Skip to content

Do not fail Vault provider on optional secrets. (#1355) #6690

Do not fail Vault provider on optional secrets. (#1355)

Do not fail Vault provider on optional secrets. (#1355) #6690

Workflow file for this run

name: e2e
on:
push:
branches:
- main
pull_request:
branches:
- "*"
merge_group:
types: [checks_requested]
workflow_dispatch:
permissions:
packages: read
contents: read
id-token: write # This is required for requesting the JWT
env:
# Requires nscloud runner (which we use exclusively)
NS_DOCKERHUB_MIRROR: http://169.254.169.43:6001
jobs:
build_fn:
name: Build ns from head
runs-on:
- nscloud-ubuntu-22.04-amd64-8x16-with-cache
- nscloud-cache-size-10gb
- nscloud-cache-tag-foundation-golang
steps:
- name: Check out
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21.x
cache: false
- name: Setup cross-invocation caching (Go)
uses: namespacelabs/nscloud-cache-action@v1
with:
cache: go
- name: Build ns
env:
CGO_ENABLED: 0
run: go build -v -o ns ./cmd/ns
- name: Upload ns
uses: namespace-actions/upload-artifact@v0
with:
name: ns-${{ runner.os }}
path: ns
# We don't need to persist it for long, only for the next job to download it.
retention-days: 1
- name: Build nsc
env:
CGO_ENABLED: 0
run: go build -v -o nsc ./cmd/nsc
- name: Upload nsc
uses: namespace-actions/upload-artifact@v0
with:
name: nsc-${{ runner.os }}
path: nsc
# We don't need to persist it for long, only for the next job to download it.
retention-days: 1
run_deploy:
name: Test local Namespace (deploy to k3d) use_prebuilts=${{ matrix.use_prebuilts }}
needs: build_fn
strategy:
matrix:
use_prebuilts: [false, true]
runs-on: nscloud
timeout-minutes: 15
steps:
- name: Check out
uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Required by buildkit gha cache.
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- name: Setup cross-invocation caching (Go)
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-fnrun-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-fnrun-
- name: Download ns
uses: namespace-actions/download-artifact@v0
with:
name: ns-${{ runner.os }}
# ns is moved out of the workspace so we don't spend time uploading it to buildkit.
- name: Make ns executable
run: chmod +x ns && mv ns /tmp/ns
- name: Prepare development environment
run: /tmp/ns prepare local
- name: Print kubectl cluster-info
run: /tmp/ns kubectl cluster-info
# staging deployments already use buildkit, so only testing golang_use_buildkit=false here.
- name: Deploy internal/testdata/server/gogrpc
env:
NS_LOG_TO_FILE: /tmp/action_log
run: |
/tmp/ns deploy \
--use_prebuilts=${{ matrix.use_prebuilts }} \
--golang_use_buildkit=false \
--naming_no_tls=true \
--use_orchestrator=false \
--build_in_nscloud \
internal/testdata/server/gogrpc
- name: Upload action log
uses: namespace-actions/upload-artifact@v0
with:
name: ns-action-log-${{ github.job }}-use_prebuilts-${{ matrix.use_prebuilts }}
path: /tmp/action_log
retention-days: 3
if: always()
run_dev:
name: Test local Namespace dev session
needs: build_fn
runs-on: nscloud
timeout-minutes: 15
steps:
- name: Check out
uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup cross-invocation caching (Go)
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-fndev-${{ github.sha }}
restore-keys: |
${{ runner.os }}-go-fndev-
- name: Download ns
uses: namespace-actions/download-artifact@v0
with:
name: ns-${{ runner.os }}
# ns is moved out of the workspace so we don't spend time uploading it to buildkit.
- name: Make ns executable
run: chmod +x ns && mv ns /tmp/ns
- name: Prepare development environment
run: /tmp/ns prepare local
- name: Print kubectl cluster-info
run: /tmp/ns kubectl cluster-info
- name: ns dev
run: |
./.github/workflows/scripts/dev.sh /tmp/ns
run_e2e_tests:
name: e2e tests
needs: build_fn
runs-on: nscloud
timeout-minutes: 30
steps:
- name: Check out
uses: actions/checkout@v4
- name: Download ns
uses: namespace-actions/download-artifact@v0
with:
name: ns-${{ runner.os }}
- name: Make ns executable
run: chmod +x ns && mv ns /tmp/ns
- name: Exchange Github token
run: /tmp/ns auth exchange-github-token
- name: Run tests
env:
NS_LOG_TO_FILE: /tmp/action_log
# Consider removing --also_report_start_events
run: |
/tmp/ns test \
--also_report_start_events \
--use_prebuilts=true \
--deploy_push_prebuilts_to_registry=false \
--golang_use_buildkit=true \
--testing_use_namespace_cloud \
--testing_use_namespace_cloud_build \
--parallel \
--all
- name: Upload action log
uses: namespace-actions/upload-artifact@v0
with:
name: ns-action-log-${{ github.job }}
path: /tmp/action_log
retention-days: 3
if: always()
run_ns_cluster_tests:
name: nsc tests
needs: build_fn
runs-on: nscloud-ubuntu-22.04-amd64-2x8
timeout-minutes: 30
steps:
- name: Check out
uses: actions/checkout@v4
- name: Download nsc
uses: namespace-actions/download-artifact@v0
with:
name: nsc-${{ runner.os }}
- name: Make nsc executable
run: chmod +x nsc && mv nsc /tmp/nsc
- name: Exchange Github token
run: /tmp/nsc auth exchange-github-token
- name: Test nsc cluster commands
run: |
./.github/workflows/scripts/ns_cluster_tests.sh /tmp/nsc
deploy_staging:
name: Deploy staging
needs:
- build_fn
- run_e2e_tests
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
runs-on: nscloud
timeout-minutes: 30
steps:
- name: Check out
uses: actions/checkout@v4
- name: Setup cross-invocation caching (Go)
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-deploystaging-${{ github.sha }}
restore-keys: |
${{ runner.os }}-go-deploystaging-
- name: Download ns
uses: namespace-actions/download-artifact@v0
with:
name: ns-${{ runner.os }}
- name: Make ns executable
run: chmod +x ns && mv ns /tmp/ns
# Required to create a build cluster.
- name: Exchange Github token
run: /tmp/ns auth exchange-github-token
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_CI_ROLE }}
role-duration-seconds: 1800 # 30 min
- name: Create AWS profile
run: |
aws configure set region ${{ secrets.AWS_REGION }} --profile=ns-staging
touch ~/.aws/credentials
echo "[ns-staging]" > ~/.aws/credentials
echo "aws_access_key_id = $AWS_ACCESS_KEY_ID" >> ~/.aws/credentials
echo "aws_secret_access_key = $AWS_SECRET_ACCESS_KEY" >> ~/.aws/credentials
echo "aws_session_token = $AWS_SESSION_TOKEN" >> ~/.aws/credentials
- name: Prepare workspace
run: |
/tmp/ns prepare eks --env=staging --cluster=${{ secrets.EKS_STAGING_CLUSTER }} --aws_profile=ns-staging
- name: Deploy staging
env:
NS_LOG_TO_FILE: /tmp/action_log
NSC_TOKEN_FILE: ""
run: |
/tmp/ns deploy --env=staging \
internal/testdata/server/gogrpc \
internal/testdata/integrations/dockerfile/complex \
internal/testdata/integrations/golang \
--use_prebuilts=true \
--golang_use_buildkit=true \
--build_in_nscloud \
--run_codegen=false
- name: Upload action log
uses: namespace-actions/upload-artifact@v0
with:
name: ns-action-log-${{ github.job }}
path: /tmp/action_log
retention-days: 3
if: always()
run_cross_repo_tests:
name: cross-repo e2e tests
needs: build_fn
strategy:
matrix:
repo: [examples]
runs-on: nscloud
timeout-minutes: 30
steps:
- name: checkout dependant repo
uses: actions/checkout@v4
with:
repository: namespacelabs/${{ matrix.repo }}
path: external-repo
- name: Download ns
uses: namespace-actions/download-artifact@v0
with:
name: ns-${{ runner.os }}
# ns is moved out of the workspace so we don't spend time uploading it to buildkit.
- name: Make ns executable
run: chmod +x ns && mv ns /tmp/ns
- name: Exchange Github token
run: /tmp/ns auth exchange-github-token
- name: Run tests
env:
NS_LOG_TO_FILE: /tmp/action_log
run: |
cd external-repo; \
/tmp/ns test \
golang/01-simple/server \
golang/02-withsecrets/server \
--use_prebuilts=true \
--deploy_push_prebuilts_to_registry=false \
--golang_use_buildkit=true \
--testing_use_namespace_cloud \
--testing_use_namespace_cloud_build \
--parallel
- name: Upload action log
uses: namespace-actions/upload-artifact@v0
with:
name: ns-action-log-${{ github.job }}
path: /tmp/action_log
retention-days: 3
if: always()
test_unprepare:
name: Test unprepare
needs: build_fn
runs-on: nscloud
timeout-minutes: 15
steps:
- name: Check out
uses: actions/checkout@v4
- name: Setup cross-invocation caching (Go)
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-fnprepare-${{ github.sha }}
restore-keys: |
${{ runner.os }}-go-fnprepare-
- name: Download ns
uses: namespace-actions/download-artifact@v0
with:
name: ns-${{ runner.os }}
# ns is moved out of the workspace so we don't spend time uploading it to buildkit.
- name: Make ns executable
run: chmod +x ns && mv ns /tmp/ns
- name: Prepare first environment
run: /tmp/ns prepare local
- name: Test first environment
run: /tmp/ns doctor --tests=workspace,kubernetes-run
- name: Unprepare
run: /tmp/ns unprepare
- name: Prepare second environment
run: /tmp/ns prepare local
- name: Test second environment
run: /tmp/ns doctor --tests=workspace,kubernetes-run