Skip to content

Bump certifi from 2023.5.7 to 2023.7.22 (#50) #108

Bump certifi from 2023.5.7 to 2023.7.22 (#50)

Bump certifi from 2023.5.7 to 2023.7.22 (#50) #108

Workflow file for this run

name: CI
on:
release:
types: [ published ]
pull_request:
push:
branches: [ main ]
tags:
- 'v*'
defaults:
run:
shell: bash
jobs:
probe_tests:
name: Unit tests / ${{ matrix.python }} / ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest, windows-latest, macOS-latest]
python: [ "3.10", "3.11"]
fail-fast: true
env:
OS: ${{ matrix.os }}
PYTHON: ${{ matrix.python }}
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python }}
id: setup-python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python }}
- name: Install poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
- name: Install dependencies
run: |
poetry install --no-interaction
- name: Run Tests
run: |
source $VENV
poetry run pytest tests --cov netcheck --cov-report=lcov --cov-report=term
timeout-minutes: 10
- name: Coveralls Parallel
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.github_token }}
flag-name: Unittests-${{ matrix.os }}-${{ matrix.python-version }}
parallel: true
path-to-lcov: ./coverage.lcov
probe_coverage:
name: Probe Code Coverage
needs: probe_tests
runs-on: ubuntu-latest
steps:
- name: Coveralls Finished
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.github_token }}
parallel-finished: true
probe_package:
name: Probe Library Packaging
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
id: setup-python
uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Install poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
# install dependencies if cache does not exist
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: |
poetry install --no-interaction --no-root
- name: Artifact creation
run: |
source $VENV
poetry build
- name: Save artifacts
uses: actions/upload-artifact@v3
with:
name: dist
path: ./dist
upload_pypi:
name: Release to PyPi
needs: [probe_package]
runs-on: ubuntu-latest
# upload to PyPI only on release
if: github.event.release && github.event.action == 'published'
steps:
- uses: actions/download-artifact@v3
with:
name: dist
path: dist
- uses: pypa/[email protected]
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
probe_docker:
name: Build Probe Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write # needed for signing the images with GitHub OIDC Token
env:
IMAGE_NAME: netchecks
IMAGE_REGISTRY: ghcr.io
IMAGE_REPOSITORY: hardbyte
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ${{env.IMAGE_REGISTRY}}/${{env.IMAGE_REPOSITORY}}/${{env.IMAGE_NAME}}
tags: |
type=sha
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push
id: docker_build
uses: docker/build-push-action@v4
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
operator_docker:
name: Build Operator Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write # needed for signing the images with GitHub OIDC Token
env:
IMAGE_NAME: netchecks-operator
IMAGE_REGISTRY: ghcr.io
IMAGE_REPOSITORY: hardbyte
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ${{env.IMAGE_REGISTRY}}/${{env.IMAGE_REPOSITORY}}/${{env.IMAGE_NAME}}
tags: |
type=sha
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push
uses: docker/build-push-action@v3
with:
context: operator
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# - name: Install Cosign
# uses: sigstore/cosign-installer@main
# - name: Sign the images with GitHub OIDC Token
# run: cosign sign --yes ${TAGS}
# if: github.event_name != 'pull_request'
# env:
# TAGS: ${{ steps.meta.outputs.tags }}
k8s:
name: Kubernetes Integration Tests
needs: [probe_docker, operator_docker]
runs-on: ubuntu-latest
timeout-minutes: 20
env:
KIND_VERSION: v0.18.0
KIND_CONFIG: .github/kind-config.yaml
TIMEOUT: 2m
LOG_TIME: 30m
cilium_version: v1.13.2
cilium_cli_version: v0.13.2
kubectl_version: v1.25.2
PROBE_IMAGE_NAME: netchecks
OPERATOR_IMAGE_NAME: netchecks-operator
IMAGE_REGISTRY: ghcr.io
IMAGE_REPOSITORY: hardbyte
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Python
id: setup-python
uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Install poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
- name: Install Python Dependencies
run: |
cd operator
poetry install --no-interaction --with dev
- name: Install kubectl
run: |
curl -sLO "https://dl.k8s.io/release/${{ env.kubectl_version }}/bin/linux/amd64/kubectl"
curl -sLO "https://dl.k8s.io/${{ env.kubectl_version }}/bin/linux/amd64/kubectl.sha256"
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client
- name: Install cilium CLI binary
run: |
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${{ env.cilium_cli_version }}/cilium-linux-amd64.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
- name: Create kind cluster
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
cluster_name: kind
- name: Get Cluster Info
run: |
kubectl cluster-info
export KUBE_API=$(kubectl config view -o jsonpath='{.clusters[0].cluster.server}')
kind get nodes
- name: Load Netchecks Images into Kind
run: |
docker pull ${{env.IMAGE_REGISTRY}}/${{env.IMAGE_REPOSITORY}}/${{env.PROBE_IMAGE_NAME}}:sha-${GITHUB_SHA::7}
docker pull ${{env.IMAGE_REGISTRY}}/${{env.IMAGE_REPOSITORY}}/${{env.OPERATOR_IMAGE_NAME}}:sha-${GITHUB_SHA::7}
kind load docker-image ${{env.IMAGE_REGISTRY}}/${{env.IMAGE_REPOSITORY}}/${{env.PROBE_IMAGE_NAME}}:sha-${GITHUB_SHA::7}
kind load docker-image ${{env.IMAGE_REGISTRY}}/${{env.IMAGE_REPOSITORY}}/${{env.OPERATOR_IMAGE_NAME}}:sha-${GITHUB_SHA::7}
- name: Prepare Netchecks Operator Helm Chart
run: |
helm dependency build operator/charts/netchecks
- name: Install Netchecks Operator (helm chart)
run: |
helm upgrade --install netchecks-operator operator/charts/netchecks -n netchecks --create-namespace
- name: Uninstall Netchecks Operator
run: |
helm uninstall netchecks-operator -n netchecks
- name: Run Integration Tests (no Cilium)
run: |
cd operator
export NETCHECKS_IMAGE_TAG=sha-${GITHUB_SHA::7}
poetry run pytest
timeout-minutes: 10
- name: Debug resolve
run: |
cat /etc/resolv.conf
# Install Cilium with HostPort support for extended connectivity test.
- name: Install Cilium
run: |
cilium install \
--version=${{ env.cilium_version }} \
--wait=false \
--config monitor-aggregation=none \
--helm-set cni.chainingMode=portmap
- name: Enable Hubble Relay
run: |
cilium hubble enable --ui
- name: Relay Port Forward
run: |
cilium hubble port-forward&
sleep 10s
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]]
- name: Run Integration Tests (with Cilium)
run: |
cd operator
export NETCHECKS_IMAGE_TAG=sha-${GITHUB_SHA::7}
export INCLUDE_CILIUM_TESTS=1
poetry run pytest -x
timeout-minutes: 10
- name: Cleanup
if: ${{ always() }}
run: |
cilium status
kubectl get pods --all-namespaces -o wide
shell: bash {0} # Disable default fail-fast behaviour so that all commands run independently