mirror of
https://github.com/kubereboot/kured.git
synced 2026-02-14 17:39:49 +00:00
179 lines
6.0 KiB
YAML
179 lines
6.0 KiB
YAML
name: PR
|
|
on:
|
|
pull_request:
|
|
push:
|
|
|
|
jobs:
|
|
pr-short-tests:
|
|
name: Run short go tests
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: checkout
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
|
|
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
|
|
with:
|
|
version: 2025.10.5
|
|
|
|
- name: run tests
|
|
run: make test
|
|
|
|
- name: Annotate tests
|
|
if: always()
|
|
uses: guyarb/golang-test-annoations@2941118d7ef622b1b3771d1ff6eae9e90659eb26 # v0.8.0
|
|
with:
|
|
test-results: test.json
|
|
|
|
# This should not be made a mandatory test
|
|
# It is only used to make us aware of any potential security failure that
|
|
# should trigger a bump of the image in build/.
|
|
pr-vuln-scan:
|
|
name: Build image and scan it against known vulnerabilities
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
|
|
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
|
|
with:
|
|
version: 2025.10.5
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
|
|
- name: Find current tag version
|
|
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
id: tags
|
|
|
|
- name: Build image
|
|
run: VERSION="${{ steps.tags.outputs.sha_short }}" DH_ORG="${{ github.repository_owner }}" make image
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
|
|
with:
|
|
image-ref: 'ghcr.io/${{ github.repository }}:${{ steps.tags.outputs.sha_short }}'
|
|
format: 'table'
|
|
exit-code: '1'
|
|
ignore-unfixed: true
|
|
vuln-type: 'os,library'
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
# This ensures the latest code works with the manifests built from tree.
|
|
# It is useful for two things:
|
|
# - Test manifests changes (obviously), ensuring they don't break existing clusters
|
|
# - Ensure manifests work with the latest versions even with no manifest change
|
|
# (compared to helm charts, manifests cannot easily template changes based on versions)
|
|
# Helm charts are _trailing_ releases, while manifests are done during development.
|
|
# This test uses the "command" reboot-method.
|
|
e2e-manifests:
|
|
name: End-to-End test with kured with code and manifests from HEAD
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
testname:
|
|
- "TestE2EWithCommand"
|
|
- "TestE2EWithSignal"
|
|
- "TestE2EConcurrentWithCommand"
|
|
- "TestE2EConcurrentWithSignal"
|
|
kubernetes_version:
|
|
- "previous"
|
|
- "current"
|
|
- "next"
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
|
|
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
|
|
with:
|
|
version: 2025.10.5
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
|
|
- name: Find current tag version
|
|
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
id: tags
|
|
|
|
- name: Run specific e2e tests
|
|
run: make e2e-test ARGS="-run ^${{ matrix.testname }}/${{ matrix.kubernetes_version }}"
|
|
|
|
|
|
e2e-tests-singleversion:
|
|
name: End-to-End test targetting a single version of kubernetes
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
testname:
|
|
- "TestCordonningIsKept/concurrency1"
|
|
- "TestCordonningIsKept/concurrency2"
|
|
- "TestE2EBlocker/podblocker"
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
|
|
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
|
|
with:
|
|
version: 2025.10.5
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
|
|
- name: Find current tag version
|
|
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
id: tags
|
|
|
|
- name: Run specific e2e tests
|
|
run: make e2e-test ARGS="-run ^${{ matrix.testname }}"
|