chore: update ci

rainest · rainest · commit 76c52004e2e1 · 2023-07-07T17:50:12.000-07:00
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -16,17 +16,17 @@ jobs:
   golangci-lint:
     runs-on: ubuntu-latest
     steps:
-    - name: setup golang
-      uses: actions/setup-go@v3
-      with:
-        go-version: '^1.18'
-
     - name: checkout repository
       uses: actions/checkout@v3
       with:
         fetch-depth: 0
 
+    - name: setup golang
+      uses: actions/setup-go@v4
+      with:
+        go-version: '^1.19'
+
     - name: Run golangci-lint
-      uses: golangci/golangci-lint-action@v3.2.0
+      uses: golangci/golangci-lint-action@v3.6.0
       with:
-        version: v1.45.2
+        skip-cache: true # actions/setup-go from v4 handles caching for us
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -1,52 +1,231 @@
 name: tests
 
+concurrency:
+  # Run only for most recent commit in PRs but for all tags and commits on main
+  # Ref: https://docs.github.com/en/actions/using-jobs/using-concurrency
+  group: ${{ github.workflow }}-${{ github.head_ref || github.sha }}
+  cancel-in-progress: true
+
 on:
   pull_request:
     branches:
-      - 'main'
-      - 'release/*'
+    - 'main'
+    - 'release/*'
   push:
     branches:
-      - 'main'
+    - 'main'
   workflow_dispatch: {}
 
 jobs:
-  tests-and-coverage:
-    environment: "integration-tests"
+  installer-tests:
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: checkout repository
+      uses: actions/checkout@v3
+
+    - name: run installer script
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: ./docs/install.sh
+
+    - name: run ktf to verify if it installed properly to a desired location
+      run: ~/.local/bin/ktf
+
+  unit-tests:
     runs-on: ubuntu-latest
     steps:
+
+    - name: checkout repository
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
     - name: setup golang
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
-        go-version: '^1.18'
+        go-version: '^1.19'
 
-    - name: cache go modules
-      uses: actions/cache@v3
+    - name: run unit tests
+      run: make test.unit
+
+    # We're using a retry mechanism for codecov to ensure we do get the reports
+    # uploaded. The alternative is to use fail_ci_if_error: false, but that
+    # somewhat defeats the purpose of uploading those reports. Why bother uploading
+    # if we don't care if the upload's successful?
+    - name: Upload coverage to Codecov
+      if: steps.detect_if_should_run.outputs.result == 'true'
+      uses: Wandalen/wretry.action@v1.3.0
       with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-build-codegen-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-build-codegen-
+        action: codecov/codecov-action@v3
+        with: |
+          token: ${{ secrets.CODECOV_TOKEN }}
+          fail_ci_if_error: true
+          flags: unit-test
+          files: unit.coverage.out
+          verbose: true
+        attempt_limit: 10
+        attempt_delay: 30000
+
+  setup-integration-tests:
+    runs-on: ubuntu-latest
+    outputs:
+      test_names: ${{ steps.set_test_names.outputs.test_names }}
+    steps:
+
+    - uses: actions/checkout@v3
+
+    - id: set_test_names
+      name: Set test names
+      working-directory: test/integration/
+      # grep magic described in https://unix.stackexchange.com/a/13472
+      # sed to add the extra $ is because some of our test names overlap. we need it so the -run regex only matches one test
+      run: |
+        echo "test_names=$(grep -shoP "(?<=^func )(Test[a-zA-z_0-9]+)(?=\(t \*testing.T\) {)" * | sed -e "s/$/\$/"| jq -R . | jq -cs .)" >> $GITHUB_OUTPUT
+
+    - name: Print test names
+      run: echo "Test names ${{ steps.set_test_names.outputs.test_names }}"
+
+  integration-tests:
+    needs:
+    - setup-integration-tests
+    strategy:
+      fail-fast: false
+      matrix:
+        test: ${{ fromJSON(needs.setup-integration-tests.outputs.test_names) }}
+    runs-on: ubuntu-latest
+    steps:
+    # This step is needed to avoid running the integration tests requiring an enterprise license
+    # if the secrets are not available.
+    - name: Detect if we should run test cases requring an enterprise license (have required secrets)
+      id: detect_if_should_run_enterprise
+      run: echo "result=${{ secrets.PULP_PASSWORD != '' }}" >> $GITHUB_OUTPUT
+
+    - name: Set environment variable to enable test cases requiring an enterprise license
+      if: steps.detect_if_should_run_enterprise.outputs.result == 'true'
+      id: set_run_enterprise_env
+      run: echo "KTF_TEST_RUN_ENTERPRISE_CASES=true" >> $GITHUB_ENV
 
     - name: checkout repository
       uses: actions/checkout@v3
       with:
         fetch-depth: 0
 
-    - name: run unit tests
-      run: make test.unit
+    - uses: Kong/kong-license@master
+      if: steps.detect_if_should_run_enterprise.outputs.result == 'true'
+      id: license
+      with:
+        password: ${{ secrets.PULP_PASSWORD }}
+
+    - name: setup golang
+      uses: actions/setup-go@v4
+      with:
+        go-version: '^1.19'
 
-    - name: run integration tests
+    - name: run integration test ${{ matrix.test }}
       run: make test.integration
       env:
-        KONG_LICENSE_DATA: ${{ secrets.KONG_LICENSE_DATA }}
-        NCPU: 2 # it was found that github actions (specifically) did not seem to perform well when spawning
-                # multiple kind clusters within a single job so this is hardcoded to 2 to ensure a limit of 2 clusters at any one point.
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        KTF_TEST_KONG_PULL_USERNAME: ${{ secrets.GHA_DOCKERHUB_PULL_USER }}
+        KTF_TEST_KONG_PULL_PASSWORD: ${{ secrets.GHA_KONG_ORG_DOCKERHUB_PUBLIC_TOKEN }}
+        KONG_LICENSE_DATA: ${{ steps.license.outputs.license }}
+        TEST_RUN: ${{ matrix.test }}
+        NCPU: 1
 
+    # We're using a retry mechanism for codecov to ensure we do get the reports
+    # uploaded. The alternative is to use fail_ci_if_error: false, but that
+    # somewhat defeats the purpose of uploading those reports. Why bother uploading
+    # if we don't care if the upload's successful?
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v3
+      uses: Wandalen/wretry.action@v1.3.0
       with:
-        token: ${{ secrets.CODECOV_TOKEN }}
-        fail_ci_if_error: true
-        files: unit.coverage.out,integration.coverage.out
-        verbose: true
+        action: codecov/codecov-action@v3
+        with: |
+          token: ${{ secrets.CODECOV_TOKEN }}
+          fail_ci_if_error: true
+          flags: integration-test
+          files: integration.coverage.out
+          verbose: true
+        attempt_limit: 10
+        attempt_delay: 30000
+
+  integration-tests-passed:
+    needs: integration-tests
+    if: always() && !contains(needs.*.result, 'failure')
+    runs-on: ubuntu-latest
+    steps:
+    - name: integrations tests pased
+      run: echo all integrations tests passed
+
+  setup-e2e-tests:
+    runs-on: ubuntu-latest
+    outputs:
+      test_names: ${{ steps.set_test_names.outputs.test_names }}
+    steps:
+
+    - uses: actions/checkout@v3
+
+    - id: set_test_names
+      name: Set test names
+      working-directory: test/e2e/
+      # grep magic described in https://unix.stackexchange.com/a/13472
+      # sed to add the extra $ is because some of our test names overlap. we need it so the -run regex only matches one test
+      run: |
+        echo "test_names=$(grep -shoP "(?<=^func )(Test[a-zA-z_0-9]+)(?=\(t \*testing.T\) {)" * | sed -e "s/$/\$/"| jq -R . | jq -cs .)" >> $GITHUB_OUTPUT
+
+    - name: Print test names
+      run: echo "Test names ${{ steps.set_test_names.outputs.test_names }}"
+
+  e2e-tests:
+    needs:
+    - setup-e2e-tests
+    strategy:
+      fail-fast: false
+      matrix:
+        test: ${{ fromJSON(needs.setup-e2e-tests.outputs.test_names) }}
+    environment: gcloud
+    runs-on: ubuntu-latest
+    steps:
+      # This step is needed to avoid running the e2e tests if the secrets are not available.
+      # TODO: remove this step once we have a way to run integration tests on forks.
+      # https://github.com/Kong/kubernetes-testing-framework/issues/596
+      - name: Detect if we should run (have required secrets)
+        id: detect_if_should_run
+        run: echo "result=${{ secrets.PULP_PASSWORD != '' && secrets.GOOGLE_APPLICATION_CREDENTIALS != '' }}" >> $GITHUB_OUTPUT
+
+      - uses: Kong/kong-license@master
+        if: steps.detect_if_should_run.outputs.result == 'true'
+        id: license
+        with:
+          password: ${{ secrets.PULP_PASSWORD }}
+
+      - name: checkout repository
+        if: steps.detect_if_should_run.outputs.result == 'true'
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: setup golang
+        if: steps.detect_if_should_run.outputs.result == 'true'
+        uses: actions/setup-go@v4
+        with:
+          go-version: '^1.19'
+
+      - name: run e2e tests
+        if: steps.detect_if_should_run.outputs.result == 'true'
+        run: make test.e2e
+        env:
+          TEST_RUN: ${{ matrix.test }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
+          GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }}
+          GOOGLE_LOCATION: ${{ secrets.GOOGLE_LOCATION }}
+          KONG_LICENSE_DATA: ${{ steps.license.outputs.license }}
+
+  e2e-tests-passed:
+    needs: e2e-tests
+    if: always() && !contains(needs.*.result, 'failure')
+    runs-on: ubuntu-latest
+    steps:
+    - name: e2e tests pased
+      run: echo all e2e tests passed
