Skip to content

Commit

Permalink
add pr workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
susanshi committed Mar 20, 2024
1 parent a023d20 commit 747412d
Show file tree
Hide file tree
Showing 3 changed files with 293 additions and 56 deletions.
89 changes: 33 additions & 56 deletions .github/workflows/build-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,10 @@ on:
types: [labeled]
pull_request:
branches:
- main
- 1.0.0*
- staging2
push:
branches:
- 1.0.0*
- main
- staging2
workflow_dispatch:

permissions: read-all
Expand Down Expand Up @@ -77,17 +75,17 @@ jobs:
- name: Upload coverage to codecov.io
uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0

build_test_e2e:
name: "Build and run e2e Test"
build_test_e2e_basic:
name: "Build and run e2e Test only on latest test matrix"
runs-on: ubuntu-latest
timeout-minutes: 35
permissions:
contents: read
strategy:
fail-fast: false
matrix:
KUBERNETES_VERSION: ["1.26.10", "1.27.7"]
GATEKEEPER_VERSION: ["3.13.0", "3.14.0", "3.15.0"]
KUBERNETES_VERSION: ["1.27.7"]
GATEKEEPER_VERSION: ["3.15.0"]
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
Expand Down Expand Up @@ -131,17 +129,11 @@ jobs:
path: |
logs-*.json
build_test_aks_e2e:
name: "Build and run e2e Test on AKS"
env:
AZURE_CLIENT_ID: 814e6e97-120c-4534-b8a9-f1645bc99500
AZURE_TENANT_ID: 72f988bf-86f1-41af-91ab-2d7cd011db47
AZURE_SUBSCRIPTION_ID: daae1e1a-63dc-454f-825d-b39289070f79
build_test_e2e_full:
name: "Build and run e2e on full test matrix"
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'workflow_dispatch' || github.event_name == 'push'
timeout-minutes: 30
timeout-minutes: 35
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
Expand All @@ -156,27 +148,38 @@ jobs:
with:
go-version: '1.21'

- name: Az CLI login
uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0
with:
creds: '{"clientId":"${{ env.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ env.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ env.AZURE_TENANT_ID }}"}'

- name: Dependencies e2e
- name: Bootstrap e2e
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make e2e-docker-credential-store-setup
make e2e-dependencies
- name: Run e2e on Azure
make e2e-bootstrap KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }}
make generate-certs
- name: Run e2e with config policy
run: |
make e2e-aks KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} GATEKEEPER_VERSION=${{ matrix.GATEKEEPER_VERSION }} TENANT_ID=${{ env.AZURE_TENANT_ID }}
make e2e-deploy-gatekeeper GATEKEEPER_VERSION=${{ matrix.GATEKEEPER_VERSION }}
make e2e-deploy-ratify GATEKEEPER_VERSION=${{ matrix.GATEKEEPER_VERSION }}
make test-e2e GATEKEEPER_VERSION=${{ matrix.GATEKEEPER_VERSION }}
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n gatekeeper-system -l app=ratify --tail=-1 > logs-ratify-preinstall-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-config-policy.json
kubectl logs -n gatekeeper-system -l app.kubernetes.io/name=ratify --tail=-1 > logs-ratify-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-config-policy.json
- name: Run e2e with Rego policy
run: |
make deploy-rego-policy
make test-e2e
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > full-logs-externaldata-controller-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > full-logs-externaldata-audit-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}.json
kubectl logs -n gatekeeper-system -l app=ratify --tail=-1 > full-logs-ratify-preinstall-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-rego-policy.json
kubectl logs -n gatekeeper-system -l app.kubernetes.io/name=ratify --tail=-1 > full-logs-ratify-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-rego-policy.json
- name: Upload artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
if: ${{ always() }}
with:
name: e2e-logs-aks-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}
name: full-e2e-logs-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}
path: |
logs-*.json
Expand All @@ -194,29 +197,3 @@ jobs:
use-verbose-mode: 'yes'
config-file: '.github/workflows/markdown.links.config.json'
folder-path: 'docs/'
test-cleanup:
env:
AZURE_SUBSCRIPTION_ID: daae1e1a-63dc-454f-825d-b39289070f79
AZURE_CLIENT_ID: 814e6e97-120c-4534-b8a9-f1645bc99500
AZURE_TENANT_ID: 72f988bf-86f1-41af-91ab-2d7cd011db47
needs: ['build_test_aks_e2e']
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Set up Go 1.21
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21'

- name: Az CLI login
uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0
with:
creds: '{"clientId":"${{ env.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ env.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ env.AZURE_TENANT_ID }}"}'

- name: clean up
run: |
make e2e-cleanup AZURE_SUBSCRIPTION_ID=${{ env.AZURE_SUBSCRIPTION_ID }}
39 changes: 39 additions & 0 deletions .github/workflows/pr-to-main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Merge staging Into Main

on:
push:
branches:
- 'staging2' #to update to staging

jobs:
main:
name: Create PR Release to Main
runs-on: ubuntu-latest
steps:
- name: git checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

- name: get pr name
run: |
echo "$GITHUB_CONTEXT"| jq '.event.commits[].id' | tail -2 | head -1 |sed 's/\"//g'
env:
GITHUB_CONTEXT: ${{ toJson(github) }}

# https://github.com/marketplace/actions/github-pull-request-action
- name: create pull request
id: open-pr
uses: repo-sync/pull-request@v2 #TODO switch for digest
with:
github_token: ${{ secrets.ACCESS_TOKEN }}
destination_branch: main
pr_title: "[Automated] Merge ${{ env.GITHUB_CONTEXT }} into ${{ destination_branch }}"
pr_body: "Automated Pull Request"

# https://github.com/marketplace/actions/enable-pull-request-automerge
- name: enable automerge
if: steps.open-pr.outputs.pr_number != ''
uses: peter-evans/enable-pull-request-automerge@v2 #TODO switch for digest
with:
token: ${{ secrets.ACCESS_TOKEN }}
pull-request-number: ${{ steps.open-pr.outputs.pr_number }}
merge-method: merge
Loading

0 comments on commit 747412d

Please sign in to comment.