arm-Ubuntu-build-test-push-workflow.yml

name: Arm Ubuntu Smoke Test WorkFlow
on:
  push:
    branches:
      - CSPL_2920
jobs:
  check-formating:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Dotenv Action
      id: dotenv
      uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359
    - name: Setup Go
      uses: actions/setup-go@v2
      with:
        go-version: ${{ steps.dotenv.outputs.GO_VERSION }}
    - name: Check Source formatting
      run: make fmt && if [[ $? -ne 0 ]]; then false; fi
    - name: Lint source code
      run: make vet && if [[ $? -ne 0 ]]; then false; fi
  #unit-tests:
  #  runs-on: ubuntu-latest
  #  needs: check-formating
  #  steps:
  #    - uses: actions/checkout@v2
  #    - name: Dotenv Action
  #      id: dotenv
  #      uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359
  #    - name: Setup Go
  #      uses: actions/setup-go@v2
  #      with:
  #        go-version: ${{ steps.dotenv.outputs.GO_VERSION }}
  #    - name: Install goveralls
  #      run: |
  #        go version
  #        go install github.com/mattn/goveralls@latest
  #    - name: Install Ginkgo
  #      run: |
  #        make setup/ginkgo
  #        go mod tidy
  #    - name: Run Unit Tests
  #      run: make test
  #    - name: Run Code Coverage
  #      run: goveralls -coverprofile=coverage.out -service=circle-ci -repotoken ${{ secrets.COVERALLS_TOKEN }}
  #    - name: Upload Coverage artifacts
  #      uses: actions/upload-artifact@v4.4.0
  #      with:
  #        name: coverage.out
  #        path: coverage.out
  build-operator-image-arm-ubuntu:
    runs-on: ubuntu-latest
    #needs: unit-tests
    env:
      SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }}
      SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator
      ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
      S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
    steps:
    - name: Set up cosign
      uses: sigstore/cosign-installer@main

    - uses: actions/checkout@v2
    - name: Dotenv Action
      id: dotenv
      uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359
    - name: Setup Go
      uses: actions/setup-go@v2
      with:
        go-version: ${{ steps.dotenv.outputs.GO_VERSION }}
    - name: Install Ginkgo
      run: |
          make setup/ginkgo
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v2.5.0
    - name: Install Operator SDK
      run: |
        export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac)
        export OS=$(uname | awk '{print tolower($0)}')
        export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}
        sudo curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH}
        sudo chmod +x operator-sdk_${OS}_${ARCH}
        sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1
    - name: Build and push Splunk Operator Image
      run: |
        export PLATFORMS=linux/arm64,linux/amd64
        export BASE_IMAGE=ubuntu
        export BASE_IMAGE_VERSION=24.10
        export IMG=${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA
        make docker-buildx PLATFORMS=$PLATFORMS BASE_IMAGE=$BASE_IMAGE BASE_IMAGE_VERSION=$BASE_IMAGE_VERSION IMG=$IMG 
    - name: Sign Splunk Operator image with a key
      run: |
        cosign sign --yes --key env://COSIGN_PRIVATE_KEY  ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ github.sha }}
      env:
        COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
        COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
  # vulnerability-scan:
  #   permissions:
    #   actions: read
    #   contents: read
    #   security-events: write
    # runs-on: ubuntu-latest
    # needs: build-operator-image-arm-ubuntu
    # env:
    #   SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }}
    #   SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator
    #   ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
    #   S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
    #   IMAGE_NAME: ${{ secrets.ECR_REPOSITORY }}/splunk/splunk-operator:${{ github.sha }}
    # steps:
    # - name: Set up cosign
    #   uses: sigstore/cosign-installer@main
    # - uses: actions/checkout@v2
    # - name: Dotenv Action
    #   id: dotenv
    #   uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359
    # - name: Set up Docker Buildx
    #   uses: docker/setup-buildx-action@v2.5.0
    # - name: Configure AWS credentials
    #   uses: aws-actions/configure-aws-credentials@v1
    #   with:
    #     aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
    #     aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    #     aws-region: ${{ secrets.AWS_DEFAULT_REGION }}

    # - name: Login to Amazon ECR
    #   uses: aws-actions/amazon-ecr-login@v1
    # - name: Pull Splunk Operator Image Locally
    #   run: |
    #     docker pull ${{ env.IMAGE_NAME }}
    # - name: Verify Signed Splunk Operator image 
    #   run: |
    #     cosign verify --key env://COSIGN_PUBLIC_KEY  ${{ env.IMAGE_NAME }}
    #   env:
    #     COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
    # - name: Run Trivy vulnerability scanner
    #   uses: aquasecurity/trivy-action@master
    #   with:
    #     image-ref: '${{ env.IMAGE_NAME }}'
    #     format: sarif
    #     #exit-code: 1
    #     severity: 'CRITICAL'
    #     ignore-unfixed: true
    #     output: 'trivy-results.sarif'
    # - name: Upload Trivy scan results to GitHub Security tab
    #   uses: github/codeql-action/upload-sarif@v3
    #   with:
    #     sarif_file: 'trivy-results.sarif'
  smoke-tests-arm-ubuntu:
    #needs: vulnerability-scan
    needs: build-operator-image-arm-ubuntu
    strategy:
      fail-fast: false
      matrix:
        test: [
                basic,
                appframeworks1,
                managerappframeworkc3,
                managerappframeworkm4,
                managersecret,
                managermc,
               ]
    runs-on: ubuntu-latest
    env:
      CLUSTER_NODES: 1
      CLUSTER_WORKERS: 3
      SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE_ARM64 }}
      SPLUNK_ENTERPRISE_RELEASE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE_ARM64 }}
      SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator
      SPLUNK_OPERATOR_IMAGE_FILENAME: splunk-operator
      TEST_FOCUS: "${{ matrix.test }}"
      # This regex matches any string not containing smoke keyword
      TEST_TO_SKIP: "^(?:[^s]+|s(?:$|[^m]|m(?:$|[^o]|o(?:$|[^k]|k(?:$|[^e])))))*$"
      TEST_CLUSTER_PLATFORM: eks
      EKS_VPC_PRIVATE_SUBNET_STRING: ${{ secrets.EKS_VPC_PRIVATE_SUBNET_STRING }}
      EKS_VPC_PUBLIC_SUBNET_STRING: ${{ secrets.EKS_VPC_PUBLIC_SUBNET_STRING }}
      TEST_BUCKET: ${{ secrets.TEST_BUCKET }}
      TEST_INDEXES_S3_BUCKET: ${{ secrets.TEST_INDEXES_S3_BUCKET }}
      ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
      PRIVATE_REGISTRY: ${{ secrets.ECR_REPOSITORY }}
      S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
      ENTERPRISE_LICENSE_LOCATION: ${{ secrets.ENTERPRISE_LICENSE_LOCATION }}
      EKS_SSH_PUBLIC_KEY: ${{ secrets.EKS_SSH_PUBLIC_KEY }}
      CLUSTER_WIDE: "true"
      DEPLOYMENT_TYPE: ""
      ARM64: "true"
    steps:
      - name: Set Test Cluster Name
        run: |
          echo "TEST_CLUSTER_NAME=eks-integration-test-cluster-${{ matrix.test }}-$GITHUB_RUN_ID" >> $GITHUB_ENV
      - name: Chekcout code
        uses: actions/checkout@v2
      - name: Dotenv Action
        id: dotenv
        uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359
      - name: Change splunk enterprise to release image on main branches
        if: github.ref == 'refs/heads/main'
        run: |
          echo "SPLUNK_ENTERPRISE_IMAGE=${{ steps.dotenv.outputs.SPLUNK_ENTERPRISE_RELEASE_IMAGE }}" >> $GITHUB_ENV
      - name: Install Kubectl
        uses: Azure/setup-kubectl@v3
        with:
          version: ${{ steps.dotenv.outputs.KUBECTL_VERSION }}
      - name: Install Python
        uses: actions/setup-python@v2
      - name: Install AWS CLI
        run: |
          curl "${{ steps.dotenv.outputs.AWSCLI_URL}}" -o "awscliv2.zip"
          unzip awscliv2.zip
          sudo ./aws/install --update
          aws --version
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ steps.dotenv.outputs.GO_VERSION }}
      - name: Install Ginkgo
        run: |
          make setup/ginkgo
      - name: Install Helm
        run: |
          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
          chmod 700 get_helm.sh
          ./get_helm.sh
          DESIRED_VERSION=v3.8.2 bash get_helm.sh
      - name: Install EKS CTL
        run: |
          curl --silent --insecure --location "https://github.com/weaveworks/eksctl/releases/download/${{ steps.dotenv.outputs.EKSCTL_VERSION }}/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
          sudo mv /tmp/eksctl /usr/local/bin
          eksctl version
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2.5.0
      - name: Install Operator SDK
        run: |
          sudo curl -L -o /usr/local/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}/operator-sdk-${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}-x86_64-linux-gnu
          sudo chmod +x /usr/local/bin/operator-sdk
      - name: Configure Docker Hub credentials
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN}}
      - name: Set Splunk Operator image
        run: |
            echo "SPLUNK_OPERATOR_IMAGE=${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA" >> $GITHUB_ENV
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Pull Splunk Enterprise Image
        run: docker pull ${{ env.SPLUNK_ENTERPRISE_IMAGE }}
      - name: Create EKS cluster
        run: |
           export EKS_CLUSTER_K8_VERSION=${{ steps.dotenv.outputs.EKS_CLUSTER_K8_VERSION }}
           export EKS_INSTANCE_TYPE=${{ steps.dotenv.outputs.EKS_INSTANCE_TYPE_ARM64 }}
           make cluster-up
      - name: install metric server
        run: |
          kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
      - name: install k8s dashboard
        run: |
          kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.5/aio/deploy/recommended.yaml
      - name: Setup Kustomize
        run: |
          sudo snap install kustomize
          mkdir -p ./bin
          cp /snap/bin/kustomize ./bin/kustomize
      - name: Run smoke test
        id: smoketest
        run: |
          make int-test
      - name: Collect Test Logs
        if: ${{ always() }}
        run: |
          mkdir -p /tmp/pod_logs
          find ./test -name "*.log" -exec cp {} /tmp/pod_logs \;
      - name: Archive Pod Logs
        if: ${{ always() }}
        uses: actions/upload-artifact@v4.4.0
        with:
          name: "splunk-pods-logs--artifacts-${{ matrix.test }}"
          path: "/tmp/pod_logs/**"
      - name: Cleanup Test Case artifacts
        if: ${{ always() }}
        run: |
          make cleanup
          make clean
      - name: Cleanup up EKS cluster
        if: ${{ always() }}
        run: |
          make cluster-down