Skip to content

chore(deps): update github-actions #894

chore(deps): update github-actions

chore(deps): update github-actions #894

Workflow file for this run

name: ci
on:
push:
branches: [master]
release:
types: [created]
pull_request:
branches: [master]
# Declare default permissions as read only.
permissions: read-all
jobs:
build:
uses: miracum/.github/.github/workflows/standard-build.yaml@b2389048770aa5b9ed439810bf84911fbb07f645 # v1.12.3
permissions:
contents: write
id-token: write
packages: write
pull-requests: write
actions: read
security-events: write
with:
enable-build-test-layer: true
enable-upload-test-image: true
platforms: |
linux/amd64
linux/arm64
secrets:
github-token: ${{ secrets.GITHUB_TOKEN }}
add-code-coverage:
runs-on: ubuntu-22.04
needs:
- build
permissions:
# for add Coverage PR Comment
pull-requests: write
steps:
# <https://docs.docker.com/storage/containerd/>
# via <https://github.com/docker/setup-buildx-action/issues/257>
- name: Set up containerd image store
shell: bash
run: |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json
cat /etc/docker/daemon.json
sudo systemctl restart docker
docker info -f '{{ .DriverStatus }}'
- name: Download test image
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.image-slug }}-test
path: /tmp
- name: Load test image
run: |
ls -lsa /tmp
docker load --input /tmp/image-test.tar
docker image ls
- name: Copy unit test coverage reports from test container
env:
UNIT_TEST_IMAGE: ${{ fromJson(needs.build.outputs.test-image-meta-json).tags[0] }}
run: |
docker create --name=unit-test-container "${UNIT_TEST_IMAGE}"
docker cp unit-test-container:/build/src/Vfps.Tests/coverage ./coverage
- name: Code Coverage Report
uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # tag=v1.3.0
with:
filename: coverage/**/coverage.cobertura.xml
badge: true
fail_below_min: true
format: markdown
hide_branch_rate: false
hide_complexity: true
indicators: true
output: both
thresholds: "50 50"
- name: Add Coverage PR Comment
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
if: ${{ github.event_name == 'pull_request' }}
with:
recreate: true
path: code-coverage-results.md
test-api:
name: test api
runs-on: ubuntu-22.04
needs:
- build
permissions:
contents: read
pull-requests: write
steps:
# <https://docs.docker.com/storage/containerd/>
# via <https://github.com/docker/setup-buildx-action/issues/257>
- name: Set up containerd image store
shell: bash
run: |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json
cat /etc/docker/daemon.json
sudo systemctl restart docker
docker info -f '{{ .DriverStatus }}'
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Download container image
if: ${{ github.event_name == 'pull_request' }}
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.image-slug }}
path: /tmp
- name: Load image
if: ${{ github.event_name == 'pull_request' }}
run: |
ls -lar /tmp
docker load --input /tmp/image.tar
docker image ls -a
- name: Install grpcurl
working-directory: /tmp
env:
GRPCURL_URL: https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz
run: |
curl -LSs "$GRPCURL_URL" | tar xz && \
mv ./grpcurl /usr/local/bin/grpcurl && \
chmod +x /usr/local/bin/grpcurl && \
grpcurl --version
- name: Install ghz
working-directory: /tmp
env:
GHZ_URL: https://github.com/bojand/ghz/releases/download/v0.110.0/ghz-linux-x86_64.tar.gz
run: |
curl -LSs "$GHZ_URL" | tar xz && \
mv ./ghz /usr/local/bin/ghz && \
chmod +x /usr/local/bin/ghz && \
ghz --version
- name: Start compose deployment
env:
VFPS_IMAGE_TAG: ${{ needs.build.outputs.image-version }}
run: |
echo "Using VFPS image tag ${VFPS_IMAGE_TAG}"
docker compose -f docker-compose.yaml --profile=test up -d
- name: Wait for the healthz endpoint to be ready
run: |
curl --fail --retry 5 --retry-all-errors --connect-timeout 30 --max-time 60 --retry-delay 10 http://127.0.0.1:8080/healthz
- name: Create a namespace for testing
run: |
grpcurl \
-plaintext \
-import-path src/Vfps/ \
-proto src/Vfps/Protos/vfps/api/v1/namespaces.proto \
-d '{"name": "test", "pseudonymGenerationMethod": "PSEUDONYM_GENERATION_METHOD_SECURE_RANDOM_BASE64URL_ENCODED", "pseudonymLength": 32}' \
127.0.0.1:8081 \
vfps.api.v1.NamespaceService/Create
- name: Create pseudonyms from random inputs
run: |
ghz -n 5000 \
--cpus 1 \
--insecure \
--import-paths src/Vfps/ \
--proto src/Vfps/Protos/vfps/api/v1/pseudonyms.proto \
--call vfps.api.v1.PseudonymService/Create \
-d '{"originalValue": "{{randomString 32}}", "namespace": "test"}' \
127.0.0.1:8081 | tee ghz-output.txt
- name: Enhance ghz output for use as a PR comment
run: |
GHZ_OUTPUT_TXT=$(cat ghz-output.txt)
{
echo -e '---';
echo -e '## ghz run statistics';
echo -e '```console';
echo -e "${GHZ_OUTPUT_TXT}";
echo -e '```'
} >> ghz-output.md
- name: Append sticky comment with ghz output
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
if: ${{ github.event_name == 'pull_request' }}
with:
append: true
path: ghz-output.md
- name: Print compose logs
if: always()
run: |
docker compose --profile=test -f docker-compose.yaml logs
docker compose --profile=test down --volumes --remove-orphans
test-migrations:
name: test migrations
runs-on: ubuntu-22.04
permissions:
contents: read
needs:
- build
steps:
# <https://docs.docker.com/storage/containerd/>
# via <https://github.com/docker/setup-buildx-action/issues/257>
- name: Set up containerd image store
shell: bash
run: |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json
cat /etc/docker/daemon.json
sudo systemctl restart docker
docker info -f '{{ .DriverStatus }}'
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Download container image
if: ${{ github.event_name == 'pull_request' }}
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.image-slug }}
path: /tmp
- name: Load image
if: ${{ github.event_name == 'pull_request' }}
run: |
ls -lar /tmp
docker load --input /tmp/image.tar
docker image ls -a
- name: Install .NET
uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
with:
dotnet-version: "8.0.x"
- name: Run migrations tests
env:
VFPS_IMAGE_TAG: ${{ needs.build.outputs.image-version }}
run: dotnet test src/Vfps.IntegrationTests --configuration=Release -l "console;verbosity=detailed"
test-iter8:
name: iter8 tests
runs-on: ubuntu-22.04
if: ${{ github.event_name == 'pull_request' }}
needs:
- build
permissions:
contents: read
pull-requests: write
steps:
# <https://docs.docker.com/storage/containerd/>
# via <https://github.com/docker/setup-buildx-action/issues/257>
- name: Set up containerd image store
shell: bash
run: |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json
cat /etc/docker/daemon.json
sudo systemctl restart docker
docker info -f '{{ .DriverStatus }}'
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: install iter8 cli
env:
ITER8_CLI_URL: "https://github.com/iter8-tools/iter8/releases/download/v0.13.18/iter8-linux-amd64.tar.gz"
run: |
curl -LSs "${ITER8_CLI_URL}" | tar xz
mv linux-amd64/iter8 /usr/local/bin/iter8
chmod +x /usr/local/bin/iter8
iter8 version
- name: Create KinD cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
cluster_name: kind
- name: Download container image
if: ${{ github.event_name == 'pull_request' }}
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ needs.build.outputs.image-slug }}
path: /tmp
- name: Load image into KinD
run: |
# vfps api image
kind load image-archive /tmp/image.tar
- name: List images in cluster
run: docker exec kind-control-plane crictl images
- name: Install vfps
env:
IMAGE_TAG: ${{ needs.build.outputs.image-version }}
run: |
helm install \
--set="image.tag=${IMAGE_TAG}" \
-f tests/iter8/values.yaml \
--wait \
--timeout=15m \
vfps oci://ghcr.io/miracum/charts/vfps
- name: Launch iter8 experiment
run: kubectl apply -f tests/iter8/experiment.yaml
- name: Wait for experiment completion
run: iter8 k assert -c completed --timeout 10m
- name: Assert no failures and SLOs are satisfied
run: iter8 k assert -c nofailure,slos
- name: Create iter8 reports
if: always()
run: |
iter8 k report | tee iter8-report.txt
iter8 k report -o html > iter8-report.html
- name: Enhance iter8 report output for use as a PR comment
run: |
ITER8_REPORT_TXT=$(cat iter8-report.txt)
{
echo -e '---';
echo -e '## iter8 report';
echo -e '```console';
echo -e "${ITER8_REPORT_TXT}";
echo -e '```'
} >> iter8-output.md
- name: Append sticky comment with iter8 report
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
if: ${{ github.event_name == 'pull_request' }}
with:
append: true
path: iter8-output.md
- name: Upload report
if: always()
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: iter8-report.html
path: |
iter8-report.html
- name: Print cluster and iter8 logs
if: always()
run: |
kubectl cluster-info dump -o yaml | tee kind-cluster-dump.txt
iter8 k log -l trace
- name: Upload cluster dump
if: always()
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: kind-cluster-dump.txt
path: |
kind-cluster-dump.txt
lint:
uses: miracum/.github/.github/workflows/standard-lint.yaml@b2389048770aa5b9ed439810bf84911fbb07f645 # v1.12.3
permissions:
contents: read
pull-requests: write
issues: write
security-events: write
actions: read
with:
dotnet-version: "8.0.x"
enable-verify-base-image-signature: false
enable-validate-gradle-wrapper: false
codeql-languages: '["csharp"]'
enable-codeql: true
secrets:
github-token: ${{ secrets.GITHUB_TOKEN }}