Chore(deps): bump golang.org/x/sys from 0.19.0 to 0.29.0 #261
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
merge_group: | |
pull_request: | |
paths-ignore: | |
- 'configsamples/**' | |
- 'design/**' | |
- 'website/**' | |
- 'CODE_OF_CONDUCT.md' | |
- 'CODEOWNERS' | |
- 'CONTRIBUTING.md' | |
- 'DCO' | |
- 'LICENSE' | |
- 'netlify.toml' | |
- 'README.md' | |
branches: | |
- "main" | |
- "v**" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
static-security-analysis: | |
runs-on: ubuntu-22.04 | |
env: | |
GO111MODULE: on | |
steps: | |
- name: Checkout Source | |
uses: actions/checkout@v4 | |
- name: Run Gosec Security Scanner | |
uses: securego/gosec@master | |
with: | |
args: -exclude-dir e2etest -severity medium ./... | |
- name: Golang Vulncheck | |
uses: Templum/[email protected] | |
with: | |
skip-upload: true | |
commitlint: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: wagoid/commitlint-github-action@v5 | |
unit-tests: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
cache: true | |
- name: Install Dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install python3-pip arping ndisc6 | |
sudo pip3 install invoke semver pyyaml | |
- name: Unit Tests | |
run: | | |
inv test | |
- name: Lint | |
run: | | |
inv checkpatch | |
inv lint -e host | |
inv verifylicense | |
inv gomodtidy | |
inv checkchanges --action="run inv gomodtidy" | |
inv generatemanifests | |
inv checkchanges --action="run inv generatemanifests" | |
inv generateapidocs | |
inv checkchanges --action="run inv generateapidocs" | |
build-test-images: | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: true | |
matrix: | |
image: [speaker, controller, configmaptocrs] | |
steps: | |
- name: Code checkout | |
uses: actions/checkout@v4 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and export ${{ matrix.image }} | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
tags: quay.io/metallb/${{ matrix.image }}:dev-amd64 | |
file: ${{matrix.image}}/Dockerfile | |
outputs: type=docker,dest=/tmp/${{ matrix.image }}.tar | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Upload ${{ matrix.image }} artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
retention-days: 1 | |
name: image-tar-${{ matrix.image }} | |
path: /tmp/${{ matrix.image }}.tar | |
helm: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Required for chart-testing | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v4 | |
with: | |
version: v3.12.1 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
check-latest: true | |
- name: Set up chart-testing | |
uses: helm/[email protected] | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | |
if [[ -n "$changed" ]]; then | |
echo "changed=true" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Run chart-testing (lint) | |
if: steps.list-changed.outputs.changed == 'true' | |
run: | | |
helm repo add frrk8s https://metallb.github.io/frr-k8s | |
ct lint --check-version-increment=false --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }} | |
- name: Check if deps are updated | |
run: | | |
helm repo add frrk8s https://metallb.github.io/frr-k8s | |
helm dependency update charts/metallb | |
if [[ $(git status --porcelain | wc -l) -gt 0 ]]; then | |
echo "Please update the helm dependencies with: helm dependency update charts/metallb" | |
exit 1 | |
fi | |
- name: Helm doc generate | |
uses: docker://jnorwood/helm-docs:v1.10.0 | |
- name: Check if docs are different | |
run: | | |
if [[ $(git status --porcelain | wc -l) -gt 0 ]]; then | |
echo "Please update the helm docs with the \"helm-docs\" command (https://github.com/norwoodj/helm-docs) or use \"inv helmdocs\"" | |
exit 1 | |
fi | |
## TODO: Can't pass flags to the conftest GHA in order to use --fail-on-warn | |
## Should be fixed when https://github.com/instrumenta/conftest-action/issues/3 | |
## is resolved | |
## | |
# - name: Conftest | |
# uses: instrumenta/conftest-action/helm@master | |
# with: | |
# chart: charts/metallb/ | |
# policy: charts/metallb/policy | |
- name: Conftest | |
run: | | |
helm plugin install --debug https://github.com/instrumenta/helm-conftest | |
helm conftest charts/metallb/ -p charts/metallb/policy/ --fail-on-warn | |
e2e: | |
runs-on: ubuntu-22.04 | |
needs: | |
- unit-tests | |
- build-test-images | |
- helm | |
- commitlint | |
strategy: | |
fail-fast: false | |
matrix: | |
ip-family: [ipv4, ipv6, dual] | |
bgp-type: [native, frr, frr-k8s] | |
deployment: [manifests, helm] | |
prometheus: [disabled, enabled] | |
exclude: | |
- ip-family: ipv6 | |
prometheus: disabled | |
- ip-family: dual | |
prometheus: disabled | |
- bgp-type: frr | |
prometheus: disabled | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install kernel modules | |
run: | | |
sudo apt-get update | |
sudo apt-get install linux-modules-extra-$(uname -r) | |
- name: Setup | |
uses: ./.github/workflows/composite/setup | |
- name: Deploy MetalLB | |
run: | | |
HELM_FLAGS="" | |
PROMETHEUS_FLAGS="" | |
if [ ${{ matrix.deployment }} = "helm" ]; then HELM_FLAGS="--helm-install"; fi | |
if [ ${{ matrix.prometheus }} = "enabled" ]; then PROMETHEUS_FLAGS="--with-prometheus"; fi | |
inv dev-env -i ${{ matrix.ip-family }} -b ${{ matrix.bgp-type }} -l all $HELM_FLAGS --no-build-images $PROMETHEUS_FLAGS | |
- name: E2E | |
run: | | |
HELM_FLAGS="" | |
echo '/etc/frr/core-%e.%p.%h.%t' | sudo tee /proc/sys/kernel/core_pattern | |
if [ ${{ matrix.deployment }} = "helm" ]; then export SPEAKER_SELECTOR="app.kubernetes.io/component=speaker" && export CONTROLLER_SELECTOR="app.kubernetes.io/component=controller"; fi | |
# TODO restore to NONE when https://github.com/metallb/metallb/issues/2311 is fixed | |
SKIP="L2ServiceStatus" | |
WITH_VRF="--with-vrf" | |
FOCUS="" | |
if [ "${{ matrix.bgp-type }}" == "native" ]; then SKIP="$SKIP|FRR|FRR-MODE|FRRK8S-MODE|BFD|VRF|DUALSTACK"; WITH_VRF=""; fi | |
if [ "${{ matrix.ip-family }}" == "ipv4" ]; then SKIP="$SKIP|IPV6|DUALSTACK"; fi | |
if [ "${{ matrix.ip-family }}" == "dual" ]; then SKIP="$SKIP|IPV6"; fi | |
if [ "${{ matrix.ip-family }}" == "ipv6" ]; then SKIP="$SKIP|IPV4|DUALSTACK"; fi | |
if [ "${{ matrix.ip-family }}" == "ipv6" ] && [ ${{ matrix.bgp-type }} == "native" ]; then SKIP="$SKIP|BGP"; fi | |
if [ "${{ matrix.prometheus }}" == "disabled" ]; then SKIP="$SKIP|metrics"; fi | |
if [ "${{ matrix.bgp-type }}" == "frr" ]; then SKIP="$SKIP|FRRK8S-MODE"; fi | |
if [ "${{ matrix.bgp-type }}" == "frr-k8s" ]; then SKIP="$SKIP|FRR-MODE"; fi | |
echo "Skipping $SKIP" | |
echo "With VRF $WITH_VRF" | |
sudo -E env "PATH=$PATH" inv e2etest $FOCUS --skip $SKIP --bgp-mode ${{ matrix.bgp-type }} $WITH_VRF -e /tmp/kind_logs | |
- name: Collect Logs | |
if: ${{ failure() }} | |
uses: ./.github/workflows/composite/collectlogs | |
with: | |
artifact-name: kind-logs-${{ matrix.ip-family }}-${{ matrix.bgp-type }}-${{ matrix.deployment}} | |
- name: Publish JUnit Report | |
uses: mikepenz/action-junit-report@v4 | |
if: success() || failure() | |
with: | |
annotate_only: true | |
report_paths: 'e2etest/junit-report.xml' | |
e2e-use-operator: | |
runs-on: ubuntu-22.04 | |
needs: | |
- unit-tests | |
- build-test-images | |
- helm | |
- commitlint | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Install kernel modules | |
run: | | |
sudo apt-get update | |
sudo apt-get install linux-modules-extra-$(uname -r) | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup | |
uses: ./.github/workflows/composite/setup | |
- name: Checkout Metal LB Operator | |
uses: actions/checkout@v4 | |
with: | |
repository: metallb/metallb-operator | |
path: metallboperator | |
ref: main | |
- name: Checkout MetalLB | |
uses: actions/checkout@v4 | |
with: | |
path: metallb | |
fetch-depth: 0 | |
- name: Create multi-node K8s Kind Cluster | |
run: | | |
cd ${GITHUB_WORKSPACE}/metallboperator | |
./hack/kind-multi-node-cluster-without-registry.sh | |
kind load docker-image quay.io/metallb/speaker:dev-amd64 | |
kind load docker-image quay.io/metallb/controller:dev-amd64 | |
export KUBECONFIG=${HOME}/.kube/config | |
- name: Deploy Metal LB Operator | |
run: | | |
cd ${GITHUB_WORKSPACE}/metallboperator | |
sed -i 's/quay.io\/metallb\/speaker:main/quay.io\/metallb\/speaker:dev-amd64/g' bin/metallb-operator.yaml | |
sed -i 's/quay.io\/metallb\/controller:main/quay.io\/metallb\/controller:dev-amd64/g' bin/metallb-operator.yaml | |
sed -i 's/native/frr/g' bin/metallb-operator.yaml | |
kubectl apply -f bin/metallb-operator.yaml | |
- name: Remove the exclude from external lb label from the master node | |
run: | | |
env "PATH=$PATH" inv remove-lb-exclusion-from-nodes | |
- name: Ensure MetalLB operator is ready | |
run: | | |
COUNT=0 | |
while [ "$(kubectl get pods -n metallb-system -l control-plane='controller-manager' -o jsonpath='{.items[*].status.containerStatuses[0].ready}')" != "true" ]; do | |
sleep 5 | |
COUNT=$((COUNT+1)) | |
if [[ $COUNT -gt 15 ]] ; then | |
exit 1; | |
fi | |
echo "Waiting for operator pod to be ready." | |
done | |
- name: MetalLB E2E Tests with Operator Deployment | |
run: | | |
cat <<EOF | kubectl apply -f - | |
apiVersion: metallb.io/v1beta1 | |
kind: MetalLB | |
metadata: | |
name: metallb | |
namespace: metallb-system | |
spec: | |
logLevel: debug | |
EOF | |
# TOOD remove skipping L2ServiceStatus once https://github.com/metallb/metallb/issues/2311 is fixed | |
sudo -E env "PATH=$PATH" inv e2etest --bgp-mode frr --skip "IPV6|DUALSTACK|metrics|L2-interface selector|FRRK8S-MODE|L2ServiceStatus" -e /tmp/kind_logs | |
- name: Collect Logs | |
if: ${{ failure() }} | |
uses: ./.github/workflows/composite/collectlogs | |
with: | |
artifact-name: kind_logs_use_operator | |
- name: Publish JUnit Report | |
uses: mikepenz/action-junit-report@v4 | |
if: success() || failure() | |
with: | |
annotate_only: true | |
report_paths: 'e2etest/junit-report.xml' | |
oldest_k8s: | |
runs-on: ubuntu-22.04 | |
needs: | |
- unit-tests | |
- build-test-images | |
- helm | |
- commitlint | |
steps: | |
- name: Install kernel modules | |
run: | | |
sudo apt-get update | |
sudo apt-get install linux-modules-extra-$(uname -r) | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup | |
uses: ./.github/workflows/composite/setup | |
- name: Deploy MetalLB | |
run: | | |
inv dev-env -b frr --with-prometheus --no-build-images --node-img kindest/node:v1.27.1@sha256:b7d12ed662b873bd8510879c1846e87c7e676a79fefc93e17b2a52989d3ff42b | |
- name: E2E | |
run: | | |
FOCUS="L2.*should work for ExternalTrafficPolicy=Cluster|BGP.*A service of protocol load balancer should work with.*IPV4 - ExternalTrafficPolicyCluster$|validate FRR running configuration" | |
sudo -E env "PATH=$PATH" inv e2etest --bgp-mode frr --focus "$FOCUS" --skip L2ServiceStatus -e /tmp/kind_logs | |
- name: Collect Logs | |
if: ${{ failure() }} | |
uses: ./.github/workflows/composite/collectlogs | |
with: | |
artifact-name: kind-logs-oldest-k8s | |
- name: Publish JUnit Report | |
uses: mikepenz/action-junit-report@v4 | |
if: success() || failure() | |
with: | |
annotate_only: true | |
report_paths: 'e2etest/junit-report.xml' |