The Istio module contains several pipelines that run on pull requests, on the main branch, on the release branch, and periodically. They perform various tasks such as running a linter, executing unit tests with code coverage, generating artifacts for development and production purposes, and running integration tests. The integration tests ensure the functional correctness of Kyma Istio Operator and verify if upgrading to the new version of Kyma Istio Operator is possible.
To ensure that the required actions always run, the Istio module uses a GitHub ruleset. This enforces the execution of all jobs that determine whether a particular workflow should start.
By default, GitHub Actions that don't run because of reasons other than being skipped in the if statement have the Pending status and do not appear as a check in a PR. The ruleset acts as a safeguard to prevent situations when, for example, an external action is not allowed to run. In such cases, the ruleset ensures that the PR cannot be merged unless the check is executed and has a status of either Skipped or Success.
The following CI jobs are part of the development cycle.
| Name | Description |
|---|---|
Pull Request pipeline / Build manager image |
Builds the manager image so that the image-dependent jobs can be executed. |
Pull Request integration tests / Istio integration test |
Executes the main integration test suite for the Istio module on a k3d cluster. |
Pull Request integration tests / Istio integration test evaluation |
Executes the main integration test suite for the Istio module in the evaluation profile on a k3d cluster. |
Pull Request integration tests / Kubernetes version compatibility test |
Executes the basic integration test suite for the Istio module and checks if any incompatibilities occurred during the execution. |
Pull Request integration tests / Istio upgrade integration test |
Executes the upgrade integration test suite for the Istio module and verifies if the existing release can be successfully upgraded to the new version. |
Pull Request unit & lint / lint |
Performs linting. |
Pull Request unit & lint / Run unit tests |
Runs unit tests with code coverage information. |
Pull Request unit & lint / Run unit tests with experimental build tag |
Runs unit tests with experimental build tag. |
PR Integration Gardener / Build and push manager image |
Builds the managers's image and pushs it to a GCP Artifact Registry so that the jobs running tests on Gardener clusters can be executed. |
PR Integration Gardener / Istio integration test GCP |
Executes the main integration test suite for Istio Manager on a GCP Gardener cluster. |
PR Integration Gardener / Istio integration test AWS specific |
Executes the integration test suite specific for AWS Hyperscaler. |
PR Integration Gardener / Istio integration test GCP specific |
Executes the integration test suite specific for GCP Hyperscaler. |
UI Tests / Run UI tests |
Runs UI tests for Busola extensions of the Istio module. |
Workflow validation / Ensure SHA pinned actions |
Verifies that all external actions are pinned to a commit. |
pull-gitleaks / scan |
Runs the Gitleaks scan to detect any leaks of secrets. |
The following CI jobs are part of the development cycle.
| Name | Description |
|---|---|
Build manager image / Build image |
Builds Kyma Istio Operator's image and pushes it to the dev registry. |
Dispatch integration tests / Istio integration test |
Executes the main integration test suite for the Istio module on a k3d cluster. |
Dispatch integration tests / Istio integration test evaluation |
Executes the main integration test suite for the Istio module in the evaluation profile on a k3d cluster. |
Dispatch integration tests / Kubernetes version compatibility test |
Executes the basic integration test suite for the Istio module and checks if any incompatibilities occurred during the execution. |
Dispatch integration tests / Istio upgrade integration test |
Executes the upgrade integration test suite for the Istio module and verifies if the existing release can be successfully upgraded to the new version. |
Dispatch unit test / Lint |
Performs linting. |
Dispatch unit test / Run unit tests |
Runs unit tests with code coverage information. |
Dispatch unit test / Run unit tests with experimental build tag |
Runs unit tests with experimental build tag. |
Dispatch Gardener integration tests / Istio integration test GCP |
Executes the main integration test suite for Istio Manager on a GCP Gardener cluster. |
Dispatch Gardener integration tests / Istio integration test AWS specific |
Executes the integration test suite specific for AWS Hyperscaler. |
Dispatch Gardener integration tests / Istio integration test GCP specific |
Executes the integration test suite specific for GCP Hyperscaler. |
Dispatch UI tests / Run UI tests |
Runs UI tests for Busola extensions of the Istio module. |
Dispatch verify-commit-pins / Ensure SHA pinned actions |
Verifies that all external actions are pinned to a commit. |
pull-gitleaks / scan |
Runs the Gitleaks scan to detect any leaks of secrets. |
The following CI jobs run when you merge changes to the main branch and all release branches.
| Name | Description |
|---|---|
main integration tests / Build manager image |
Builds Kyma Istio Operator's image and pushes it to the prod registry. |
main integration tests / Build manager image - experimental |
Builds Kyma Istio Operator's experimental image and pushes it to the prod registry. |
main integration tests / Istio integration test |
Executes the main integration test suite for Istio Manager on a k3d cluster. |
main integration tests / Istio integration test AWS specific |
Executes the integration test suite specific for AWS Hyperscaler. |
main integration tests / Istio integration test GCP specific |
Executes the integration test suite specific for AWS Hyperscaler. |
main integration tests / Istio integration test AWS |
Executes the main integration test suite for Istio Manager on a AWS Gardener cluster. |
main integration tests / Istio integration test GCP |
Executes the main integration test suite for Istio Manager on a GCP Gardener cluster. |
main integration tests / Istio upgrade integration tests |
Executes the upgrade integration test suite of Istio Module and verifies if the existing release can be successfully upgraded to the new version. |
main integration tests / Slack Notification |
Sends a Slack notification to the team's channel if any pipelines fail on the main branch. |
The following CI jobs generate release artifacts and verify the functional correctness of Kyma Istio Operator.
| Name | Description |
|---|---|
Create release / Check release prerequisites |
Checks whether all pre-requesites for release are met |
Create release / build-image |
Builds Kyma Istio Operator's image on the release and pushes it to the prod registry. |
Create release / build-image-experimental |
Builds Kyma Istio Operator's experimental image on the release and pushes it to the prod registry. |
Create release / Create draft release |
Create a draft release that will be updated with release artifacts |
Create release / Publish release |
Publish the previously created draft release |
The following CI jobs are scheduled to run at specific times.
| Name | Description |
|---|---|
main performance tests / Get manager SHA |
Extracts the SHA of the commit that triggered the last successful build of the Istio manager image on main. |
main performance tests / Istio performance test |
Runs Istio Manager's performance tests every day at 12:00 AM on a Gardener GCP cluster. |
UI Tests Periodic / Get manager SHA |
Extracts the SHA of the commit that triggered the last successful build of the Istio manager image on main. |
UI Tests Periodic / Run UI tests |
Runs UI tests for Busola extensions of Istio Module. |
UI Tests Periodic / Slack Notification |
Sends a Slack notification to the team's channel if any pipelines fail in the workflow. |