Fix typo #30
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release-development | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- '**' | |
jobs: | |
build: | |
name: Release | |
environment: ci-cd | |
runs-on: ubuntu-20.04 | |
env: | |
# https://github.com/github/hub/releases | |
HUB_VERSION: 2.14.2 | |
# https://github.com/docker/buildx/releases | |
BUILDX_BINARY_VERSION: 0.12.0 | |
# https://hub.docker.com/r/rancher/k3s/tags | |
K3S_VERSION: v1.28.5-k3s1 | |
# https://github.com/helm-unittest/helm-unittest/releases | |
HELM_UNITTEST_VERSION: 0.4.1 | |
# https://github.com/kubernetes-sigs/controller-tools/releases | |
CONTROLLER_GEN_VERSION: "v0.13.0" | |
# https://github.com/kubernetes-sigs/controller-runtime/releases | |
CONTROLLER_RUNTIME_VERSION: "v0.16.3" | |
steps: | |
- uses: actions/checkout@v2 | |
name: Check out code | |
- name: Install asdf tools | |
uses: asdf-vm/actions/install@v2 | |
- name: install gpg2 | |
run: | | |
sudo apt update | |
sudo apt install -f | |
sudo apt-get install gnupg2 -y | |
sudo apt-get install qemu-user-static -y | |
- name: install buildx | |
run: | | |
mkdir -p ~/.docker/cli-plugins | |
curl -sSLo docker-buildx https://github.com/docker/buildx/releases/download/v${BUILDX_BINARY_VERSION}/buildx-v${BUILDX_BINARY_VERSION}.linux-amd64 | |
chmod a+x docker-buildx | |
mv docker-buildx ~/.docker/cli-plugins/docker-buildx | |
docker buildx install | |
# Run binfmt | |
docker run --rm --privileged tonistiigi/binfmt:latest --install "linux/amd64,linux/arm64" | |
- name: install hub | |
run: | | |
curl -sSLO https://github.com/github/hub/releases/download/v${HUB_VERSION}/hub-linux-amd64-${HUB_VERSION}.tgz | |
tar -xzf hub-linux-amd64-${HUB_VERSION}.tgz | |
chmod +x hub-linux-amd64-${HUB_VERSION}/bin/hub | |
sudo mv hub-linux-amd64-${HUB_VERSION}/bin/hub /usr/local/bin/ | |
- name: install helm unittest plugin | |
run: | | |
helm plugin install https://github.com/helm-unittest/helm-unittest --version ${HELM_UNITTEST_VERSION} | |
helm unittest --help | |
- name: Install setup-envtest | |
run: | | |
go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest | |
asdf reshim golang | |
- name: start k3d | |
run: | | |
docker version | |
k3d cluster create operator --agents 1 --image rancher/k3s:${K3S_VERSION} | |
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; | |
until kubectl get nodes -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do | |
sleep 1; | |
done | |
# Dump cluster info | |
kubectl cluster-info | |
which kubectl | |
kubectl version | |
kubectl describe node k3d-operator-server-0 | |
kubectl describe node k3d-operator-agent-0 | |
- name: Test helm charts | |
run: make test-helm | |
- name: Unit tests and envtest integration tests | |
run: make test | |
# k3d integration tests | |
- name: In cluster integration tests | |
run: | | |
export GNUPGHOME="$(mktemp -d)" | |
cat >$GNUPGHOME/foo <<EOF | |
%echo Generating a basic OpenPGP key | |
Key-Type: DSA | |
Key-Length: 1024 | |
Subkey-Type: ELG-E | |
Subkey-Length: 1024 | |
Name-Real: Joe Tester | |
Name-Comment: with stupid passphrase | |
Name-Email: joe@foo.bar | |
Expire-Date: 0 | |
Passphrase: abc | |
%no-protection | |
%commit | |
%echo done | |
EOF | |
gpg2 --batch --gen-key $GNUPGHOME/foo | |
export SOPS_GPG_EXEC=$( which gpg2 ) | |
export FP=$( gpg2 --with-colons --fingerprint | awk -F: '$1 == "fpr" {print $10; exit}' ) | |
echo "Fingreprint: $FP ; gpg executable: $SOPS_GPG_EXEC" | |
# Run k8s related commands | |
kubectl create namespace sops | |
make install | |
sleep 3 | |
sops -e -p $FP \ | |
--encrypted-suffix='Templates' \ | |
config/samples/isindir_v1alpha3_sopssecret.yaml \ | |
> config/samples/isindir_v1alpha3_sopssecret.enc.yaml | |
file config/samples/isindir_v1alpha3_sopssecret.enc.yaml | |
echo "=====================================" | |
cat config/samples/isindir_v1alpha3_sopssecret.enc.yaml | |
echo "=====================================" | |
kubectl apply -f config/samples/isindir_v1alpha3_sopssecret.enc.yaml --namespace sops | |
sleep 3 | |
nohup make run & | |
sleep 150 | |
kubectl get sops --namespace sops | |
echo | |
kubectl get secrets --namespace sops | |
echo | |
export SECRETS_NUMBER=$( kubectl get secrets --namespace sops --no-headers \ | |
| awk '$0 !~ /default-token/ { print $1; }' \ | |
| wc -l ) | |
if [[ $SECRETS_NUMBER -ne 5 ]]; then | |
echo "Expected number of secrets in sops namespace is 5 - Failed" | |
tail -40 nohup.out | |
exit 1 | |
fi | |
# Check specific k8s for amount of data entries | |
## my-secret-name-0 | |
export DATA_ENTRIES=$( kubectl get secrets my-secret-name-0 --namespace sops --no-headers \ | |
| awk '{print $3}' ) | |
if [[ $DATA_ENTRIES -ne 2 ]]; then | |
echo "Expected number of data entries in my-secret-name-0 is 2 - Failed" | |
tail -40 nohup.out | |
exit 1 | |
fi | |
## my-secret-name-1 | |
export DATA_ENTRIES=$( kubectl get secrets my-secret-name-1 --namespace sops --no-headers \ | |
| awk '{print $3}' ) | |
if [[ $DATA_ENTRIES -ne 3 ]]; then | |
echo "Expected number of data entries in my-secret-name-1 is 3 - Failed" | |
tail -40 nohup.out | |
exit 1 | |
fi | |
## my-secret-name-2 | |
export DATA_ENTRIES=$( kubectl get secrets my-secret-name-2 --namespace sops --no-headers \ | |
| awk '{print $3}' ) | |
if [[ $DATA_ENTRIES -ne 2 ]]; then | |
echo "Expected number of data entries in my-secret-name-2 is 2 - Failed" | |
tail -40 nohup.out | |
exit 1 | |
fi | |
# Delete to check GC works | |
kubectl delete -f config/samples/isindir_v1alpha3_sopssecret.enc.yaml --namespace sops | |
sleep 15 | |
kubectl get sops --namespace sops | |
echo | |
kubectl get secrets --namespace sops | |
echo | |
export SECRETS_NUMBER=$( kubectl get secrets --namespace sops \ | |
| awk '$0!~/default-token/ && $0!~/NAME/ { print $1; }' \ | |
| wc -l ) | |
if [[ $SECRETS_NUMBER -ne 0 ]]; then | |
echo "Expected number of secrets in sops namespace is 0 - Failed" | |
exit 1 | |
fi | |
rm -fr $GNUPGHOME | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASS }} | |
- name: Docker build | |
run: make docker-cross-build-no-cache |