Skip to content

Add Trivy nightly scan #479

Add Trivy nightly scan

Add Trivy nightly scan #479

Workflow file for this run

name: E2E Tests
on:
pull_request:
permissions:
contents: read
jobs:
build-e2e-images:
name: Build & Run E2E Images
runs-on: [self-hosted, linux, X64, jammy, large]
steps:
-
name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
# We run into rate limiting issues if we don't authenticate
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check out repo
uses: actions/checkout@v4
- name: Install requirements
run: |
sudo apt update
sudo snap install go --classic --channel=1.22/stable
sudo apt install make
sudo apt install docker-buildx
sudo snap install kubectl --classic --channel=1.30/stable
- name: Build provider images
run: sudo make docker-build-e2e
- name: Build k8s-snap images
working-directory: hack/
run: |
./build-e2e-images.sh
- name: Save provider image
run: |
sudo docker save -o provider-images.tar ghcr.io/canonical/cluster-api-k8s/controlplane-controller:dev ghcr.io/canonical/cluster-api-k8s/bootstrap-controller:dev
sudo chmod 775 provider-images.tar
- name: Save k8s-snap image
run: |
sudo docker save -o k8s-snap-image-old.tar k8s-snap:dev-old
sudo docker save -o k8s-snap-image-new.tar k8s-snap:dev-new
sudo chmod 775 k8s-snap-image-old.tar
sudo chmod 775 k8s-snap-image-new.tar
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: e2e-images
path: |
provider-images.tar
k8s-snap-image-old.tar
k8s-snap-image-new.tar
run-e2e-tests:
name: Run E2E Tests
runs-on: [self-hosted, linux, X64, jammy, xlarge]
needs: build-e2e-images
strategy:
matrix:
ginkgo_focus:
- "KCP remediation"
- "MachineDeployment remediation"
- "Workload cluster creation"
- "Workload cluster scaling"
- "Workload cluster upgrade"
- "Certificate Refresh"
- "Orchestrated In place upgrades"
# TODO(ben): Remove once all tests are running stable.
fail-fast: false
steps:
-
name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
# We run into rate limiting issues if we don't authenticate
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check out repo
uses: actions/checkout@v4
- name: Install requirements
run: |
sudo apt update
sudo snap install go --classic --channel=1.22/stable
sudo apt install make
sudo apt install docker-buildx
sudo snap install kubectl --classic --channel=1.30/stable
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: e2e-images
path: .
- name: Load provider image
run: sudo docker load -i provider-images.tar
- name: Load k8s-snap old image
run: |
sudo docker load -i k8s-snap-image-old.tar
- name: Load k8s-snap new image
if: matrix.ginkgo_focus == 'Workload cluster upgrade'
run: |
sudo docker load -i k8s-snap-image-new.tar
- name: Create docker network
run: |
sudo docker network create kind --driver=bridge -o com.docker.network.bridge.enable_ip_masquerade=true
- name: Increase inotify watches
run: |
# Prevents https://cluster-api.sigs.k8s.io/user/troubleshooting#cluster-api-with-docker----too-many-open-files
sudo sysctl fs.inotify.max_user_watches=1048576
sudo sysctl fs.inotify.max_user_instances=8192
- name: Run e2e tests
run: |
sudo GINKGO_FOCUS="${{ matrix.ginkgo_focus }}" SKIP_RESOURCE_CLEANUP=true make test-e2e
- name: env summary
if: ${{ always() }}
run: |
set -x
docker ps
docker image ls
df -h
sudo chmod -R a+rw _artifacts
sudo chown -R $USER:$USER _artifacts
echo "suite_name=$(echo "${{ matrix.ginkgo_focus }}" | tr " " "_" )" >> "$GITHUB_ENV"
- name: Upload artifacts
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: artifacts_${{ env.suite_name }}
path: _artifacts
- name: Setup tmate session
if: ${{ failure() }}
uses: canonical/action-tmate@main