Improve of whitelisting in privileged tests #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Crystal Specs | |
on: | |
push: | |
paths: | |
- '**' | |
- '!**.md' | |
- '!docs/*' | |
- '!doc-lint/*' | |
pull_request: | |
paths: | |
- '**' | |
- '!**.md' | |
- '!docs/*' | |
- '!doc-lint/*' | |
jobs: | |
tests: | |
name: Fetch Matrix Tests | |
runs-on: [ubuntu-latest] | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- id: set-matrix | |
run: | | |
JSON="{\"include\":[" | |
TEST_ARRAY=$(grep -roP --no-filename 'tags: \K(\[|")(.*)(\]|")' spec/ | tr -d '[],' | tr -s '\n' ' ' | xargs -n1 | sort -u | xargs) | |
TEST_ARRAY=("${TEST_ARRAY[@]/testsuite-config-lifecycle/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/testsuite-microservice/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/testsuite-all/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/disk_fill/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/chaos_container_kill/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/chaos_cpu_hog/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/pod_delete/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/pod_io_stress/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/pod_memory_hog/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/pod_network_latency/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/zombie/}") | |
TEST_ARRAY=("${TEST_ARRAY[@]/oran/}") | |
TEST_LIST=$(for i in ${TEST_ARRAY[@]} | |
do | |
echo "{\"spec\":\"$i\"}," | tr -d '\n' | |
done) | |
TEST_LIST="${TEST_LIST%?}" | |
JSON="$JSON$TEST_LIST" | |
JSON="$JSON]}" | |
echo "TESTS: $JSON" | |
echo "matrix=$JSON" >> $GITHUB_OUTPUT | |
spec: | |
name: Crystal Specs | |
needs: [tests] | |
runs-on: [v1.0.0] | |
strategy: | |
fail-fast: false | |
matrix: ${{fromJson(needs.tests.outputs.matrix)}} | |
steps: | |
- name: Cleanup Tmp DIR | |
run: | | |
sudo rm -rf /tmp/* | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Mirror Setup | |
run: | | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
nodes: | |
- role: control-plane | |
image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245 | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] | |
endpoint = ["http://10.200.142.204:80"] | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"] | |
endpoint = ["http://localhost:5000"] | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"] | |
endpoint = ["http://localhost:5000"] | |
EOF | |
- name: sysctls specs kind config override | |
if: matrix.spec == 'sysctls' | |
run: | | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
# Enabled additional unsafe sysctls to support the negative spec test for sysctls | |
nodes: | |
- role: control-plane | |
image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245 | |
kubeadmConfigPatches: | |
- | | |
kind: KubeletConfiguration | |
allowedUnsafeSysctls: ["kernel.msg*"] | |
EOF | |
- name: Mirror Override | |
if: matrix.spec == 'private_registry_image' | |
run: | | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
nodes: | |
- role: control-plane | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"] | |
endpoint = ["http://localhost:5000"] | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"] | |
endpoint = ["http://localhost:5000"] | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Create Kind Cluster | |
run: | | |
cat /tmp/cluster.yml | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
echo kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf | |
export KUBECONFIG=$(pwd)/$CLUSTER.conf | |
kubectl get nodes | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Setup CNF-Conformance | |
run: | | |
helm repo add stable https://cncf.gitlab.io/stable | |
git fetch --all --tags --force | |
shards install | |
echo "RUNNER: $RUNNER_NAME" | |
- name: Run Crystal Spec | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DOCKERHUB_USERNAMES: ${{ secrets.DOCKERHUB_USERNAMES }} | |
DOCKERHUB_PASSWORDS: ${{ secrets.DOCKERHUB_PASSWORDS }} | |
DOCKERHUB_EMAIL: ${{ secrets.DOCKERHUB_EMAIL }} | |
IMAGE_REPO: ${{ secrets.IMAGE_REPO }} | |
run: | | |
USERNAME_ARRAY=($DOCKERHUB_USERNAMES) | |
PASSWORD_ARRAY=($DOCKERHUB_PASSWORDS) | |
EMAIL_ARRAY=($DOCKERHUB_EMAIL) | |
IMAGE_ARRAY=($IMAGE_REPO) | |
RANDOMIZER=$(( 0 + $RANDOM % 3 )) | |
export DOCKERHUB_USERNAME=${USERNAME_ARRAY[$RANDOMIZER]} | |
export DOCKERHUB_PASSWORD=${PASSWORD_ARRAY[$RANDOMIZER]} | |
export PROTECTED_DOCKERHUB_USERNAME=$DOCKERHUB_USERNAME | |
export PROTECTED_DOCKERHUB_PASSWORD=$DOCKERHUB_PASSWORD | |
export PROTECTED_DOCKERHUB_EMAIL=${EMAIL_ARRAY[$RANDOMIZER]} | |
export PROTECTED_IMAGE_REPO=${IMAGE_ARRAY[$RANDOMIZER]} | |
[[ ! -z "$DOCKERHUB_USERNAME" && ! -z "$DOCKERHUB_PASSWORD" ]] && docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_PASSWORD | |
source cluster.env | |
export KUBECONFIG=$(pwd)/$CLUSTER.conf | |
until [[ $(kubectl get pods -l app=local-path-provisioner --namespace=local-path-storage -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do | |
echo "Waiting for local-path-storage" | |
sleep 1 | |
done | |
LOCAL_PATH_STORAGE_POD=$(kubectl get pods -l app=local-path-provisioner --namespace=local-path-storage -o jsonpath='{range .items[*]}{.metadata.name}') | |
# until [[ $(kubectl exec -ti $LOCAL_PATH_STORAGE_POD --namespace=local-path-storage -- apk add curl jq) ]]; do | |
# echo "Failed to install packages, retrying" | |
# sleep 1 | |
#done | |
CLUSTER_RATE_LIMIT=$(kubectl exec -ti $LOCAL_PATH_STORAGE_POD --namespace=local-path-storage -- curl --head -H "Authorization: Bearer $(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || true) | |
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token || true) | |
ANONYMOUS_RUNNER_RATE_LIMIT=$(curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || echo "Runner Rate Limit Exceeded: $RUNNER_NAME") | |
TOKEN=$(curl --user "$DOCKERHUB_USERNAME:$DOCKERHUB_PASSWORD" "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) | |
AUTH_RATE_LIMIT=$(curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || echo "Authenticated Rate Limit Exceeded") | |
echo "RUNNER RATE LIMIT: $ANONYMOUS_RUNNER_RATE_LIMIT" | |
echo "CLUSTER RATE LIMIT: $CLUSTER_RATE_LIMIT" | |
echo "DOCKER USER RATE LIMIT: $AUTH_RATE_LIMIT" | |
crystal build src/cnf-testsuite.cr | |
./cnf-testsuite setup | |
LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.spec }} -v | |
- name: Delete Cluster | |
if: ${{ always() }} | |
run: | | |
source cluster.env | |
kind delete cluster --name $CLUSTER | |
docker container prune -f || true | |
docker volume prune -f || true | |
continue-on-error: true | |
chaos: | |
name: Chaos & Oran Tests | |
needs: [tests] | |
runs-on: [ubuntu-22.04] | |
strategy: | |
fail-fast: false | |
matrix: | |
tag: ["pod_delete", "pod_io_stress", "pod_memory_hog", "pod_network_latency", "disk_fill", "pod_network_corruption", "pod_network_duplication", "zombie", "oran"] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Install kubectl | |
run: | | |
wget -O kubectl "https://dl.k8s.io/release/v1.28.3/bin/linux/amd64/kubectl" | |
ls -la | |
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl | |
- name: Create Kind Cluster | |
run: | | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
nodes: | |
- role: control-plane | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"] | |
endpoint = ["http://localhost:5000"] | |
EOF | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
echo kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig ./$CLUSTER.conf | |
export KUBECONFIG=$(pwd)/$CLUSTER.conf | |
kubectl get nodes | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Install Crystal | |
uses: crystal-lang/install-crystal@v1 | |
with: | |
crystal: 1.6.2 | |
- name: Setup CNF-Conformance | |
run: | | |
helm repo add stable https://cncf.gitlab.io/stable | |
git fetch --all --tags --force | |
shards install | |
echo "RUNNER: $RUNNER_NAME" | |
- name: Run Crystal Spec | |
run: | | |
echo "Current path: $(echo pwd)" | |
source cluster.env | |
export KUBECONFIG=$(pwd)/$CLUSTER.conf | |
until [[ $(kubectl get pods -l app=kindnet --namespace=kube-system -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do | |
echo "Waiting for kindnet" | |
sleep 1 | |
done | |
CLUSTER_RATE_LIMIT=$(kubectl run -i tmp-shell --restart=Never --rm --image ubuntu -- /bin/bash -c "apt update && apt install -y curl jq; curl --head -H \"Authorization: Bearer $(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)\" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest" | grep ratelimit-remaining || true) | |
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token || true) | |
ANONYMOUS_RUNNER_RATE_LIMIT=$(curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || echo "Runner Rate Limit Exceeded: $RUNNER_NAME") | |
TOKEN=$(curl --user "$DOCKERHUB_USERNAME:$DOCKERHUB_PASSWORD" "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) | |
AUTH_RATE_LIMIT=$(curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest | grep ratelimit-remaining || echo "Authenticated Rate Limit Exceeded") | |
echo "RUNNER RATE LIMIT: $ANONYMOUS_RUNNER_RATE_LIMIT" | |
echo "CLUSTER RATE LIMIT: $CLUSTER_RATE_LIMIT" | |
echo "DOCKER USER RATE LIMIT: $AUTH_RATE_LIMIT" | |
LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.tag }} -v | |
build: | |
name: Build Release | |
runs-on: ubuntu-latest | |
env: | |
CRYSTAL_IMAGE: "conformance/crystal:1.6.2-alpine" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Build Release | |
run: | | |
docker pull $CRYSTAL_IMAGE | |
docker run --rm -v $PWD:/workspace -w /workspace $CRYSTAL_IMAGE shards install | |
docker run --rm -v $PWD:/workspace -w /workspace $CRYSTAL_IMAGE crystal build --warnings none src/cnf-testsuite.cr --release --static --link-flags '-lxml2 -llzma' | |
- name: upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: release | |
path: cnf-testsuite | |
test_binary_configuration_lifecycle: | |
name: Test Binary Without Source(config_lifecycle) | |
runs-on: [v1.0.0] | |
steps: | |
- name: Cleanup Tmp DIR | |
run: | | |
sudo rm -rf /tmp/* | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Build cnf-testsuite & Create Kind Cluster | |
run: | | |
shards install | |
crystal build src/cnf-testsuite.cr --warnings none | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
nodes: | |
- role: control-plane | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"] | |
endpoint = ["http://localhost:5000"] | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"] | |
endpoint = ["http://localhost:5000"] | |
EOF | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig /tmp/$CLUSTER.conf | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
kubectl get nodes | |
- name: Run Test Suite without source(config_lifecycle) | |
run: | | |
source cluster.env | |
echo "SHARDS_INSTALL_PATH: $SHARDS_INSTALL_PATH" | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
helm repo add stable https://cncf.gitlab.io/stable | |
export DIR=$(uuidgen) | |
echo "Shared DIR: /shared/$DIR" | |
mkdir /shared/$DIR | |
mv cnf-testsuite /shared/$DIR | |
cd /shared/$DIR | |
./cnf-testsuite setup | |
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/main/example-cnfs/coredns/cnf-testsuite.yml | |
./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml | |
LOG_LEVEL=info ./cnf-testsuite all ~compatibility ~resilience ~reasonable_startup_time ~reasonable_image_size ~platform ~privileged ~increase_capacity ~decrease_capacity ~install_script_helm ~helm_chart_valid ~helm_chart_published verbose | |
- name: Delete Cluster | |
if: ${{ always() }} | |
run: | | |
source cluster.env | |
kind delete cluster --name $CLUSTER | |
docker container prune -f || true | |
docker volume prune -f || true | |
docker network prune -f || true | |
continue-on-error: true | |
test_binary_microservice: | |
name: Test Binary Without Source(microservice) | |
runs-on: [v1.0.0] | |
steps: | |
- name: Cleanup Tmp DIR | |
run: | | |
sudo rm -rf /tmp/* | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Build cnf-testsuite & Create Kind Cluster | |
run: | | |
shards install | |
crystal build src/cnf-testsuite.cr --warnings none | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"] | |
endpoint = ["http://localhost:5000"] | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"] | |
endpoint = ["http://localhost:5000"] | |
EOF | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig /tmp/$CLUSTER.conf | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
kubectl get nodes | |
- name: Run Test Suite without source(microservice) | |
run: | | |
source cluster.env | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
helm repo add stable https://cncf.gitlab.io/stable | |
export DIR=$(uuidgen) | |
echo "Shared DIR: /shared/$DIR" | |
mkdir /shared/$DIR | |
mv cnf-testsuite /shared/$DIR | |
cd /shared/$DIR | |
./cnf-testsuite setup | |
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/main/example-cnfs/coredns/cnf-testsuite.yml | |
./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml | |
LOG_LEVEL=info ./cnf-testsuite all ~resilience ~compatibility ~pod_network_latency ~platform ~privileged ~increase_capacity ~decrease_capacity ~ip_addresses ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~install_script_helm ~helm_chart_valid ~helm_chart_published ~rollback ~secrets_used ~immutable_configmap verbose | |
- name: Delete Cluster | |
if: ${{ always() }} | |
run: | | |
source cluster.env | |
kind delete cluster --name $CLUSTER | |
docker container prune -f || true | |
docker volume prune -f || true | |
docker network prune -f || true | |
continue-on-error: true | |
test_binary_all: | |
name: Test Binary Without Source(all) | |
runs-on: [v1.0.0] | |
steps: | |
- name: Cleanup Tmp DIR | |
run: | | |
sudo rm -rf /tmp/* | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Cache crystal shards | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-crystal-shards | |
with: | |
path: ./lib | |
key: lib-${{ hashFiles('**/shard.lock') }} | |
restore-keys: | | |
lib- | |
- name: Install Latest Kind | |
env: | |
KIND_VERSION: v0.22.0 | |
KIND_URL: https://kind.sigs.k8s.io/dl | |
run: | | |
echo "Existing kind binary path: $(which kind)" | |
if [[ -s $(which kind) ]]; then sudo rm $(which kind); fi | |
wget -O kind "$KIND_URL/$KIND_VERSION/kind-linux-amd64" --progress=dot:giga; | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind --version | |
- name: Build cnf-testsuite & Create Kind Cluster | |
run: | | |
shards install | |
crystal build src/cnf-testsuite.cr --warnings none | |
cat << EOF > /tmp/cluster.yml | |
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
containerdConfigPatches: | |
- |- | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"] | |
endpoint = ["http://localhost:5000"] | |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.default.svc.cluster.local:5000"] | |
endpoint = ["http://localhost:5000"] | |
EOF | |
export CLUSTER=$(uuidgen) | |
echo "export CLUSTER=$CLUSTER" > cluster.env | |
kind --version | |
kind create cluster --name $CLUSTER --config=/tmp/cluster.yml --kubeconfig /tmp/$CLUSTER.conf | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
kubectl get nodes | |
- name: Run Test Suite without source(all) | |
run: | | |
source cluster.env | |
export KUBECONFIG=/tmp/$CLUSTER.conf | |
helm repo add stable https://cncf.gitlab.io/stable | |
export DIR=$(uuidgen) | |
echo "Shared DIR: /shared/$DIR" | |
mkdir /shared/$DIR | |
mv cnf-testsuite /shared/$DIR | |
cd /shared/$DIR | |
./cnf-testsuite setup | |
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/main/example-cnfs/coredns/cnf-testsuite.yml | |
./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml | |
LOG_LEVEL=info ./cnf-testsuite all ~resilience ~platform ~ip_addresses ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~rollback ~secrets_used ~immutable_configmap ~reasonable_startup_time ~reasonable_image_size verbose | |
- name: Delete Cluster | |
if: ${{ always() }} | |
run: | | |
source cluster.env | |
kind delete cluster --name $CLUSTER | |
docker container prune -f || true | |
docker volume prune -f || true | |
docker network prune -f || true | |
continue-on-error: true | |
release: | |
name: Publish Release | |
needs: [spec, build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: release | |
- name: Make release executable | |
run: chmod +x ./cnf-testsuite | |
- name: Publish Release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
if [ -z "${GITHUB_TOKEN+x}" ]; then | |
exit 0 | |
else | |
./cnf-testsuite upsert_release | |
fi |