Remove gradetool image to save space (#1306) #167

Workflow file for this run

.github/workflows/pre-main.yaml at 6356c7b

	name: Test Incoming Changes

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]
	workflow_dispatch:
	env:
	REGISTRY: quay.io
	REGISTRY_LOCAL: localhost
	TNF_IMAGE_NAME: testnetworkfunction/cnf-certification-test
	TNF_IMAGE_TAG: unstable
	OCT_IMAGE_NAME: testnetworkfunction/oct
	OCT_IMAGE_TAG: latest
	GRADETOOL_IMAGE_NAME: testnetworkfunction/gradetool
	GRADETOOL_IMAGE_TAG: latest
	TNF_CONTAINER_CLIENT: docker
	TNF_NON_INTRUSIVE_ONLY: false
	TNF_ALLOW_PREFLIGHT_INSECURE: false
	TNF_DISABLE_CONFIG_AUTODISCOVER: false
	TNF_CONFIG_DIR: /tmp/tnf/config
	TNF_OUTPUT_DIR: /tmp/tnf/output
	TNF_SRC_URL: 'https://github.com/${{ github.repository }}'
	TESTING_CMD_PARAMS: '-n host -i ${REGISTRY_LOCAL}/${TNF_IMAGE_NAME}:${TNF_IMAGE_TAG} -t ${TNF_CONFIG_DIR} -o ${TNF_OUTPUT_DIR}'
	TNF_SMOKE_TESTS_LOG_LEVEL: trace
	ON_DEMAND_DEBUG_PODS: false
	TERM: xterm-color
	CM_BIN: /usr/local/bin/checkmake
	CM_URL_LINUX: https://github.com/mrtazz/checkmake/releases/download/0.2.2/checkmake-0.2.2.linux.amd64 # yamllint disable-line
	SMOKE_TESTS_GINKGO_LABELS_FILTER: '!affiliated-certification-container-is-certified-digest && !access-control-security-context'

	jobs:
	lint:
	name: Run Linter and Vet
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-22.04, macos-latest]
	env:
	SHELL: /bin/bash

	steps:
	- name: Set up Go 1.20
	uses: actions/setup-go@v4
	with:
	go-version: 1.20.6

	- name: Disable default go problem matcher
	run: echo "::remove-matcher owner=go::"

	- name: Check out code into the Go module directory
	uses: actions/checkout@v3
	with:
	ref: ${{ github.sha }}

	# TODO: golangci-lint team recommends using a GitHub Action to perform golangci-lint responsibilities. However
	# there does not appear to be a way to honor our existing .golangci.yml. For now, mimic developer behavior.
	- name: Install golangci-lint
	run: make install-lint

	- name: Install checkmake (Linux)
	run: curl --location --output $CM_BIN --silent $CM_URL_LINUX
	if: runner.os == 'Linux'

	- name: Install checkmake (MacOS)
	run: brew install checkmake
	if: runner.os == 'macOS'

	- run: chmod +x $CM_BIN
	if: runner.os == 'Linux'

	- name: Install hadolint (Linux)
	run: \|
	curl \
	--location \
	--output /usr/local/bin/hadolint \
	https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64
	chmod +x /usr/local/bin/hadolint
	if: runner.os == 'Linux'

	- name: Install hadolint (MacOS)
	run: \|
	brew install hadolint
	if: runner.os == 'macOS'

	- name: Install shfmt (Linux)
	run: make install-shfmt
	if: runner.os == 'Linux'

	- name: Install shfmt (MacOS)
	run: brew install shfmt
	if: runner.os == 'macOS'

	- name: make lint
	run: make lint

	- name: make vet
	run: make vet
	action-linters:
	name: Checkmake, hadolint, markdownlint, shellcheck, shfmt, typos, yamllint
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@v3
	- run: \|
	curl --location --output $CM_BIN --silent $CM_URL_LINUX
	chmod +x $CM_BIN
	$CM_BIN Makefile
	- uses: hadolint/[email protected]
	with:
	dockerfile: Dockerfile
	recursive: true
	- uses: nosborn/[email protected]
	with:
	files: .
	ignore_files: cmd/tnf/generate/catalog/{INTRO,TEST_CASE_CATALOG}.md
	- uses: ludeeus/action-shellcheck@master
	- uses: mfinelli/setup-shfmt@v2
	- run: shfmt -d *.sh script
	- uses: crate-ci/typos@master
	- uses: ibiqlik/action-yamllint@v3
	with:
	config_data: \|
	extends: default
	rules:
	line-length:
	level: warning
	trailing-spaces:
	level: warning
	brackets:
	level: warning
	empty-lines:
	level: warning
	unit-tests:
	name: Run Unit Tests
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-22.04, macos-latest]
	env:
	SHELL: /bin/bash

	steps:
	- name: Set up Go 1.20
	uses: actions/setup-go@v4
	with:
	go-version: 1.20.6

	- name: Disable default go problem matcher
	run: echo "::remove-matcher owner=go::"

	- name: Check out code into the Go module directory
	uses: actions/checkout@v3
	with:
	ref: ${{ github.sha }}

	- name: Run Tests
	run: make test
	env:
	SHELL: /bin/bash

	- name: Quality Gate - Test coverage shall be above threshold
	env:
	TESTCOVERAGE_THRESHOLD: 15
	run: \|
	echo "Quality Gate: checking test coverage is above threshold ..."
	echo "Threshold : $TESTCOVERAGE_THRESHOLD %"
	totalCoverage=`UNIT_TEST='true' cat cover.out.tmp \| grep -v "_moq.go" > cover.out; go tool cover -func=cover.out \| grep total \| grep -Eo '[0-9]+\.[0-9]+'`
	echo "Current test coverage : $totalCoverage %"
	if (( $(echo "$totalCoverage $TESTCOVERAGE_THRESHOLD" \| awk '{print ($1 > $2)}') )); then
	echo OK
	else
	echo "Current test coverage is below threshold. Please add more unit tests or adjust threshold to a lower value."
	echo "Failed"
	exit 1
	fi

	smoke-tests-local:
	name: Run Local Smoke Tests
	runs-on: ubuntu-22.04
	env:
	SHELL: /bin/bash
	KUBECONFIG: '/home/runner/.kube/config'
	PFLT_DOCKERCONFIG: '/home/runner/.docker/config'

	steps:
	- name: Write temporary docker file
	run: \|
	mkdir -p /home/runner/.docker
	touch ${PFLT_DOCKERCONFIG}
	echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG}

	- name: Set up Go 1.20
	uses: actions/setup-go@v4
	with:
	go-version: 1.20.6

	- name: Disable default go problem matcher
	run: echo "::remove-matcher owner=go::"

	- name: Check out code into the Go module directory
	uses: actions/checkout@v3
	with:
	ref: ${{ github.sha }}

	- name: Cleanup the runner
	run: \|
	sudo rm -rf /usr/share/dotnet
	sudo rm -rf /opt/ghc
	sudo rm -rf "/usr/local/share/boost"

	# Update the CNF containers, helm charts and operators DB

	- name: Update the CNF DB
	run: \|
	docker pull ${REGISTRY}/${OCT_IMAGE_NAME}:${OCT_IMAGE_TAG}
	mkdir -p "${GITHUB_WORKSPACE}"/offline-db
	docker run -v "${GITHUB_WORKSPACE}"/offline-db:/tmp/dump:Z --env OCT_DUMP_ONLY=true ${REGISTRY}/${OCT_IMAGE_NAME}:${OCT_IMAGE_TAG}

	- name: Install ginkgo
	run: make install-tools

	- name: Build CNF test suite binary
	run: make build-cnf-tests

	- name: Remove oct container image and the go mod cache to save disk space.
	run: \|
	df -h
	docker rmi -f ${REGISTRY}/${OCT_IMAGE_NAME}:${OCT_IMAGE_TAG} \|\| true
	go clean -modcache \|\| true
	df -h

	# Create a Kind cluster for testing.
	- name: Check out `cnf-certification-test-partner`
	uses: actions/checkout@v3
	with:
	repository: test-network-function/cnf-certification-test-partner
	path: cnf-certification-test-partner

	- name: Start the Kind cluster for `local-test-infra`
	uses: ./cnf-certification-test-partner/.github/actions/start-k8s-cluster
	with:
	working_directory: cnf-certification-test-partner

	- name: Create `local-test-infra` OpenShift resources
	uses: ./cnf-certification-test-partner/.github/actions/create-local-test-infra-resources
	with:
	working_directory: cnf-certification-test-partner

	# Perform smoke tests.
	- name: 'Test: Run test suites'
	run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-cnf-suites.sh -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}"

	- name: Upload smoke test results as an artifact
	uses: actions/upload-artifact@v3
	if: always()
	with:
	name: smoke-tests
	path: \|
	cnf-certification-test/*.tar.gz

	- name: Remove tarball(s) to save disk space.
	run: rm -f cnf-certification-test/*.tar.gz

	- name: Run gradetool on the claim.json
	run: \|
	docker pull ${REGISTRY}/${GRADETOOL_IMAGE_NAME}:${GRADETOOL_IMAGE_TAG}
	docker run -v "${GITHUB_WORKSPACE}"/generated_policy.json:/policy.json -v "${GITHUB_WORKSPACE}"/cnf-certification-test/claim.json:/claim.json ${{ env.REGISTRY }}/${{ env.GRADETOOL_IMAGE_NAME }}:${{ env.GRADETOOL_IMAGE_TAG }} -p /policy.json -o results.txt -r /claim.json > "${GITHUB_WORKSPACE}"/results.txt

	- name: Check that their are 0 failed tests in the gradetool results
	run: \|
	if $(jq '.[] \| .Fail \| length' "${GITHUB_WORKSPACE}"/results.txt \| grep -q 0); then
	echo OK
	else
	echo "Gradetool has found failing tests in the following:"
	jq '.[] \| .Fail \| .[].id' "${GITHUB_WORKSPACE}"/results.txt
	exit 1
	fi

	- name: Remove gradetool container image and the go mod cache to save disk space.
	run: \|
	df -h
	docker rmi -f ${REGISTRY}/${GRADETOOL_IMAGE_NAME}:${GRADETOOL_IMAGE_TAG} \|\| true
	go clean -modcache \|\| true
	df -h

	- name: 'Test: Run preflight specific test suite'
	run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-cnf-suites.sh -l "preflight"

	- name: Upload preflight smoke test results as an artifact
	uses: actions/upload-artifact@v3
	if: always()
	with:
	name: preflight-smoke-tests
	path: \|
	cnf-certification-test/*.tar.gz

	- name: Remove tarball(s) to save disk space
	run: rm -f cnf-certification-test/*.tar.gz

	smoke-tests-container:
	name: Run Container Smoke Tests
	runs-on: ubuntu-22.04
	env:
	SHELL: /bin/bash
	KUBECONFIG: '/home/runner/.kube/config'
	PFLT_DOCKERCONFIG: '/home/runner/.docker/config'

	steps:
	- name: Write temporary docker file
	run: \|
	mkdir -p /home/runner/.docker
	touch ${PFLT_DOCKERCONFIG}
	echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG}

	# Create a Kind cluster for testing.
	- name: Check out `cnf-certification-test-partner`
	uses: actions/checkout@v3
	with:
	repository: test-network-function/cnf-certification-test-partner
	path: cnf-certification-test-partner

	- name: Start the Kind cluster for `local-test-infra`
	uses: ./cnf-certification-test-partner/.github/actions/start-k8s-cluster
	with:
	working_directory: cnf-certification-test-partner

	- name: Create `local-test-infra` OpenShift resources
	uses: ./cnf-certification-test-partner/.github/actions/create-local-test-infra-resources
	with:
	working_directory: cnf-certification-test-partner


	# Perform smoke tests using a TNF container.
	- name: Check out code into the Go module directory
	uses: actions/checkout@v3
	with:
	ref: ${{ github.sha }}

	- name: Cleanup the runner
	run: \|
	sudo rm -rf /usr/share/dotnet
	sudo rm -rf /opt/ghc
	sudo rm -rf "/usr/local/share/boost"

	- name: Build the `cnf-certification-test` image
	run: \|
	make build-image-local
	env:
	IMAGE_TAG: ${TNF_IMAGE_TAG}

	# Clean up unused container image layers. We need to filter out a possible error return code
	# from docker with "\|\| true" as some images might still be used by running kind containers and
	# won't be removed.
	- name: Remove unnamed/dangling container images to save space. Show disk space before and after removing them.
	run: \|
	df -h
	docker rmi $(docker images -f "dangling=true" -q) \|\| true
	df -h

	- name: Create required TNF config files and directories
	run: \|
	mkdir -p $TNF_CONFIG_DIR $TNF_OUTPUT_DIR
	cp cnf-certification-test/*.yml $TNF_CONFIG_DIR
	shell: bash

	- name: 'Test: Run without any TS, just get diagnostic information'
	run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }}

	- name: 'Test: Run Smoke Tests in a TNF container'
	run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}"

	- name: Upload container test results as an artifact
	uses: actions/upload-artifact@v3
	if: always()
	with:
	name: smoke-tests-container
	path: \|
	${{ env.TNF_OUTPUT_DIR }}/*.tar.gz

	- name: Remove tarball(s) to save disk space.
	run: rm -f ${{ env.TNF_OUTPUT_DIR }}/*.tar.gz

	- name: Run gradetool on the claim.json
	run: \|
	docker pull ${REGISTRY}/${GRADETOOL_IMAGE_NAME}:${GRADETOOL_IMAGE_TAG}
	docker run -v "${GITHUB_WORKSPACE}"/generated_policy.json:/policy.json -v ${{ env.TNF_OUTPUT_DIR }}/claim.json:/claim.json ${{ env.REGISTRY }}/${{ env.GRADETOOL_IMAGE_NAME }}:${{ env.GRADETOOL_IMAGE_TAG }} -p /policy.json -o results.txt -r /claim.json > "${GITHUB_WORKSPACE}"/results.txt

	- name: Check that their are 0 failed tests in the gradetool results
	run: \|
	if $(jq '.[] \| .Fail \| length' "${GITHUB_WORKSPACE}"/results.txt \| grep -q 0); then
	echo OK
	else
	echo "Gradetool has found failing tests in the following:"
	jq '.[] \| .Fail \| .[].id' "${GITHUB_WORKSPACE}"/results.txt
	exit 1
	fi

	- name: Remove gradetool container image and the go mod cache to save disk space.
	run: \|
	df -h
	docker rmi -f ${REGISTRY}/${GRADETOOL_IMAGE_NAME}:${GRADETOOL_IMAGE_TAG} \|\| true
	go clean -modcache \|\| true
	df -h

	- name: 'Test: Run Preflight Specific Smoke Tests in a TNF container'
	run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "preflight"

	- name: Upload container preflight test results as an artifact
	uses: actions/upload-artifact@v3
	if: always()
	with:
	name: preflight-smoke-tests-container
	path: \|
	${{ env.TNF_OUTPUT_DIR }}/*.tar.gz

	- name: Remove tarball(s) to save disk space.
	run: rm -f ${{ env.TNF_OUTPUT_DIR }}/*.tar.gz

	# Push the new unstable TNF image to Quay.io.
	- name: (if on main and upstream) Authenticate against Quay.io
	if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }}
	uses: docker/login-action@v2
	with:
	registry: ${{ env.REGISTRY }}
	# Use a Robot Account to authenticate against Quay.io
	# https://docs.quay.io/glossary/robot-accounts.html
	username: ${{ secrets.QUAY_ROBOT_USERNAME }}
	password: ${{ secrets.QUAY_ROBOT_TOKEN }}

	- name: (if on main and upstream) Push the newly built image to Quay.io
	if: ${{ github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }}
	run: docker push --all-tags ${REGISTRY}/${TNF_IMAGE_NAME}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove gradetool image to save space (#1306) #167

Workflow file

Remove gradetool image to save space (#1306) #167

Jobs

Run details

Workflow file for this run