Do not fail Vault provider on optional secrets. (#1355) #6690
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: e2e | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- "*" | |
merge_group: | |
types: [checks_requested] | |
workflow_dispatch: | |
permissions: | |
packages: read | |
contents: read | |
id-token: write # This is required for requesting the JWT | |
env: | |
# Requires nscloud runner (which we use exclusively) | |
NS_DOCKERHUB_MIRROR: http://169.254.169.43:6001 | |
jobs: | |
build_fn: | |
name: Build ns from head | |
runs-on: | |
- nscloud-ubuntu-22.04-amd64-8x16-with-cache | |
- nscloud-cache-size-10gb | |
- nscloud-cache-tag-foundation-golang | |
steps: | |
- name: Check out | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.21.x | |
cache: false | |
- name: Setup cross-invocation caching (Go) | |
uses: namespacelabs/nscloud-cache-action@v1 | |
with: | |
cache: go | |
- name: Build ns | |
env: | |
CGO_ENABLED: 0 | |
run: go build -v -o ns ./cmd/ns | |
- name: Upload ns | |
uses: namespace-actions/upload-artifact@v0 | |
with: | |
name: ns-${{ runner.os }} | |
path: ns | |
# We don't need to persist it for long, only for the next job to download it. | |
retention-days: 1 | |
- name: Build nsc | |
env: | |
CGO_ENABLED: 0 | |
run: go build -v -o nsc ./cmd/nsc | |
- name: Upload nsc | |
uses: namespace-actions/upload-artifact@v0 | |
with: | |
name: nsc-${{ runner.os }} | |
path: nsc | |
# We don't need to persist it for long, only for the next job to download it. | |
retention-days: 1 | |
run_deploy: | |
name: Test local Namespace (deploy to k3d) use_prebuilts=${{ matrix.use_prebuilts }} | |
needs: build_fn | |
strategy: | |
matrix: | |
use_prebuilts: [false, true] | |
runs-on: nscloud | |
timeout-minutes: 15 | |
steps: | |
- name: Check out | |
uses: actions/checkout@v4 | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# Required by buildkit gha cache. | |
- name: Expose GitHub Runtime | |
uses: crazy-max/ghaction-github-runtime@v3 | |
- name: Setup cross-invocation caching (Go) | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-fnrun-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-fnrun- | |
- name: Download ns | |
uses: namespace-actions/download-artifact@v0 | |
with: | |
name: ns-${{ runner.os }} | |
# ns is moved out of the workspace so we don't spend time uploading it to buildkit. | |
- name: Make ns executable | |
run: chmod +x ns && mv ns /tmp/ns | |
- name: Prepare development environment | |
run: /tmp/ns prepare local | |
- name: Print kubectl cluster-info | |
run: /tmp/ns kubectl cluster-info | |
# staging deployments already use buildkit, so only testing golang_use_buildkit=false here. | |
- name: Deploy internal/testdata/server/gogrpc | |
env: | |
NS_LOG_TO_FILE: /tmp/action_log | |
run: | | |
/tmp/ns deploy \ | |
--use_prebuilts=${{ matrix.use_prebuilts }} \ | |
--golang_use_buildkit=false \ | |
--naming_no_tls=true \ | |
--use_orchestrator=false \ | |
--build_in_nscloud \ | |
internal/testdata/server/gogrpc | |
- name: Upload action log | |
uses: namespace-actions/upload-artifact@v0 | |
with: | |
name: ns-action-log-${{ github.job }}-use_prebuilts-${{ matrix.use_prebuilts }} | |
path: /tmp/action_log | |
retention-days: 3 | |
if: always() | |
run_dev: | |
name: Test local Namespace dev session | |
needs: build_fn | |
runs-on: nscloud | |
timeout-minutes: 15 | |
steps: | |
- name: Check out | |
uses: actions/checkout@v4 | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Setup cross-invocation caching (Go) | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-fndev-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-go-fndev- | |
- name: Download ns | |
uses: namespace-actions/download-artifact@v0 | |
with: | |
name: ns-${{ runner.os }} | |
# ns is moved out of the workspace so we don't spend time uploading it to buildkit. | |
- name: Make ns executable | |
run: chmod +x ns && mv ns /tmp/ns | |
- name: Prepare development environment | |
run: /tmp/ns prepare local | |
- name: Print kubectl cluster-info | |
run: /tmp/ns kubectl cluster-info | |
- name: ns dev | |
run: | | |
./.github/workflows/scripts/dev.sh /tmp/ns | |
run_e2e_tests: | |
name: e2e tests | |
needs: build_fn | |
runs-on: nscloud | |
timeout-minutes: 30 | |
steps: | |
- name: Check out | |
uses: actions/checkout@v4 | |
- name: Download ns | |
uses: namespace-actions/download-artifact@v0 | |
with: | |
name: ns-${{ runner.os }} | |
- name: Make ns executable | |
run: chmod +x ns && mv ns /tmp/ns | |
- name: Exchange Github token | |
run: /tmp/ns auth exchange-github-token | |
- name: Run tests | |
env: | |
NS_LOG_TO_FILE: /tmp/action_log | |
# Consider removing --also_report_start_events | |
run: | | |
/tmp/ns test \ | |
--also_report_start_events \ | |
--use_prebuilts=true \ | |
--deploy_push_prebuilts_to_registry=false \ | |
--golang_use_buildkit=true \ | |
--testing_use_namespace_cloud \ | |
--testing_use_namespace_cloud_build \ | |
--parallel \ | |
--all | |
- name: Upload action log | |
uses: namespace-actions/upload-artifact@v0 | |
with: | |
name: ns-action-log-${{ github.job }} | |
path: /tmp/action_log | |
retention-days: 3 | |
if: always() | |
run_ns_cluster_tests: | |
name: nsc tests | |
needs: build_fn | |
runs-on: nscloud-ubuntu-22.04-amd64-2x8 | |
timeout-minutes: 30 | |
steps: | |
- name: Check out | |
uses: actions/checkout@v4 | |
- name: Download nsc | |
uses: namespace-actions/download-artifact@v0 | |
with: | |
name: nsc-${{ runner.os }} | |
- name: Make nsc executable | |
run: chmod +x nsc && mv nsc /tmp/nsc | |
- name: Exchange Github token | |
run: /tmp/nsc auth exchange-github-token | |
- name: Test nsc cluster commands | |
run: | | |
./.github/workflows/scripts/ns_cluster_tests.sh /tmp/nsc | |
deploy_staging: | |
name: Deploy staging | |
needs: | |
- build_fn | |
- run_e2e_tests | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
runs-on: nscloud | |
timeout-minutes: 30 | |
steps: | |
- name: Check out | |
uses: actions/checkout@v4 | |
- name: Setup cross-invocation caching (Go) | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-deploystaging-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-go-deploystaging- | |
- name: Download ns | |
uses: namespace-actions/download-artifact@v0 | |
with: | |
name: ns-${{ runner.os }} | |
- name: Make ns executable | |
run: chmod +x ns && mv ns /tmp/ns | |
# Required to create a build cluster. | |
- name: Exchange Github token | |
run: /tmp/ns auth exchange-github-token | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ secrets.AWS_REGION }} | |
role-to-assume: ${{ secrets.AWS_CI_ROLE }} | |
role-duration-seconds: 1800 # 30 min | |
- name: Create AWS profile | |
run: | | |
aws configure set region ${{ secrets.AWS_REGION }} --profile=ns-staging | |
touch ~/.aws/credentials | |
echo "[ns-staging]" > ~/.aws/credentials | |
echo "aws_access_key_id = $AWS_ACCESS_KEY_ID" >> ~/.aws/credentials | |
echo "aws_secret_access_key = $AWS_SECRET_ACCESS_KEY" >> ~/.aws/credentials | |
echo "aws_session_token = $AWS_SESSION_TOKEN" >> ~/.aws/credentials | |
- name: Prepare workspace | |
run: | | |
/tmp/ns prepare eks --env=staging --cluster=${{ secrets.EKS_STAGING_CLUSTER }} --aws_profile=ns-staging | |
- name: Deploy staging | |
env: | |
NS_LOG_TO_FILE: /tmp/action_log | |
NSC_TOKEN_FILE: "" | |
run: | | |
/tmp/ns deploy --env=staging \ | |
internal/testdata/server/gogrpc \ | |
internal/testdata/integrations/dockerfile/complex \ | |
internal/testdata/integrations/golang \ | |
--use_prebuilts=true \ | |
--golang_use_buildkit=true \ | |
--build_in_nscloud \ | |
--run_codegen=false | |
- name: Upload action log | |
uses: namespace-actions/upload-artifact@v0 | |
with: | |
name: ns-action-log-${{ github.job }} | |
path: /tmp/action_log | |
retention-days: 3 | |
if: always() | |
run_cross_repo_tests: | |
name: cross-repo e2e tests | |
needs: build_fn | |
strategy: | |
matrix: | |
repo: [examples] | |
runs-on: nscloud | |
timeout-minutes: 30 | |
steps: | |
- name: checkout dependant repo | |
uses: actions/checkout@v4 | |
with: | |
repository: namespacelabs/${{ matrix.repo }} | |
path: external-repo | |
- name: Download ns | |
uses: namespace-actions/download-artifact@v0 | |
with: | |
name: ns-${{ runner.os }} | |
# ns is moved out of the workspace so we don't spend time uploading it to buildkit. | |
- name: Make ns executable | |
run: chmod +x ns && mv ns /tmp/ns | |
- name: Exchange Github token | |
run: /tmp/ns auth exchange-github-token | |
- name: Run tests | |
env: | |
NS_LOG_TO_FILE: /tmp/action_log | |
run: | | |
cd external-repo; \ | |
/tmp/ns test \ | |
golang/01-simple/server \ | |
golang/02-withsecrets/server \ | |
--use_prebuilts=true \ | |
--deploy_push_prebuilts_to_registry=false \ | |
--golang_use_buildkit=true \ | |
--testing_use_namespace_cloud \ | |
--testing_use_namespace_cloud_build \ | |
--parallel | |
- name: Upload action log | |
uses: namespace-actions/upload-artifact@v0 | |
with: | |
name: ns-action-log-${{ github.job }} | |
path: /tmp/action_log | |
retention-days: 3 | |
if: always() | |
test_unprepare: | |
name: Test unprepare | |
needs: build_fn | |
runs-on: nscloud | |
timeout-minutes: 15 | |
steps: | |
- name: Check out | |
uses: actions/checkout@v4 | |
- name: Setup cross-invocation caching (Go) | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-fnprepare-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-go-fnprepare- | |
- name: Download ns | |
uses: namespace-actions/download-artifact@v0 | |
with: | |
name: ns-${{ runner.os }} | |
# ns is moved out of the workspace so we don't spend time uploading it to buildkit. | |
- name: Make ns executable | |
run: chmod +x ns && mv ns /tmp/ns | |
- name: Prepare first environment | |
run: /tmp/ns prepare local | |
- name: Test first environment | |
run: /tmp/ns doctor --tests=workspace,kubernetes-run | |
- name: Unprepare | |
run: /tmp/ns unprepare | |
- name: Prepare second environment | |
run: /tmp/ns prepare local | |
- name: Test second environment | |
run: /tmp/ns doctor --tests=workspace,kubernetes-run |