Bump ubi9/ubi-minimal from 9.4-1227.1725849298 to 9.4-1227.1726694542 #230
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test Incoming Changes | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
workflow_dispatch: | |
permissions: | |
contents: read | |
env: | |
REGISTRY: quay.io | |
REGISTRY_LOCAL: localhost | |
CERTSUITE_IMAGE_NAME: redhat-best-practices-for-k8s/certsuite | |
CERTSUITE_IMAGE_NAME_LEGACY: testnetworkfunction/cnf-certification-test | |
CERTSUITE_IMAGE_TAG: unstable | |
OCT_IMAGE_NAME: redhat-best-practices-for-k8s/oct | |
OCT_IMAGE_TAG: latest | |
PROBE_IMAGE_NAME: redhat-best-practices-for-k8s/certsuite-probe | |
PROBE_IMAGE_TAG: v0.0.9 | |
CERTSUITE_CONFIG_DIR: /tmp/certsuite/config | |
CERTSUITE_OUTPUT_DIR: /tmp/certsuite/output | |
SMOKE_TESTS_LOG_LEVEL: debug | |
SMOKE_TESTS_LABELS_FILTER: all | |
SKIP_PRELOAD_IMAGES: true | |
TERM: xterm-color | |
CM_BIN: /usr/local/bin/checkmake | |
CM_URL_LINUX: https://github.com/mrtazz/checkmake/releases/download/0.2.2/checkmake-0.2.2.linux.amd64 # yamllint disable-line | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
name: Run Linters and Vet | |
runs-on: ubuntu-22.04 | |
env: | |
SHELL: /bin/bash | |
steps: | |
- name: Set up Go 1.23 | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 1.23.1 | |
- name: Disable default go problem matcher | |
run: echo "::remove-matcher owner=go::" | |
- name: Check out code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
ref: ${{ github.sha }} | |
- name: Install yaml dependency | |
uses: ./.github/actions/install-yaml-dep | |
- name: Extract dependent Pull Requests | |
uses: depends-on/depends-on-action@9e8a61fce18b15281e831f1bba0e14c71d1e1f46 # main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install checkmake | |
run: | | |
curl --location --output $CM_BIN --silent $CM_URL_LINUX | |
chmod +x $CM_BIN | |
- name: Install Shfmt | |
uses: mfinelli/setup-shfmt@031e887e39d899d773a7e9b6dd6472c2c23ff50d # v3.0.1 | |
- name: Golangci-lint | |
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 | |
with: | |
version: v1.60 | |
args: --timeout 10m0s | |
- name: Checkmake | |
run: checkmake --config=.checkmake Makefile | |
- name: Hadolint | |
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | |
with: | |
dockerfile: Dockerfile | |
recursive: true | |
- name: Shfmt | |
run: shfmt -d script | |
- name: Markdownlint | |
uses: nosborn/github-action-markdown-cli@9b5e871c11cc0649c5ac2526af22e23525fa344d # v3.3.0 | |
with: | |
files: . | |
- name: ShellCheck | |
uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master | |
# - name: Typos | |
# uses: crate-ci/typos@master | |
- name: Yamllint | |
uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1 | |
with: | |
config_file: .yamllint.yml | |
- name: Go vet | |
run: make vet | |
unit-tests: | |
name: Run Unit Tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-22.04] | |
env: | |
SHELL: /bin/bash | |
steps: | |
- name: Set up Go 1.23 | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 1.23.1 | |
- name: Disable default go problem matcher | |
run: echo "::remove-matcher owner=go::" | |
- name: Check out code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
ref: ${{ github.sha }} | |
- name: Install yaml dependency | |
uses: ./.github/actions/install-yaml-dep | |
- name: Extract dependent Pull Requests | |
uses: depends-on/depends-on-action@9e8a61fce18b15281e831f1bba0e14c71d1e1f46 # main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run Tests | |
run: make test | |
env: | |
SHELL: /bin/bash | |
- name: Quality Gate - Test coverage shall be above threshold | |
env: | |
TESTCOVERAGE_THRESHOLD: 15 | |
run: | | |
echo "Quality Gate: checking test coverage is above threshold ..." | |
echo "Threshold : $TESTCOVERAGE_THRESHOLD %" | |
totalCoverage=`UNIT_TEST='true' cat cover.out.tmp | grep -v "_moq.go" > cover.out; go tool cover -func=cover.out | grep total | grep -Eo '[0-9]+\.[0-9]+'` | |
echo "Current test coverage : $totalCoverage %" | |
if (( $(echo "$totalCoverage $TESTCOVERAGE_THRESHOLD" | awk '{print ($1 > $2)}') )); then | |
echo OK | |
else | |
echo "Current test coverage is below threshold. Please add more unit tests or adjust threshold to a lower value." | |
echo "Failed" | |
exit 1 | |
fi | |
precheck-images: | |
name: Precheck Images | |
runs-on: ubuntu-22.04 | |
env: | |
SHELL: /bin/bash | |
steps: | |
- name: Pull the images to verify they exist | |
run: | | |
docker pull ${REGISTRY}/${OCT_IMAGE_NAME}:${OCT_IMAGE_TAG} | |
docker pull ${REGISTRY}/${PROBE_IMAGE_NAME}:${PROBE_IMAGE_TAG} | |
smoke-tests-local: | |
name: Run Local Smoke Tests | |
needs: precheck-images | |
if: needs.precheck-images.result == 'success' | |
runs-on: ubuntu-22.04 | |
env: | |
SHELL: /bin/bash | |
KUBECONFIG: '/home/runner/.kube/config' | |
PFLT_DOCKERCONFIG: '/home/runner/.docker/config' | |
steps: | |
- name: Write temporary docker file | |
run: | | |
mkdir -p /home/runner/.docker | |
touch ${PFLT_DOCKERCONFIG} | |
echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG} | |
- name: Set up Go 1.23 | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 1.23.1 | |
- name: Disable default go problem matcher | |
run: echo "::remove-matcher owner=go::" | |
- name: Check out code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
ref: ${{ github.sha }} | |
- name: Install yaml dependency | |
uses: ./.github/actions/install-yaml-dep | |
- name: Extract dependent Pull Requests | |
uses: depends-on/depends-on-action@9e8a61fce18b15281e831f1bba0e14c71d1e1f46 # main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
# Update the CNF containers, helm charts and operators DB. | |
- name: Update the CNF DB | |
run: | | |
mkdir -p "${GITHUB_WORKSPACE}"/offline-db | |
docker run \ | |
--env OCT_DUMP_ONLY=true \ | |
--rm \ | |
--volume "${GITHUB_WORKSPACE}"/offline-db:/tmp/dump:Z \ | |
${REGISTRY}/${OCT_IMAGE_NAME}:${OCT_IMAGE_TAG} | |
docker system prune --volumes -f | |
- name: Build the Certsuite tool | |
run: make build-certsuite-tool | |
- name: Remove go mod cache to save disk space. | |
run: | | |
df -h | |
go clean -modcache || true | |
df -h | |
- name: Setup partner cluster | |
uses: ./.github/actions/setup-partner-cluster | |
with: | |
make-command: 'install' | |
# Perform smoke tests. | |
- name: 'Test: Run test suites' | |
run: ./certsuite run --label-filter="${SMOKE_TESTS_LABELS_FILTER}" --output-dir=certsuite-out --log-level="${SMOKE_TESTS_LOG_LEVEL}" | |
- name: Upload smoke test results as an artifact | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
if: always() | |
with: | |
name: smoke-tests | |
path: | | |
certsuite-out/*.tar.gz | |
- name: Check the smoke test results against the expected results template | |
run: ./certsuite check results --log-file="certsuite-out/certsuite.log" | |
- name: 'Test: Run preflight specific test suite' | |
run: ./certsuite run --label-filter=preflight --log-level="${SMOKE_TESTS_LOG_LEVEL}" | |
- name: Upload preflight smoke test results as an artifact | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
if: always() | |
with: | |
name: preflight-smoke-tests | |
path: | | |
certsuite-out/*.tar.gz | |
- name: Remove tarball(s) to save disk space | |
run: rm -f certsuite-out/*.tar.gz | |
smoke-tests-container: | |
name: Run Container Smoke Tests | |
needs: precheck-images | |
if: needs.precheck-images.result == 'success' | |
runs-on: ubuntu-22.04 | |
env: | |
SHELL: /bin/bash | |
KUBECONFIG: '/home/runner/.kube/config' | |
PFLT_DOCKERCONFIG: '/home/runner/.docker/config' | |
steps: | |
- name: Write temporary docker file | |
run: | | |
mkdir -p /home/runner/.docker | |
touch ${PFLT_DOCKERCONFIG} | |
echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG} | |
# needed by depends-on-action | |
- name: Set up Go 1.23 | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 1.23.1 | |
# Perform smoke tests using a Certsuite container. | |
- name: Check out code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
ref: ${{ github.sha }} | |
- name: Setup partner cluster | |
uses: ./.github/actions/setup-partner-cluster | |
with: | |
make-command: 'install' | |
- name: Extract dependent Pull Requests | |
uses: depends-on/depends-on-action@9e8a61fce18b15281e831f1bba0e14c71d1e1f46 # main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build the `cnf-certification-test` image | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 | |
with: | |
timeout_minutes: 90 | |
max_attempts: 3 | |
command: make build-image-local | |
env: | |
IMAGE_TAG: ${CERTSUITE_IMAGE_TAG} | |
# Clean up unused container image layers. We need to filter out a possible error return code | |
# from docker with "|| true" as some images might still be used by running kind containers and | |
# will not be removed. | |
- name: Remove unnamed/dangling container images to save space. Show disk space before and after removing them. | |
run: | | |
df -h | |
docker rmi $(docker images -f "dangling=true" -q) || true | |
df -h | |
- name: Create required Certsuite config files and directories | |
run: | | |
mkdir -p $CERTSUITE_CONFIG_DIR $CERTSUITE_OUTPUT_DIR | |
cp /home/runner/.kube/config $CERTSUITE_CONFIG_DIR/kubeconfig | |
cp /home/runner/.docker/config $CERTSUITE_CONFIG_DIR/dockerconfig | |
cp config/*.yml $CERTSUITE_CONFIG_DIR | |
shell: bash | |
- name: 'Test: Run without any TS, just get diagnostic information' | |
run: | | |
docker run --rm --network host \ | |
-v $CERTSUITE_CONFIG_DIR:/usr/certsuite/config:Z \ | |
-v $CERTSUITE_OUTPUT_DIR:/usr/certsuite/output:Z \ | |
${REGISTRY_LOCAL}/${CERTSUITE_IMAGE_NAME}:${CERTSUITE_IMAGE_TAG} \ | |
certsuite run \ | |
--output-dir=/usr/certsuite/output \ | |
--preflight-dockerconfig=/usr/certsuite/config/dockerconfig \ | |
--offline-db=/usr/offline-db \ | |
--log-level=${SMOKE_TESTS_LOG_LEVEL} \ | |
--config-file=/usr/certsuite/config/certsuite_config.yml \ | |
--kubeconfig=/usr/certsuite/config/kubeconfig \ | |
- name: 'Test: Run Smoke Tests in a Certsuite container with the certsuite command' | |
run: | | |
docker run --rm --network host \ | |
-v $CERTSUITE_CONFIG_DIR:/usr/certsuite/config:Z \ | |
-v $CERTSUITE_OUTPUT_DIR:/usr/certsuite/output:Z \ | |
${REGISTRY_LOCAL}/${CERTSUITE_IMAGE_NAME}:${CERTSUITE_IMAGE_TAG} \ | |
certsuite run \ | |
--output-dir=/usr/certsuite/output \ | |
--preflight-dockerconfig=/usr/certsuite/config/dockerconfig \ | |
--offline-db=/usr/offline-db \ | |
--enable-data-collection=true \ | |
--log-level=${SMOKE_TESTS_LOG_LEVEL} \ | |
--config-file=/usr/certsuite/config/certsuite_config.yml \ | |
--kubeconfig=/usr/certsuite/config/kubeconfig \ | |
--label-filter="${SMOKE_TESTS_LABELS_FILTER}" | |
- name: Upload container test results as an artifact | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
if: always() | |
with: | |
name: smoke-tests-container | |
path: | | |
${CERTSUITE_OUTPUT_DIR}/*.tar.gz | |
- name: Remove tarball(s) to save disk space. | |
run: rm -f ${CERTSUITE_OUTPUT_DIR}/*.tar.gz | |
- name: Build the Certsuite tool | |
run: make build-certsuite-tool | |
- name: Check the smoke test results against the expected results template | |
run: ./certsuite check results --log-file="${CERTSUITE_OUTPUT_DIR}"/certsuite.log | |
- name: 'Test: Run Preflight Specific Smoke Tests in a Certsuite container with the certsuite command' | |
run: | | |
docker run --rm --network host \ | |
-v $CERTSUITE_CONFIG_DIR:/usr/certsuite/config:Z \ | |
-v $CERTSUITE_OUTPUT_DIR:/usr/certsuite/output:Z \ | |
${REGISTRY_LOCAL}/${CERTSUITE_IMAGE_NAME}:${CERTSUITE_IMAGE_TAG} \ | |
certsuite run \ | |
--output-dir=/usr/certsuite/output \ | |
--preflight-dockerconfig=/usr/certsuite/config/dockerconfig \ | |
--offline-db=/usr/offline-db \ | |
--log-level=${SMOKE_TESTS_LOG_LEVEL} \ | |
--config-file=/usr/certsuite/config/certsuite_config.yml \ | |
--kubeconfig=/usr/certsuite/config/kubeconfig \ | |
--label-filter="preflight" | |
# Only run this job if the previous jobs are successful that build the ARM and x86 images. | |
create-manifest-multiarch-legacy: | |
name: Create manifest list for multi-arch image (legacy) | |
needs: [unit-tests, smoke-tests-container] | |
runs-on: ubuntu-22.04 | |
if: github.event_name != 'pull_request' && needs.smoke-tests-container.result == 'success' && needs.unit-tests.result == 'success' | |
steps: | |
- name: Check out code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
ref: ${{ github.sha }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
- name: Login to Quay.io | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ secrets.QUAY_ROBOT_USERNAME }} | |
password: ${{ secrets.QUAY_ROBOT_TOKEN }} | |
- name: Build and push the unstable images for multi-arch | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
with: | |
context: . | |
file: Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
${{ env.REGISTRY }}/${{ env.CERTSUITE_IMAGE_NAME_LEGACY }}:${{ env.CERTSUITE_IMAGE_TAG }} | |
- name: (if on main and upstream) Send chat msg to dev team if failed to create container image. | |
if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
uses: ./.github/actions/slack-webhook-sender | |
with: | |
message: 'Failed to create the *unstable* container manifest' | |
slack_webhook: '${{ secrets.SLACK_ALERT_WEBHOOK_URL }}' | |
# Only run this job if the previous jobs are successful that build the ARM and x86 images. | |
create-manifest-multiarch: | |
name: Create manifest list for multi-arch image | |
needs: [unit-tests, smoke-tests-container] | |
runs-on: ubuntu-22.04 | |
if: github.event_name != 'pull_request' && needs.smoke-tests-container.result == 'success' && needs.unit-tests.result == 'success' | |
steps: | |
- name: Check out code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
ref: ${{ github.sha }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
- name: Login to Quay.io | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ secrets.QUAY_ROBOT_USERNAME_K8S }} | |
password: ${{ secrets.QUAY_ROBOT_TOKEN_K8S }} | |
- name: Build and push the unstable images for multi-arch | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
with: | |
context: . | |
file: Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
${{ env.REGISTRY }}/${{ env.CERTSUITE_IMAGE_NAME }}:${{ env.CERTSUITE_IMAGE_TAG }} | |
- name: (if on main and upstream) Send chat msg to dev team if failed to create container image. | |
if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'redhat-best-practices-for-k8s' }} | |
uses: ./.github/actions/slack-webhook-sender | |
with: | |
message: 'Failed to create the *unstable* container manifest' | |
slack_webhook: '${{ secrets.SLACK_ALERT_WEBHOOK_URL }}' | |
check-all-dependencies-are-merged: | |
name: Check all the PR dependencies are merged | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Check all dependent Pull Requests are merged | |
uses: depends-on/depends-on-action@9e8a61fce18b15281e831f1bba0e14c71d1e1f46 # main | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
check-unmerged-pr: true |