Skip to content

Changelog v1.64.0

Changelog v1.64.0 #607

#
# THIS FILE IS GENERATED, PLEASE DO NOT EDIT.
#
# Copyright 2022 Flant JSC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.# on every push to dev branches
name: Build and test for dev branches
on:
pull_request_target:
types:
- opened
- synchronize
- reopened
env:
# <template: werf_envs>
WERF_CHANNEL: "ea"
WERF_ENV: "FE"
TEST_TIMEOUT: "15m"
# Use fixed string 'sys/deckhouse-oss' for repo name. ${CI_PROJECT_PATH} is not available here in GitHub.
DEV_REGISTRY_PATH: "${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/sys/deckhouse-oss"
# Registry for additional repositories used for testing Github Actions workflows.
GHA_TEST_REGISTRY_PATH: "ghcr.io/${{ github.repository }}"
# </template: werf_envs>
# <template: git_source_envs>
# source repo contains should creds for repo for ex https://user:[email protected]/group
SOURCE_REPO: "${{secrets.SOURCE_REPO}}"
GOPROXY: "${{secrets.GOPROXY}}"
# </template: git_source_envs>
# Cancel in-progress jobs for the same PR (pull_request_target event) or for the same branch (push event).
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
jobs:
# <template: pull_request_info>
pull_request_info:
name: Get pull request reference
runs-on: ubuntu-latest
outputs:
ref: ${{ steps.pr_props.outputs.ref }}
ref_slug: ${{ steps.pr_props.outputs.ref_slug }}
edition: ${{ steps.pr_props.outputs.edition }}
pr_title: ${{ steps.pr_props.outputs.pr_title }}
pr_description: ${{ steps.pr_props.outputs.pr_description }}
diff_url: ${{ steps.pr_props.outputs.diff_url }}
labels: ${{ steps.pr_props.outputs.labels }}
changes_docs: ${{ steps.changes.outputs.docs }}
changes_not_markdown: ${{ steps.changes.outputs.not_markdown }}
# Skip pull_request and pull_request_target triggers for PRs authored by deckhouse-BOaTswain, e.g. changelog PRs.
if: ${{ ! (startsWith(github.event_name, 'pull_request') && github.event.pull_request.user.login == 'deckhouse-BOaTswain') }}
steps:
- name: Get PR info for push trigger
id: push_info
if: ${{ github.event_name == 'push' }}
uses: actions/[email protected]
with:
script: |
// Support for 'push' trigger: find PR by commit SHA and pass response to pr_props step.
const { GITHUB_REF_NAME } = process.env
core.startGroup(`Fetching PR info for commit ${context.sha} in ${context.repo.name}:${GITHUB_REF_NAME} ...`)
try {
const response = await github.rest.repos.listPullRequestsAssociatedWithCommit({
owner: context.repo.owner,
repo: context.repo.repo,
commit_sha: context.sha
});
if (response.status !== 200 || !response.data || response.data.length === 0) {
return core.setFailed(`Bad response on listing PRs for commit ${context.sha}: ${JSON.stringify(response)}`);
}
// Get first associated pr.
let pr = response.data[0];
core.info(`Current labels: ${JSON.stringify(pr.labels)}`);
// Reduce size to fit output limits.
pr = {
url: pr.url,
diff_url: pr.diff_url,
number: pr.number,
labels: pr.labels,
head: pr.head,
title: pr.title,
body: pr.body,
}
core.notice(`Found PR#{pr.number} for commit ${context.sha}`);
core.setOutput('pr_info', JSON.stringify(pr));
} catch (error) {
return core.setFailed(`Error listing pull requests for commit ${context.sha}: ${error}`)
} finally {
core.endGroup()
}
- name: Get PR info for pull_request trigger
id: pr_info
if: ${{ startsWith(github.event_name, 'pull_request') }}
uses: actions/[email protected]
with:
script: |
// Support for 'pull_request' and 'pull_request_target' triggers:
// find PR by its number to get current labels.
// Why? Workflow rerun of 'opened' pull request contains outdated labels.
const prNumber = context.payload.pull_request.number;
const owner = context.repo.owner;
const repo = context.repo.repo;
core.startGroup(`Fetching info for PR#${prNumber} ...`);
try {
const response = await github.rest.pulls.get({owner, repo, pull_number: prNumber})
if (response.status != 200 || !response.data) {
return core.setFailed(`Bad response on getting PR#${prNumber} : ${JSON.stringify(response)}`);
}
// Only labels are needed.
let pr = response.data;
core.info(`Labels from context: ${JSON.stringify(context.payload.pull_request.labels)}`);
core.info(`Current labels: ${JSON.stringify(pr.labels)}`);
// Reduce size to fit output limits.
pr = {
url: pr.url,
diff_url: pr.diff_url,
number: pr.number,
labels: pr.labels,
head: pr.head,
title: pr.title,
body: pr.body,
}
core.setOutput('pr_info', JSON.stringify(pr));
} catch (error) {
return core.setFailed(`Fetch PR#${prNumber} error: ${error}`)
} finally {
core.endGroup()
}
- name: Check PR properties
id: pr_props
uses: actions/[email protected]
env:
PR_INFO: ${{ steps.push_info.outputs.pr_info || steps.pr_info.outputs.pr_info }}
with:
script: |
if (process.env.PR_INFO == '') {
return core.setFailed(`No pull request info: event_name=${context.eventName} action=${context.action} ref=${context.ref}`);
}
// Parse Pr info from environment variable.
const pr = JSON.parse(process.env.PR_INFO);
core.startGroup(`Detect PR properties`)
const pr_repo = pr.head.repo.full_name;
const target_repo = context.payload.repository.full_name;
const isInternal = pr_repo === target_repo;
const isDependabot = (context.actor === 'dependabot[bot]');
const isChangelog = pr.head.ref.startsWith('changelog/v');
const okToTest = pr.labels.some((l) => l.name === 'status/ok-to-test');
core.info(`PR head repo ${pr_repo}`)
core.info(`PR commit SHA ${pr.head.sha}`)
core.info(`PR head label ${pr.head.label}`)
core.info(`Target repo ${target_repo}`)
core.info(`PR internal? ${isInternal}`)
core.info(`PR from dependabot? ${isDependabot}`)
core.info(`PR changelog? ${isChangelog}`)
core.info(`PR has 'ok-to-test'? ${okToTest}`)
core.endGroup()
// Detect if PR can be ignored or should be checked for dangerous changes.
let shouldCheckFiles = false;
if (isInternal && !isDependabot) {
// Ignore changelog pull requests.
if (isChangelog) {
return core.setFailed(`PR#${pr.number} for changelog is ignored.`);
}
} else {
// External and dependabot pull requests should be labeled with 'status/ok-to-test'.
if (!okToTest) {
core.notice(`PR#${pr.number} requires label 'status/ok-to-test' to run tests and validations`)
return core.setFailed(`PR#${pr.number} without label 'status/ok-to-test' is ignored.`);
}
shouldCheckFiles = true;
}
if (shouldCheckFiles) {
core.notice(`PR#{pr.number} may be dangerous, will check file changes.`)
}
// Set edition from current labels.
const defaultEdition = process.env.WERF_ENV ? process.env.WERF_ENV : 'FE';
const hasEE = pr.labels.some((l) => l.name === 'edition/ee');
const hasCE = pr.labels.some((l) => l.name === 'edition/ce');
const hasBE = pr.labels.some((l) => l.name === 'edition/be');
const hasSE = pr.labels.some((l) => l.name === 'edition/se');
let edition = defaultEdition;
if (hasCE) {
edition = 'CE';
} else if (hasEE) {
edition = 'EE';
} else if (hasBE) {
edition = 'BE';
} else if (hasSE) {
edition = 'SE';
}
core.info(`Edition labels: 'edition/ce':${hasCE}, 'edition/ee':${hasEE}, 'edition/be':${hasBE}, 'edition/se':${hasSE}`);
core.notice(`Enable '${edition}' edition for '${context.eventName}' trigger.`);
// Construct head commit ref using pr number.
const ref = `refs/pull/${ pr.number }/head`;
core.notice(`Use ref: '${ref}'`)
// Pass pr.diff_url to download diff via regular request.
// Pass pr.url to get diff via API request.
let diff_url = pr.diff_url;
if (!!context.payload.repository.private) {
core.notice(`Detect private repo. Pass PR url to download diff via Github API.`);
diff_url = pr.url;
}
// Set outputs.
core.setCommandEcho(true)
core.setOutput('should_check', shouldCheckFiles.toString());
core.setOutput('ref', ref);
core.setOutput('ref_slug', `pr${pr.number}`);
core.setOutput('edition', edition);
core.setOutput('pr_title', pr.title);
core.setOutput('pr_description', pr.body);
core.setOutput('diff_url', diff_url);
core.setOutput('labels', JSON.stringify(pr.labels));
core.setCommandEcho(false);
# Checkhout the head commit of the PR branch.
- name: Checkout PR head commit
if: steps.pr_props.outputs.should_check == 'true'
uses: actions/[email protected]
with:
ref: ${{ steps.pr_props.outputs.ref }}
# Get info about other changes.
- name: Get info about PR changes
uses: dorny/paths-filter@v2
id: changes
with:
token: ${{ secrets.BOATSWAIN_GITHUB_TOKEN }}
# dangerous - detect if changes not allowed to test for external PRs
# docs - detect changes in files that belong to the documentation scope
# not_markdown - detect changes not in markdown files
filters: |
dangerous:
- './.github/**'
- './tools/**'
- './testing/**'
- './docs/**/js/**'
- './docs/**/css/**'
- './docs/**/images/**'
- './docs/**/assets/**'
docs:
- './**/*.md'
- './docs/**'
- './**/crds/*'
- './**/openapi/*config-values.yaml'
- './candi/**/openapi/*'
- './ee/candi/**/openapi/*'
not_markdown:
- '!./**/*.md'
# Stop workflow if external PR contains dangerous changes.
- name: Fail workflow on dangerous changes
if: ${{ steps.pr_props.outputs.should_check == 'true' && steps.changes.outputs.dangerous == 'true' }}
uses: actions/[email protected]
with:
script: |
core.setFailed('External PR contains dangerous changes.')
# </template: pull_request_info>
# <template: git_info_job>
git_info:
name: Get git info
runs-on: ubuntu-latest
outputs:
ci_commit_tag: ${{ steps.git_info.outputs.ci_commit_tag }}
ci_commit_branch: ${{ steps.git_info.outputs.ci_commit_branch }}
ci_commit_ref_name: ${{ steps.git_info.outputs.ci_commit_ref_name }}
ci_commit_ref_slug: ${{ steps.git_info.outputs.ci_commit_ref_slug }}
ref_full: ${{ steps.git_info.outputs.ref_full }}
github_sha: ${{ steps.git_info.outputs.github_sha }}
pr_number: ${{ steps.git_info.outputs.pr_number }}
# Skip the CI for automation PRs, e.g. changelog
if: ${{ github.event.pull_request.user.login != 'deckhouse-BOaTswain' }}
steps:
- id: git_info
name: Get tag name and SHA
uses: actions/[email protected]
with:
script: |
const { GITHUB_REF_TYPE, GITHUB_REF_NAME, GITHUB_REF } = process.env
let refSlug = ''
let refName = ''
let refFull = ''
let githubBranch = ''
let githubTag = ''
let githubSHA = ''
let prNumber = ''
if (context.eventName === "workflow_dispatch" && context.payload.inputs && context.payload.inputs.pull_request_ref) {
// Trigger: workflow_dispatch with pull_request_ref.
// Extract pull request number from 'refs/pull/<NUM>/merge'
prNumber = context.payload.inputs.pull_request_ref.replace('refs/pull/', '').replace('/merge', '').replace('/head', '')
refSlug = `pr${prNumber}`
refName = context.payload.inputs.ci_commit_ref_name
refFull = context.payload.inputs.pull_request_ref
githubBranch = refName
githubSHA = context.payload.inputs.pull_request_sha
core.info(`workflow_dispatch event: set git info from inputs. inputs: ${JSON.stringify(context.payload.inputs)}`)
} else if (context.eventName === "pull_request" || context.eventName === "pull_request_target" ) {
// For PRs from forks, tag images with `prXXX` to avoid clashes between branches.
const targetRepo = context.payload.repository.full_name;
const prRepo = context.payload.pull_request.head.repo.full_name
const prRef = context.payload.pull_request.head.ref
refSlug = `pr${context.issue.number}`;
refName = (prRepo === targetRepo) ? prRef : refSlug;
refFull = `refs/pull/${context.issue.number}/head`
githubBranch = refName
githubSHA = context.payload.pull_request.head.sha
core.info(`pull request event: set git info from pull_request.head. pr:${prRepo}:${prRef} target:${targetRepo}:${context.ref}`)
prNumber = context.issue.number
} else {
// Other triggers: workflow_dispatch without pull_request_ref, schedule, push...
// refName is 'main' or tag name, so slugification is not necessary.
refSlug = GITHUB_REF_NAME
refName = GITHUB_REF_NAME
refFull = GITHUB_REF
githubTag = GITHUB_REF_TYPE == "tag" ? refName : ""
githubBranch = GITHUB_REF_TYPE == "branch" ? refName : ""
githubSHA = context.sha
core.info(`${context.eventName} event: set git info from context: ${JSON.stringify({GITHUB_REF_NAME, GITHUB_REF_TYPE, sha: context.sha })}`)
}
core.setCommandEcho(true)
core.setOutput('ci_commit_ref_slug', refSlug)
core.setOutput('ci_commit_ref_name', refName)
core.setOutput(`ci_commit_tag`, githubTag)
core.setOutput(`ci_commit_branch`, githubBranch)
core.setOutput(`ref_full`, refFull)
core.setOutput('github_sha', githubSHA)
core.setOutput('pr_number', prNumber)
core.setCommandEcho(false)
# </template: git_info_job>
enable_fe:
if: ${{ needs.pull_request_info.outputs.edition == 'FE' }}
name: Enable FE
needs:
- pull_request_info
runs-on: ubuntu-latest
steps:
- run: |
echo Enable ${{ needs.pull_request_info.outputs.edition }}
enable_ee:
if: ${{ needs.pull_request_info.outputs.edition == 'EE' }}
name: Enable EE
needs:
- pull_request_info
runs-on: ubuntu-latest
steps:
- run: |
echo Enable ${{ needs.pull_request_info.outputs.edition }}
enable_ce:
if: ${{ needs.pull_request_info.outputs.edition == 'CE' }}
name: Enable CE
needs:
- pull_request_info
runs-on: ubuntu-latest
steps:
- run: |
echo Enable ${{ needs.pull_request_info.outputs.edition }}
enable_be:
if: ${{ needs.pull_request_info.outputs.edition == 'BE' }}
name: Enable BE
needs:
- pull_request_info
runs-on: ubuntu-latest
steps:
- run: |
echo Enable ${{ needs.pull_request_info.outputs.edition }}
enable_se:
if: ${{ needs.pull_request_info.outputs.edition == 'SE' }}
name: Enable SE
needs:
- pull_request_info
runs-on: ubuntu-latest
steps:
- run: |
echo Enable ${{ needs.pull_request_info.outputs.edition }}
go_generate:
name: Go Generate
needs:
- git_info
- pull_request_info
# <template: go_generate_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_step>
- name: Checkout sources
uses: actions/[email protected]
with:
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_step>
# <template: login_readonly_registry_step>
- name: Check readonly registry credentials
id: check_readonly_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to readonly registry
uses: docker/[email protected]
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }}
logout: false
# </template: login_readonly_registry_step>
# <template: werf_install_step>
- name: Install werf CLI
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e
with:
channel: ${{env.WERF_CHANNEL}}
# </template: werf_install_step>
- name: Set up Go 1.22
uses: actions/setup-go@v3
with:
go-version: '1.22'
- name: Run go generate
run: |
(cd tools && go generate)
(cd modules/500-upmeter/hooks/smokemini/internal/snapshot && go generate)
- name: Check generated code
run: |
git diff --exit-code
# </template: go_generate_template>
workflow_render:
name: Render workflow
needs:
- git_info
- pull_request_info
# <template: workflow_render_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_step>
- name: Checkout sources
uses: actions/[email protected]
with:
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_step>
# <template: login_readonly_registry_step>
- name: Check readonly registry credentials
id: check_readonly_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to readonly registry
uses: docker/[email protected]
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }}
logout: false
# </template: login_readonly_registry_step>
- name: Render GitHub workflow
run: |
cd .github
./render-workflows.sh
- name: Check rendered files
run: |
git diff --exit-code
# </template: workflow_render_template>
build_deckhouse:
name: Build Deckhouse
needs:
- git_info
- pull_request_info
- go_generate
- workflow_render
env:
WERF_ENV: ${{ needs.pull_request_info.outputs.edition }}
# <template: build_template>
runs-on: [self-hosted, regular, selectel]
outputs:
tests_image_name: ${{ steps.build.outputs.tests_image_name }}
steps:
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
# <template: login_readonly_registry_step>
- name: Check readonly registry credentials
id: check_readonly_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to readonly registry
uses: docker/[email protected]
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }}
logout: false
# </template: login_readonly_registry_step>
# <template: login_rw_registry_step>
- name: Check rw registry credentials
id: check_rw_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to rw registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }}
logout: false
- name: Login to Github Container Registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }}
with:
registry: ghcr.io
username: ${{ secrets.GHCR_IO_REGISTRY_USER }}
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }}
logout: false
# </template: login_rw_registry_step>
# <template: werf_install_step>
- name: Install werf CLI
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e
with:
channel: ${{env.WERF_CHANNEL}}
# </template: werf_install_step>
- name: Build and push deckhouse images
id: build
env:
DECKHOUSE_REGISTRY_HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}}
CI_COMMIT_TAG: ${{needs.git_info.outputs.ci_commit_tag}}
CI_COMMIT_BRANCH: ${{needs.git_info.outputs.ci_commit_branch}}
CI_COMMIT_REF_NAME: ${{needs.git_info.outputs.ci_commit_ref_name}}
CI_COMMIT_REF_SLUG: ${{needs.pull_request_info.outputs.ref_slug}}
run: |
# Extract REPO_SUFFIX from repository name: trim prefix 'deckhouse/deckhouse-'.
REPO_SUFFIX=${GITHUB_REPOSITORY#deckhouse/deckhouse-}
if [[ $REPO_SUFFIX == $GITHUB_REPOSITORY ]] ; then
# REPO_SUFFIX should be empty for main repo 'deckhouse/deckhouse'.
REPO_SUFFIX=
fi
# Put tags on produced images and push to dev and release repositories.
#
# There are 2 modes: "dev" and "release".
# The "dev" mode builds branches only:
# - Build using dev-registry as primary and deckhouse registry as secondary.
# - Push dev and dev/install images with prNUM tags and push to dev-registry.
# The "release" mode builds branches and tags:
# - Build using dev-registry as primary and deckhouse registry as secondary.
# - Push dev and dev/install images to dev-registry with tag equal to a branch name (main or release-X.Y).
# - Build using deckhouse registry as primary and dev-registry as secondary.
# - Push dev, dev/install and release-channel-version images to deckhouse registry with tag equels to a Git tag.
# SRC_NAME is a name of image from werf.yaml.
# SRC is a source image name (stage name from werf build report).
# DST is an image name for docker push.
function pull_push_rmi() {
SRC_NAME=$1
SRC=$2
DST=$3
echo "⚓️ 📥 [$(date -u)] Pull '${SRC_NAME}' image as ${SRC}."
docker pull ${SRC}
echo "⚓️ 🏷 [$(date -u)] Tag '${SRC_NAME}' image as ${DST}."
docker image tag ${SRC} ${DST}
echo "⚓️ 📤 [$(date -u)] Push '${SRC_NAME}' image as ${DST}."
docker image push ${DST}
echo "⚓️ 🧹 [$(date -u)] Remove local tag for '${SRC_NAME}'."
docker image rmi ${DST} || true;
}
if [[ -n "${DEV_REGISTRY_PATH}" ]]; then export WERF_REPO="${DEV_REGISTRY_PATH}"; fi
type werf && source $(werf ci-env github --verbose --as-file)
# CE/EE/FE -> ce/ee/fe
REGISTRY_SUFFIX=$(echo ${WERF_ENV} | tr '[:upper:]' '[:lower:]')
# Registry path to publish images for Git branches.
BRANCH_REGISTRY_PATH=
# Registry path to publish images for Git tags.
SEMVER_REGISTRY_PATH=
if [[ -n ${DECKHOUSE_REGISTRY_HOST:-} ]] ; then
# Build using dev-registry as primary repo and prod registry as secondary (ro) repo.
# This build will put stages to "dev" registry. If "dev" registry is empty, existing stages are copied from prod registry.
SECONDARY_REPO="--cache-repo ${DECKHOUSE_REGISTRY_HOST}/deckhouse/${REGISTRY_SUFFIX}"
if [[ -n "${CI_COMMIT_BRANCH}" && ! "${CI_COMMIT_BRANCH}" =~ ^(main|release-.+)$ ]]; then
SECONDARY_REPO=
fi
werf build \
${SECONDARY_REPO} \
--parallel=true --parallel-tasks-limit=5 \
--report-path images_tags_werf.json
BRANCH_REGISTRY_PATH="${DEV_REGISTRY_PATH}"
SEMVER_REGISTRY_PATH="${DECKHOUSE_REGISTRY_HOST}/deckhouse"
else
# DECKHOUSE_REGISTRY_HOST is empty, so this repo is not the main repo.
# Build using dev-registry as a single primary repo and push:
# - branches to Dev registry to run e2e tests.
# - semver tags to Github Container Registry for testing release process.
werf build \
--parallel=true --parallel-tasks-limit=5 \
--report-path images_tags_werf.json
BRANCH_REGISTRY_PATH="${DEV_REGISTRY_PATH}"
SEMVER_REGISTRY_PATH="${GHA_TEST_REGISTRY_PATH}"
echo "⚓️ 🧪 [$(date -u)] DECKHOUSE_REGISTRY_HOST is empty. Publish to Github Container Registry '${PROD_REGISTRY_PATH}'"
fi
# Publish images for Git branch.
if [[ -n "${CI_COMMIT_BRANCH}" ]]; then
# CI_COMMIT_REF_SLUG is a 'prNUM' for dev branches or 'main' for default branch.
# Use it as image tag. Add suffix to not overlap with PRs in main repo.
IMAGE_TAG=${CI_COMMIT_REF_SLUG}${REPO_SUFFIX:+-${REPO_SUFFIX}}
echo "⚓️ 💫 [$(date -u)] Publish images to dev-registry for branch '${CI_COMMIT_BRANCH}' and edition '${WERF_ENV}' using tag '${IMAGE_TAG}' ..."
echo "⚓️ 💫 [$(date -u)] Publish 'dev' image to dev-registry using tag ${IMAGE_TAG}".
DECKHOUSE_IMAGE_SRC="$(jq -r '.Images."dev".DockerImageName' images_tags_werf.json)"
DECKHOUSE_IMAGE=${BRANCH_REGISTRY_PATH}:${IMAGE_TAG}
pull_push_rmi 'dev' ${DECKHOUSE_IMAGE_SRC} ${DECKHOUSE_IMAGE}
echo "⚓️ 💫 [$(date -u)] Publish 'dev/install' image to dev-registry using tag ${IMAGE_TAG}".
INSTALL_IMAGE_SRC="$(jq -r '.Images."dev/install".DockerImageName' images_tags_werf.json)"
INSTALL_IMAGE=${BRANCH_REGISTRY_PATH}/install:${IMAGE_TAG}
pull_push_rmi 'dev/install' ${INSTALL_IMAGE_SRC} ${INSTALL_IMAGE}
echo "⚓️ 💫 [$(date -u)] Publish 'dev/install-standalone' image to dev-registry using tag ${IMAGE_TAG}".
INSTALL_IMAGE_SRC="$(jq -r '.Images."dev/install-standalone".DockerImageName' images_tags_werf.json)"
INSTALL_IMAGE=${BRANCH_REGISTRY_PATH}/install-standalone:${IMAGE_TAG}
pull_push_rmi 'dev/install-standalone' ${INSTALL_IMAGE_SRC} ${INSTALL_IMAGE}
echo "⚓️ 💫 [$(date -u)] Publish 'e2e-terraform' image to dev-registry using tag ${IMAGE_TAG}".
INSTALL_IMAGE_SRC="$(jq -r '.Images."e2e-terraform".DockerImageName' images_tags_werf.json)"
INSTALL_IMAGE=${BRANCH_REGISTRY_PATH}/e2e-terraform:${IMAGE_TAG}
pull_push_rmi 'e2e-terraform' ${INSTALL_IMAGE_SRC} ${INSTALL_IMAGE}
fi
# Save 'tests' image name to pass it as output for 'tests' jobs.
TESTS_IMAGE_NAME="$(jq -r '.Images."tests".DockerImageName' images_tags_werf.json)"
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret.
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]'
# Encode as gzip+base64 to evade github's SecretMasker error: "Skip output since it may contain secret".
echo "tests_image_name=$(echo ${TESTS_IMAGE_NAME} | gzip | base64 -w0)" >> $GITHUB_OUTPUT
- name: Cleanup
if: ${{ always() }}
run: |
rm -f images_tags_werf.json
# </template: build_template>
doc_web_build:
name: Doc web build
if: ${{ github.repository == 'deckhouse/deckhouse' }}
# Wait for success build of modules.
needs:
- git_info
- pull_request_info
# <template: web_build_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
- name: Run doc web build
uses: werf/actions/build@43075e4ab81952b181d33e125ef15b9c060a782e
with:
channel: ${{env.WERF_CHANNEL}}
env:
WERF_DIR: "docs/documentation"
WERF_LOG_VERBOSE: "on"
WERF_REPO: "${{ steps.check_dev_registry.outputs.web_registry_path }}"
# </template: web_build_template>
main_web_build:
name: Main web build
if: ${{ github.repository == 'deckhouse/deckhouse' }}
# Wait for success build of modules.
needs:
- git_info
- pull_request_info
# <template: web_build_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
- name: Run main web build
uses: werf/actions/build@43075e4ab81952b181d33e125ef15b9c060a782e
with:
channel: ${{env.WERF_CHANNEL}}
env:
WERF_DIR: "docs/site"
WERF_LOG_VERBOSE: "on"
DOC_API_KEY: "${{secrets.DOC_API_KEY}}"
DOC_API_URL: "${{vars.DOC_API_URL}}"
WERF_REPO: "${{ steps.check_dev_registry.outputs.web_registry_path }}"
# </template: web_build_template>
tests:
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }}
name: Tests
needs:
- git_info
- pull_request_info
# <template: tests_before_build_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
# <template: login_rw_registry_step>
- name: Check rw registry credentials
id: check_rw_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to rw registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }}
logout: false
- name: Login to Github Container Registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }}
with:
registry: ghcr.io
username: ${{ secrets.GHCR_IO_REGISTRY_USER }}
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }}
logout: false
# </template: login_rw_registry_step>
- name: Run tests
env:
TESTS_IMAGE_NAME: "registry.deckhouse.io/base_images/golang:1.22.3-bullseye@sha256:d51f0325ad7c506fa807bb2fcb67f9c037188ae7fcf1b25e6ac97fca3058265f"
run: |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret.
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]'
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..."
docker pull ${TESTS_IMAGE_NAME}
echo "⚓️ 🏎 [$(date -u)] Run tests..."
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make tests-controller tests-modules
# </template: tests_before_build_template>
matrix_tests:
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }}
name: Matrix tests
needs:
- git_info
- pull_request_info
# <template: tests_before_build_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
# <template: login_rw_registry_step>
- name: Check rw registry credentials
id: check_rw_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to rw registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }}
logout: false
- name: Login to Github Container Registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }}
with:
registry: ghcr.io
username: ${{ secrets.GHCR_IO_REGISTRY_USER }}
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }}
logout: false
# </template: login_rw_registry_step>
- name: Run tests
env:
TESTS_IMAGE_NAME: "registry.deckhouse.io/base_images/golang:1.22.3-bullseye@sha256:d51f0325ad7c506fa807bb2fcb67f9c037188ae7fcf1b25e6ac97fca3058265f"
run: |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret.
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]'
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..."
docker pull ${TESTS_IMAGE_NAME}
echo "⚓️ 🏎 [$(date -u)] Run tests..."
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg -v ~/deckhouse-bin-cache:/deckhouse/bin ${TESTS_IMAGE_NAME} make tests-matrix
# </template: tests_before_build_template>
dhctl_tests:
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }}
name: Dhctl Tests
needs:
- git_info
- pull_request_info
- build_deckhouse
# <template: tests_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
# <template: login_rw_registry_step>
- name: Check rw registry credentials
id: check_rw_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to rw registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }}
logout: false
- name: Login to Github Container Registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }}
with:
registry: ghcr.io
username: ${{ secrets.GHCR_IO_REGISTRY_USER }}
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }}
logout: false
# </template: login_rw_registry_step>
- name: Run tests
env:
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}}
run: |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then
echo "TESTS_IMAGE_NAME is empty"
exit 1
fi
# Decode image name from gzip+base64.
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip)
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret.
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]'
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..."
docker pull ${TESTS_IMAGE_NAME}
echo "⚓️ 🏎 [$(date -u)] Run tests..."
docker run -w /deckhouse/dhctl -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make ci
# </template: tests_template>
golangci_lint:
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }}
name: GolangCI Lint
needs:
- git_info
- pull_request_info
- build_deckhouse
# <template: tests_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
# <template: login_rw_registry_step>
- name: Check rw registry credentials
id: check_rw_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to rw registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }}
logout: false
- name: Login to Github Container Registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }}
with:
registry: ghcr.io
username: ${{ secrets.GHCR_IO_REGISTRY_USER }}
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }}
logout: false
# </template: login_rw_registry_step>
- name: Run tests
env:
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}}
run: |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then
echo "TESTS_IMAGE_NAME is empty"
exit 1
fi
# Decode image name from gzip+base64.
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip)
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret.
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]'
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..."
docker pull ${TESTS_IMAGE_NAME}
echo "⚓️ 🏎 [$(date -u)] Run tests..."
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} sh -c "go generate tools/register.go && GOGC=50 GOFLAGS=\"-buildvcs=false\" golangci-lint run"
# </template: tests_template>
openapi_test_cases:
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }}
name: OpenAPI Test Cases
needs:
- git_info
- pull_request_info
- build_deckhouse
# <template: tests_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
# <template: login_rw_registry_step>
- name: Check rw registry credentials
id: check_rw_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to rw registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }}
logout: false
- name: Login to Github Container Registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }}
with:
registry: ghcr.io
username: ${{ secrets.GHCR_IO_REGISTRY_USER }}
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }}
logout: false
# </template: login_rw_registry_step>
- name: Run tests
env:
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}}
run: |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then
echo "TESTS_IMAGE_NAME is empty"
exit 1
fi
# Decode image name from gzip+base64.
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip)
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret.
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]'
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..."
docker pull ${TESTS_IMAGE_NAME}
echo "⚓️ 🏎 [$(date -u)] Run tests..."
docker run -v ${{github.workspace}}:/deckhouse -w /deckhouse -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} ginkgo -vet=off ./testing/openapi_cases/
# </template: tests_template>
web_links_test:
if: ${{ needs.pull_request_info.outputs.changes_docs == 'true' && github.repository == 'deckhouse/deckhouse' }}
name: Web links test
needs:
- git_info
- pull_request_info
- doc_web_build
- main_web_build
continue-on-error: true
# <template: web_links_test_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
# <template: werf_install_step>
- name: Install werf CLI
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e
with:
channel: ${{env.WERF_CHANNEL}}
# </template: werf_install_step>
- name: Prepare site structure
env:
DOC_API_KEY: "${{secrets.DOC_API_KEY}}"
DOC_API_URL: "${{vars.DOC_API_URL}}"
WEB_REGISTRY_PATH: ${{steps.check_dev_registry.outputs.web_registry_path}}
run: |
type werf
werf version
BASEDIR=$(pwd)/docs
_TMPDIR=$(mktemp -d -t -p ${BASEDIR})
# Save TMPDIR to clean it later.
echo "_TMPDIR=$_TMPDIR" >> ${GITHUB_ENV}
echo "_TMPDIR=$_TMPDIR"
export WERF_REPO="${WEB_REGISTRY_PATH}"
echo -n 'use werf_repo '
echo $WERF_REPO | tr 'a-z' 'A-Z'
# Extract site content to the tmp directory.
export WERF_DIR=$BASEDIR/site
echo "Use werf_dir $WERF_DIR"
type werf && source $(werf ci-env github --verbose --as-file)
echo "werf stage image web-backend:"
werf stage image web-backend | tr 'a-z' 'A-Z'
echo "Run 'docker pull' from werf stage image web-backend"
docker pull $(werf stage image web-backend) || true
echo "werf stage image web-frontend:"
werf stage image web-frontend | tr 'a-z' 'A-Z'
echo "Run 'docker pull' from werf stage image web-frontend"
docker pull $(werf stage image web-frontend) || true
echo "Run 'docker cp' from werf stage image web-backend"
docker cp $(docker create --rm $(werf stage image web-backend)):/app/root ${_TMPDIR}/backend
echo "Run 'docker cp' from werf stage image web-frontend"
docker cp $(docker create --rm $(werf stage image web-frontend)):/app ${_TMPDIR}/frontend
# Extract documentation content to the tmp directory.
export WERF_DIR=$BASEDIR/documentation
type werf && source $(werf ci-env github --verbose --as-file)
echo "werf stage image web:"
werf stage image web | tr 'a-z' 'A-Z'
echo "Run 'docker pull' from werf stage image web"
docker pull $(werf stage image web)
echo "Run 'docker cp' from werf stage image web"
docker cp $(docker create --rm $(werf stage image web)):/app ${_TMPDIR}/documentation
# Create EN site structure.
echo "Create site structure in '${_TMPDIR}/site_en/'"
mkdir -p ${_TMPDIR}/site_en/ ${_TMPDIR}/site_ru/
touch ${_TMPDIR}/site_en/index.html ${_TMPDIR}/site_ru/index.html
rsync -a --exclude='ru' --exclude='en' --exclude='compare' --exclude='includes/header.html' ${_TMPDIR}/frontend/ ${_TMPDIR}/site_en/
rsync -a --exclude='ru' --exclude='en' --exclude='compare' --exclude='includes/header.html' ${_TMPDIR}/frontend/ ${_TMPDIR}/site_ru/
#
rsync -a ${_TMPDIR}/frontend/en/ ${_TMPDIR}/site_en/
rsync -a ${_TMPDIR}/frontend/ru/ ${_TMPDIR}/site_ru/
#
rsync -a --exclude='includes/header.html' ${_TMPDIR}/backend/en/ ${_TMPDIR}/site_en/
rsync -a --exclude='includes/header.html' ${_TMPDIR}/backend/ru/ ${_TMPDIR}/site_ru/
#
rsync -a --exclude='ru' --exclude='en' --exclude='compare' ${_TMPDIR}/documentation/ ${_TMPDIR}/site_en/documentation/
rsync -a --exclude='ru' --exclude='en' --exclude='compare' ${_TMPDIR}/documentation/ ${_TMPDIR}/site_ru/documentation/
rsync -a ${_TMPDIR}/documentation/en/ ${_TMPDIR}/site_en/documentation/
rsync -a ${_TMPDIR}/documentation/ru/ ${_TMPDIR}/site_ru/documentation/
#
rsync -a ${_TMPDIR}/documentation/{assets,css,images,js} ${_TMPDIR}/site_en/documentation
rsync -a ${_TMPDIR}/documentation/{assets,css,images,js} ${_TMPDIR}/site_ru/documentation
- name: Check links with html-proofer (EN)
run: |
# Do not exit on html-proofer error.
set +e
# Checking EN site
docker run --rm -v "${_TMPDIR}/site_en:/src:ro" klakegg/html-proofer:3.19.2 \
--allow-hash-href --check-html --empty-alt-ignore \
--url-ignore "/^\/(?!(gs\/|documentation\/|guides\/))/,/localhost/,/https\:\/\/t.me/,/docs-prv\.pcisecuritystandards\.org/,/gitlab.com\/profile/,/dash.cloudflare.com\/profile/,/example.com/,/vmware.com/,/.slack.com/,/habr.com/,/flant.ru/,/bcrypt-generator.com/,/candi\/bashible\/bashbooster/,/..\/..\/compare\//,/compare\/ru\//,/compare\/en\//,/\.yml$/,/\.yaml$/,/\.tmpl$/,/\.tpl$/" \
--url-swap "https\:\/\/deckhouse.io\/:/,\/documentation\/v1\/:/documentation/,\/documentation\/latest\/:/documentation/" \
--file_ignore "404.html" \
--http-status-ignore "0,429" ${1}
# Emulate 'allow_failure: true' from Gitlab. Github has only two state: success and failure.
exit 0
- name: Check links with html-proofer (RU)
run: |
# Do not exit on html-proofer error.
set +e
# Checking RU site
docker run --rm -v "${_TMPDIR}/site_ru:/src:ro" klakegg/html-proofer:3.19.2 \
--allow-hash-href --check-html --empty-alt-ignore \
--url-ignore "/^\/(?!(gs\/|documentation\/|guides\/))/,/localhost/,/https\:\/\/t.me/,/docs-prv\.pcisecuritystandards\.org/,/gitlab.com\/profile/,/dash.cloudflare.com\/profile/,/example.com/,/vmware.com/,/.slack.com/,/habr.com/,/flant.ru/,/bcrypt-generator.com/,/candi\/bashible\/bashbooster/,/..\/..\/compare\//,/compare\/ru\//,/compare\/en\//,/\.yml$/,/\.yaml$/,/\.tmpl$/,/\.tpl$/" \
--url-swap "https\:\/\/deckhouse.io\/:/,\/documentation\/v1\/:/documentation/,\/documentation\/latest\/:/documentation/" \
--file_ignore "404.html" \
--http-status-ignore "0,429" ${1}
# Emulate 'allow_failure: true' from Gitlab. Github has only two state: success and failure.
exit 0
- name: Clean TMPDIR
if: always()
run: |
if [[ -n $_TMPDIR ]] ; then
rm -rf $_TMPDIR
fi
# </template: web_links_test_template>
validators:
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }}
name: Validators
needs:
- git_info
- pull_request_info
- build_deckhouse
# <template: tests_template>
runs-on: [self-hosted, regular]
steps:
# <template: started_at_output>
- name: Job started timestamp
id: started_at
run: |
unixTimestamp=$(date +%s)
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT
# </template: started_at_output>
# <template: checkout_full_step>
- name: Checkout sources
uses: actions/[email protected]
with:
fetch-depth: 0
ref: ${{ needs.pull_request_info.outputs.ref }}
# </template: checkout_full_step>
# <template: login_dev_registry_step>
- name: Check dev registry credentials
id: check_dev_registry
env:
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to dev registry
uses: docker/[email protected]
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }}
logout: false
# </template: login_dev_registry_step>
# <template: login_rw_registry_step>
- name: Check rw registry credentials
id: check_rw_registry
env:
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}}
run: |
if [[ -n $HOST ]]; then
echo "has_credentials=true" >> $GITHUB_OUTPUT
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT
fi
- name: Login to rw registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }}
with:
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }}
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }}
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }}
logout: false
- name: Login to Github Container Registry
uses: docker/[email protected]
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }}
with:
registry: ghcr.io
username: ${{ secrets.GHCR_IO_REGISTRY_USER }}
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }}
logout: false
# </template: login_rw_registry_step>
- name: Run tests
env:
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}}
run: |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then
echo "TESTS_IMAGE_NAME is empty"
exit 1
fi
# Decode image name from gzip+base64.
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip)
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret.
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]'
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..."
docker pull ${TESTS_IMAGE_NAME}
echo "⚓️ 🏎 [$(date -u)] Run tests..."
docker run -w /deckhouse -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} go test -tags=validation -run Validation -timeout=${{env.TEST_TIMEOUT}} ./testing/...
# </template: tests_template>
set_e2e_requirement_status:
# if previous jobs were failed we do not need set status, because checks will be failed
if: ${{ success() && needs.pull_request_info.outputs.changes_not_markdown == 'true' }}
name: Set 'waiting for e2e' commit status
needs:
- git_info
- pull_request_info
- build_deckhouse
- validators
- openapi_test_cases
- golangci_lint
- dhctl_tests
- matrix_tests
- tests
runs-on: [ self-hosted, regular ]
steps:
- name: Set commit status after e2e run
id: set_e2e_requirement_status
uses: actions/[email protected]
env:
STATUS_TARGET_COMMIT: ${{needs.git_info.outputs.github_sha}}
PR_LABELS: ${{ needs.pull_request_info.outputs.labels }}
with:
github-token: ${{secrets.BOATSWAIN_GITHUB_TOKEN}}
script: |
const e2eStatus = require('./.github/scripts/js/e2e-commit-status');
await e2eStatus.setInitialStatus({github, context, core});