-
Notifications
You must be signed in to change notification settings - Fork 2
150 lines (144 loc) · 4.37 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
name: ci
on:
# Run on all PRs
pull_request:
env:
GH_TOKEN: ${{ github.token }}
HELM_VERSION: v3.14.4
PYTHON_VERSION: 3.13
POSTGRES_PASSWORD: postgres
UV_VERSION: 0.5.3
TOPAZ_VERSION: 0.32.36
jobs:
lint:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v4
with:
# Fetch the full history so that we can diff against the target branch
fetch-depth: 0
-
name: Set up Helm
uses: azure/setup-helm@v4
with:
version: ${{ env.HELM_VERSION }}
-
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
check-latest: true
-
name: Set up chart-testing
uses: helm/[email protected]
with:
version: v3.10.0
-
name: Lint
run: |
ct lint --config ct.yaml --helm-repo-extra-args "aserto-helm=-u gh -p ${{ secrets.GITHUB_TOKEN }}"
test:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v4
-
name: Set up Helm
uses: azure/setup-helm@v4
with:
version: ${{ env.HELM_VERSION }}
-
name: Install tools
run: |
make install-grpcurl
echo "GRPCURL=$(realpath ./ext/bin/grpcurl)" >> "$GITHUB_ENV"
-
name: Install topaz CLI
run: |
gh release download v${{env.TOPAZ_VERSION}} --repo aserto-dev/topaz --pattern "topaz_linux_x86_64.zip" \
--output ./ext/topaz.zip --clobber
unzip ./ext/topaz.zip -d bin
chmod +x ./bin/topaz
./bin/topaz version
echo "TOPAZ=$(realpath ./bin/topaz)" >> "$GITHUB_ENV"
echo "TOPAZ_CERTS_DIR=$(./bin/topaz config info | jq '.config.topaz_certs_dir' -r)" >> "$GITHUB_ENV"
-
name: Install topazd container
run: |
${TOPAZ} install --container-tag=${{ env.TOPAZ_VERSION }}
${TOPAZ} version
-
name: Generate topaz certs
run: ${TOPAZ} certs generate
-
name: Install uv package manager
uses: astral-sh/setup-uv@v3
with:
version: ${{ env.UV_VERSION }}
-
uses: AbsaOSS/k3d-action@v2
name: Create k8s cluster
with:
cluster-name: "test"
args: >
--agents 1
--k3s-arg "--disable=metrics-server@server:*"
-
name: Test Topaz
timeout-minutes: 10
env:
TOPAZ_CERTS_DIR: ${{ env.TOPAZ_CERTS_DIR }}
run: |
make test-topaz
-
name: Test Discovery
timeout-minutes: 10
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
make test-discovery
-
name: Deploy Postgres
run: |
helm install postgresql oci://registry-1.docker.io/bitnamicharts/postgresql \
--namespace postgres --create-namespace \
--set auth.postgresPassword=${{ env.POSTGRES_PASSWORD }}
-
name: Wait for Postgres
run: |
echo "Waiting for postgres to be ready"
kubectl wait pods --selector app.kubernetes.io/name=postgresql \
--for condition=Ready --namespace postgres --timeout=60s
-
name: Generate admin ssh key
id: sshkey
run: |
ssh-keygen -t ed25519 -N "" -f ${HOME}/.ssh/admin_ed25519
echo "public_key=${HOME}/.ssh/admin_ed25519.pub" >> "$GITHUB_OUTPUT"
echo "private_key=${HOME}/.ssh/admin_ed25519" >> "$GITHUB_OUTPUT"
cat << EOF > ${HOME}/.ssh/config
Host localhost
StrictHostKeyChecking no
EOF
chmod 400 ~/.ssh/config
-
name: Test Controller
timeout-minutes: 10
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SSH_PUBLIC_KEY: ${{ steps.sshkey.outputs.public_key }}
SSH_PRIVATE_KEY: ${{ steps.sshkey.outputs.private_key }}
TOPAZ_CERTS_DIR: ${{ env.TOPAZ_CERTS_DIR }}
run: |
make test-controller
-
name: Test Directory
timeout-minutes: 10
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SSH_PUBLIC_KEY: ${{ steps.sshkey.outputs.public_key }}
SSH_PRIVATE_KEY: ${{ steps.sshkey.outputs.private_key }}
TOPAZ_CERTS_DIR: ${{ env.TOPAZ_CERTS_DIR }}
run: |
make test-directory