1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
external-secrets/.github/workflows/e2e.yml

192 lines
6 KiB
YAML
Raw Normal View History

2021-06-13 13:28:52 +00:00
# Run secret-dependent e2e tests only after /ok-to-test approval
on:
pull_request:
repository_dispatch:
types: [ok-to-test-command]
env:
# Common versions
2021-12-17 11:23:57 +00:00
GO_VERSION: '1.17'
2021-06-13 13:28:52 +00:00
GOLANGCI_VERSION: 'v1.33'
GINKGO_VERSION: 'v2.1.4'
2021-06-13 13:28:52 +00:00
DOCKER_BUILDX_VERSION: 'v0.4.2'
:sparkles: Kubernetes v1.24 upgrade (#1345) * build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * feat: bump kubernetes 1.24 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: backwards-compatible vault implementation Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add audiences field to serviceAccountRef This will be used by aws, azure, gcp, kubernetes & vault providers in combination with TokenRequest API: it will _append_ audience claims to provider-specific audiences. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: refactor kubernetes client to match provider/client interfaces the kubernetes provider mixed up provider and client interfaces which made it really hard to reason about. This commit separates into two structs, each implements one interface. The client struct fields have been renamed and annotated so their use and scope is clear. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: deprecate expirationSeconds expirationSeconds is not needed because we generate a service account token on the fly for a single use. There will be no replacement for this. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: rename token fetch audiences field Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: generate CRDs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2022-08-19 15:32:06 +00:00
KIND_VERSION: 'v0.14.0'
KIND_IMAGE: 'kindest/node:v1.24.2'
2021-06-13 13:28:52 +00:00
# Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
# a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
# credentials have been provided before trying to run steps that need them.
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
2021-06-18 10:14:48 +00:00
GCP_SM_SA_JSON: ${{ secrets.GCP_SM_SA_JSON}}
2021-12-29 12:02:56 +00:00
GCP_GKE_ZONE: ${{ secrets.GCP_GKE_ZONE}}
GCP_GSA_NAME: ${{ secrets.GCP_GSA_NAME}} # Goolge Service Account
GCP_KSA_NAME: ${{ secrets.GCP_KSA_NAME}} # Kubernetes Service Account
2021-07-12 18:27:48 +00:00
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID}}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
2021-06-29 12:48:49 +00:00
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID}}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET}}
TENANT_ID: ${{ secrets.TENANT_ID}}
VAULT_URL: ${{ secrets.VAULT_URL}}
2021-06-13 13:28:52 +00:00
name: e2e tests
jobs:
# Branch-based pull request
integration-trusted:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor !='dependabot[bot]'
2021-06-13 13:28:52 +00:00
steps:
- name: Branch based PR checkout
uses: actions/checkout@v3
2021-06-13 13:28:52 +00:00
# <insert integration tests needing secrets>
- name: Fetch History
run: git fetch --prune --unshallow
- name: Setup Go
uses: actions/setup-go@v3
2021-06-13 13:28:52 +00:00
with:
go-version: ${{ env.GO_VERSION }}
- name: Find the Go Cache
id: go
run: |
echo "::set-output name=build-cache::$(go env GOCACHE)"
echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
- name: Cache the Go Build Cache
uses: actions/cache@v3
2021-06-13 13:28:52 +00:00
with:
path: ${{ steps.go.outputs.build-cache }}
key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-unit-tests-
- name: Cache Go Dependencies
uses: actions/cache@v3
2021-06-13 13:28:52 +00:00
with:
path: ${{ steps.go.outputs.mod-cache }}
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-pkg-
- name: Setup kind
uses: engineerd/setup-kind@v0.5.0
with:
2022-01-28 18:51:07 +00:00
version: ${{env.KIND_VERSION}}
2021-07-02 09:56:10 +00:00
wait: 10m
2022-01-28 18:51:07 +00:00
node_image: ${{env.KIND_IMAGE}}
2021-06-13 13:28:52 +00:00
name: external-secrets
2021-07-21 15:00:43 +00:00
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v2
2021-07-21 15:00:43 +00:00
with:
version: ${{ env.DOCKER_BUILDX_VERSION }}
install: true
2021-06-13 13:28:52 +00:00
- name: Run e2e Tests
2021-07-21 15:00:43 +00:00
env:
BUILD_ARGS: "--load"
2021-06-13 13:28:52 +00:00
run: |
export PATH=$PATH:$(go env GOPATH)/bin
go install github.com/onsi/ginkgo/v2/ginkgo@${{env.GINKGO_VERSION}}
2021-06-13 13:28:52 +00:00
make test.e2e
# Repo owner has commented /ok-to-test on a (fork-based) pull request
integration-fork:
runs-on: ubuntu-latest
2021-06-25 23:56:42 +00:00
if:
2021-09-22 21:50:33 +00:00
github.event_name == 'repository_dispatch'
2021-06-13 13:28:52 +00:00
steps:
# Check out merge commit
- name: Fork based /ok-to-test checkout
uses: actions/checkout@v3
2021-06-13 13:28:52 +00:00
with:
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
- name: Fetch History
run: git fetch --prune --unshallow
- name: Setup Go
uses: actions/setup-go@v3
2021-06-13 13:28:52 +00:00
with:
go-version: ${{ env.GO_VERSION }}
- name: Find the Go Cache
id: go
run: |
echo "::set-output name=build-cache::$(go env GOCACHE)"
echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
- name: Cache the Go Build Cache
uses: actions/cache@v3
2021-06-13 13:28:52 +00:00
with:
path: ${{ steps.go.outputs.build-cache }}
key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-unit-tests-
- name: Cache Go Dependencies
uses: actions/cache@v3
2021-06-13 13:28:52 +00:00
with:
path: ${{ steps.go.outputs.mod-cache }}
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-pkg-
- name: Setup kind
uses: engineerd/setup-kind@v0.5.0
with:
2022-01-28 18:51:07 +00:00
version: ${{env.KIND_VERSION}}
2021-07-02 09:56:10 +00:00
wait: 10m
2022-01-28 18:51:07 +00:00
node_image: ${{env.KIND_IMAGE}}
2021-06-13 13:28:52 +00:00
name: external-secrets
2021-07-21 15:00:43 +00:00
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v2
2021-07-21 15:00:43 +00:00
with:
version: ${{ env.DOCKER_BUILDX_VERSION }}
install: true
2021-06-13 13:28:52 +00:00
- name: Run e2e Tests
2021-07-21 15:00:43 +00:00
env:
BUILD_ARGS: "--load"
2021-06-13 13:28:52 +00:00
run: |
export PATH=$PATH:$(go env GOPATH)/bin
go install github.com/onsi/ginkgo/v2/ginkgo@${{env.GINKGO_VERSION}}
2021-06-13 13:28:52 +00:00
make test.e2e
# Update check run called "integration-fork"
- uses: actions/github-script@v6
2021-06-13 13:28:52 +00:00
id: update-check-run
if: ${{ always() }}
env:
number: ${{ github.event.client_payload.pull_request.number }}
job: ${{ github.job }}
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
2021-06-25 23:56:42 +00:00
conclusion: ${{ job.status }}
2021-06-13 13:28:52 +00:00
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { data: pull } = await github.rest.pulls.get({
2021-06-13 13:28:52 +00:00
...context.repo,
pull_number: process.env.number
});
const ref = pull.head.sha;
2021-11-15 15:47:09 +00:00
console.log("\n\nPR sha: " + ref)
const { data: checks } = await github.rest.checks.listForRef({
2021-06-13 13:28:52 +00:00
...context.repo,
ref
});
2021-11-15 15:47:09 +00:00
console.log("\n\nPR CHECKS: " + checks)
2021-06-13 13:28:52 +00:00
const check = checks.check_runs.filter(c => c.name === process.env.job);
2021-11-15 15:47:09 +00:00
console.log("\n\nPR Filtered CHECK: " + check)
console.log(check)
const { data: result } = await github.rest.checks.update({
2021-06-13 13:28:52 +00:00
...context.repo,
2021-11-15 15:47:09 +00:00
check_run_id: check[0].id,
2021-06-13 13:28:52 +00:00
status: 'completed',
conclusion: process.env.conclusion
});
return result;