Handle v6 rules for the mgmt bridge with nftables/iptables #5583
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CICD | |
on: | |
push: | |
branches: | |
- main | |
- docs-publish | |
tags: | |
- "v*" | |
pull_request: | |
workflow_dispatch: | |
env: | |
GO_VER: "1.22.6" | |
CGO_ENABLED: 0 | |
MKDOCS_INS_VER: 9.5.9-insiders-4.52.2-hellt | |
GORELEASER_VER: v2.0.1 | |
PY_VER: "3.10" | |
jobs: | |
process-gitref: | |
runs-on: ubuntu-22.04 | |
outputs: | |
source_name: ${{ steps.set-outputs.outputs.SOURCE_NAME }} | |
source_branch: ${{ steps.set-outputs.outputs.SOURCE_BRANCH }} | |
source_tag: ${{ steps.set-outputs.outputs.SOURCE_TAG }} | |
source_tag_no_prefix: ${{ steps.set-outputs.outputs.SOURCE_TAG_NO_PREFIX }} | |
# exporting env vars to be used in invoked workflows | |
py_ver: ${{ env.PY_VER }} | |
go_ver: ${{ env.GO_VER }} | |
steps: | |
- id: set-outputs | |
run: | | |
echo "SOURCE_NAME=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT" | |
echo "SOURCE_BRANCH=${GITHUB_REF#refs/heads/}" >> "$GITHUB_OUTPUT" | |
echo "SOURCE_TAG=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT" | |
echo "SOURCE_TAG_NO_PREFIX=${GITHUB_REF#refs/tags/v}" >> "$GITHUB_OUTPUT" | |
file-changes: | |
runs-on: ubuntu-22.04 | |
needs: process-gitref | |
outputs: | |
code: ${{ steps.filter.outputs.code }} | |
docs: ${{ steps.filter.outputs.docs }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
code: | |
- 'clab/**' | |
- 'runtime/**' | |
- 'cmd/**' | |
- 'tests/**' | |
- 'nodes/**' | |
- 'links/**' | |
- 'types/**' | |
- 'utils/**' | |
- 'netconf/**' | |
- 'labels/**' | |
- 'internal/**' | |
- 'errors/**' | |
- 'cert/**' | |
- 'virt/**' | |
- 'git/**' | |
- 'border0_api/**' | |
- '.github/workflows/cicd.yml' | |
- 'go.mod' | |
- 'Makefile' | |
docs: | |
- "docs/**" | |
- "lab-examples/**" | |
- "mkdocs.yml" | |
- "README.md" | |
- '.github/workflows/cicd.yml' | |
build-containerlab: | |
needs: | |
- file-changes | |
- process-gitref | |
if: needs.file-changes.outputs.code == 'true' || startsWith(github.ref, 'refs/tags/v') | |
uses: ./.github/workflows/build-containerlab.yml | |
with: | |
go_ver: ${{ needs.process-gitref.outputs.go_ver }} | |
staticcheck: | |
runs-on: ubuntu-22.04 | |
needs: file-changes | |
if: needs.file-changes.outputs.code == 'true' || startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: WillAbides/[email protected] | |
with: | |
go-version: ${{ env.GO_VER }} | |
- name: Cache go modules | |
uses: actions/cache@v4 | |
with: | |
# In order: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Staticcheck | |
run: | | |
go install honnef.co/go/tools/cmd/staticcheck@latest | |
staticcheck ./... | |
unit-test: | |
runs-on: ubuntu-22.04 | |
needs: file-changes | |
if: needs.file-changes.outputs.code == 'true' || startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: WillAbides/[email protected] | |
with: | |
go-version: ${{ env.GO_VER }} | |
- name: Cache go modules | |
uses: actions/cache@v4 | |
with: | |
# In order: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- run: make test | |
# upload coverage report from unit tests, as they are then | |
# merged with e2e tests coverage | |
- name: Upload coverage | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: coverage-unit-test | |
path: /tmp/clab-tests/coverage/* | |
retention-days: 7 | |
smoke-tests: | |
uses: ./.github/workflows/smoke-tests.yml | |
with: | |
py_ver: ${{ needs.process-gitref.outputs.py_ver }} | |
needs: | |
- file-changes | |
- process-gitref | |
- build-containerlab | |
ext-container-tests: | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
runtime: | |
- "docker" | |
needs: | |
- build-containerlab | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: containerlab | |
- name: Move containerlab to usr/bin | |
run: sudo mv ./containerlab /usr/bin/containerlab && sudo chmod a+x /usr/bin/containerlab | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PY_VER }} | |
cache: pip | |
cache-dependency-path: "tests/requirements.txt" | |
- name: Install robotframework | |
run: | | |
pip install -r tests/requirements.txt | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run tests | |
run: | | |
bash ./tests/rf-run.sh ${{ matrix.runtime }} ./tests/06-ext-container | |
# upload test reports as a zip file | |
- name: Upload test reports | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: 06-ext-container-log-${{ matrix.runtime }} | |
path: ./tests/out/*.html | |
# upload coverage report from unit tests, as they are then | |
# merged with e2e tests coverage | |
- name: upload coverage reports | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: coverage-ext-container-test-${{ matrix.runtime }} | |
path: /tmp/clab-tests/coverage/* | |
retention-days: 7 | |
ceos-basic-tests: | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
runtime: | |
- "docker" | |
needs: | |
- build-containerlab | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: containerlab | |
- name: Move containerlab to usr/bin | |
run: sudo mv ./containerlab /usr/bin/containerlab && sudo chmod a+x /usr/bin/containerlab | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PY_VER }} | |
cache: pip | |
cache-dependency-path: "tests/requirements.txt" | |
- name: Install robotframework | |
run: | | |
pip install -r tests/requirements.txt | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull ceos image | |
run: docker pull ghcr.io/srl-labs/ceos:4.32.0F && docker tag ghcr.io/srl-labs/ceos:4.32.0F ceos:4.32.0F | |
- name: Run ceos tests | |
run: | | |
bash ./tests/rf-run.sh ${{ matrix.runtime }} ./tests/03-basic-ceos | |
# upload test reports as a zip file | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: 03-basic-ceos-log-${{ matrix.runtime }} | |
path: ./tests/out/*.html | |
# upload coverage report from unit tests, as they are then | |
# merged with e2e tests coverage | |
- name: Upload coverage | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: coverage-ceos-tests-${{ matrix.runtime }} | |
path: /tmp/clab-tests/coverage/* | |
retention-days: 7 | |
srlinux-basic-tests: | |
uses: ./.github/workflows/srlinux-tests.yml | |
with: | |
py_ver: ${{ needs.process-gitref.outputs.py_ver }} | |
needs: | |
- file-changes | |
- process-gitref | |
- build-containerlab | |
ixiac-one-basic-tests: | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
runtime: | |
- "docker" | |
needs: | |
- build-containerlab | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: containerlab | |
- name: Move containerlab to usr/bin | |
run: sudo mv ./containerlab /usr/bin/containerlab && sudo chmod a+x /usr/bin/containerlab | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PY_VER }} | |
cache: pip | |
cache-dependency-path: "tests/requirements.txt" | |
- name: Install robotframework | |
run: | | |
pip install -r tests/requirements.txt | |
- name: Run keysight_ixia-c-one tests | |
run: | | |
bash ./tests/rf-run.sh ${{ matrix.runtime }} ./tests/04-basic-ixiacone | |
# upload test reports as a zip file | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: 04-basic-ixiacone-log-${{ matrix.runtime }} | |
path: ./tests/out/*.html | |
# upload coverage report from unit tests, as they are then | |
# merged with e2e tests coverage | |
- name: Upload coverage | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: coverage-ixiac-one-tests-${{ matrix.runtime }} | |
path: /tmp/clab-tests/coverage/* | |
retention-days: 7 | |
vxlan-tests: | |
uses: ./.github/workflows/vxlan-tests.yml | |
needs: | |
- file-changes | |
- build-containerlab | |
- process-gitref | |
with: | |
py_ver: ${{ needs.process-gitref.outputs.py_ver }} | |
kind-tests: | |
uses: ./.github/workflows/kind-tests.yml | |
needs: | |
- file-changes | |
- build-containerlab | |
- process-gitref | |
with: | |
py_ver: ${{ needs.process-gitref.outputs.py_ver }} | |
# sros-tests: | |
# uses: ./.github/workflows/sros-tests.yml | |
# needs: | |
# - file-changes | |
# - build-containerlab | |
# with: | |
# py_ver: ${{ needs.process-gitref.outputs.py_ver }} | |
fortigate-tests: | |
uses: ./.github/workflows/fortigate-tests.yml | |
needs: | |
- file-changes | |
- build-containerlab | |
- process-gitref | |
with: | |
py_ver: ${{ needs.process-gitref.outputs.py_ver }} | |
cisco_iol-tests: | |
uses: ./.github/workflows/cisco_iol-tests.yml | |
needs: | |
- file-changes | |
- build-containerlab | |
- process-gitref | |
with: | |
py_ver: ${{ needs.process-gitref.outputs.py_ver }} | |
# a job that downloads coverage artifact and uses codecov to upload it | |
coverage: | |
runs-on: ubuntu-22.04 | |
needs: | |
- unit-test | |
- smoke-tests | |
- ext-container-tests | |
- ceos-basic-tests | |
- srlinux-basic-tests | |
- ixiac-one-basic-tests | |
- vxlan-tests | |
- kind-tests | |
# - sros-tests | |
- fortigate-tests | |
- cisco_iol-tests | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: WillAbides/[email protected] | |
with: | |
go-version: ${{ env.GO_VER }} | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: coverage* | |
path: /tmp/clab-tests/coverage | |
merge-multiple: true | |
- run: ls -R /tmp/clab-tests/coverage | |
- name: Convert Go's binary coverage to text coverage | |
run: make convert-coverage | |
- name: Upload coverage to codecov | |
uses: codecov/codecov-action@v5 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
docs-test: | |
runs-on: ubuntu-22.04 | |
needs: file-changes | |
if: needs.file-changes.outputs.docs == 'true' || startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/docs-publish' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- run: docker run -v $(pwd):/docs --user $(id -u):$(id -g) --entrypoint mkdocs ghcr.io/srl-labs/mkdocs-material-insiders:$MKDOCS_INS_VER build --clean --strict | |
- name: Cache htmltest external links | |
uses: actions/cache@v4 | |
with: | |
path: tmp/.htmltest | |
# key will contain hash of all md files to check if files have changed | |
# when files are changed, a new key name is formed, and thus a new cache will be saved | |
key: htmltest-${{ hashFiles('docs/**/*.md') }} | |
# the restore key will fetch any previously saved cache even if there is no match on key | |
# this allows to use cache from prev runs and update it | |
restore-keys: | | |
htmltest- | |
- name: htmltest | |
uses: wjdp/htmltest-action@master | |
with: | |
config: docs/htmltest.yml | |
build-and-release: | |
runs-on: ubuntu-22.04 | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: | |
- docs-test | |
- unit-test | |
- smoke-tests | |
- ceos-basic-tests | |
- srlinux-basic-tests | |
- ixiac-one-basic-tests | |
- ext-container-tests | |
- vxlan-tests | |
- kind-tests | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Go | |
uses: WillAbides/[email protected] | |
with: | |
go-version: ${{ env.GO_VER }} | |
- name: Cache go modules | |
uses: actions/cache@v4 | |
with: | |
# In order: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v6 | |
with: | |
version: ${{ env.GORELEASER_VER }} | |
args: release --clean --verbose | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
FURY_TOKEN: ${{ secrets.FURYPUSHTOKEN }} | |
publish-docs: | |
runs-on: ubuntu-22.04 | |
if: startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '-') != true | |
needs: build-and-release | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- run: docker run -v $(pwd):/docs --user $(id -u):$(id -g) --entrypoint mkdocs ghcr.io/srl-labs/mkdocs-material-insiders:$MKDOCS_INS_VER gh-deploy --force --strict | |
build-devcontainer: | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: | |
- build-and-release | |
- process-gitref | |
uses: ./.github/workflows/build-devcontainer.yml | |
with: | |
CLAB_VERSION: ${{ needs.process-gitref.outputs.source_tag_no_prefix }} | |
# update docs allows to make the docs changes outside of the release cycle | |
# it skips the code build/release and proceeds with docs publishing | |
# the intended usage is to provide fixes/updates to docs, which do not require code changes | |
update-docs: | |
runs-on: ubuntu-22.04 | |
if: github.ref == 'refs/heads/docs-publish' | |
needs: docs-test | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- run: docker run -v $(pwd):/docs --user $(id -u):$(id -g) --entrypoint mkdocs ghcr.io/srl-labs/mkdocs-material-insiders:$MKDOCS_INS_VER gh-deploy --force --strict |