Skip to content
.github/workflows/k8s-tests.yml

feat(k8s-test): Try login and obtain API token #6

Sign in to view logs

feat(k8s-test): Try login and obtain API token

feat(k8s-test): Try login and obtain API token #6

Workflow file for this run

.github/workflows/k8s-tests.yml at 2907ab4
name: k8s Deployment
on:
workflow_call:
env:
DD_HOSTNAME: defectdojo.default.minikube.local
HELM_REDIS_BROKER_SETTINGS: " \
--set redis.enabled=true \
--set celery.broker=redis \
--set createRedisSecret=true \
"
HELM_PG_DATABASE_SETTINGS: " \
--set database=postgresql \
--set postgresql.enabled=true \
--set createPostgresqlSecret=true \
"
jobs:
setting_minikube_cluster:
name: Kubernetes Deployment
runs-on: ubuntu-latest
strategy:
matrix:
include:
# databases, broker and k8s are independent, so we don't need to test each combination
# lastest k8s version (https://kubernetes.io/releases/) and oldest supported version from aws
# are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions)
- databases: pgsql
brokers: redis
k8s: 'v1.30.3'
os: debian
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Minikube
uses: manusa/actions-setup-minikube@5d9440a1b535e8b4f541eaac559681a9022df29d # v2.13.1
with:
minikube version: 'v1.33.1'
kubernetes version: ${{ matrix.k8s }}
driver: docker
start args: '--addons=ingress --cni calico'
github token: ${{ secrets.GITHUB_TOKEN }}
- name: Status of minikube
run: |-
minikube status
- name: Load images from artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: built-docker-image
pattern: built-docker-image-*
merge-multiple: true
- name: Load docker images
timeout-minutes: 10
run: |-
eval $(minikube docker-env)
docker load -i built-docker-image/nginx-${{ matrix.os }}_img
docker load -i built-docker-image/django-${{ matrix.os }}_img
docker images
- name: Configure HELM repos
run: |-
helm repo add bitnami https://charts.bitnami.com/bitnami
helm dependency list ./helm/defectdojo
helm dependency update ./helm/defectdojo
- name: Set confings into Outputs
id: set
run: |-
echo "pgsql=${{ env.HELM_PG_DATABASE_SETTINGS }}" >> $GITHUB_ENV
echo "redis=${{ env.HELM_REDIS_BROKER_SETTINGS }}" >> $GITHUB_ENV
- name: Deploying Django application with ${{ matrix.databases }} ${{ matrix.brokers }}
timeout-minutes: 15
run: |-
helm install \
--timeout 800s \
--wait \
--wait-for-jobs \
defectdojo \
./helm/defectdojo \
--set django.ingress.enabled=true \
--set imagePullPolicy=Never \
${{ env[matrix.databases] }} \
${{ env[matrix.brokers] }} \
--set createSecret=true \
--set tag=${{ matrix.os }}
- name: Check deployment status
if: always()
run: |-
kubectl get all,ingress # all = pods, services, deployments, replicasets, statefulsets, jobs
helm status defectdojo
helm history defectdojo
- name: Check Application
timeout-minutes: 10
run: |-
to_complete () {
kubectl wait --for=$1 $2 --timeout=500s --selector=$3 2>/tmp/test || true
if [[ -s /tmp/test ]]; then
echo "ERROR: $2"
cat /tmp/test
echo "INFO: status:"
kubectl get pods
echo "INFO: logs:"
kubectl logs --selector=$3 --all-containers=true
exit 1
fi
return ${?}
}
echo "Waiting for init job..."
to_complete "condition=Complete" job "defectdojo.org/component=initializer"
echo "Waiting for celery pods..."
to_complete "condition=ready" pod "defectdojo.org/component=celery"
echo "Waiting for django pod..."
to_complete "condition=ready" pod "defectdojo.org/component=django"
echo "Pods up and ready to rumbole"
kubectl get pods
RETRY=0
while :
do
OUT=$(kubectl run curl --quiet=true --image=curlimages/curl:7.73.0 \
--overrides='{ "apiVersion": "v1" }' \
--restart=Never -i --rm -- -s -m 20 -I --header "Host: $DD_HOSTNAME" http://`kubectl get service defectdojo-django -o json \
| jq -r '.spec.clusterIP'`/login?next=/)
echo $OUT
CR=`echo $OUT | egrep "^HTTP" | cut -d' ' -f2`
echo $CR
if [[ $CR -ne 200 ]]; then
echo $RETRY
if [[ $RETRY -gt 2 ]]; then
kubectl get pods
echo `kubectl logs --tail=30 -l defectdojo.org/component=django -c uwsgi`
echo "ERROR: cannot display login screen; got HTTP code $CR"
exit 1
else
((RETRY++))
echo "Attempt $RETRY to get login page"
sleep 5
fi
else
echo "Result received"
break
fi
done
ADMIN_PASS=$(kubectl get secret/defectdojo -o json | jq -r '.data.DD_ADMIN_PASSWORD' | base64 -d)
# echo "Simple Login check"
# OUT=$(kubectl run curl --quiet=true --image=curlimages/curl:7.73.0 \
# --overrides='{ "apiVersion": "v1" }' \
# --restart=Never -i --rm -- -s -m 20 --header "Host: $DD_HOSTNAME" http://`kubectl get service defectdojo-django -o json \
# | jq -r '.spec.clusterIP'`/login?next=/ --data-raw "username=admin&password=$ADMIN_PASS")
# echo $OUT
# CR=`echo $OUT | egrep "^HTTP" | cut -d' ' -f2`
# echo $CR
# if [[ $CR -ne 200 ]]; then
# echo "ERROR: login is not possible; got HTTP code $CR"
# exit 1
# else
# echo "Result received"
# fi
echo "Simple API check"
OUT=$(kubectl run curl --quiet=true --image=curlimages/curl:7.73.0 \
--overrides='{ "apiVersion": "v1" }' \

Check failure on line 168 in .github/workflows/k8s-tests.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/k8s-tests.yml

Invalid workflow file 

You have an error in your yaml syntax on line 168
--restart=Never -i --rm -- -s -m 20 --header "Host: $DD_HOSTNAME" http://`kubectl get service defectdojo-django -o json \
| jq -r '.spec.clusterIP'`/api/v2/api-token-auth/ --data-raw "username=admin&password=$ADMIN_PASS")
echo $OUT
CR=`echo $OUT | egrep "^HTTP" | cut -d' ' -f2`
echo $CR
if [[ $CR -ne 200 ]]; then
echo "ERROR: login is not possible; got HTTP code $CR"
exit 1
else
echo "Result received"
fi
echo "Final Check of components"
errors=`kubectl get pods | grep Error | awk '{print $1}'`
if [[ ! -z $errors ]]; then
echo "Few pods with errors"
for line in $errors; do
echo "Dumping log from $line"
kubectl logs --tail 50 $line
done
exit 1
else
echo "DD K8S successfully deployed"
fi