Skip to content

Commit

Permalink
Break e2e tests into own workflow, use pull_request for all workflows
Browse files Browse the repository at this point in the history 
This patch breaks the e2e test and build workflows apart making it so that
all workflows return to using 'pull_request' to avoid any security
issues and other frustrations surrounding 'pull_request_target'

We now have 2 workflow files, one for build and unit tests which uses
'pull_request' and one for e2e tests.  The e2e tests require secret
population and must be created on branch to run, they also require the
'test e2e' label to prevent uneccessary execution.

Signed-off-by: Kyle Squizzato <[email protected]>
  • Loading branch information
@squizzi
squizzi committed Oct 31, 2024
1 parent 5b352c5 commit 916b428
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 79 deletions.
50 changes: 50 additions & 0 deletions .github/workflows/build_unit_test.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Build and Unit Tests
on:
pull_request:
types:
- labeled
- opened
- synchronize
- reopened
branches:
- main
- release-*
paths-ignore:
- 'config/**'
- '**.md'
push:
tags:
- '*'

env:
GO_VERSION: '1.22'

jobs:
build:
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
name: Build and Unit Test
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: Lint
uses: golangci/golangci-lint-action@v6
with:
args: --timeout 10m0s
- name: Verify all generated pieces are up-to-date
run: make generate-all && git add -N . && git diff --exit-code
- name: Unit tests
run: |
make test
- name: Build HMC controller image
run: |
make docker-build
114 changes: 35 additions & 79 deletions .github/workflows/build_test.yml → .github/workflows/e2e_test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: CI
name: E2E Tests
on:
pull_request_target:
pull_request:
types:
- labeled
- opened
Expand All @@ -12,7 +12,6 @@ on:
paths-ignore:
- 'config/**'
- '**.md'
- '.github/**'
push:
tags:
- '*'
Expand All @@ -22,62 +21,25 @@ env:
REGISTRY_REPO: 'oci://ghcr.io/mirantis/hmc/charts-ci'

jobs:
build:
push:
concurrency:
group: build-${{ github.head_ref || github.run_id }}
group: push-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
name: Build and Unit Test
name: Push Images and Charts to GHCR
runs-on: ubuntu-latest
outputs:
version: ${{ steps.vars.outputs.version }}
clustername: ${{ steps.vars.outputs.clustername }}
pr: ${{ steps.pr.outputs.result }}
steps:
- name: Get User Permissions
id: checkAccess
uses: actions-cool/check-user-permission@v2
with:
require: write
username: ${{ github.triggering_actor }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check User Permissions
if: steps.checkAccess.outputs.require-result == 'false'
run: |
echo "${{ github.triggering_actor }} does not have permissions on this repo."
echo "Current permission level: ${{ steps.checkAccess.outputs.user-permission }}"
echo "Job originally triggered by: ${{ github.actor }}"
echo "This job must be triggered by a user with proper permissions, if you have opened a PR and lack permissions please ask a repo collaborator to re-run this job on your behalf."
exit 1
- name: Get PR ref
uses: actions/github-script@v6
id: pr
with:
script: |
const { data: pullRequest } = await github.rest.pulls.get({
...context.repo,
pull_number: context.payload.pull_request.number,
});
return pullRequest
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{fromJSON(steps.pr.outputs.result).merge_commit_sha}}
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: Lint
uses: golangci/golangci-lint-action@v6
with:
args: --timeout 10m0s
- name: Verify all generated pieces are up-to-date
run: make generate-all && git add -N . && git diff --exit-code
- name: Unit tests
run: |
make test
- name: Set up Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
Expand All @@ -92,7 +54,8 @@ jobs:
GIT_VERSION=$(git describe --tags --always)
echo "version=${GIT_VERSION:1}" >> $GITHUB_OUTPUT
echo "clustername=ci-$(date +%s | cut -b6-10)" >> $GITHUB_OUTPUT
- name: Build and push HMC controller image
- name: Push HMC Controller Image to GHCR
if:
uses: docker/build-push-action@v6
with:
build-args: |
Expand All @@ -104,36 +67,35 @@ jobs:
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Prepare and push HMC template charts
- name: Prepare and push HMC template charts to GHCR
run: |
make hmc-chart-release
make helm-push
controller-e2etest:
name: E2E Controller
name: Controller
runs-on: ubuntu-latest
needs: build
if: ${{ contains( github.event.pull_request.labels.*.name, 'test e2e') }}
needs: push
concurrency:
group: controller-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
outputs:
clustername: ${{ needs.build.outputs.clustername }}
version: ${{ needs.build.outputs.version }}
pr: ${{ needs.build.outputs.pr }}
clustername: ${{ needs.push.outputs.clustername }}
version: ${{ needs.push.outputs.version }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{fromJSON(needs.build.outputs.pr).merge_commit_sha}}
- name: Setup kubectl
uses: azure/setup-kubectl@v4
- name: Run E2E tests
env:
GINKGO_LABEL_FILTER: 'controller'
MANAGED_CLUSTER_NAME: ${{ needs.build.outputs.clustername }}
IMG: 'ghcr.io/mirantis/hmc/controller-ci:${{ needs.build.outputs.version }}'
VERSION: ${{ needs.build.outputs.version }}
MANAGED_CLUSTER_NAME: ${{ needs.push.outputs.clustername }}
IMG: 'ghcr.io/mirantis/hmc/controller-ci:${{ needs.push.outputs.version }}'
VERSION: ${{ needs.push.outputs.version }}
run: |
make test-e2e
- name: Archive test results
Expand All @@ -145,17 +107,16 @@ jobs:
test/e2e/*.log
provider-cloud-e2etest:
name: E2E Cloud Providers
name: Cloud Providers
runs-on: ubuntu-latest
if: ${{ contains( github.event.pull_request.labels.*.name, 'test e2e') }}
needs: build
needs: push
concurrency:
group: cloud-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
outputs:
clustername: ${{ needs.build.outputs.clustername }}
version: ${{ needs.build.outputs.version }}
pr: ${{ needs.build.outputs.pr }}
clustername: ${{ needs.push.outputs.clustername }}
version: ${{ needs.push.outputs.version }}
env:
AWS_REGION: us-west-2
AWS_ACCESS_KEY_ID: ${{ secrets.CI_AWS_ACCESS_KEY_ID }}
Expand All @@ -170,7 +131,6 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{fromJSON(needs.build.outputs.pr).merge_commit_sha}}
- name: Setup Go
uses: actions/setup-go@v5
with:
Expand All @@ -181,9 +141,9 @@ jobs:
- name: Run E2E tests
env:
GINKGO_LABEL_FILTER: 'provider:cloud'
MANAGED_CLUSTER_NAME: ${{ needs.build.outputs.clustername }}
IMG: 'ghcr.io/mirantis/hmc/controller-ci:${{ needs.build.outputs.version }}'
VERSION: ${{ needs.build.outputs.version }}
MANAGED_CLUSTER_NAME: ${{ needs.push.outputs.clustername }}
IMG: 'ghcr.io/mirantis/hmc/controller-ci:${{ needs.push.outputs.version }}'
VERSION: ${{ needs.push.outputs.version }}
run: |
make test-e2e
- name: Archive test results
Expand All @@ -195,17 +155,16 @@ jobs:
test/e2e/*.log
provider-onprem-e2etest:
name: E2E On-Prem Providers
name: On-Prem Providers
runs-on: self-hosted
if: ${{ contains( github.event.pull_request.labels.*.name, 'test e2e') }}
needs: build
needs: push
concurrency:
group: onprem-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
outputs:
clustername: ${{ needs.build.outputs.clustername }}
version: ${{ needs.build.outputs.version }}
pr: ${{ needs.build.outputs.pr }}
clustername: ${{ needs.push.outputs.clustername }}
version: ${{ needs.push.outputs.version }}
env:
VSPHERE_USER: ${{ secrets.CI_VSPHERE_USER }}
VSPHERE_PASSWORD: ${{ secrets.CI_VSPHERE_PASSWORD }}
Expand All @@ -224,7 +183,6 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{fromJSON(needs.build.outputs.pr).merge_commit_sha}}
- name: Setup Go
uses: actions/setup-go@v5
with:
Expand All @@ -234,9 +192,9 @@ jobs:
- name: Run E2E tests
env:
GINKGO_LABEL_FILTER: 'provider:onprem'
MANAGED_CLUSTER_NAME: ${{ needs.build.outputs.clustername }}
IMG: 'ghcr.io/mirantis/hmc/controller-ci:${{ needs.build.outputs.version }}'
VERSION: ${{ needs.build.outputs.version }}
MANAGED_CLUSTER_NAME: ${{ needs.push.outputs.clustername }}
IMG: 'ghcr.io/mirantis/hmc/controller-ci:${{ needs.push.outputs.version }}'
VERSION: ${{ needs.push.outputs.version }}
run: |
make test-e2e
- name: Archive test results
Expand All @@ -250,21 +208,19 @@ jobs:
cleanup:
name: Cleanup
needs:
- build
- push
- provider-cloud-e2etest
runs-on: ubuntu-latest
if: ${{ always() && !contains(needs.provider-cloud-e2etest.result, 'skipped') && contains(needs.build.result, 'success') }}
if: ${{ always() && !contains(needs.provider-cloud-e2etest.result, 'skipped') && contains(needs.push.result, 'success') }}
timeout-minutes: 15
outputs:
clustername: ${{ needs.build.outputs.clustername }}
version: ${{ needs.build.outputs.version }}
pr: ${{ needs.build.outputs.pr }}
clustername: ${{ needs.push.outputs.clustername }}
version: ${{ needs.push.outputs.version }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{fromJSON(needs.build.outputs.pr).merge_commit_sha}}
- name: Setup Go
uses: actions/setup-go@v5
with:
Expand All @@ -279,7 +235,7 @@ jobs:
AZURE_TENANT_ID: ${{ secrets.CI_AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.CI_AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.CI_AZURE_CLIENT_SECRET }}
CLUSTER_NAME: '${{ needs.build.outputs.clustername }}'
CLUSTER_NAME: '${{ needs.push.outputs.clustername }}'
run: |
make dev-aws-nuke
make dev-azure-nuke

0 comments on commit 916b428

Please sign in to comment.