try rosa hcp #1299
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Workflow | |
on: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
defaults: | |
run: | |
working-directory: go/src/github.com/stackrox/infra | |
env: | |
CLUSTER_NAME: infra-pr-${{ github.event.pull_request.number }} | |
GH_TOKEN: ${{ secrets.ROBOT_ROX_GITHUB_TOKEN }} | |
jobs: | |
lint: | |
uses: ./.github/workflows/lint.yaml | |
build-and-push: | |
uses: ./.github/workflows/build-and-push.yaml | |
secrets: inherit | |
create-dev-cluster: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: stackrox/actions/infra/create-cluster@v1 | |
with: | |
flavor: gke-default | |
name: infra-pr-${{ github.event.pull_request.number }} | |
args: machine-type=e2-medium,nodes=1,gcp-image-type=ubuntu_containerd | |
lifespan: 24h | |
wait: true | |
token: ${{ secrets.INFRA_TOKEN }} | |
comment-on-PR: | |
needs: | |
- build-and-push | |
- create-dev-cluster | |
runs-on: ubuntu-latest | |
container: | |
image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.51.1 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
path: go/src/github.com/stackrox/infra | |
- name: Add PR comment for deploy to dev | |
env: | |
GITHUB_TOKEN: ${{ secrets.ROBOT_ROX_GITHUB_TOKEN }} | |
run: | | |
./scripts/add-PR-comment-for-deploy-to-dev.sh "${{ github.event.pull_request.html_url }}" "$CLUSTER_NAME" | |
deploy-and-test: | |
needs: | |
- build-and-push | |
- create-dev-cluster | |
runs-on: ubuntu-latest | |
container: | |
image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.51.1 | |
env: | |
KUBECONFIG: /github/home/artifacts/kubeconfig | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | |
INFRACTL: bin/infractl -k -e localhost:8443 | |
USE_GKE_GCLOUD_AUTH_PLUGIN: "True" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
path: go/src/github.com/stackrox/infra | |
- name: Authenticate to GCloud | |
uses: google-github-actions/auth@v0 | |
with: | |
credentials_json: ${{ secrets.GCP_INFRA_CI_AUTOMATION_SA }} | |
- name: Set up Cloud SDK | |
uses: "google-github-actions/setup-gcloud@v0" | |
with: | |
install_components: "gke-gcloud-auth-plugin" | |
- name: Download production infractl | |
uses: stackrox/actions/infra/install-infractl@v1 | |
- name: Download artifacts | |
run: | | |
/github/home/.local/bin/infractl artifacts "$CLUSTER_NAME" -d /github/home/artifacts >> "$GITHUB_STEP_SUMMARY" | |
kubectl get nodes -o wide || true | |
- name: Deploy infra to dev cluster | |
run: | | |
make install-local | |
sleep 10 # wait for old pods to disappear so the svc port-forward doesn't connect to them | |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 & | |
sleep 10 | |
kubectl -n infra logs -l app=infra-server --tail=-1 | |
make pull-infractl-from-dev-server | |
kill %1 | |
- name: Check the deployment | |
run: | | |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 & | |
sleep 10 | |
version="$($INFRACTL version --json)" | |
echo "$version" | |
client="$(echo "$version" | jq -r '.Client.Version')" | |
server="$(echo "$version" | jq -r '.Server.Version')" | |
if [[ "$client" == "$server" ]]; then | |
echo "Client and server versions match" | |
else | |
echo "Client and server versions are mismatched" | |
exit 1 | |
fi | |
tag="$(make tag)" | |
if [[ "$client" == "$tag" ]]; then | |
echo "Infra and make tag match" | |
else | |
echo "Infra and make tag are mismatched (make tag: $tag)" | |
exit 1 | |
fi | |
kill %1 | |
- name: Install Argo CLI | |
run: | | |
ARGO_VERSION=$(grep "github.com/argoproj/argo-workflows/v3" go.mod | awk '{ print $2 }') | |
curl -sLO "https://github.com/argoproj/argo-workflows/releases/download/${ARGO_VERSION}/argo-linux-amd64.gz" | |
gunzip argo-linux-amd64.gz | |
chmod +x argo-linux-amd64 | |
mv ./argo-linux-amd64 /usr/local/bin/argo | |
argo version | |
- name: Lint Argo workflows | |
# We're linting here, because Argo Lint requires a workflow server | |
run: | | |
make argo-workflow-lint | |
- name: Run e2e tests | |
env: | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN_DEV }} | |
run: | | |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 & | |
sleep 5 | |
$INFRACTL whoami || true | |
$INFRACTL version || true | |
make e2e-tests || touch FAIL | |
kubectl -n infra logs -l app=infra-server --tail=-1 | |
kill %1 | |
[[ ! -f FAIL ]] | |
- name: Run Go e2e tests | |
env: | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN_DEV }} | |
run: | | |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 & | |
sleep 5 | |
make go-e2e-tests |