diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml new file mode 100644 index 00000000..9a6ef2c0 --- /dev/null +++ b/.github/workflows/integration-test.yml @@ -0,0 +1,114 @@ +--- +name: Integration Test +run-name: | + Integration Test on ${{ inputs.test-platform }}-${{ inputs.test-architecture }} (${{ inputs.test-run == 'all' && 'all' || format('{0}={1}', inputs.test-run, inputs.test-parameter) }}) + +env: + DEFAULT_TEST_PLATFORM: kind-1.31.0 + DEFAULT_TEST_ARCHITECTURE: amd64 + DEFAULT_TEST_RUN: all + DEFAULT_TEST_PARAMETER: "" # Unused when the test-run is 'all' + TEST_PLATFORM: ${{ inputs.test-platform }} + TEST_ARCHITECTURE: ${{ inputs.test-architecture }} + TEST_RUN: ${{ inputs.test-run }} + TEST_PARAMETER: ${{ inputs.test-parameter }} + +on: + schedule: + # At 00:00 on Sunday. See: https://crontab.guru/#0_0_*_*_0 + - cron: "0 0 * * 0" + workflow_dispatch: + inputs: + test-platform: + description: | + The test platform to run on (kind doesn't support `arm64`) + required: true + type: choice + options: + - kind-1.31.0 + - kind-1.30.3 + - aks-1.29 + - aks-1.28 + - aks-1.27 + - eks-1.29 + - eks-1.28 + - eks-1.27 + - gke-1.29 + - gke-1.28 + - gke-1.27 + - okd-4.15 + - okd-4.14 + - okd-4.13 + test-architecture: + description: | + The architecture the tests will run on + required: true + type: choice + options: + - amd64 + - arm64 + test-run: + description: Type of test run + required: true + type: choice + options: + - all + - test-suite + - test + test-parameter: + description: Parameter to `--test-suite` or `--test` (ignored for `all`) + default: smoke + +jobs: + test: + name: Run Integration Test + runs-on: ubuntu-latest + steps: + - name: Override integration test options for scheduled run + if: github.event_name == 'schedule' + shell: bash + run: | + set -euo pipefail + + echo "TEST_PLATFORM=$DEFAULT_TEST_PLATFORM" | tee -a "$GITHUB_ENV" + echo "TEST_ARCHITECTURE=$DEFAULT_TEST_ARCHITECTURE" | tee -a "$GITHUB_ENV" + echo "TEST_RUN=$DEFAULT_TEST_RUN" | tee -a "$GITHUB_ENV" + echo "TEST_PARAMETER=$DEFAULT_TEST_PARAMETER" | tee -a "$GITHUB_ENV" + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + submodules: recursive + + - name: Run Integration Test + id: test + uses: stackabletech/actions/run-integration-test@5b66858af3597c4ea34f9b33664b8034a1d28427 # v0.3.0 + with: + test-platform: ${{ env.TEST_PLATFORM }}-${{ env.TEST_ARCHITECTURE }} + test-run: ${{ env.TEST_RUN }} + test-parameter: ${{ env.TEST_PARAMETER }} + replicated-api-token: ${{ secrets.REPLICATED_API_TOKEN }} + + - name: Send Notification + if: ${{ failure() }} + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_INTEGRATION_TEST_TOKEN }} + uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0 + with: + channel-id: "C07UYJYSMSN" # notifications-integration-tests + payload: | + { + "text": "Integration Test *${{ github.repository }}* failed", + "attachments": [ + { + "pretext": "Started at ${{ steps.test.outputs.start-time }}, failed at ${{ steps.test.outputs.end-time }}", + "color": "#aa0000", + "actions": [ + { + "type": "button", + "text": "Go to integration test run", + "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + ] + } + ] + } diff --git a/.github/workflows/pr_pre-commit.yaml b/.github/workflows/pr_pre-commit.yaml index c9e94843..1442383b 100644 --- a/.github/workflows/pr_pre-commit.yaml +++ b/.github/workflows/pr_pre-commit.yaml @@ -23,7 +23,7 @@ jobs: with: fetch-depth: 0 submodules: recursive - - uses: stackabletech/actions/run-pre-commit@e8781161bc1eb037198098334cec6061fe24b6c3 # v0.0.2 + - uses: stackabletech/actions/run-pre-commit@5b66858af3597c4ea34f9b33664b8034a1d28427 # v0.3.0 with: python-version: ${{ env.PYTHON_VERSION }} rust: ${{ env.RUST_TOOLCHAIN_VERSION }} diff --git a/Makefile b/Makefile index 86ff6eca..f77712b0 100644 --- a/Makefile +++ b/Makefile @@ -48,7 +48,7 @@ docker-publish: # Uses the keyless signing flow with Github Actions as identity provider\ cosign sign -y "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\ # Generate the SBOM for the operator image, this leverages the already generated SBOM for the operator binary by cargo-cyclonedx\ - syft scan --output cyclonedx-json=sbom.json --select-catalogers "-cargo-auditable-binary-cataloger" --scope all-layers --source-name "${OPERATOR_NAME}" --source-version "${VERSION}-${ARCH}" "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\ + syft scan --output cyclonedx-json@1.5=sbom.json --select-catalogers "-cargo-auditable-binary-cataloger,+sbom-cataloger" --scope all-layers --source-name "${OPERATOR_NAME}" --source-version "${VERSION}-${ARCH}" "${DOCKER_REPO}/${ORGANIZATION}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\ # Determine the PURL for the container image\ URLENCODED_REPO_DIGEST_OF_IMAGE=$$(echo "$$REPO_DIGEST_OF_IMAGE" | sed 's/:/%3A/g');\ PURL="pkg:oci/${OPERATOR_NAME}@$$URLENCODED_REPO_DIGEST_OF_IMAGE?arch=${ARCH}&repository_url=${DOCKER_REPO}%2F${ORGANIZATION}%2F${OPERATOR_NAME}";\ @@ -74,7 +74,7 @@ docker-publish: # Uses the keyless signing flow with Github Actions as identity provider\ cosign sign -y "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\ # Generate the SBOM for the operator image, this leverages the already generated SBOM for the operator binary by cargo-cyclonedx\ - syft scan --output cyclonedx-json=sbom.json --select-catalogers "-cargo-auditable-binary-cataloger" --scope all-layers --source-name "${OPERATOR_NAME}" --source-version "${VERSION}-${ARCH}" "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\ + syft scan --output cyclonedx-json@1.5=sbom.json --select-catalogers "-cargo-auditable-binary-cataloger,+sbom-cataloger" --scope all-layers --source-name "${OPERATOR_NAME}" --source-version "${VERSION}-${ARCH}" "${OCI_REGISTRY_HOSTNAME}/${OCI_REGISTRY_PROJECT_IMAGES}/${OPERATOR_NAME}@$$REPO_DIGEST_OF_IMAGE";\ # Determine the PURL for the container image\ URLENCODED_REPO_DIGEST_OF_IMAGE=$$(echo "$$REPO_DIGEST_OF_IMAGE" | sed 's/:/%3A/g');\ PURL="pkg:oci/${OPERATOR_NAME}@$$URLENCODED_REPO_DIGEST_OF_IMAGE?arch=${ARCH}&repository_url=${OCI_REGISTRY_HOSTNAME}%2F${OCI_REGISTRY_PROJECT_IMAGES}%2F${OPERATOR_NAME}";\ diff --git a/renovate.json b/renovate.json index de754167..f28373c7 100644 --- a/renovate.json +++ b/renovate.json @@ -3,5 +3,5 @@ "extends": [ "local>stackabletech/.github:renovate-config" ], - "ignorePaths": [".github/workflows/build.yml", ".github/workflows/general_daily_security.yml", ".github/workflows/pr_pre-commit.yaml"] + "ignorePaths": [".github/workflows/build.yml", ".github/workflows/general_daily_security.yml", ".github/workflows/integration-test.yml", ".github/workflows/pr_pre-commit.yaml"] } diff --git a/scripts/run-tests b/scripts/run-tests index 3f41d2db..31b8e7ae 100755 --- a/scripts/run-tests +++ b/scripts/run-tests @@ -313,7 +313,7 @@ def maybe_install_release(skip_release: bool, release_file: str) -> None: raise TestRunnerException() -def gen_tests(test_suite: str) -> None: +def gen_tests(test_suite: str, namespace: str) -> None: try: beku_cmd = [ "beku", @@ -328,6 +328,8 @@ def gen_tests(test_suite: str) -> None: ] if test_suite: beku_cmd.extend(["--suite", test_suite]) + if namespace: + beku_cmd.extend(["--namespace", namespace]) logging.debug(f"Running : {beku_cmd}") subprocess.run( @@ -386,7 +388,7 @@ def main(argv) -> int: opts = parse_args(argv[1:]) logging.basicConfig(encoding="utf-8", level=opts.log_level) have_requirements() - gen_tests(opts.test_suite) + gen_tests(opts.test_suite, opts.namespace) with release_file(opts.operator, opts.skip_operator) as f: maybe_install_release(opts.skip_release, f) if opts.skip_tests: