Skip to content
Back to pull request #292

ci: improve ci and builds #1738

Sign in to view logs

ci: improve ci and builds

ci: improve ci and builds #1738

Workflow file for this run

.github/workflows/build.yml at 5791bb3
---
name: build
permissions:
# Required: allow read access to the content for analysis.
contents: read
# Optional: allow read access to pull request. Use with `only-new-issues` option.
pull-requests: read
# Optional: Allow write access to checks to allow the action to annotate code in the PR.
checks: write
on:
push:
branches:
- master
- renovate/**
paths-ignore:
- "**.md"
- "img/**"
- "test/**"
- ".gitignore"
- "docker/**"
- "helm/**"
- "renovate.json"
- ".krew.yaml"
pull_request:
branches:
- master
paths-ignore:
- "**.md"
- "img/**"
- "test/**"
- ".gitignore"
- "docker/**"
- "helm/**"
- "renovate.json"
- ".krew.yaml"
concurrency:
group: build-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/[email protected]
- name: Install go
uses: actions/[email protected]
with:
go-version-file: go.mod
- name: Ensure go.mod is already tidied
run: go mod tidy && git diff --no-patch --exit-code
- name: Run linters
uses: golangci/[email protected]
with:
# renovate: depName=golangci/golangci-lint datasource=github-releases
version: v1.57.2
args: --timeout=10m0s
install-mode: goinstall
- name: Build with Goreleaser
if: ${{ always() }}
uses: goreleaser/[email protected]
with:
# renovate: depName=goreleaser/goreleaser datasource=github-releases
version: v1.25.1
args: build --snapshot --clean --single-target
test:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/[email protected]
- name: Install go
uses: actions/[email protected]
with:
go-version-file: go.mod
- name: Set up gotestfmt
uses: gotesttools/[email protected]
with:
# Optional: pass GITHUB_TOKEN to avoid rate limiting.
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install Helm
uses: azure/[email protected]
with:
# renovate: depName=cilium/cilium-cli datasource=github-releases
version: v3.14.4
- name: Install cilium-cli
env:
# renovate: depName=cilium/cilium-cli datasource=github-releases
CILIUM_CLI_VERSION: v0.16.5
run: |
wget https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-amd64.tar.gz
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
rm cilium-linux-amd64.tar.gz
- name: kind-1 - Create cluster
uses: helm/[email protected]
with:
cluster_name: kind-1
# renovate: depName=kubernetes-sigs/kind datasource=github-releases
version: v0.22.0
config: test/kind-config.yaml
- name: kind-1 - Create metallb-system namespace
run: kubectl create namespace metallb-system --dry-run=client -oyaml | kubectl apply -f -
- name: kind-1 - Install allow-all network policies on system namespaces
run: |
kubectl -n kube-system apply -f test/netpol-allow-all.yaml
kubectl -n local-path-storage apply -f test/netpol-allow-all.yaml
kubectl -n metallb-system apply -f test/netpol-allow-all.yaml
- name: kind-1 - Install Cilium with default-deny policy
run: cilium install --set policyEnforcementMode=always
- name: kind-1 - Install MetalLB
env:
# renovate: depName=metallb datasource=helm registryUrl=https://charts.bitnami.com/bitnami
METALLB_CHART_VERSION: 6.1.2
run: |
MANIFESTS_PATH=/tmp/metallb-manifests.yaml
ADDRESS_RANGE_PREFIX=$(docker network inspect -f '{{(index .IPAM.Config 0).Subnet}}' kind | cut -d. -f1-3)
export ADDRESS_RANGE=${ADDRESS_RANGE_PREFIX}.240-${ADDRESS_RANGE_PREFIX}.255
envsubst < test/metallb-manifests.yaml > $MANIFESTS_PATH
helm repo add bitnami https://charts.bitnami.com/bitnami
helm upgrade metallb \
--install bitnami/metallb \
--namespace metallb-system \
--version ${METALLB_CHART_VERSION} \
--atomic \
--set networkPolicy.enabled=true
helm -n metallb-system get values metallb
echo "MetalLB rendered manifests:"
cat $MANIFESTS_PATH
kubectl apply -f $MANIFESTS_PATH
- name: kind-1 - Wait for all pods in the cluster to be ready
run: |
for i in $(seq 1 10); do
echo "Attempt: $i"
kubectl wait pod --for=condition=Ready --all --all-namespaces && break;
sleep 5;
done
- name: kind-2 - Create cluster
uses: helm/[email protected]
env:
KUBECONFIG: /home/runner/.kube/kind-2.yaml
with:
cluster_name: kind-2
# renovate: depName=kubernetes-sigs/kind datasource=github-releases
version: v0.22.0
config: test/kind-config.yaml
- name: kind-2 - Install allow-all network policies on system namespaces
env:
KUBECONFIG: /home/runner/.kube/kind-2.yaml
run: |
kubectl -n kube-system apply -f test/netpol-allow-all.yaml
kubectl -n local-path-storage apply -f test/netpol-allow-all.yaml
- name: kind-2 - Install Cilium with default-deny policy
env:
KUBECONFIG: /home/runner/.kube/kind-2.yaml
run: cilium install --set policyEnforcementMode=always
- name: kind-2 - Wait for all pods in the cluster to be ready
env:
KUBECONFIG: /home/runner/.kube/kind-2.yaml
run: |
for i in $(seq 1 10); do
echo "Attempt: $i"
kubectl wait pod --for=condition=Ready --all --all-namespaces && break;
sleep 5;
done
- name: Run tests
env:
PVMIG_TEST_EXTRA_KUBECONFIG: /home/runner/.kube/kind-2.yaml
run: |
set -euo pipefail
go test -json -v -tags integration -race -coverpkg=./... \
-coverprofile=coverage.txt -covermode=atomic -timeout 20m -v ./... 2>&1 \
| tee /tmp/gotest.log \
| gotestfmt
- name: Send coverage
uses: codecov/[email protected]
with:
files: coverage.txt
# Upload the original test log to the artifacts
- name: Upload test log
uses: actions/upload-artifact@v4
if: always()
with:
name: test-log
path: /tmp/gotest.log
if-no-files-found: error