chore(deps): update github-actions #894
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: [master] | |
release: | |
types: [created] | |
pull_request: | |
branches: [master] | |
# Declare default permissions as read only. | |
permissions: read-all | |
jobs: | |
build: | |
uses: miracum/.github/.github/workflows/standard-build.yaml@b2389048770aa5b9ed439810bf84911fbb07f645 # v1.12.3 | |
permissions: | |
contents: write | |
id-token: write | |
packages: write | |
pull-requests: write | |
actions: read | |
security-events: write | |
with: | |
enable-build-test-layer: true | |
enable-upload-test-image: true | |
platforms: | | |
linux/amd64 | |
linux/arm64 | |
secrets: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
add-code-coverage: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
permissions: | |
# for add Coverage PR Comment | |
pull-requests: write | |
steps: | |
# <https://docs.docker.com/storage/containerd/> | |
# via <https://github.com/docker/setup-buildx-action/issues/257> | |
- name: Set up containerd image store | |
shell: bash | |
run: | | |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json | |
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json | |
cat /etc/docker/daemon.json | |
sudo systemctl restart docker | |
docker info -f '{{ .DriverStatus }}' | |
- name: Download test image | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ needs.build.outputs.image-slug }}-test | |
path: /tmp | |
- name: Load test image | |
run: | | |
ls -lsa /tmp | |
docker load --input /tmp/image-test.tar | |
docker image ls | |
- name: Copy unit test coverage reports from test container | |
env: | |
UNIT_TEST_IMAGE: ${{ fromJson(needs.build.outputs.test-image-meta-json).tags[0] }} | |
run: | | |
docker create --name=unit-test-container "${UNIT_TEST_IMAGE}" | |
docker cp unit-test-container:/build/src/Vfps.Tests/coverage ./coverage | |
- name: Code Coverage Report | |
uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # tag=v1.3.0 | |
with: | |
filename: coverage/**/coverage.cobertura.xml | |
badge: true | |
fail_below_min: true | |
format: markdown | |
hide_branch_rate: false | |
hide_complexity: true | |
indicators: true | |
output: both | |
thresholds: "50 50" | |
- name: Add Coverage PR Comment | |
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
recreate: true | |
path: code-coverage-results.md | |
test-api: | |
name: test api | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
permissions: | |
contents: read | |
pull-requests: write | |
steps: | |
# <https://docs.docker.com/storage/containerd/> | |
# via <https://github.com/docker/setup-buildx-action/issues/257> | |
- name: Set up containerd image store | |
shell: bash | |
run: | | |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json | |
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json | |
cat /etc/docker/daemon.json | |
sudo systemctl restart docker | |
docker info -f '{{ .DriverStatus }}' | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Download container image | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ needs.build.outputs.image-slug }} | |
path: /tmp | |
- name: Load image | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
ls -lar /tmp | |
docker load --input /tmp/image.tar | |
docker image ls -a | |
- name: Install grpcurl | |
working-directory: /tmp | |
env: | |
GRPCURL_URL: https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz | |
run: | | |
curl -LSs "$GRPCURL_URL" | tar xz && \ | |
mv ./grpcurl /usr/local/bin/grpcurl && \ | |
chmod +x /usr/local/bin/grpcurl && \ | |
grpcurl --version | |
- name: Install ghz | |
working-directory: /tmp | |
env: | |
GHZ_URL: https://github.com/bojand/ghz/releases/download/v0.110.0/ghz-linux-x86_64.tar.gz | |
run: | | |
curl -LSs "$GHZ_URL" | tar xz && \ | |
mv ./ghz /usr/local/bin/ghz && \ | |
chmod +x /usr/local/bin/ghz && \ | |
ghz --version | |
- name: Start compose deployment | |
env: | |
VFPS_IMAGE_TAG: ${{ needs.build.outputs.image-version }} | |
run: | | |
echo "Using VFPS image tag ${VFPS_IMAGE_TAG}" | |
docker compose -f docker-compose.yaml --profile=test up -d | |
- name: Wait for the healthz endpoint to be ready | |
run: | | |
curl --fail --retry 5 --retry-all-errors --connect-timeout 30 --max-time 60 --retry-delay 10 http://127.0.0.1:8080/healthz | |
- name: Create a namespace for testing | |
run: | | |
grpcurl \ | |
-plaintext \ | |
-import-path src/Vfps/ \ | |
-proto src/Vfps/Protos/vfps/api/v1/namespaces.proto \ | |
-d '{"name": "test", "pseudonymGenerationMethod": "PSEUDONYM_GENERATION_METHOD_SECURE_RANDOM_BASE64URL_ENCODED", "pseudonymLength": 32}' \ | |
127.0.0.1:8081 \ | |
vfps.api.v1.NamespaceService/Create | |
- name: Create pseudonyms from random inputs | |
run: | | |
ghz -n 5000 \ | |
--cpus 1 \ | |
--insecure \ | |
--import-paths src/Vfps/ \ | |
--proto src/Vfps/Protos/vfps/api/v1/pseudonyms.proto \ | |
--call vfps.api.v1.PseudonymService/Create \ | |
-d '{"originalValue": "{{randomString 32}}", "namespace": "test"}' \ | |
127.0.0.1:8081 | tee ghz-output.txt | |
- name: Enhance ghz output for use as a PR comment | |
run: | | |
GHZ_OUTPUT_TXT=$(cat ghz-output.txt) | |
{ | |
echo -e '---'; | |
echo -e '## ghz run statistics'; | |
echo -e '```console'; | |
echo -e "${GHZ_OUTPUT_TXT}"; | |
echo -e '```' | |
} >> ghz-output.md | |
- name: Append sticky comment with ghz output | |
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
append: true | |
path: ghz-output.md | |
- name: Print compose logs | |
if: always() | |
run: | | |
docker compose --profile=test -f docker-compose.yaml logs | |
docker compose --profile=test down --volumes --remove-orphans | |
test-migrations: | |
name: test migrations | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
needs: | |
- build | |
steps: | |
# <https://docs.docker.com/storage/containerd/> | |
# via <https://github.com/docker/setup-buildx-action/issues/257> | |
- name: Set up containerd image store | |
shell: bash | |
run: | | |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json | |
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json | |
cat /etc/docker/daemon.json | |
sudo systemctl restart docker | |
docker info -f '{{ .DriverStatus }}' | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Download container image | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ needs.build.outputs.image-slug }} | |
path: /tmp | |
- name: Load image | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
ls -lar /tmp | |
docker load --input /tmp/image.tar | |
docker image ls -a | |
- name: Install .NET | |
uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1 | |
with: | |
dotnet-version: "8.0.x" | |
- name: Run migrations tests | |
env: | |
VFPS_IMAGE_TAG: ${{ needs.build.outputs.image-version }} | |
run: dotnet test src/Vfps.IntegrationTests --configuration=Release -l "console;verbosity=detailed" | |
test-iter8: | |
name: iter8 tests | |
runs-on: ubuntu-22.04 | |
if: ${{ github.event_name == 'pull_request' }} | |
needs: | |
- build | |
permissions: | |
contents: read | |
pull-requests: write | |
steps: | |
# <https://docs.docker.com/storage/containerd/> | |
# via <https://github.com/docker/setup-buildx-action/issues/257> | |
- name: Set up containerd image store | |
shell: bash | |
run: | | |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json | |
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json | |
cat /etc/docker/daemon.json | |
sudo systemctl restart docker | |
docker info -f '{{ .DriverStatus }}' | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: install iter8 cli | |
env: | |
ITER8_CLI_URL: "https://github.com/iter8-tools/iter8/releases/download/v0.13.18/iter8-linux-amd64.tar.gz" | |
run: | | |
curl -LSs "${ITER8_CLI_URL}" | tar xz | |
mv linux-amd64/iter8 /usr/local/bin/iter8 | |
chmod +x /usr/local/bin/iter8 | |
iter8 version | |
- name: Create KinD cluster | |
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 | |
with: | |
cluster_name: kind | |
- name: Download container image | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ needs.build.outputs.image-slug }} | |
path: /tmp | |
- name: Load image into KinD | |
run: | | |
# vfps api image | |
kind load image-archive /tmp/image.tar | |
- name: List images in cluster | |
run: docker exec kind-control-plane crictl images | |
- name: Install vfps | |
env: | |
IMAGE_TAG: ${{ needs.build.outputs.image-version }} | |
run: | | |
helm install \ | |
--set="image.tag=${IMAGE_TAG}" \ | |
-f tests/iter8/values.yaml \ | |
--wait \ | |
--timeout=15m \ | |
vfps oci://ghcr.io/miracum/charts/vfps | |
- name: Launch iter8 experiment | |
run: kubectl apply -f tests/iter8/experiment.yaml | |
- name: Wait for experiment completion | |
run: iter8 k assert -c completed --timeout 10m | |
- name: Assert no failures and SLOs are satisfied | |
run: iter8 k assert -c nofailure,slos | |
- name: Create iter8 reports | |
if: always() | |
run: | | |
iter8 k report | tee iter8-report.txt | |
iter8 k report -o html > iter8-report.html | |
- name: Enhance iter8 report output for use as a PR comment | |
run: | | |
ITER8_REPORT_TXT=$(cat iter8-report.txt) | |
{ | |
echo -e '---'; | |
echo -e '## iter8 report'; | |
echo -e '```console'; | |
echo -e "${ITER8_REPORT_TXT}"; | |
echo -e '```' | |
} >> iter8-output.md | |
- name: Append sticky comment with iter8 report | |
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
append: true | |
path: iter8-output.md | |
- name: Upload report | |
if: always() | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
with: | |
name: iter8-report.html | |
path: | | |
iter8-report.html | |
- name: Print cluster and iter8 logs | |
if: always() | |
run: | | |
kubectl cluster-info dump -o yaml | tee kind-cluster-dump.txt | |
iter8 k log -l trace | |
- name: Upload cluster dump | |
if: always() | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
with: | |
name: kind-cluster-dump.txt | |
path: | | |
kind-cluster-dump.txt | |
lint: | |
uses: miracum/.github/.github/workflows/standard-lint.yaml@b2389048770aa5b9ed439810bf84911fbb07f645 # v1.12.3 | |
permissions: | |
contents: read | |
pull-requests: write | |
issues: write | |
security-events: write | |
actions: read | |
with: | |
dotnet-version: "8.0.x" | |
enable-verify-base-image-signature: false | |
enable-validate-gradle-wrapper: false | |
codeql-languages: '["csharp"]' | |
enable-codeql: true | |
secrets: | |
github-token: ${{ secrets.GITHUB_TOKEN }} |