-
Notifications
You must be signed in to change notification settings - Fork 29
208 lines (196 loc) · 9.12 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
on:
push:
branches:
- main
workflow_dispatch:
name: deploy
jobs:
build:
uses: ./.github/workflows/build.yaml
with:
helmrepo: "charts-v3-r2"
secrets:
BUILD_BOT_PERSONAL_ACCESS_TOKEN: ${{ secrets.BUILD_BOT_PERSONAL_ACCESS_TOKEN }}
WGE_DOCKER_IO_USER: ${{ secrets.WGE_DOCKER_IO_USER }}
WGE_DOCKER_IO_PASSWORD: ${{ secrets.WGE_DOCKER_IO_PASSWORD }}
WGE_S3_AWS_ACCESS_KEY_ID: ${{ secrets.WGE_S3_AWS_ACCESS_KEY_ID }}
WGE_S3_AWS_SECRET_ACCESS_KEY: ${{ secrets.WGE_S3_AWS_SECRET_ACCESS_KEY }}
WGE_HELM_REPO_USERNAME: ${{ secrets.WGE_HELM_REPO_USERNAME }}
WGE_HELM_REPO_PASSWORD: ${{ secrets.WGE_HELM_REPO_PASSWORD }}
WEAVE_GITOPS_CLUSTERS_GITHUB_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.WEAVE_GITOPS_CLUSTERS_GITHUB_WORKLOAD_IDENTITY_PROVIDER }}
WEAVE_GITOPS_CLUSTERS_GITHUB_SERVICE_ACCOUNT: ${{ secrets.WEAVE_GITOPS_CLUSTERS_GITHUB_SERVICE_ACCOUNT }}
coverage:
runs-on: ubuntu-latest
env:
ARTEFACTS_BASE_DIR: /tmp/workspace/test
steps:
- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: 1.20.x
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Configure git for private modules
env:
GITHUB_BUILD_USERNAME: wge-build-bot
GITHUB_BUILD_TOKEN: ${{ secrets.BUILD_BOT_PERSONAL_ACCESS_TOKEN }}
run: git config --global url."https://${GITHUB_BUILD_USERNAME}:${GITHUB_BUILD_TOKEN}@github.com".insteadOf "https://github.com"
- name: Install dependencies
run: |
go mod download
go install github.com/wadey/gocovmerge@latest
go install github.com/jstemmer/go-junit-report@latest
npm install -g junit-report-merger
- name: Run unit tests
run: |
go version
mkdir -p ${{ env.ARTEFACTS_BASE_DIR }}
WKP_DEBUG=true go test -cover -coverprofile=.coverprofile ./cmd/... ./pkg/... | go-junit-report > ${{ env.ARTEFACTS_BASE_DIR }}/test-results.xml
cd ${{ github.workspace }}/common && go test -cover -coverprofile=.coverprofile ./... | go-junit-report > ${{ env.ARTEFACTS_BASE_DIR }}/common-results.xml
cd ${{ github.workspace }}/cmd/clusters-service && go test -cover -coverprofile=.coverprofile ./... | go-junit-report > ${{ env.ARTEFACTS_BASE_DIR }}/clusters-service-results.xml
cd ${{ github.workspace }}
# Merge all coverage results
gocovmerge .coverprofile common/.coverprofile cmd/clusters-service/.coverprofile > ${{ env.ARTEFACTS_BASE_DIR }}/merged-profiles
# Merge all junit test results
jrm ${{ env.ARTEFACTS_BASE_DIR }}/combined-test-results.xml '${{ env.ARTEFACTS_BASE_DIR }}/*.xml'
- name: Store unit test coverage results
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: unit-tests-artifacts
path: |
${{ env.ARTEFACTS_BASE_DIR }}
retention-days: 1
smoke-tests-github:
needs: [build, coverage]
uses: ./.github/workflows/acceptance-test.yaml
with:
os-name: linux
timeout-minutes: 60
label-filter: "--label-filter='smoke&&capd'"
kubectl-version: "v1.21.1"
login_user_type: "oidc"
git-provider: github
git-provider_hostname: github.com
cluster_resource_set: true
management-cluster-kind: kind
capi_provider: capd
gitops-bin-path: /usr/local/bin/gitops
test-artifact-name: smoke-tests-github
secrets:
WGE_CLUSTER_ADMIN_PASSWORD: "${{ secrets.WGE_CLUSTER_ADMIN_PASSWORD }}"
WGE_CLUSTER_ADMIN_PASSWORD_HASH: "${{ secrets.WGE_CLUSTER_ADMIN_PASSWORD_HASH }}"
WGE_DEX_CLIENT_SECRET: ${{ secrets.WGE_DEX_CLIENT_SECRET }}
WGE_GIT_PROVIDER_PRIVATE_KEY: ${{ secrets.WGE_GITHUB_PRIVATE_KEY }}
WGE_GITHUB_TOKEN: ${{ secrets.WGE_GITHUB_TOKEN }}
WGE_GITHUB_ORG: ${{ secrets.WGE_GITHUB_ORG }}
WGE_GITHUB_USER: ${{ secrets.WGE_GITHUB_USER }}
WGE_GITHUB_PASSWORD: ${{ secrets.WGE_GITHUB_PASSWORD }}
WGE_GITHUB_MFA_KEY: ${{ secrets.WGE_GITHUB_MFA_KEY }}
smoke-tests-gitlab-deploy:
needs: [build, coverage]
uses: ./.github/workflows/acceptance-test.yaml
with:
os-name: linux
timeout-minutes: 60
label-filter: "--label-filter='smoke&&deploy'"
kubectl-version: "v1.22.0"
login_user_type: "cluster-user"
git-provider: gitlab
git-provider_hostname: gitlab.git.dev.weave.works
cluster_resource_set: true
management-cluster-kind: kind
capi_provider: capd
gitops-bin-path: /usr/local/bin/gitops
test-artifact-name: smoke-tests-gitlab-deploy
secrets:
WGE_CLUSTER_ADMIN_PASSWORD: "${{ secrets.WGE_CLUSTER_ADMIN_PASSWORD }}"
WGE_CLUSTER_ADMIN_PASSWORD_HASH: "${{ secrets.WGE_CLUSTER_ADMIN_PASSWORD_HASH }}"
WGE_DEX_CLIENT_SECRET: ${{ secrets.WGE_DEX_CLIENT_SECRET }}
WGE_GITHUB_TOKEN: ${{ secrets.WGE_GITHUB_TOKEN }}
WGE_GIT_PROVIDER_PRIVATE_KEY: ${{ secrets.WGE_ON_PREM_GITLAB_PRIVATE_KEY }}
WGE_GITLAB_TOKEN: ${{ secrets.WGE_ON_PREM_GITLAB_TOKEN }}
WGE_GITLAB_ORG: ${{ secrets.WGE_ON_PREM_GITLAB_ORG }}
WGE_GITLAB_USER: ${{ secrets.WGE_ON_PREM_GITLAB_USER }}
WGE_GITLAB_PASSWORD: ${{ secrets.WGE_ON_PREM_GITLAB_PASSWORD }}
WGE_GITLAB_CLIENT_ID: ${{ secrets.WGE_ON_PREM_GITLAB_CLIENT_ID }}
WGE_GITLAB_CLIENT_SECRET: ${{ secrets.WGE_ON_PREM_GITLAB_CLIENT_SECRET }}
smoke-tests-gitlab-tenant:
needs: [build, coverage]
uses: ./.github/workflows/acceptance-test.yaml
with:
os-name: linux
timeout-minutes: 60
label-filter: "--label-filter='smoke&&tenant'"
kubectl-version: "v1.23.3"
login_user_type: "oidc"
git-provider: gitlab
git-provider_hostname: gitlab.git.dev.weave.works
cluster_resource_set: true
management-cluster-kind: kind
capi_provider: capd
gitops-bin-path: /usr/local/bin/gitops
test-artifact-name: smoke-tests-gitlab-tenant
secrets:
WGE_CLUSTER_ADMIN_PASSWORD: "${{ secrets.WGE_CLUSTER_ADMIN_PASSWORD }}"
WGE_CLUSTER_ADMIN_PASSWORD_HASH: "${{ secrets.WGE_CLUSTER_ADMIN_PASSWORD_HASH }}"
WGE_DEX_CLIENT_SECRET: ${{ secrets.WGE_DEX_CLIENT_SECRET }}
WGE_GITHUB_TOKEN: ${{ secrets.WGE_GITHUB_TOKEN }}
WGE_GIT_PROVIDER_PRIVATE_KEY: ${{ secrets.WGE_ON_PREM_GITLAB_PRIVATE_KEY }}
WGE_GITLAB_TOKEN: ${{ secrets.WGE_ON_PREM_GITLAB_TOKEN }}
WGE_GITLAB_ORG: ${{ secrets.WGE_ON_PREM_GITLAB_ORG }}
WGE_GITLAB_USER: ${{ secrets.WGE_ON_PREM_GITLAB_USER }}
WGE_GITLAB_PASSWORD: ${{ secrets.WGE_ON_PREM_GITLAB_PASSWORD }}
WGE_GITLAB_CLIENT_ID: ${{ secrets.WGE_ON_PREM_GITLAB_CLIENT_ID }}
WGE_GITLAB_CLIENT_SECRET: ${{ secrets.WGE_ON_PREM_GITLAB_CLIENT_SECRET }}
playwright-smoke-tests:
needs: [build]
runs-on: ubuntu-latest
continue-on-error: true
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Generate release tags
id: release_tags
run: |
TAG=$(git describe --always --match "v*" --abbrev=7 | sed 's/^[^0-9]*//' )
echo "tag=$TAG" >> $GITHUB_OUTPUT
- name: Run playwright tests workflow
uses: convictional/trigger-workflow-and-wait@f69fa9eedd3c62a599220f4d5745230e237904be #v1.6.5
with:
owner: weaveworks
repo: playwright-tests
github_token: ${{ secrets.BUILD_BOT_PERSONAL_ACCESS_TOKEN }}
workflow_file_name: nightly.yaml
ref: main
wait_interval: 10
propagate_failure: false
trigger_workflow: true
wait_workflow: true
client_payload: '{"chart_version": "${{ steps.release_tags.outputs.tag }}"}'
smoke-test-results:
if: ${{ always() }}
needs:
[smoke-tests-github, smoke-tests-gitlab-deploy, smoke-tests-gitlab-tenant]
uses: ./.github/workflows/publish-test-results.yaml
with:
runs-on: ubuntu-latest
junit-results-glob-pattern: "*smoke-tests*.xml"
slack-notification: true
secrets:
SLACK_BOT_TOKEN: ${{ secrets.WEAVEWORKS_SLACK_GENERICBOT_TOKEN }}
notify-failure:
name: Notify Slack on Failure
runs-on: ubuntu-latest
needs: [smoke-tests-github, smoke-tests-gitlab-deploy, smoke-tests-gitlab-tenant]
if: ${{ failure() && github.ref == 'refs/heads/main' }}
steps:
- name: Send alert
uses: archive/github-actions-slack@d9dae40827adf93bddf939db6552d1e392259d7d # v2.7.0
with:
slack-bot-user-oauth-access-token: ${{ secrets.WEAVEWORKS_SLACK_GENERICBOT_TOKEN }}
slack-channel: C01M1BJQ7AT # weave-gitops-dev
slack-text: |
:sad-parrot: The <https://github.com/weaveworks/weave-gitops-enterprise/commit/${{ github.sha }}|latest commit> from ${{ github.actor }} is failing on main. <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Click here> and weep. Then fix the underlying issue and ensure main remains green.
slack-optional-icon_url: "https://avatars.githubusercontent.com/u/9976052"