS_VPC_PRIVATE_SUBNET_STRING: ${{ secrets.EKS_VPC_PRIVATE_SUBNET_STRING }} | |
EKS_VPC_PUBLIC_SUBNET_STRING: ${{ secrets.EKS_VPC_PUBLIC_SUBNET_STRING }} | |
TEST_BUCKET: ${{ secrets.TEST_BUCKET }} | |
TEST_INDEXES_S3_BUCKET: ${{ secrets.TEST_INDEXES_S3_BUCKET }} | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
PRIVATE_REGISTRY: ${{ secrets.ECR_REPOSITORY }} | |
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
ENTERPRISE_LICENSE_LOCATION: ${{ secrets.ENTERPRISE_LICENSE_LOCATION }} | |
EKS_SSH_PUBLIC_KEY: ${{ secrets.EKS_SSH_PUBLIC_KEY }} | |
CLUSTER_WIDE: "true" | |
DEPLOYMENT_TYPE: "" | |
ARM64: "true" | |
steps: | |
- name: Set Test Cluster Name | |
run: | | |
echo "TEST_CLUSTER_NAME=eks-integration-test-cluster-${{ matrix.test }}-$GITHUB_RUN_ID" >> $GITHUB_ENV | |
- name: Chekcout code | |
uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Change splunk enterprise to release image on main branches | |
if: github.ref == 'refs/heads/main' | |
run: | | |
echo "SPLUNK_ENTERPRISE_IMAGE=${{ steps.dotenv.outputs.SPLUNK_ENTERPRISE_RELEASE_IMAGE }}" >> $GITHUB_ENV | |
- name: Install Kubectl | |
uses: Azure/setup-kubectl@v3 | |
with: | |
version: ${{ steps.dotenv.outputs.KUBECTL_VERSION }} | |
- name: Install Python | |
uses: actions/setup-python@v2 | |
- name: Install AWS CLI | |
run: | | |
curl "${{ steps.dotenv.outputs.AWSCLI_URL}}" -o "awscliv2.zip" | |
unzip awscliv2.zip | |
sudo ./aws/install --update | |
aws --version | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Install Ginkgo | |
run: | | |
make setup/ginkgo | |
- name: Install Helm | |
run: | | |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |
chmod 700 get_helm.sh | |
./get_helm.sh | |
DESIRED_VERSION=v3.8.2 bash get_helm.sh | |
- name: Install EKS CTL | |
run: | | |
curl --silent --insecure --location "https://github.com/weaveworks/eksctl/releases/download/${{ steps.dotenv.outputs.EKSCTL_VERSION }}/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp | |
sudo mv /tmp/eksctl /usr/local/bin | |
eksctl version | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Install Operator SDK | |
run: | | |
sudo curl -L -o /usr/local/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}/operator-sdk-${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}-x86_64-linux-gnu | |
sudo chmod +x /usr/local/bin/operator-sdk | |
- name: Configure Docker Hub credentials | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN}} | |
- name: Set Splunk Operator image | |
run: | | |
echo "SPLUNK_OPERATOR_IMAGE=${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA" >> $GITHUB_ENV | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Pull Splunk Enterprise Image | |
run: docker pull ${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
- name: Create EKS cluster | |
run: | | |
export EKS_CLUSTER_K8_VERSION=${{ steps.dotenv.outputs.EKS_CLUSTER_K8_VERSION }} | |
export EKS_INSTANCE_TYPE=${{ steps.dotenv.outputs.EKS_INSTANCE_TYPE_ARM64 }} | |
make cluster-up | |
- name: install metric server | |
run: | | |
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml | |
- name: install k8s dashboard | |
run: | | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.5/aio/deploy/recommended.yaml | |
- name: Setup Kustomize | |
run: | | |
sudo snap install kustomize | |
mkdir -p ./bin | |
cp /snap/bin/kustomize ./bin/kustomize | |
- name: Run smoke test | |
id: smoketest | |
run: | | |
make int-test | |
- name: Collect Test Logs | |
if: ${{ always() }} | |
run: | | |
mkdir -p /tmp/pod_logs | |
find ./test -name "*.log" -exec cp {} /tmp/pod_logs \; | |
- name: Archive Pod Logs | |
if: ${{ always() }} | |
uses: actions/[email protected] | |
with: | |
name: "splunk-pods-logs--artifacts-${{ matrix.test }}" | |
path: "/tmp/pod_logs/**" | |
- name: Cleanup Test Case artifacts | |
if: ${{ always() }} | |
run: | | |
make cleanup | |
make clean | |
- name: Cleanup up EKS cluster | |
if: ${{ always() }} | |
run: | | |
make cluster-down |