-
Notifications
You must be signed in to change notification settings - Fork 1
159 lines (153 loc) · 6.59 KB
/
test-chris.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: Test ChRIS and pfcon
on:
pull_request:
branches: [ master ]
paths:
- '.github/workflows/test-chris.yml'
- 'charts/chris/**'
- 'charts/pfcon/**'
- 'testing/**'
jobs:
test:
name: Test chris
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
# N.B. `helm test` also tests subcharts for us
pfconEnabled: [ 'pfcon-enabled', 'pfcon-disabled' ]
steps:
- name: Git checkout
uses: actions/checkout@v4
- name: Set up Kubernetes with OpenObserve
uses: FNNDSC/kind-openobserve-action@v1
with:
openobserve_endpoint: ${{ secrets.OPENOBSERVE_URL }}/api/default/
openobserve_username: ${{ secrets.OPENOBSERVE_USERNAME }}
openobserve_password: ${{ secrets.OPENOBSERVE_PASSWORD }}
openobserve_stream: charts-chris-pfconEnabled-${{ matrix.pfconEnabled }}
kind_config: ./testing/kind-with-nodeport.yml
wait_until_ready: false
- name: Update Helm dependencies
run: helm dependency update ./charts/chris
- name: Install chris
run: |
if [ '${{ matrix.pfconEnabled }}' = 'pfcon-enabled' ]; then
pfconEnabled=true
else
pfconEnabled=false
fi
helm install --create-namespace -n ghactions khris-test ./charts/chris \
-f testing/ghactions-values.yml \
--set cube.ingress.nodePortHost=$(hostname) \
--set pfcon.enabled=$pfconEnabled
- name: Wait for server pod to be ready
run: kubectl wait --for=condition=ready pod -n ghactions -l app.kubernetes.io/name=chris-server --timeout=300s
- name: Assert superuser created
run: |
actual="$(kubectl logs -n ghactions -l app.kubernetes.io/name=chris-heart -c set-config)"
expected='Created superuser "khris"'
if [[ "$expected" != *"$actual"* ]]; then
echo "::error ::Expected: >>>$expected<<< Actual: >>>$actual<<<"
exit 1
fi
- name: Run helm test
run: |
set +ex
helm test -n ghactions khris-test
status=$?
if [ "$status" != '0' ]; then
echo "::warning ::First attempt failed, see https://github.com/FNNDSC/charts/issues/6"
echo "trying again..."
kubectl delete -n ghactions pod khris-test-test-cube-works
helm test -n ghactions khris-test
status=$?
fi
kubectl logs -n ghactions khris-test-test-cube-works
kubectl get pod -n ghactions
kubectl describe pod -n ghactions
kubectl exec -n ghactions $(kubectl get statefulset -n ghactions -l app.kubernetes.io/name=postgresql -o name) -i -- sh -c 'psql "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:$POSTGRESQL_PORT_NUMBER/$POSTGRES_DATABASE"' <<< 'select * from plugininstances_plugininstance'
exit $status
- name: Run upgrade and set new admin password
run: helm upgrade -n ghactions khris-test ./charts/chris --reuse-values --set chris_admin.password="newpassword1234"
- name: Assert secret was changed
run: |
actual="$(kubectl get secret -n ghactions khris-test-chris-superuser -o jsonpath='{.data.password}' | base64 --decode)"
expected="newpassword1234"
if [ "$actual" != "$expected" ]; then
echo "::error ::Expected: >>>$expected<<< Actual: >>>$actual<<<"
exit 1
fi
- name: Restart heart
id: restart
continue-on-error: true
run: |
set -x
kubectl rollout restart deployment -n ghactions -l app.kubernetes.io/name=chris-heart
kubectl rollout status deployment -n ghactions -l app.kubernetes.io/name=chris-heart --timeout=300s
most_recent_pod=$(kubectl get pods -n ghactions --sort-by=.metadata.creationTimestamp -l app.kubernetes.io/name=chris-heart -o custom-columns=:metadata.name | tail -n 1)
echo "new_pod=$most_recent_pod" >> "$GITHUB_OUTPUT"
kubectl wait -n ghactions pod $most_recent_pod --for=condition=ready --timeout=60s
- name: Why did the restart fail?
if: steps.restart.outcome == 'failure'
run: |
kubectl get pods -n ghactions
kubectl describe pod -n ghactions
exit 1
- name: Assert superuser password changed
run: |
actual="$(kubectl logs --tail=1 -n ghactions ${{ steps.restart.outputs.new_pod }} -c set-config)"
expected='Updated password for user "khris"'
if [ "$actual" != "$expected" ]; then
echo "::error ::Expected: >>>$expected<<< Actual: >>>$actual<<<"
exit 1
fi
- name: Wait for RabbitMQ to finish restarting
run: kubectl rollout status statefulset -n ghactions -l app.kubernetes.io/name=rabbitmq
- name: What are my pods doing?
run: kubectl get pods -n ghactions
- name: Run helm test again
run: |
set +ex
helm test -n ghactions khris-test
status=$?
kubectl logs -n ghactions khris-test-test-cube-works
kubectl get pod -n ghactions
kubectl describe pod -n ghactions
exit $status
- name: Test NodePort access
run: curl --fail-with-body http://localhost:32000/api/v1/
- name: Disabling pfcon should not be allowed
if: matrix.pfconEnabled == 'pfcon-enabled'
run: |
set +e
expected='CUBE currently depends on pfcon configured in "innetwork" mode for its storage, volume, so you cannot set .pfcon.enabled=false or .pfcon.pfcon.config.innetwork=false'
output="$(helm upgrade -n ghactions khris-test ./charts/chris --reuse-values --set pfcon.enabled=false 2>&1)"
rc=$?
echo "$output"
if [ "$rc" = '0' ]; then
echo "::error ::Expected command to fail but it didn't"
exit $rc
elif ! [[ "$output" = *"$expected"* ]]; then
echo "::error ::Unexpected output"
exit 1
fi
- name: Enabling pfcon should not be allowed
if: matrix.pfconEnabled == 'pfcon-disabled'
run: |
set +e
expected='CUBE is currently using its own volume, so you cannot set .pfcon.enabled=true or .pfcon.pfcon.config.innetwork=true'
output="$(helm upgrade -n ghactions khris-test ./charts/chris --reuse-values --set pfcon.enabled=true 2>&1)"
rc=$?
echo "$output"
if [ "$rc" = '0' ]; then
echo "::error ::Expected command to fail but it didn't"
exit $rc
elif ! [[ "$output" = *"$expected"* ]]; then
echo "::error ::Unexpected output"
exit 1
fi
- name: Uninstall chart
run: helm uninstall -n ghactions khris-test
- name: Delete namespace
run: kubectl delete namespace ghactions