-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Validate individual tasks in GA CI #1447
Conversation
17aa0a1
to
0cd56c4
Compare
923122a
to
59f79e3
Compare
ccafb0b
to
f93dad2
Compare
@@ -0,0 +1,30 @@ | |||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you considering using a Pipeline to encapsulate the Task execution and the required verification? The release folks took this approach, example: https://github.com/konflux-ci/release-service-catalog/blob/development/tasks/check-data-keys/tests/test-check-data-keys-fail-missing-cdn-key.yaml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lcarva could you please help with more context around where these tests are running what approach they are following... any doc or CI pipeline script?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we should verify that the task really cloned the repo as expected (e.g. contains the expected files, is really at revision 1.0.0
, ...). And this test should set the example for how to verify that the task works as expected.
That will probably require wrapping the Task in a Pipeline as Lui suggested
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
makes sense now, this is another approach to validate the tasks (we were not aware of this while investigating), the approach taken release-service-catalog repo has more flexibility on what to verify in the task results. With current approach taken in this PR, we are just validating task results are non-empty. If we want to choose the approach taken in release-service-catalog repo, the current PR needs to be rewritten almost.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As a contributor to the release-service-catalog, I just want to say that I like the approach they're using. Once I got the hang of writing mocks.sh
for my tests there, it became easy to add new functional tests for my tasks including both positive and negative cases.
They have nice features, like the ability to assert that the task should fail hard and exit with a non-zero status code on certain inputs, or to assert that the task should succeed, but have certain properties in its output.
For local development / inner-loop, I can stand up kind locally, install upstream tekton, and then run export TEST_ITEMS=path/to/the/task/Im/working/on
and then run the .github/scripts/test_tekton_tasks.sh
from their repo in a loop while I hack on my task or test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ralphbean thanks for the feedback, looks like the approach used in release-service-catalog is better, will move to it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
took this approach in this PR and closed the current one
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we check task results / logs / created images, etc. ?
task/** | ||
test/** | ||
|
||
- name: Free Disk Space |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
took it from here, don't aware of the exact reason, but I think might be helping to create more disk space in the github action env. Don't find any issue to keep it our CI as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How long does this take to run? According to the README, around 3 minutes https://github.com/jlumbroso/free-disk-space?tab=readme-ov-file
Which doesn't seem worth it unless really needed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed it now. Please check here.
|
||
For example refer: Git Clone task [tests](./task/git-clone/0.1/tests/run.yaml) | ||
|
||
CI also validates the task yamls using [tektor](https://github.com/lcarva/tektor) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lcarva is there any plans to move it to some public org from personal account?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
local reason='' | ||
local maxloop=60 # 10 minutes max | ||
|
||
set +x |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need set +x
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
to avoid unnecessary logs being printed in the console, while we looping through to check task run status, reason and results, if something fails show_failure()
will dump the test resources in the console.
test/common.sh
Outdated
done | ||
} | ||
|
||
function test_resource_creation() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The function name and what id does differs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated it to test_resource_creation_and_validation
, hope the name fits with its functionality now
test/common.sh
Outdated
echo ${CHANGED_FILES} |grep -o 'task/[^\/]*/[^\/]*/*[^/]*.yaml'|xargs -I {} dirname {}|awk '{print $1"/tests"}' | ||
} | ||
|
||
function get_new_changed_tasks() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
function name is not clear
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed it to print_changed_tasks_to_console
, hope it better fit its functionality.
test/common.sh
Outdated
echo ${CHANGED_FILES} |grep "test/" || true | ||
} | ||
|
||
function detect_new_changed_resources() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
function name is unclear
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed it to print_changed_resources_to_console
now
@@ -0,0 +1,47 @@ | |||
#!/bin/bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't it duplicates hack/run-test.sh
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
forgot to remove the old one hack/run-test.sh
, this test/run-test.sh
is the correct one.
- name: Checkout konflux-ci/konflux-ci Repository | ||
if: steps.changed-files.outputs.any_changed == 'true' | ||
uses: actions/checkout@v3 | ||
with: | ||
repository: 'konflux-ci/konflux-ci' | ||
path: konflux-ci |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we pin konflux-ci/konflux-ci to a commit (and configure renovate to update it)? To avoid CI breaking overnight due to changes in the repo
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated to use specific commit from konflux-ci/konflux-ci
while checking out. But for configuring the renovate to update the SHA, does only renovate config is sufficient or do we need to run any script on push at konflux-ci/konflux-ci
repo?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be doable with a Renovate regex manager, roughly similar to https://docs.renovatebot.com/modules/manager/regex/#advanced-capture
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed it in the new PR
A helper script called `run-test.sh` is present inside `test` directory to help the developer run the test. Just specify resource type as first argument, resource name as second argument and the version as third argument i.e: | ||
|
||
``` | ||
./test/run-test.sh task git-clone 0.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type as first argument, resource name as second argument and the version as third argument
This seems unnecessary, passing the actual directory as the argument would work much better with tab completion :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could also test stepactions
in similar ways, that functionality is not added fully in the current PR, which we can extend to in the future, so kept the type (task
or stepactions
) as first argument in the run-test.sh
script.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would ./test/run-test.sh stepactions/eaas-copy-secrets-to-ephemeral-cluster/0.1
not work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes that should work.... updated it now
echo ${CHANGED_FILES} | grep -o 'task/[^\/]*/[^\/]*/tests/[^/]*'|xargs -I {} dirname {}|sed 's/\(tests\).*/\1/g' | ||
# detect for changes in the task manifest | ||
echo ${CHANGED_FILES} | grep -o 'task/[^\/]*/[^\/]*/*[^/]*.yaml'|xargs -I {} dirname {}|awk '{print $1"/tests"}' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
echo ${CHANGED_FILES} | grep -o 'task/[^\/]*/[^\/]*/tests/[^/]*'|xargs -I {} dirname {}|sed 's/\(tests\).*/\1/g' | |
# detect for changes in the task manifest | |
echo ${CHANGED_FILES} | grep -o 'task/[^\/]*/[^\/]*/*[^/]*.yaml'|xargs -I {} dirname {}|awk '{print $1"/tests"}' | |
echo "${CHANGED_FILES}" | grep -o 'task/[^\/]*/[^\/]*/tests/[^/]*'|xargs -I {} dirname {}|sed 's/\(tests\).*/\1/g' | |
# detect for changes in the task manifest | |
echo "${CHANGED_FILES}" | grep -o 'task/[^\/]*/[^\/]*/*[^/]*.yaml'|xargs -I {} dirname {}|awk '{print $1"/tests"}' |
without the quotes, echo
will print all the changed files on a single line and the grep
probably won't work right
done | ||
|
||
# don't test the tasks which are deprecated | ||
cat ${runtest} | grep 'tekton.dev/deprecated: \"true\"' && skipit=True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We use the build.appstudio.redhat.com/expires-on
label (but its value can be in the future)
# Set the return code that the test script will return. | ||
# Parameters: $1 - return code (0-255) | ||
function set_test_return_code() { | ||
# kubetest teardown might fail and thus incorrectly report failure of the | ||
# script, even if the tests pass. | ||
# We store the real test result to return it later, ignoring any teardown | ||
# failure in kubetest. | ||
# TODO(adrcunha): Get rid of this workaround. | ||
echo -n "$1"> ${TEST_RESULT_FILE} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this relevant for us?
# Configure the number of parallel tests running at the same time, start from 0 | ||
MAX_NUMBERS_OF_PARALLEL_TASKS=2 # => 8 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does the start from 0
and # => 8
mean here?
Closing in favour of #1644 |
This PR adds a Github Actions CI to validate the task tests (if present inside the task directory) and few example tests for
git-clone
task for reference.Story: https://issues.redhat.com/browse/STONEBLD-2910