CCM Integration Tests #406
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CCM Integration Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| # Allow to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| # Run this regularly, to get integration tests results against new | |
| # Kubernetes releases. | |
| schedule: | |
| - cron: '15 3 * * *' | |
| permissions: | |
| contents: read | |
| env: | |
| GO_VERSION: 1.25 | |
| jobs: | |
| lint: | |
| name: "Run Linters" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version: '${{ env.GO_VERSION }}' | |
| - name: Restore cache | |
| uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: | | |
| ~/.cache/golangci-lint | |
| ~/.cache/go-build | |
| key: lint-${{ hashFiles('go.mod') }} | |
| - name: Install go tools | |
| run: go mod tidy -modfile tool.mod | |
| - name: Run Linter | |
| run: make lint | |
| - name: Save cache | |
| uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: | | |
| ~/.cache/golangci-lint | |
| ~/.cache/go-build | |
| key: lint-${{ hashFiles('go.mod') }} | |
| unit: | |
| name: "Run Unit Tests" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version: '${{ env.GO_VERSION }}' | |
| - name: Run Unit Tests | |
| run: make test | |
| test-matrix: | |
| name: "Get Kubernetes Releases" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: "Generate Test Matrix" | |
| id: list | |
| run: 'echo "tests=$(helpers/test-matrix)" >> $GITHUB_OUTPUT' | |
| outputs: | |
| tests: ${{ steps.list.outputs.tests }} | |
| build-image: | |
| name: "Build Container Image" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Evaluate image name | |
| run: 'helpers/image-from-ref >> $GITHUB_ENV' | |
| - name: Build image | |
| run: 'docker build --platform=linux/amd64 --tag "$IMAGE" .' | |
| - name: Export image | |
| run: 'docker image save "$IMAGE" -o image.tar' | |
| - name: Store hash | |
| run: 'shasum -a 256 image.tar | tee image.tar.sha256' | |
| - name: Store image | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: tested-image | |
| path: | | |
| image.tar | |
| image.tar.sha256 | |
| retention-days: 30d | |
| check-ccm-integration: | |
| # Preflight: verify the CLOUDSCALE_API_TOKEN at step-level and set an output | |
| # so the integration job can be skipped. | |
| # | |
| # GitHub Actions limitations motivating this: | |
| # - `secrets` are NOT available in `jobs.<id>.if` (job-level `if`), so you cannot | |
| # directly gate/skip a job by testing a secret there. | |
| name: Check CCM Integration Configuration | |
| runs-on: ubuntu-latest | |
| outputs: | |
| integration-enabled: ${{ steps.check.outputs.enabled }} | |
| steps: | |
| - id: check | |
| name: Verify CLOUDSCALE_API_TOKEN is present | |
| env: | |
| CLOUDSCALE_API_TOKEN: ${{ secrets.CLOUDSCALE_API_TOKEN }} | |
| run: | | |
| if [ -n "$CLOUDSCALE_API_TOKEN" ]; then | |
| echo "enabled=true" >> $GITHUB_OUTPUT | |
| echo "CLOUDSCALE_API_TOKEN found — integration will run." | |
| else | |
| echo "enabled=false" >> $GITHUB_OUTPUT | |
| echo "CLOUDSCALE_API_TOKEN not configured — skipping integration." | |
| fi | |
| integration: | |
| name: "Kubernetes ${{ matrix.kubernetes }}" | |
| runs-on: ubuntu-latest | |
| needs: | |
| - lint | |
| - unit | |
| - test-matrix | |
| - build-image | |
| - check-ccm-integration | |
| if: needs.check-ccm-integration.outputs.integration-enabled == 'true' | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 1 | |
| matrix: | |
| include: "${{ fromJson(needs.test-matrix.outputs.tests) }}" | |
| env: | |
| CLOUDSCALE_API_TOKEN: ${{ secrets.CLOUDSCALE_API_TOKEN }} | |
| HTTP_ECHO_BRANCH: ${{ vars.HTTP_ECHO_BRANCH }} | |
| KUBERNETES: '${{ matrix.kubernetes }}' | |
| SUBNET: '${{ matrix.subnet }}' | |
| CLUSTER_PREFIX: '${{ matrix.cluster_prefix }}' | |
| IMAGE_SOURCE: import | |
| # Prevent integration tests from running in parallel. Ideally this should | |
| # be seuqential, but that won't work due to the following issue: | |
| # | |
| # https://github.com/orgs/community/discussions/5435 | |
| # | |
| # Instead we ensure that only one integration test per supported version | |
| # is run at any given time. | |
| concurrency: | |
| group: integration-${{ matrix.kubernetes }} | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Load image | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| name: tested-image | |
| - name: Validate hash | |
| run: 'shasum --check image.tar.sha256' | |
| - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version: '${{ env.GO_VERSION }}' | |
| - name: Evaluate image name | |
| run: 'helpers/image-from-ref >> $GITHUB_ENV' | |
| - name: Cleanup Leftovers | |
| if: always() | |
| run: helpers/cleanup | |
| - name: Create Test Cluster | |
| run: helpers/run-in-test-cluster | |
| - name: Wait For CCM Startup | |
| run: sleep 60 | |
| - name: Run Integration Tests | |
| run: make integration | |
| - name: Wait For Kubernetes-Internal Cleanup | |
| if: always() | |
| run: sleep 30 | |
| - name: Destroy Test Cluster | |
| if: always() | |
| run: helpers/cleanup | |
| validate-workflows: | |
| name: Validate GitHub Workflows | |
| runs-on: ubuntu-latest | |
| # More Information: | |
| # https://github.com/zizmorcore/zizmor-action?tab=readme-ov-file#usage-with-github-advanced-security-recommended | |
| # | |
| # Use `uvx zizmor .github/` for a local preview using the latest zizmor version. | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Run zizmor 🌈 | |
| uses: zizmorcore/zizmor-action@e639db99335bc9038abc0e066dfcd72e23d26fb4 # v0.3.0 |