Skip to content

Commit

Permalink
automation: Use reusable workflows to avoid duplications (#3593)
Browse files Browse the repository at this point in the history 
* move smoke test to resuable workflows for ARM and multi versions

Signed-off-by: Jorge Turrado <[email protected]>

* fix styles

Signed-off-by: Jorge Turrado <[email protected]>

* add needed permission to script

Signed-off-by: Jorge Turrado <[email protected]>

* dummy

Signed-off-by: Jorge Turrado <[email protected]>

* undo dummy changes

Signed-off-by: Jorge Turrado <[email protected]>

* add rw to trivy

Signed-off-by: Jorge Turrado <[email protected]>

* use main for rw

Signed-off-by: Jorge Turrado <[email protected]>

* add rw for e2e test on main

Signed-off-by: Jorge Turrado <[email protected]>

* undo dummy change

Signed-off-by: Jorge Turrado <[email protected]>

* use current branch on PR

Signed-off-by: Jorge Turrado <[email protected]>

* update changelog

Signed-off-by: Jorge Turrado <[email protected]>

* remove whitespace

Signed-off-by: Jorge Turrado <[email protected]>

* rename templates

Signed-off-by: Jorge Turrado <[email protected]>

* Update trivy to set severity

Signed-off-by: Jorge Turrado <[email protected]>

Signed-off-by: Jorge Turrado <[email protected]>
  • Loading branch information
@JorTurFer
JorTurFer authored Sep 1, 2022
1 parent 6b359b3 commit 098a966
Show file tree
Hide file tree
Showing 11 changed files with 264 additions and 288 deletions.
198 changes: 33 additions & 165 deletions .github/workflows/main-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,183 +76,51 @@ jobs:

validate:
needs: build
name: validate
runs-on: ubuntu-latest
# build-tools is built from ../../tools/build-tools.Dockerfile
container: ghcr.io/kedacore/build-tools:1.17.13
concurrency: e2e-tests
steps:
- name: Check out code
uses: actions/checkout@v3
with:
fetch-depth: 1

- name: Register workspace path
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

- name: Run end to end tests
env:
AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
AZURE_APP_INSIGHTS_APP_ID: ${{ secrets.AZURE_APP_INSIGHTS_APP_ID }}
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY: ${{ secrets.AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY }}
AZURE_DATA_EXPLORER_DB: ${{ secrets.AZURE_DATA_EXPLORER_DB }}
AZURE_DATA_EXPLORER_ENDPOINT: ${{ secrets.AZURE_DATA_EXPLORER_ENDPOINT }}
AZURE_DEVOPS_BUILD_DEFINITION_ID: ${{ secrets.AZURE_DEVOPS_BUILD_DEFINITION_ID }}
AZURE_DEVOPS_ORGANIZATION_URL: ${{ secrets.AZURE_DEVOPS_ORGANIZATION_URL }}
AZURE_DEVOPS_PAT: ${{ secrets.AZURE_DEVOPS_PAT }}
AZURE_DEVOPS_POOL_NAME: ${{ secrets.AZURE_DEVOPS_POOL_NAME }}
AZURE_DEVOPS_PROJECT: ${{ secrets.AZURE_DEVOPS_PROJECT }}
AZURE_KEYVAULT_URI: ${{ secrets.AZURE_KEYVAULT_URI }}
AZURE_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.AZURE_LOG_ANALYTICS_WORKSPACE_ID }}
AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }}
AZURE_RUN_WORKLOAD_IDENTITY_TESTS: true
AZURE_SERVICE_BUS_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_CONNECTION_STRING }}
AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING }}
AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }}
AZURE_SP_OBJECT_ID: ${{ secrets.AZURE_SP_OBJECT_ID }}
AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }}
AZURE_SP_ALTERNATIVE_APP_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_APP_ID }}
AZURE_SP_ALTERNATIVE_OBJECT_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_OBJECT_ID }}
AZURE_SP_ALTERNATIVE_KEY: ${{ secrets.AZURE_SP_ALTERNATIVE_KEY }}
AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }}
AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}
AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }}
DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY}}
DATADOG_APP_KEY: ${{ secrets.DATADOG_APP_KEY}}
DATADOG_SITE: ${{ secrets.DATADOG_SITE}}
GCP_SP_KEY: ${{ secrets.GCP_SP_KEY }}
NEWRELIC_ACCOUNT_ID: ${{ secrets.NEWRELIC_ACCOUNT_ID}}
NEWRELIC_API_KEY: ${{ secrets.NEWRELIC_API_KEY}}
NEWRELIC_LICENSE: ${{ secrets.NEWRELIC_LICENSE}}
OIDC_ISSUER_URL: ${{ secrets.OIDC_ISSUER_URLNIGHTLY }}
OPENSTACK_AUTH_URL: ${{ secrets.OPENSTACK_AUTH_URL }}
OPENSTACK_PASSWORD: ${{ secrets.OPENSTACK_PASSWORD }}
OPENSTACK_PROJECT_ID: ${{ secrets.OPENSTACK_PROJECT_ID }}
OPENSTACK_USER_ID: ${{ secrets.OPENSTACK_USER_ID }}
PREDICTKUBE_API_KEY: ${{ secrets.PREDICTKUBE_API_KEY }}
run: make e2e-test

- name: Delete all e2e related namespaces
if: ${{ always() }}
run: make e2e-test-clean
env:
AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }}
AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }}
AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }}
AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }}
AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }}
uses: kedacore/keda/.github/workflows/template-main-e2e-test.yml@main
secrets: inherit

validate-arm64:
needs: build
name: validate-arm64
runs-on: ARM64
concurrency: arm-smoke-tests
steps:
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: 1.17

- name: Install prerequisites
run: |
apt update
apt install curl make ca-certificates gcc libc-dev -y
env:
DEBIAN_FRONTEND: noninteractive

- name: Check out code
uses: actions/checkout@v3
with:
fetch-depth: 1

- name: Create k8s v1.23 Kind Cluster
uses: helm/kind-action@main
with:
node_image: kindest/node:v1.23.0@sha256:49824ab1727c04e56a21a5d8372a402fcd32ea51ac96a2706a12af38934f81ac
cluster_name: smoke-tests-cluster
uses: kedacore/keda/.github/workflows/template-arm64-smoke-tests.yml@main

- name: Run smoke test
run: make arm-smoke-test
validate-k8s-versions:
needs: build
uses: kedacore/keda/.github/workflows/template-versions-smoke-tests.yml@main

trivy-scan:
name: Trivy scan code
needs: build
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/[email protected]
with:
scan-type: 'fs'
ignore-unfixed: false
format: 'sarif'
output: 'code.sarif'
exit-code: 1
skip-dirs: tests # Remove this once the ts files are removed

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: 'code.sarif'
uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main
with:
runs-on: 'ubuntu-latest'
scan-type: 'fs'
format: 'sarif'
exit-code: 0
publish: true

trivy-scan-metrics-server:
name: Trivy scan metrics server image - ${{ matrix.name }}
needs: build
runs-on: ${{ matrix.runner }}
strategy:
matrix:
include:
- runner: ARM64
name: arm64
- runner: ubuntu-latest
name: amd64

steps:
- uses: actions/checkout@v3

- name: Run Trivy on metrics-server
uses: aquasecurity/[email protected]
with:
scan-type: 'image'
image-ref: ghcr.io/kedacore/keda-metrics-apiserver:main
format: 'sarif'
output: 'metrics-server.sarif'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'metrics-server.sarif'
matrix:
runner: [ARM64, ubuntu-latest]
uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main
with:
runs-on: ${{ matrix.runner }}
scan-type: 'image'
image-ref: ghcr.io/kedacore/keda-metrics-apiserver:main
format: 'sarif'
exit-code: 0
publish: true

trivy-scan-keda:
name: Trivy scan keda image - ${{ matrix.name }}
needs: build
runs-on: ${{ matrix.runner }}
strategy:
matrix:
include:
- runner: ARM64
name: arm64
- runner: ubuntu-latest
name: amd64

steps:
- uses: actions/checkout@v3

- name: Run Trivy on operator
uses: aquasecurity/[email protected]
with:
scan-type: 'image'
image-ref: ghcr.io/kedacore/keda:main
format: 'sarif'
output: 'keda.sarif'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'keda.sarif'
matrix:
runner: [ARM64, ubuntu-latest]
uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main
with:
runs-on: ${{ matrix.runner }}
scan-type: 'image'
image-ref: ghcr.io/kedacore/keda:main
format: 'sarif'
exit-code: 0
publish: true
101 changes: 5 additions & 96 deletions .github/workflows/nightly-e2e.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,102 +5,11 @@ on:

jobs:
validate:
name: Test
runs-on: ubuntu-latest
concurrency: e2e-tests
# build-tools is built from ../../tools/build-tools.Dockerfile
container: ghcr.io/kedacore/build-tools:1.17.13
steps:
- name: Check out code
uses: actions/checkout@v3
with:
fetch-depth: 1

- name: Register workspace path
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

- name: Run end to end test
env:
AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
AZURE_APP_INSIGHTS_APP_ID: ${{ secrets.AZURE_APP_INSIGHTS_APP_ID }}
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY: ${{ secrets.AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY }}
AZURE_DATA_EXPLORER_DB: ${{ secrets.AZURE_DATA_EXPLORER_DB }}
AZURE_DATA_EXPLORER_ENDPOINT: ${{ secrets.AZURE_DATA_EXPLORER_ENDPOINT }}
AZURE_DEVOPS_BUILD_DEFINITION_ID: ${{ secrets.AZURE_DEVOPS_BUILD_DEFINITION_ID }}
AZURE_DEVOPS_ORGANIZATION_URL: ${{ secrets.AZURE_DEVOPS_ORGANIZATION_URL }}
AZURE_DEVOPS_PAT: ${{ secrets.AZURE_DEVOPS_PAT }}
AZURE_DEVOPS_POOL_NAME: ${{ secrets.AZURE_DEVOPS_POOL_NAME }}
AZURE_DEVOPS_PROJECT: ${{ secrets.AZURE_DEVOPS_PROJECT }}
AZURE_KEYVAULT_URI: ${{ secrets.AZURE_KEYVAULT_URI }}
AZURE_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.AZURE_LOG_ANALYTICS_WORKSPACE_ID }}
AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }}
AZURE_RUN_WORKLOAD_IDENTITY_TESTS: true
AZURE_SERVICE_BUS_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_CONNECTION_STRING }}
AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING }}
AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }}
AZURE_SP_OBJECT_ID: ${{ secrets.AZURE_SP_OBJECT_ID }}
AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }}
AZURE_SP_ALTERNATIVE_APP_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_APP_ID }}
AZURE_SP_ALTERNATIVE_OBJECT_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_OBJECT_ID }}
AZURE_SP_ALTERNATIVE_KEY: ${{ secrets.AZURE_SP_ALTERNATIVE_KEY }}
AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }}
AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}
AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }}
DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY}}
DATADOG_APP_KEY: ${{ secrets.DATADOG_APP_KEY}}
DATADOG_SITE: ${{ secrets.DATADOG_SITE}}
GCP_SP_KEY: ${{ secrets.GCP_SP_KEY }}
NEWRELIC_ACCOUNT_ID: ${{ secrets.NEWRELIC_ACCOUNT_ID}}
NEWRELIC_API_KEY: ${{ secrets.NEWRELIC_API_KEY}}
NEWRELIC_LICENSE: ${{ secrets.NEWRELIC_LICENSE}}
OIDC_ISSUER_URL: ${{ secrets.OIDC_ISSUER_URLNIGHTLY }}
OPENSTACK_AUTH_URL: ${{ secrets.OPENSTACK_AUTH_URL }}
OPENSTACK_PASSWORD: ${{ secrets.OPENSTACK_PASSWORD }}
OPENSTACK_PROJECT_ID: ${{ secrets.OPENSTACK_PROJECT_ID }}
OPENSTACK_USER_ID: ${{ secrets.OPENSTACK_USER_ID }}
PREDICTKUBE_API_KEY: ${{ secrets.PREDICTKUBE_API_KEY }}
run: make e2e-test

- name: Delete all e2e related namespaces
if: ${{ always() }}
run: make e2e-test-clean
env:
AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }}
AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }}
AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }}
AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }}
AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }}
uses: kedacore/keda/.github/workflows/template-main-e2e-test.yml@main
secrets: inherit

validate-arm64:
name: validate-arm64
runs-on: ARM64
concurrency: arm-smoke-tests
steps:
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: 1.17

- name: Install prerequisites
run: |
apt update
apt install curl make ca-certificates gcc libc-dev -y
env:
DEBIAN_FRONTEND: noninteractive

- name: Check out code
uses: actions/checkout@v3
with:
fetch-depth: 1

- name: Create k8s v1.23 Kind Cluster
uses: helm/kind-action@main
with:
node_image: kindest/node:v1.23.0@sha256:49824ab1727c04e56a21a5d8372a402fcd32ea51ac96a2706a12af38934f81ac
cluster_name: smoke-tests-cluster
uses: kedacore/keda/.github/workflows/template-arm64-smoke-tests.yml@main

- name: Run smoke test
run: make arm-smoke-test
validate-k8s-versions:
uses: kedacore/keda/.github/workflows/template-versions-smoke-tests.yml@main
32 changes: 8 additions & 24 deletions .github/workflows/pr-validation.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,27 +209,11 @@ jobs:
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

trivy-scanner:
name: Trivy Scan
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3

- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
deps:
- 'go.mod'
- 'go.sum'
- name: Run Trivy vulnerability scanner in repo mode
if: steps.filter.outputs.deps == 'true'
uses: aquasecurity/[email protected]
with:
scan-type: 'fs'
ignore-unfixed: false
format: 'table'
exit-code: 1
skip-dirs: tests # Remove this once the ts files are removed
trivy-scan:
uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main
with:
runs-on: 'ubuntu-latest'
scan-type: 'fs'
format: 'table'
exit-code: 1
publish: false
13 changes: 13 additions & 0 deletions .github/workflows/template-arm64-smoke-tests.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
name: Reusable workflow to run smoke tests on ARM64

on:
workflow_call:

jobs:
smoke-tests-ARM64:
name: ARM64
uses: kedacore/keda/.github/workflows/template-smoke-tests.yml@main
with:
runs-on: ARM64
kubernetesVersion: v1.24
kindImage: kindest/node:v1.24.0@sha256:406fd86d48eaf4c04c7280cd1d2ca1d61e7d0d61ddef0125cb097bc7b82ed6a1
Loading

0 comments on commit 098a966

Please sign in to comment.