Skip to content

Improve of whitelisting in privileged tests #2

Improve of whitelisting in privileged tests

Improve of whitelisting in privileged tests #2

Workflow file for this run

name: Crystal Specs
on:
push:
paths:
- '**'
- '!**.md'
- '!docs/*'
- '!doc-lint/*'
pull_request:
paths:
- '**'
- '!**.md'
- '!docs/*'
- '!doc-lint/*'
jobs:
tests:
name: Fetch Matrix Tests
runs-on: [ubuntu-latest]
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- id: set-matrix
run: |
JSON="{\"include\":["
TEST_ARRAY=$(grep -roP --no-filename 'tags: \K(\[|")(.*)(\]|")' spec/ | tr -d '[],' | tr -s '\n' ' ' | xargs -n1 | sort -u | xargs)
TEST_ARRAY=("${TEST_ARRAY[@]/testsuite-config-lifecycle/}")
TEST_ARRAY=("${TEST_ARRAY[@]/testsuite-microservice/}")
TEST_ARRAY=("${TEST_ARRAY[@]/testsuite-all/}")
TEST_ARRAY=("${TEST_ARRAY[@]/disk_fill/}")
TEST_ARRAY=("${TEST_ARRAY[@]/chaos_container_kill/}")
TEST_ARRAY=("${TEST_ARRAY[@]/chaos_cpu_hog/}")
TEST_ARRAY=("${TEST_ARRAY[@]/pod_delete/}")
TEST_ARRAY=("${TEST_ARRAY[@]/pod_io_stress/}")
TEST_ARRAY=("${TEST_ARRAY[@]/pod_memory_hog/}")
TEST_ARRAY=("${TEST_ARRAY[@]/pod_network_latency/}")
TEST_ARRAY=("${TEST_ARRAY[@]/zombie/}")
TEST_ARRAY=("${TEST_ARRAY[@]/oran/}")
TEST_LIST=$(for i in ${TEST_ARRAY[@]}
do
echo "{\"spec\":\"$i\"}," | tr -d '\n'
done)
TEST_LIST="${TEST_LIST%?}"
JSON="$JSON$TEST_LIST"
JSON="$JSON]}"
echo "TESTS: $JSON"
echo "matrix=$JSON" >> $GITHUB_OUTPUT
spec:
name: Crystal Specs
needs: [tests]
runs-on: [v1.0.0]
strategy:
fail-fast: false
matrix: ${{fromJson(needs.tests.outputs.matrix)}}
steps:
- name: Cleanup Tmp DIR
run: |
sudo rm -rf /tmp/*
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Mirror Setup
run: |
cat << EOF > /tmp/cluster.yml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["http://10.200.142.204:80"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"]
endpoint = ["http://localhost:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"]
endpoint = ["http://localhost:5000"]
EOF
- name: sysctls specs kind config override
if: matrix.spec == 'sysctls'
run: |
cat << EOF > /tmp/cluster.yml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
# Enabled additional unsafe sysctls to support the negative spec test for sysctls
nodes:
- role: control-plane
image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
kubeadmConfigPatches:
- |
kind: KubeletConfiguration
allowedUnsafeSysctls: ["kernel.msg*"]
EOF
- name: Mirror Override
if: matrix.spec == 'private_registry_image'
run: |
cat << EOF > /tmp/cluster.yml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"]
endpoint = ["http://localhost:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"]
endpoint = ["http://localhost:5000"]
- name: Install Latest Kind
env:
KIND_VERSION: v0.22.0
KIND_URL: https://kind.sigs.k8s.io/dl
run: |
echo "Existing kind binary path: $(which kind)"
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga;
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
kind --version
- name: Create Kind Cluster
run: |
cat /tmp/cluster.yml
export CLUSTER=$(uuidgen)
echo "export CLUSTER=$CLUSTER" > cluster.env
echo kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf
kind --version
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf
export KUBECONFIG=$(pwd)/$CLUSTER.conf
kubectl get nodes
- name: Cache crystal shards
uses: actions/cache@v3
env:
cache-name: cache-crystal-shards
with:
path: ./lib
key: lib-${{ hashFiles('**/shard.lock') }}
restore-keys: |
lib-
- name: Setup CNF-Conformance
run: |
helm repo add stable https://cncf.gitlab.io/stable
git fetch --all --tags --force
shards install
echo "RUNNER: $RUNNER_NAME"
- name: Run Crystal Spec
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKERHUB_USERNAMES: ${{ secrets.DOCKERHUB_USERNAMES }}
DOCKERHUB_PASSWORDS: ${{ secrets.DOCKERHUB_PASSWORDS }}
DOCKERHUB_EMAIL: ${{ secrets.DOCKERHUB_EMAIL }}
IMAGE_REPO: ${{ secrets.IMAGE_REPO }}
run: |
USERNAME_ARRAY=($DOCKERHUB_USERNAMES)
PASSWORD_ARRAY=($DOCKERHUB_PASSWORDS)
EMAIL_ARRAY=($DOCKERHUB_EMAIL)
IMAGE_ARRAY=($IMAGE_REPO)
RANDOMIZER=$(( 0 + $RANDOM % 3 ))
export DOCKERHUB_USERNAME=${USERNAME_ARRAY[$RANDOMIZER]}
export DOCKERHUB_PASSWORD=${PASSWORD_ARRAY[$RANDOMIZER]}
export PROTECTED_DOCKERHUB_USERNAME=$DOCKERHUB_USERNAME
export PROTECTED_DOCKERHUB_PASSWORD=$DOCKERHUB_PASSWORD
export PROTECTED_DOCKERHUB_EMAIL=${EMAIL_ARRAY[$RANDOMIZER]}
export PROTECTED_IMAGE_REPO=${IMAGE_ARRAY[$RANDOMIZER]}
[[ ! -z "$DOCKERHUB_USERNAME" && ! -z "$DOCKERHUB_PASSWORD" ]] && docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_PASSWORD
source cluster.env
export KUBECONFIG=$(pwd)/$CLUSTER.conf
until [[ $(kubectl get pods -l app=local-path-provisioner --namespace=local-path-storage -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do
echo "Waiting for local-path-storage"
sleep 1
done
LOCAL_PATH_STORAGE_POD=$(kubectl get pods -l app=local-path-provisioner --namespace=local-path-storage -o jsonpath='{range .items[*]}{.metadata.name}')
# until [[ $(kubectl exec -ti $LOCAL_PATH_STORAGE_POD --namespace=local-path-storage -- apk add curl jq) ]]; do
# echo "Failed to install packages, retrying"
# sleep 1
#done
CLUSTER_RATE_LIMIT=$(kubectl exec -ti $LOCAL_PATH_STORAGE_POD --namespace=local-path-storage -- curl --head -H "Authorization: Bearer $(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || true)
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token || true)
ANONYMOUS_RUNNER_RATE_LIMIT=$(curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || echo "Runner Rate Limit Exceeded: $RUNNER_NAME")
TOKEN=$(curl --user "$DOCKERHUB_USERNAME:$DOCKERHUB_PASSWORD" "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
AUTH_RATE_LIMIT=$(curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || echo "Authenticated Rate Limit Exceeded")
echo "RUNNER RATE LIMIT: $ANONYMOUS_RUNNER_RATE_LIMIT"
echo "CLUSTER RATE LIMIT: $CLUSTER_RATE_LIMIT"
echo "DOCKER USER RATE LIMIT: $AUTH_RATE_LIMIT"
crystal build src/cnf-testsuite.cr
./cnf-testsuite setup
LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.spec }} -v
- name: Delete Cluster
if: ${{ always() }}
run: |
source cluster.env
kind delete cluster --name $CLUSTER
docker container prune -f || true
docker volume prune -f || true
continue-on-error: true
chaos:
name: Chaos & Oran Tests
needs: [tests]
runs-on: [ubuntu-22.04]
strategy:
fail-fast: false
matrix:
tag: ["pod_delete", "pod_io_stress", "pod_memory_hog", "pod_network_latency", "disk_fill", "pod_network_corruption", "pod_network_duplication", "zombie", "oran"]
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Latest Kind
env:
KIND_VERSION: v0.22.0
KIND_URL: https://kind.sigs.k8s.io/dl
run: |
echo "Existing kind binary path: $(which kind)"
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga;
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
kind --version
- name: Install kubectl
run: |
wget -O kubectl "https://dl.k8s.io/release/v1.28.3/bin/linux/amd64/kubectl"
ls -la
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
- name: Create Kind Cluster
run: |
cat << EOF > /tmp/cluster.yml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"]
endpoint = ["http://localhost:5000"]
EOF
export CLUSTER=$(uuidgen)
echo "export CLUSTER=$CLUSTER" > cluster.env
echo kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf
kind --version
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf
export KUBECONFIG=$(pwd)/$CLUSTER.conf
kubectl get nodes
- name: Cache crystal shards
uses: actions/cache@v3
env:
cache-name: cache-crystal-shards
with:
path: ./lib
key: lib-${{ hashFiles('**/shard.lock') }}
restore-keys: |
lib-
- name: Install Crystal
uses: crystal-lang/install-crystal@v1
with:
crystal: 1.6.2
- name: Setup CNF-Conformance
run: |
helm repo add stable https://cncf.gitlab.io/stable
git fetch --all --tags --force
shards install
echo "RUNNER: $RUNNER_NAME"
- name: Run Crystal Spec
run: |
echo "Current path: $(echo pwd)"
source cluster.env
export KUBECONFIG=$(pwd)/$CLUSTER.conf
until [[ $(kubectl get pods -l app=kindnet --namespace=kube-system -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do
echo "Waiting for kindnet"
sleep 1
done
CLUSTER_RATE_LIMIT=$(kubectl run -i tmp-shell --restart=Never --rm --image ubuntu -- /bin/bash -c "apt update && apt install -y curl jq; curl --head -H \"Authorization: Bearer $(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)\" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest" | grep ratelimit-remaining || true)
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token || true)
ANONYMOUS_RUNNER_RATE_LIMIT=$(curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || echo "Runner Rate Limit Exceeded: $RUNNER_NAME")
TOKEN=$(curl --user "$DOCKERHUB_USERNAME:$DOCKERHUB_PASSWORD" "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
AUTH_RATE_LIMIT=$(curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || echo "Authenticated Rate Limit Exceeded")
echo "RUNNER RATE LIMIT: $ANONYMOUS_RUNNER_RATE_LIMIT"
echo "CLUSTER RATE LIMIT: $CLUSTER_RATE_LIMIT"
echo "DOCKER USER RATE LIMIT: $AUTH_RATE_LIMIT"
LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.tag }} -v
build:
name: Build Release
runs-on: ubuntu-latest
env:
CRYSTAL_IMAGE: "conformance/crystal:1.6.2-alpine"
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache crystal shards
uses: actions/cache@v3
env:
cache-name: cache-crystal-shards
with:
path: ./lib
key: lib-${{ hashFiles('**/shard.lock') }}
restore-keys: |
lib-
- name: Build Release
run: |
docker pull $CRYSTAL_IMAGE
docker run --rm -v $PWD:/workspace -w /workspace $CRYSTAL_IMAGE shards install
docker run --rm -v $PWD:/workspace -w /workspace $CRYSTAL_IMAGE crystal build --warnings none src/cnf-testsuite.cr --release --static --link-flags '-lxml2 -llzma'
- name: upload artifact
uses: actions/upload-artifact@v3
with:
name: release
path: cnf-testsuite
test_binary_configuration_lifecycle:
name: Test Binary Without Source(config_lifecycle)
runs-on: [v1.0.0]
steps:
- name: Cleanup Tmp DIR
run: |
sudo rm -rf /tmp/*
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache crystal shards
uses: actions/cache@v3
env:
cache-name: cache-crystal-shards
with:
path: ./lib
key: lib-${{ hashFiles('**/shard.lock') }}
restore-keys: |
lib-
- name: Install Latest Kind
env:
KIND_VERSION: v0.22.0
KIND_URL: https://kind.sigs.k8s.io/dl
run: |
echo "Existing kind binary path: $(which kind)"
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga;
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
kind --version
- name: Build cnf-testsuite & Create Kind Cluster
run: |
shards install
crystal build src/cnf-testsuite.cr --warnings none
cat << EOF > /tmp/cluster.yml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"]
endpoint = ["http://localhost:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"]
endpoint = ["http://localhost:5000"]
EOF
export CLUSTER=$(uuidgen)
echo "export CLUSTER=$CLUSTER"
echo "export CLUSTER=$CLUSTER" > cluster.env
kind --version
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig /tmp/$CLUSTER.conf
export KUBECONFIG=/tmp/$CLUSTER.conf
kubectl get nodes
- name: Run Test Suite without source(config_lifecycle)
run: |
source cluster.env
echo "SHARDS_INSTALL_PATH: $SHARDS_INSTALL_PATH"
export KUBECONFIG=/tmp/$CLUSTER.conf
helm repo add stable https://cncf.gitlab.io/stable
export DIR=$(uuidgen)
echo "Shared DIR: /shared/$DIR"
mkdir /shared/$DIR
mv cnf-testsuite /shared/$DIR
cd /shared/$DIR
./cnf-testsuite setup
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/main/example-cnfs/coredns/cnf-testsuite.yml
./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml
LOG_LEVEL=info ./cnf-testsuite all ~compatibility ~resilience ~reasonable_startup_time ~reasonable_image_size ~platform ~privileged ~increase_capacity ~decrease_capacity ~install_script_helm ~helm_chart_valid ~helm_chart_published verbose
- name: Delete Cluster
if: ${{ always() }}
run: |
source cluster.env
kind delete cluster --name $CLUSTER
docker container prune -f || true
docker volume prune -f || true
docker network prune -f || true
continue-on-error: true
test_binary_microservice:
name: Test Binary Without Source(microservice)
runs-on: [v1.0.0]
steps:
- name: Cleanup Tmp DIR
run: |
sudo rm -rf /tmp/*
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache crystal shards
uses: actions/cache@v3
env:
cache-name: cache-crystal-shards
with:
path: ./lib
key: lib-${{ hashFiles('**/shard.lock') }}
restore-keys: |
lib-
- name: Install Latest Kind
env:
KIND_VERSION: v0.22.0
KIND_URL: https://kind.sigs.k8s.io/dl
run: |
echo "Existing kind binary path: $(which kind)"
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga;
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
kind --version
- name: Build cnf-testsuite & Create Kind Cluster
run: |
shards install
crystal build src/cnf-testsuite.cr --warnings none
cat << EOF > /tmp/cluster.yml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"]
endpoint = ["http://localhost:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"]
endpoint = ["http://localhost:5000"]
EOF
export CLUSTER=$(uuidgen)
echo "export CLUSTER=$CLUSTER" > cluster.env
kind --version
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig /tmp/$CLUSTER.conf
export KUBECONFIG=/tmp/$CLUSTER.conf
kubectl get nodes
- name: Run Test Suite without source(microservice)
run: |
source cluster.env
export KUBECONFIG=/tmp/$CLUSTER.conf
helm repo add stable https://cncf.gitlab.io/stable
export DIR=$(uuidgen)
echo "Shared DIR: /shared/$DIR"
mkdir /shared/$DIR
mv cnf-testsuite /shared/$DIR
cd /shared/$DIR
./cnf-testsuite setup
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/main/example-cnfs/coredns/cnf-testsuite.yml
./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml
LOG_LEVEL=info ./cnf-testsuite all ~resilience ~compatibility ~pod_network_latency ~platform ~privileged ~increase_capacity ~decrease_capacity ~ip_addresses ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~install_script_helm ~helm_chart_valid ~helm_chart_published ~rollback ~secrets_used ~immutable_configmap verbose
- name: Delete Cluster
if: ${{ always() }}
run: |
source cluster.env
kind delete cluster --name $CLUSTER
docker container prune -f || true
docker volume prune -f || true
docker network prune -f || true
continue-on-error: true
test_binary_all:
name: Test Binary Without Source(all)
runs-on: [v1.0.0]
steps:
- name: Cleanup Tmp DIR
run: |
sudo rm -rf /tmp/*
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache crystal shards
uses: actions/cache@v3
env:
cache-name: cache-crystal-shards
with:
path: ./lib
key: lib-${{ hashFiles('**/shard.lock') }}
restore-keys: |
lib-
- name: Install Latest Kind
env:
KIND_VERSION: v0.22.0
KIND_URL: https://kind.sigs.k8s.io/dl
run: |
echo "Existing kind binary path: $(which kind)"
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga;
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
kind --version
- name: Build cnf-testsuite & Create Kind Cluster
run: |
shards install
crystal build src/cnf-testsuite.cr --warnings none
cat << EOF > /tmp/cluster.yml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"]
endpoint = ["http://localhost:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"]
endpoint = ["http://localhost:5000"]
EOF
export CLUSTER=$(uuidgen)
echo "export CLUSTER=$CLUSTER" > cluster.env
kind --version
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig /tmp/$CLUSTER.conf
export KUBECONFIG=/tmp/$CLUSTER.conf
kubectl get nodes
- name: Run Test Suite without source(all)
run: |
source cluster.env
export KUBECONFIG=/tmp/$CLUSTER.conf
helm repo add stable https://cncf.gitlab.io/stable
export DIR=$(uuidgen)
echo "Shared DIR: /shared/$DIR"
mkdir /shared/$DIR
mv cnf-testsuite /shared/$DIR
cd /shared/$DIR
./cnf-testsuite setup
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/main/example-cnfs/coredns/cnf-testsuite.yml
./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml
LOG_LEVEL=info ./cnf-testsuite all ~resilience ~platform ~ip_addresses ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~rollback ~secrets_used ~immutable_configmap ~reasonable_startup_time ~reasonable_image_size verbose
- name: Delete Cluster
if: ${{ always() }}
run: |
source cluster.env
kind delete cluster --name $CLUSTER
docker container prune -f || true
docker volume prune -f || true
docker network prune -f || true
continue-on-error: true
release:
name: Publish Release
needs: [spec, build]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: release
- name: Make release executable
run: chmod +x ./cnf-testsuite
- name: Publish Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ -z "${GITHUB_TOKEN+x}" ]; then
exit 0
else
./cnf-testsuite upsert_release
fi