mirror of
https://github.com/kubereboot/kured.git
synced 2026-05-05 16:07:25 +00:00
180 lines
6.0 KiB
YAML
180 lines
6.0 KiB
YAML
name: PR
|
|
on:
|
|
pull_request:
|
|
push:
|
|
|
|
jobs:
|
|
pr-gotest:
|
|
name: Run go tests
|
|
runs-on: ubuntu-18.04
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v3
|
|
- name: Find go version
|
|
run: |
|
|
GO_VERSION=$(awk '/^go/ {print $2};' go.mod)
|
|
echo "::set-output name=version::${GO_VERSION}"
|
|
id: awk_gomod
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: "${{ steps.awk_gomod.outputs.version }}"
|
|
check-latest: true
|
|
- name: run tests
|
|
run: go test -json ./... > test.json
|
|
- name: Annotate tests
|
|
if: always()
|
|
uses: guyarb/golang-test-annoations@v0.6.0
|
|
with:
|
|
test-results: test.json
|
|
|
|
pr-shellcheck:
|
|
name: Lint bash code with shellcheck
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Run ShellCheck
|
|
uses: bewuethr/shellcheck-action@v2
|
|
|
|
pr-lint-code:
|
|
name: Lint golang code
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Find go version
|
|
run: |
|
|
GO_VERSION=$(awk '/^go/ {print $2};' go.mod)
|
|
echo "::set-output name=version::${GO_VERSION}"
|
|
id: awk_gomod
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: "${{ steps.awk_gomod.outputs.version }}"
|
|
check-latest: true
|
|
- name: Lint cmd folder
|
|
uses: Jerome1337/golint-action@v1.0.2
|
|
with:
|
|
golint-path: './cmd/...'
|
|
- name: Lint pkg folder
|
|
uses: Jerome1337/golint-action@v1.0.2
|
|
with:
|
|
golint-path: './pkg/...'
|
|
|
|
pr-check-docs-links:
|
|
name: Check docs for incorrect links
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Link Checker
|
|
id: lc
|
|
uses: peter-evans/link-checker@v1
|
|
with:
|
|
args: -r *.md *.yaml */*/*.go -x .cluster.local
|
|
- name: Fail if there were link errors
|
|
run: exit ${{ steps.lc.outputs.exit_code }}
|
|
|
|
# This should not be made a mandatory test
|
|
# It is only used to make us aware of any potential security failure, that
|
|
# should trigger a bump of the image in build/.
|
|
pr-vuln-scan:
|
|
name: Build image and scan it against known vulnerabilities
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Find go version
|
|
run: |
|
|
GO_VERSION=$(awk '/^go/ {print $2};' go.mod)
|
|
echo "::set-output name=version::${GO_VERSION}"
|
|
id: awk_gomod
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: "${{ steps.awk_gomod.outputs.version }}"
|
|
check-latest: true
|
|
- run: make DH_ORG="${{ github.repository_owner }}" VERSION="${{ github.sha }}" image
|
|
- uses: Azure/container-scan@v0
|
|
env:
|
|
# See https://github.com/goodwithtech/dockle/issues/188
|
|
DOCKLE_HOST: "unix:///var/run/docker.sock"
|
|
with:
|
|
image-name: ghcr.io/${{ github.repository_owner }}/kured:${{ github.sha }}
|
|
|
|
# This ensures the latest code works with the manifests built from tree.
|
|
# It is useful for two things:
|
|
# - Test manifests changes (obviously), ensuring they don't break existing clusters
|
|
# - Ensure manifests work with the latest versions even with no manifest change
|
|
# (compared to helm charts, manifests cannot easily template changes based on versions)
|
|
# Helm charts are _trailing_ releases, while manifests are done during development.
|
|
e2e-manifests:
|
|
name: End-to-End test with kured with code and manifests from HEAD
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
kubernetes:
|
|
- "1.23"
|
|
- "1.24"
|
|
- "1.25"
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Find go version
|
|
run: |
|
|
GO_VERSION=$(awk '/^go/ {print $2};' go.mod)
|
|
echo "::set-output name=version::${GO_VERSION}"
|
|
id: awk_gomod
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: "${{ steps.awk_gomod.outputs.version }}"
|
|
check-latest: true
|
|
- name: Build artifacts
|
|
run: |
|
|
make DH_ORG="${{ github.repository_owner }}" VERSION="${{ github.sha }}" image
|
|
make DH_ORG="${{ github.repository_owner }}" VERSION="${{ github.sha }}" manifest
|
|
|
|
- name: Workaround "Failed to attach 1 to compat systemd cgroup /actions_job/..." on gh actions
|
|
run: |
|
|
sudo bash << EOF
|
|
cp /etc/docker/daemon.json /etc/docker/daemon.json.old
|
|
echo '{}' > /etc/docker/daemon.json
|
|
systemctl restart docker || journalctl --no-pager -n 500
|
|
systemctl status docker
|
|
EOF
|
|
|
|
# Default name for helm/kind-action kind clusters is "chart-testing"
|
|
- name: Create kind cluster with 5 nodes
|
|
uses: helm/kind-action@v1.3.0
|
|
with:
|
|
config: .github/kind-cluster-${{ matrix.kubernetes }}.yaml
|
|
version: v0.14.0
|
|
|
|
- name: Preload previously built images onto kind cluster
|
|
run: kind load docker-image ghcr.io/${{ github.repository_owner }}/kured:${{ github.sha }} --name chart-testing
|
|
|
|
- name: Do not wait for an hour before detecting the rebootSentinel
|
|
run: |
|
|
sed -i 's/#\(.*\)--period=1h/\1--period=30s/g' kured-ds.yaml
|
|
|
|
- name: Install kured with kubectl
|
|
run: |
|
|
kubectl apply -f kured-rbac.yaml && kubectl apply -f kured-ds.yaml
|
|
|
|
- name: Ensure kured is ready
|
|
uses: nick-invision/retry@v2.8.1
|
|
with:
|
|
timeout_minutes: 10
|
|
max_attempts: 10
|
|
retry_wait_seconds: 60
|
|
# DESIRED CURRENT READY UP-TO-DATE AVAILABLE should all be = to cluster_size
|
|
command: "kubectl get ds -n kube-system kured | grep -E 'kured.*5.*5.*5.*5.*5'"
|
|
|
|
- name: Create reboot sentinel files
|
|
run: |
|
|
./tests/kind/create-reboot-sentinels.sh
|
|
|
|
- name: Follow reboot until success
|
|
env:
|
|
DEBUG: true
|
|
run: |
|
|
./tests/kind/follow-coordinated-reboot.sh
|