Optimize: do not build go application and docker image each time, rem…

…ove sleeps from the build

.github/workflows/caname-id-test.yml

@@ -6,6 +6,10 @@ on:
         type: string
         description: "Version of Go used to build ncm-issuer image"
         required: true
+      image-artifact-name:
+        type: string
+        description: "Name of the ncm-issuer image artifact"
+        required: true
 
 jobs:
   ca-id-test:
@@ -28,11 +32,14 @@ jobs:
     - name: Set KUBECONFIG for MicroK8s
       run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV
 
-    - name: "build ncm-issuer image"
-      run: |
-        make docker-build
-        docker save ncm-issuer > ncm-issuer.tar
-        sudo microk8s ctr image import ncm-issuer.tar
+    - name: "Download ncm-issuer image"
+      uses: actions/download-artifact@v3
+      with:
+        name: ${{ inputs.image-artifact-name }}
+        path: .
+
+    - name: "Load ncm-issuer image"
+      run: sudo microk8s ctr image import ${{ inputs.image-artifact-name }}.tar
 
     - name: "install cert-manager charts"
       run: |
@@ -98,10 +105,13 @@ jobs:
         sudo microk8s.kubectl apply -f data/ncm-issuer.yml
         sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer
 
-    - name: "sleep for 10s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 10s
+    - name: "wait for ncm-issuer readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer -o jsonpath="{.items[0].status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for ncm-issuer to be ready..."
+          sleep 1
+        done
+        echo "ncm-issuer is ready"
 
     - name: "check issuer status"
       run: |
@@ -114,10 +124,13 @@ jobs:
       run: |
         sudo microk8s.kubectl apply -f data/cert-resource.yml
 
-    - name: "sleep for 10s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 10s
+    - name: "wait for certificate readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get certificate.cert-manager.io/ncm-cert -n ncm-issuer -o jsonpath="{.status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for certificate to be ready..."
+          sleep 1
+        done
+        echo "Certificate is ready"
 
     - name: "check certificate resource"
       run: |
@@ -179,11 +192,14 @@ jobs:
     - name: Set KUBECONFIG for MicroK8s
       run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV
 
-    - name: "build ncm-issuer image"
-      run: |
-        make docker-build
-        docker save ncm-issuer > ncm-issuer.tar
-        sudo microk8s ctr image import ncm-issuer.tar
+    - name: "Download ncm-issuer image"
+      uses: actions/download-artifact@v3
+      with:
+        name: ${{ inputs.image-artifact-name }}
+        path: .
+
+    - name: "Load ncm-issuer image"
+      run: sudo microk8s ctr image import ${{ inputs.image-artifact-name }}.tar
 
     - name: "install cert-manager charts"
       run: |
@@ -246,10 +262,13 @@ jobs:
         sudo microk8s.kubectl apply -f data/ncm-issuer.yml
         sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer
 
-    - name: "sleep for 10s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 10s
+    - name: "wait for ncm-issuer readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer -o jsonpath="{.items[0].status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for ncm-issuer to be ready..."
+          sleep 1
+        done
+        echo "ncm-issuer is ready"
 
     - name: "check issuer status"
       run: |
@@ -262,10 +281,13 @@ jobs:
       run: |
         sudo microk8s.kubectl apply -f data/cert-resource.yml
 
-    - name: "sleep for 10s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 10s
+    - name: "wait for certificate readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get certificate.cert-manager.io/ncm-cert -n ncm-issuer -o jsonpath="{.status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for certificate to be ready..."
+          sleep 1
+        done
+        echo "Certificate is ready"
 
     - name: "check certificate resource"
       run: |

.github/workflows/clientauth-test.yml

@@ -6,6 +6,10 @@ on:
         type: string
         description: "Version of Go used to build ncm-issuer image"
         required: true
+      image-artifact-name:
+        type: string
+        description: "Name of the ncm-issuer image artifact"
+        required: true
 
 jobs:
   client-auth-test:
@@ -33,11 +37,14 @@ jobs:
     - name: Set KUBECONFIG for MicroK8s
       run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV
 
-    - name: "build ncm-issuer image"
-      run: |
-        make docker-build
-        docker save ncm-issuer > ncm-issuer.tar
-        sudo microk8s ctr image import ncm-issuer.tar
+    - name: "Download ncm-issuer image"
+      uses: actions/download-artifact@v3
+      with:
+        name: ${{ inputs.image-artifact-name }}
+        path: .
+
+    - name: "Load ncm-issuer image"
+      run: sudo microk8s ctr image import ${{ inputs.image-artifact-name }}.tar
 
     - name: "install cert-manager charts"
       run: |
@@ -113,10 +120,14 @@ jobs:
         sudo microk8s.kubectl apply -f data/ncm-issuer.yml
         sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer
 
-    - name: "sleep for 15s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 15s
+    - name: "wait for ncm-issuer readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer -o jsonpath="{.items[0].status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for ncm-issuer to be ready..."
+          sleep 1
+        done
+        echo "ncm-issuer is ready"
+      shell: /usr/bin/bash -e {0}
 
     - name: "check issuer status"
       run: |
@@ -129,10 +140,13 @@ jobs:
       run: |
         sudo microk8s.kubectl apply -f data/cert-resource.yml
 
-    - name: "sleep for 10s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 10s
+    - name: "wait for certificate readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get certificate.cert-manager.io/ncm-cert -n ncm-issuer -o jsonpath="{.status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for certificate to be ready..."
+          sleep 1
+        done
+        echo "Certificate is ready"
 
     - name: "check certificate resource"
       run: |

.github/workflows/e2e.yml

@@ -15,43 +15,66 @@ jobs:
       - uses: actions/checkout@v4
       - uses: arnested/go-version-action@v1
         id: versions
+  build-image:
+    name: "Build ncm-issuer image"
+    runs-on: ubuntu-latest
+    needs: go-versions
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+      - run: go version
+      - name: "Build ncm-issuer image"
+        run: |
+          make docker-build
+          docker save ncm-issuer > ncm-issuer-image.tar
+          echo "ncm-issuer image built and saved to ncm-issuer-image.tar"
+      - name: "Upload ncm-issuer image"
+        uses: actions/upload-artifact@v3
+        with:
+          name: ncm-issuer-image
+          path: ncm-issuer-image.tar
 
   clientauth:
     name: "clientauth test"
-    needs: go-versions
+    needs: [go-versions, build-image]
     uses: ./.github/workflows/clientauth-test.yml
     secrets: inherit
     with:
       go-version: ${{ fromJSON(needs.go-versions.outputs.go-mod-version) }}
+      image-artifact-name: ncm-issuer-image
 
   caname-id:
     name: "ca name/id tests"
-    needs: go-versions
+    needs: [go-versions, build-image]
     uses: ./.github/workflows/caname-id-test.yml
     secrets: inherit
     with:
       go-version: ${{ fromJSON(needs.go-versions.outputs.go-mod-version) }}
+      image-artifact-name: ncm-issuer-image
 
   signer:
     name: "signer test"
-    needs: go-versions
+    needs: [go-versions, build-image]
     uses: ./.github/workflows/signer-tests.yml
     secrets: inherit
     with:
       go-version: ${{ fromJSON(needs.go-versions.outputs.go-mod-version) }}
+      image-artifact-name: ncm-issuer-image
 
   pkey:
     name: "pkey tests"
-    needs: go-versions
+    needs: [go-versions, build-image]
     uses: ./.github/workflows/pkey-tests.yml
     secrets: inherit
     with:
       go-version: ${{ fromJSON(needs.go-versions.outputs.go-mod-version) }}
+      image-artifact-name: ncm-issuer-image
 
   san:
     name: "san test"
-    needs: go-versions
+    needs: [go-versions, build-image]
     uses: ./.github/workflows/san-test.yml
     secrets: inherit
     with:
       go-version: ${{ fromJSON(needs.go-versions.outputs.go-mod-version) }}
+      image-artifact-name: ncm-issuer-image

.github/workflows/pkey-tests.yml

@@ -6,14 +6,18 @@ on:
         type: string
         description: "Version of Go used to build ncm-issuer image"
         required: true
+      image-artifact-name:
+        type: string
+        description: "Name of the ncm-issuer image artifact"
+        required: true
 
 jobs:
   ecdsa-test:
     name: "ecdsa"
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        keysize: [256, 384, 521]
+        keysize: [256]
     steps:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
@@ -31,11 +35,14 @@ jobs:
     - name: Set KUBECONFIG for MicroK8s
       run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV
 
-    - name: "build ncm-issuer image"
-      run: |
-        make docker-build
-        docker save ncm-issuer > ncm-issuer.tar
-        sudo microk8s ctr image import ncm-issuer.tar
+    - name: "Download ncm-issuer image"
+      uses: actions/download-artifact@v3
+      with:
+        name: ${{ inputs.image-artifact-name }}
+        path: .
+
+    - name: "Load ncm-issuer image"
+      run: sudo microk8s ctr image import ${{ inputs.image-artifact-name }}.tar
 
     - name: "install cert-manager charts"
       run: |
@@ -107,10 +114,13 @@ jobs:
         sudo microk8s.kubectl apply -f data/ncm-issuer.yml
         sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer
 
-    - name: "sleep for 15s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 15s
+    - name: "wait for ncm-issuer readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer -o jsonpath="{.items[0].status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for ncm-issuer to be ready..."
+          sleep 1
+        done
+        echo "ncm-issuer is ready"
 
     - name: "check issuer status"
       run: |
@@ -121,12 +131,15 @@ jobs:
 
     - name: "create certificate resource"
       run: |
-        sudo microk8s.kubectl apply -f data/cert-resource.yml
+        sudo microk8s.kubectl apply -f data/cert-resource.yml -n ncm-issuer
 
-    - name: "sleep for 15s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 15s
+    - name: "wait for certificate readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get certificate.cert-manager.io/ncm-cert -n ncm-issuer -o jsonpath="{.status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for certificate to be ready..."
+          sleep 1
+        done
+        echo "Certificate is ready"
 
     - name: "check certificate resource"
       run: |
@@ -212,11 +225,14 @@ jobs:
     - name: Set KUBECONFIG for MicroK8s
       run: echo "KUBECONFIG=/var/snap/microk8s/current/credentials/client.config" >> $GITHUB_ENV
 
-    - name: "build ncm-issuer image"
-      run: |
-        make docker-build
-        docker save ncm-issuer > ncm-issuer.tar
-        sudo microk8s ctr image import ncm-issuer.tar
+    - name: "Download ncm-issuer image"
+      uses: actions/download-artifact@v3
+      with:
+        name: ${{ inputs.image-artifact-name }}
+        path: .
+
+    - name: "Load ncm-issuer image"
+      run: sudo microk8s ctr image import ${{ inputs.image-artifact-name }}.tar
 
     - name: "install cert-manager charts"
       run: |
@@ -287,10 +303,13 @@ jobs:
         sudo microk8s.kubectl apply -f data/ncm-issuer.yml
         sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer
 
-    - name: "sleep for 10s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 10s
+    - name: "wait for ncm-issuer readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get issuers.certmanager.ncm.nokia.com -n ncm-issuer -o jsonpath="{.items[0].status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for ncm-issuer to be ready..."
+          sleep 1
+        done
+        echo "ncm-issuer is ready"
 
     - name: "check issuer status"
       run: |
@@ -303,10 +322,13 @@ jobs:
       run: |
         sudo microk8s.kubectl apply -f data/cert-resource.yml
 
-    - name: "sleep for 15s"
-      uses: juliangruber/sleep-action@v1
-      with:
-        time: 15s
+    - name: "wait for certificate readiness"
+      run: |
+        while [[ $(sudo microk8s.kubectl get certificate.cert-manager.io/ncm-cert -n ncm-issuer -o jsonpath="{.status.conditions[?(@.type=='Ready')].status}") != "True" ]]; do
+          echo "Waiting for certificate to be ready..."
+          sleep 1
+        done
+        echo "Certificate is ready"
 
     - name: "check certificate resource"
       run: |