Move ci.yaml to self-hosted #920
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2023 Canonical Ltd. | |
# See LICENSE file for licensing details. | |
name: Tests | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
on: | |
pull_request: | |
schedule: | |
- cron: "53 0 * * *" # Daily at 00:53 UTC | |
# Triggered on push to branch "main" by .github/workflows/release.yaml | |
workflow_call: | |
# secrets: | |
# CHARMHUB_TOKEN: | |
# required: true | |
# AWS_ACCESS_KEY: | |
# required: true | |
# AWS_SECRET_KEY: | |
# required: true | |
# GCP_ACCESS_KEY: | |
# required: true | |
# GCP_SECRET_KEY: | |
# required: true | |
inputs: | |
no-proxy: | |
default: "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,194.169.254.133,.pc1.canonical.com,.openstack.partnercloud1.lan,127.0.0.1,localhost" | |
required: false | |
type: string | |
http-proxy: | |
default: "http://squid.internal:3128" | |
required: false | |
type: string | |
jobs: | |
lint: | |
name: Lint | |
runs-on: [self-hosted, linux, X64, large, jammy] | |
timeout-minutes: 5 | |
steps: | |
- name: Set up aproxy | |
run: | | |
sudo snap install aproxy --edge | |
sudo snap set aproxy proxy=squid.internal:3128 | |
sudo nft -f - << EOF | |
define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+') | |
define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 } | |
table ip aproxy | |
flush table ip aproxy | |
table ip aproxy { | |
chain prerouting { | |
type nat hook prerouting priority dstnat; policy accept; | |
ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443 | |
} | |
chain output { | |
type nat hook output priority -100; policy accept; | |
ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443 | |
} | |
} | |
EOF | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install tox | |
# TODO: Consider replacing with custom image on self-hosted runner OR pinning version | |
run: python3 -m pip install tox | |
- name: Run linters | |
run: tox run -e lint | |
unit-test: | |
name: Unit tests | |
runs-on: [self-hosted, linux, X64, large, jammy] | |
timeout-minutes: 5 | |
steps: | |
- name: Set up aproxy | |
run: | | |
sudo snap install aproxy --edge | |
sudo snap set aproxy proxy=squid.internal:3128 | |
sudo nft -f - << EOF | |
define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+') | |
define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 } | |
table ip aproxy | |
flush table ip aproxy | |
table ip aproxy { | |
chain prerouting { | |
type nat hook prerouting priority dstnat; policy accept; | |
ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443 | |
} | |
chain output { | |
type nat hook output priority -100; policy accept; | |
ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443 | |
} | |
} | |
EOF | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install tox | |
# TODO: Consider replacing with custom image on self-hosted runner OR pinning version | |
run: python3 -m pip install tox | |
- name: Run tests | |
run: tox run -e unit | |
lib-check: | |
name: Check libraries | |
runs-on: [self-hosted, linux, X64, large, jammy] | |
timeout-minutes: 5 | |
steps: | |
- name: Set up aproxy | |
run: | | |
sudo snap install aproxy --edge | |
sudo snap set aproxy proxy=squid.internal:3128 | |
sudo nft -f - << EOF | |
define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+') | |
define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 } | |
table ip aproxy | |
flush table ip aproxy | |
table ip aproxy { | |
chain prerouting { | |
type nat hook prerouting priority dstnat; policy accept; | |
ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443 | |
} | |
chain output { | |
type nat hook output priority -100; policy accept; | |
ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443 | |
} | |
} | |
EOF | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Check libs | |
uses: canonical/charming-actions/[email protected] | |
with: | |
credentials: "${{ secrets.CHARMHUB_TOKEN }}" # FIXME: current token will expire in 2023-07-04 | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
build: | |
name: Build charms | |
uses: canonical/data-platform-workflows/.github/workflows/build_charms_with_cache.yaml@add-aproxy-snap | |
with: | |
charmcraft-snap-revision: 1349 # version 2.3.0 | |
permissions: | |
actions: write # Needed to manage GitHub Actions cache | |
integration-test: | |
strategy: | |
fail-fast: false | |
matrix: | |
tox-environments: | |
- charm-integration | |
- ha-integration | |
- relation-integration | |
- legacy-integration | |
- tls-integration | |
- backup-integration | |
- metric-integration | |
name: ${{ matrix.tox-environments }} | |
needs: | |
- lint | |
- unit-test | |
- lib-check | |
- build | |
runs-on: [self-hosted, linux, X64, xlarge, jammy] | |
timeout-minutes: 120 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup operator environment | |
# TODO: Replace with custom image on self-hosted runner | |
uses: charmed-kubernetes/actions-operator@main | |
with: | |
provider: lxd | |
juju-channel: 3.1/stable | |
bootstrap-options: "--agent-version 3.1.6 --model-default juju-http-proxy=${{ inputs.http-proxy }} --model-default juju-https-proxy=${{ inputs.http-proxy }} --model-default juju-no-proxy=${{ inputs.no-proxy }} --model-default apt-http-proxy=${{ inputs.http-proxy }} --model-default apt-https-proxy=${{ inputs.http-proxy }} --model-default snap-http-proxy=${{ inputs.http-proxy }} --model-default snap-https-proxy=${{ inputs.http-proxy }}" | |
- name: Download packed charm(s) | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ needs.build.outputs.artifact-name }} | |
- name: Free disk space | |
run: | | |
echo "Free disk space before cleanup" | |
df -T | |
# free space in the runner | |
sudo rm -rf /usr/share/dotnet | |
sudo rm -rf /opt/ghc | |
sudo rm -rf /usr/local/share/boost | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
echo "Free disk space after cleanup" | |
df -T | |
- name: Select tests | |
id: select-tests | |
run: | | |
if [ "${{ github.event_name }}" == "schedule" ] | |
then | |
echo Running unstable and stable tests | |
echo "mark_expression=" >> $GITHUB_OUTPUT | |
else | |
echo Skipping unstable tests | |
echo "mark_expression=not unstable" >> $GITHUB_OUTPUT | |
fi | |
- name: Run integration tests | |
run: tox run -e ${{ matrix.tox-environments }} -- -m '${{ steps.select-tests.outputs.mark_expression }}' | |
env: | |
CI_PACKED_CHARMS: ${{ needs.build.outputs.charms }} | |
# AWS_ACCESS_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.AWS_ACCESS_KEY }} | |
# AWS_SECRET_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.AWS_SECRET_KEY }} | |
# GCP_ACCESS_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.GCP_ACCESS_KEY }} | |
# GCP_SECRET_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.GCP_SECRET_KEY }} |