From 098a966b86b1d6c99475553769521ce3962b180c Mon Sep 17 00:00:00 2001 From: Jorge Turrado Ferrero Date: Thu, 1 Sep 2022 17:52:50 +0200 Subject: [PATCH] automation: Use reusable workflows to avoid duplications (#3593) * move smoke test to resuable workflows for ARM and multi versions Signed-off-by: Jorge Turrado * fix styles Signed-off-by: Jorge Turrado * add needed permission to script Signed-off-by: Jorge Turrado * dummy Signed-off-by: Jorge Turrado * undo dummy changes Signed-off-by: Jorge Turrado * add rw to trivy Signed-off-by: Jorge Turrado * use main for rw Signed-off-by: Jorge Turrado * add rw for e2e test on main Signed-off-by: Jorge Turrado * undo dummy change Signed-off-by: Jorge Turrado * use current branch on PR Signed-off-by: Jorge Turrado * update changelog Signed-off-by: Jorge Turrado * remove whitespace Signed-off-by: Jorge Turrado * rename templates Signed-off-by: Jorge Turrado * Update trivy to set severity Signed-off-by: Jorge Turrado Signed-off-by: Jorge Turrado --- .github/workflows/main-build.yml | 198 +++--------------- .github/workflows/nightly-e2e.yml | 101 +-------- .github/workflows/pr-validation.yml | 32 +-- .../workflows/template-arm64-smoke-tests.yml | 13 ++ .github/workflows/template-main-e2e-test.yml | 75 +++++++ .github/workflows/template-smoke-tests.yml | 44 ++++ .github/workflows/template-trivy-scan.yml | 52 +++++ .../template-versions-smoke-tests.yml | 29 +++ CHANGELOG.md | 1 + Makefile | 6 +- ...-arm-smoke-tests.sh => run-smoke-tests.sh} | 1 + 11 files changed, 264 insertions(+), 288 deletions(-) create mode 100644 .github/workflows/template-arm64-smoke-tests.yml create mode 100644 .github/workflows/template-main-e2e-test.yml create mode 100644 .github/workflows/template-smoke-tests.yml create mode 100644 .github/workflows/template-trivy-scan.yml create mode 100644 .github/workflows/template-versions-smoke-tests.yml rename tests/{run-arm-smoke-tests.sh => run-smoke-tests.sh} (98%) diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index 8e5ede8726a..dfaee03acd6 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -76,183 +76,51 @@ jobs: validate: needs: build - name: validate - runs-on: ubuntu-latest - # build-tools is built from ../../tools/build-tools.Dockerfile - container: ghcr.io/kedacore/build-tools:1.17.13 - concurrency: e2e-tests - steps: - - name: Check out code - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - name: Register workspace path - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - - - name: Run end to end tests - env: - AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }} - AWS_REGION: ${{ secrets.AWS_REGION }} - AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }} - AZURE_APP_INSIGHTS_APP_ID: ${{ secrets.AZURE_APP_INSIGHTS_APP_ID }} - AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} - AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY: ${{ secrets.AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY }} - AZURE_DATA_EXPLORER_DB: ${{ secrets.AZURE_DATA_EXPLORER_DB }} - AZURE_DATA_EXPLORER_ENDPOINT: ${{ secrets.AZURE_DATA_EXPLORER_ENDPOINT }} - AZURE_DEVOPS_BUILD_DEFINITION_ID: ${{ secrets.AZURE_DEVOPS_BUILD_DEFINITION_ID }} - AZURE_DEVOPS_ORGANIZATION_URL: ${{ secrets.AZURE_DEVOPS_ORGANIZATION_URL }} - AZURE_DEVOPS_PAT: ${{ secrets.AZURE_DEVOPS_PAT }} - AZURE_DEVOPS_POOL_NAME: ${{ secrets.AZURE_DEVOPS_POOL_NAME }} - AZURE_DEVOPS_PROJECT: ${{ secrets.AZURE_DEVOPS_PROJECT }} - AZURE_KEYVAULT_URI: ${{ secrets.AZURE_KEYVAULT_URI }} - AZURE_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.AZURE_LOG_ANALYTICS_WORKSPACE_ID }} - AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }} - AZURE_RUN_WORKLOAD_IDENTITY_TESTS: true - AZURE_SERVICE_BUS_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_CONNECTION_STRING }} - AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING }} - AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }} - AZURE_SP_OBJECT_ID: ${{ secrets.AZURE_SP_OBJECT_ID }} - AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }} - AZURE_SP_ALTERNATIVE_APP_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_APP_ID }} - AZURE_SP_ALTERNATIVE_OBJECT_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_OBJECT_ID }} - AZURE_SP_ALTERNATIVE_KEY: ${{ secrets.AZURE_SP_ALTERNATIVE_KEY }} - AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }} - AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} - AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }} - DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY}} - DATADOG_APP_KEY: ${{ secrets.DATADOG_APP_KEY}} - DATADOG_SITE: ${{ secrets.DATADOG_SITE}} - GCP_SP_KEY: ${{ secrets.GCP_SP_KEY }} - NEWRELIC_ACCOUNT_ID: ${{ secrets.NEWRELIC_ACCOUNT_ID}} - NEWRELIC_API_KEY: ${{ secrets.NEWRELIC_API_KEY}} - NEWRELIC_LICENSE: ${{ secrets.NEWRELIC_LICENSE}} - OIDC_ISSUER_URL: ${{ secrets.OIDC_ISSUER_URLNIGHTLY }} - OPENSTACK_AUTH_URL: ${{ secrets.OPENSTACK_AUTH_URL }} - OPENSTACK_PASSWORD: ${{ secrets.OPENSTACK_PASSWORD }} - OPENSTACK_PROJECT_ID: ${{ secrets.OPENSTACK_PROJECT_ID }} - OPENSTACK_USER_ID: ${{ secrets.OPENSTACK_USER_ID }} - PREDICTKUBE_API_KEY: ${{ secrets.PREDICTKUBE_API_KEY }} - run: make e2e-test - - - name: Delete all e2e related namespaces - if: ${{ always() }} - run: make e2e-test-clean - env: - AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }} - AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }} - AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }} - AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }} - AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }} + uses: kedacore/keda/.github/workflows/template-main-e2e-test.yml@main + secrets: inherit validate-arm64: needs: build - name: validate-arm64 - runs-on: ARM64 - concurrency: arm-smoke-tests - steps: - - name: Setup Go - uses: actions/setup-go@v3 - with: - go-version: 1.17 - - - name: Install prerequisites - run: | - apt update - apt install curl make ca-certificates gcc libc-dev -y - env: - DEBIAN_FRONTEND: noninteractive - - - name: Check out code - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - name: Create k8s v1.23 Kind Cluster - uses: helm/kind-action@main - with: - node_image: kindest/node:v1.23.0@sha256:49824ab1727c04e56a21a5d8372a402fcd32ea51ac96a2706a12af38934f81ac - cluster_name: smoke-tests-cluster + uses: kedacore/keda/.github/workflows/template-arm64-smoke-tests.yml@main - - name: Run smoke test - run: make arm-smoke-test + validate-k8s-versions: + needs: build + uses: kedacore/keda/.github/workflows/template-versions-smoke-tests.yml@main trivy-scan: - name: Trivy scan code needs: build - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@0.6.1 - with: - scan-type: 'fs' - ignore-unfixed: false - format: 'sarif' - output: 'code.sarif' - exit-code: 1 - skip-dirs: tests # Remove this once the ts files are removed - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'code.sarif' + uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main + with: + runs-on: 'ubuntu-latest' + scan-type: 'fs' + format: 'sarif' + exit-code: 0 + publish: true trivy-scan-metrics-server: - name: Trivy scan metrics server image - ${{ matrix.name }} needs: build - runs-on: ${{ matrix.runner }} strategy: - matrix: - include: - - runner: ARM64 - name: arm64 - - runner: ubuntu-latest - name: amd64 - - steps: - - uses: actions/checkout@v3 - - - name: Run Trivy on metrics-server - uses: aquasecurity/trivy-action@0.6.1 - with: - scan-type: 'image' - image-ref: ghcr.io/kedacore/keda-metrics-apiserver:main - format: 'sarif' - output: 'metrics-server.sarif' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'metrics-server.sarif' + matrix: + runner: [ARM64, ubuntu-latest] + uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main + with: + runs-on: ${{ matrix.runner }} + scan-type: 'image' + image-ref: ghcr.io/kedacore/keda-metrics-apiserver:main + format: 'sarif' + exit-code: 0 + publish: true trivy-scan-keda: - name: Trivy scan keda image - ${{ matrix.name }} needs: build - runs-on: ${{ matrix.runner }} strategy: - matrix: - include: - - runner: ARM64 - name: arm64 - - runner: ubuntu-latest - name: amd64 - - steps: - - uses: actions/checkout@v3 - - - name: Run Trivy on operator - uses: aquasecurity/trivy-action@0.6.1 - with: - scan-type: 'image' - image-ref: ghcr.io/kedacore/keda:main - format: 'sarif' - output: 'keda.sarif' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'keda.sarif' + matrix: + runner: [ARM64, ubuntu-latest] + uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main + with: + runs-on: ${{ matrix.runner }} + scan-type: 'image' + image-ref: ghcr.io/kedacore/keda:main + format: 'sarif' + exit-code: 0 + publish: true diff --git a/.github/workflows/nightly-e2e.yml b/.github/workflows/nightly-e2e.yml index e582f3e550c..a5e8576400b 100644 --- a/.github/workflows/nightly-e2e.yml +++ b/.github/workflows/nightly-e2e.yml @@ -5,102 +5,11 @@ on: jobs: validate: - name: Test - runs-on: ubuntu-latest - concurrency: e2e-tests - # build-tools is built from ../../tools/build-tools.Dockerfile - container: ghcr.io/kedacore/build-tools:1.17.13 - steps: - - name: Check out code - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - name: Register workspace path - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - - - name: Run end to end test - env: - AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }} - AWS_REGION: ${{ secrets.AWS_REGION }} - AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }} - AZURE_APP_INSIGHTS_APP_ID: ${{ secrets.AZURE_APP_INSIGHTS_APP_ID }} - AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} - AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY: ${{ secrets.AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY }} - AZURE_DATA_EXPLORER_DB: ${{ secrets.AZURE_DATA_EXPLORER_DB }} - AZURE_DATA_EXPLORER_ENDPOINT: ${{ secrets.AZURE_DATA_EXPLORER_ENDPOINT }} - AZURE_DEVOPS_BUILD_DEFINITION_ID: ${{ secrets.AZURE_DEVOPS_BUILD_DEFINITION_ID }} - AZURE_DEVOPS_ORGANIZATION_URL: ${{ secrets.AZURE_DEVOPS_ORGANIZATION_URL }} - AZURE_DEVOPS_PAT: ${{ secrets.AZURE_DEVOPS_PAT }} - AZURE_DEVOPS_POOL_NAME: ${{ secrets.AZURE_DEVOPS_POOL_NAME }} - AZURE_DEVOPS_PROJECT: ${{ secrets.AZURE_DEVOPS_PROJECT }} - AZURE_KEYVAULT_URI: ${{ secrets.AZURE_KEYVAULT_URI }} - AZURE_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.AZURE_LOG_ANALYTICS_WORKSPACE_ID }} - AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }} - AZURE_RUN_WORKLOAD_IDENTITY_TESTS: true - AZURE_SERVICE_BUS_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_CONNECTION_STRING }} - AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING }} - AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }} - AZURE_SP_OBJECT_ID: ${{ secrets.AZURE_SP_OBJECT_ID }} - AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }} - AZURE_SP_ALTERNATIVE_APP_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_APP_ID }} - AZURE_SP_ALTERNATIVE_OBJECT_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_OBJECT_ID }} - AZURE_SP_ALTERNATIVE_KEY: ${{ secrets.AZURE_SP_ALTERNATIVE_KEY }} - AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }} - AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} - AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }} - DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY}} - DATADOG_APP_KEY: ${{ secrets.DATADOG_APP_KEY}} - DATADOG_SITE: ${{ secrets.DATADOG_SITE}} - GCP_SP_KEY: ${{ secrets.GCP_SP_KEY }} - NEWRELIC_ACCOUNT_ID: ${{ secrets.NEWRELIC_ACCOUNT_ID}} - NEWRELIC_API_KEY: ${{ secrets.NEWRELIC_API_KEY}} - NEWRELIC_LICENSE: ${{ secrets.NEWRELIC_LICENSE}} - OIDC_ISSUER_URL: ${{ secrets.OIDC_ISSUER_URLNIGHTLY }} - OPENSTACK_AUTH_URL: ${{ secrets.OPENSTACK_AUTH_URL }} - OPENSTACK_PASSWORD: ${{ secrets.OPENSTACK_PASSWORD }} - OPENSTACK_PROJECT_ID: ${{ secrets.OPENSTACK_PROJECT_ID }} - OPENSTACK_USER_ID: ${{ secrets.OPENSTACK_USER_ID }} - PREDICTKUBE_API_KEY: ${{ secrets.PREDICTKUBE_API_KEY }} - run: make e2e-test - - - name: Delete all e2e related namespaces - if: ${{ always() }} - run: make e2e-test-clean - env: - AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }} - AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }} - AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }} - AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }} - AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }} + uses: kedacore/keda/.github/workflows/template-main-e2e-test.yml@main + secrets: inherit validate-arm64: - name: validate-arm64 - runs-on: ARM64 - concurrency: arm-smoke-tests - steps: - - name: Setup Go - uses: actions/setup-go@v3 - with: - go-version: 1.17 - - - name: Install prerequisites - run: | - apt update - apt install curl make ca-certificates gcc libc-dev -y - env: - DEBIAN_FRONTEND: noninteractive - - - name: Check out code - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - name: Create k8s v1.23 Kind Cluster - uses: helm/kind-action@main - with: - node_image: kindest/node:v1.23.0@sha256:49824ab1727c04e56a21a5d8372a402fcd32ea51ac96a2706a12af38934f81ac - cluster_name: smoke-tests-cluster + uses: kedacore/keda/.github/workflows/template-arm64-smoke-tests.yml@main - - name: Run smoke test - run: make arm-smoke-test + validate-k8s-versions: + uses: kedacore/keda/.github/workflows/template-versions-smoke-tests.yml@main diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index d49229aadaf..d687d24ef3a 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -209,27 +209,11 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 - trivy-scanner: - name: Trivy Scan - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - uses: dorny/paths-filter@v2 - id: filter - with: - filters: | - deps: - - 'go.mod' - - 'go.sum' - - - name: Run Trivy vulnerability scanner in repo mode - if: steps.filter.outputs.deps == 'true' - uses: aquasecurity/trivy-action@0.6.1 - with: - scan-type: 'fs' - ignore-unfixed: false - format: 'table' - exit-code: 1 - skip-dirs: tests # Remove this once the ts files are removed + trivy-scan: + uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main + with: + runs-on: 'ubuntu-latest' + scan-type: 'fs' + format: 'table' + exit-code: 1 + publish: false diff --git a/.github/workflows/template-arm64-smoke-tests.yml b/.github/workflows/template-arm64-smoke-tests.yml new file mode 100644 index 00000000000..84405eb0cbf --- /dev/null +++ b/.github/workflows/template-arm64-smoke-tests.yml @@ -0,0 +1,13 @@ +name: Reusable workflow to run smoke tests on ARM64 + +on: + workflow_call: + +jobs: + smoke-tests-ARM64: + name: ARM64 + uses: kedacore/keda/.github/workflows/template-smoke-tests.yml@main + with: + runs-on: ARM64 + kubernetesVersion: v1.24 + kindImage: kindest/node:v1.24.0@sha256:406fd86d48eaf4c04c7280cd1d2ca1d61e7d0d61ddef0125cb097bc7b82ed6a1 diff --git a/.github/workflows/template-main-e2e-test.yml b/.github/workflows/template-main-e2e-test.yml new file mode 100644 index 00000000000..d8b7c584b81 --- /dev/null +++ b/.github/workflows/template-main-e2e-test.yml @@ -0,0 +1,75 @@ +name: Reusable workflow to run e2e tests on main branch + +on: + workflow_call: + +jobs: + e2e-tests: + name: Run e2e test + runs-on: ubuntu-latest + # build-tools is built from ../../tools/build-tools.Dockerfile + container: ghcr.io/kedacore/build-tools:1.17.13 + concurrency: e2e-tests + steps: + - name: Check out code + uses: actions/checkout@v3 + with: + fetch-depth: 1 + + - name: Register workspace path + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" + + - name: Run end to end tests + env: + AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }} + AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }} + AZURE_APP_INSIGHTS_APP_ID: ${{ secrets.AZURE_APP_INSIGHTS_APP_ID }} + AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} + AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY: ${{ secrets.AZURE_APP_INSIGHTS_INSTRUMENTATION_KEY }} + AZURE_DATA_EXPLORER_DB: ${{ secrets.AZURE_DATA_EXPLORER_DB }} + AZURE_DATA_EXPLORER_ENDPOINT: ${{ secrets.AZURE_DATA_EXPLORER_ENDPOINT }} + AZURE_DEVOPS_BUILD_DEFINITION_ID: ${{ secrets.AZURE_DEVOPS_BUILD_DEFINITION_ID }} + AZURE_DEVOPS_ORGANIZATION_URL: ${{ secrets.AZURE_DEVOPS_ORGANIZATION_URL }} + AZURE_DEVOPS_PAT: ${{ secrets.AZURE_DEVOPS_PAT }} + AZURE_DEVOPS_POOL_NAME: ${{ secrets.AZURE_DEVOPS_POOL_NAME }} + AZURE_DEVOPS_PROJECT: ${{ secrets.AZURE_DEVOPS_PROJECT }} + AZURE_KEYVAULT_URI: ${{ secrets.AZURE_KEYVAULT_URI }} + AZURE_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.AZURE_LOG_ANALYTICS_WORKSPACE_ID }} + AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }} + AZURE_RUN_WORKLOAD_IDENTITY_TESTS: true + AZURE_SERVICE_BUS_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_CONNECTION_STRING }} + AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_ALTERNATIVE_CONNECTION_STRING }} + AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }} + AZURE_SP_OBJECT_ID: ${{ secrets.AZURE_SP_OBJECT_ID }} + AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }} + AZURE_SP_ALTERNATIVE_APP_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_APP_ID }} + AZURE_SP_ALTERNATIVE_OBJECT_ID: ${{ secrets.AZURE_SP_ALTERNATIVE_OBJECT_ID }} + AZURE_SP_ALTERNATIVE_KEY: ${{ secrets.AZURE_SP_ALTERNATIVE_KEY }} + AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }} + AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} + AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }} + DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY}} + DATADOG_APP_KEY: ${{ secrets.DATADOG_APP_KEY}} + DATADOG_SITE: ${{ secrets.DATADOG_SITE}} + GCP_SP_KEY: ${{ secrets.GCP_SP_KEY }} + NEWRELIC_ACCOUNT_ID: ${{ secrets.NEWRELIC_ACCOUNT_ID}} + NEWRELIC_API_KEY: ${{ secrets.NEWRELIC_API_KEY}} + NEWRELIC_LICENSE: ${{ secrets.NEWRELIC_LICENSE}} + OIDC_ISSUER_URL: ${{ secrets.OIDC_ISSUER_URLNIGHTLY }} + OPENSTACK_AUTH_URL: ${{ secrets.OPENSTACK_AUTH_URL }} + OPENSTACK_PASSWORD: ${{ secrets.OPENSTACK_PASSWORD }} + OPENSTACK_PROJECT_ID: ${{ secrets.OPENSTACK_PROJECT_ID }} + OPENSTACK_USER_ID: ${{ secrets.OPENSTACK_USER_ID }} + PREDICTKUBE_API_KEY: ${{ secrets.PREDICTKUBE_API_KEY }} + run: make e2e-test + + - name: Delete all e2e related namespaces + if: ${{ always() }} + run: make e2e-test-clean + env: + AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }} + AZURE_SP_APP_ID: ${{ secrets.AZURE_SP_APP_ID }} + AZURE_SP_KEY: ${{ secrets.AZURE_SP_KEY }} + AZURE_SP_TENANT: ${{ secrets.AZURE_SP_TENANT }} + AZURE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION }} diff --git a/.github/workflows/template-smoke-tests.yml b/.github/workflows/template-smoke-tests.yml new file mode 100644 index 00000000000..cd871d3f26d --- /dev/null +++ b/.github/workflows/template-smoke-tests.yml @@ -0,0 +1,44 @@ +name: Reusable workflow to run smoke tests + +on: + workflow_call: + inputs: + runs-on: + required: true + type: string + kubernetesVersion: + required: true + type: string + kindImage: + required: true + type: string +jobs: + smoke-tests: + name: Validate k8s-${{ inputs.kubernetesVersion }} + runs-on: ${{ inputs.runs-on }} + steps: + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version: 1.17 + + - name: Install prerequisites + run: | + sudo apt update + sudo apt install curl make ca-certificates gcc libc-dev -y + env: + DEBIAN_FRONTEND: noninteractive + + - name: Check out code + uses: actions/checkout@v3 + with: + fetch-depth: 1 + + - name: Create k8s ${{ inputs.kubernetesVersion }} Kind Cluster + uses: helm/kind-action@main + with: + node_image: ${{ inputs.kindImage }} + cluster_name: smoke-tests-cluster-${{ inputs.kubernetesVersion }} + + - name: Run smoke test + run: make smoke-test diff --git a/.github/workflows/template-trivy-scan.yml b/.github/workflows/template-trivy-scan.yml new file mode 100644 index 00000000000..60ca5d2df7f --- /dev/null +++ b/.github/workflows/template-trivy-scan.yml @@ -0,0 +1,52 @@ +name: Reusable workflow to run trivy scan + +on: + workflow_call: + inputs: + runs-on: + required: true + type: string + scan-type: + required: true + type: string + format: + required: true + type: string + image-ref: + required: false + type: string + default: "" + severity: + required: false + type: string + default: "CRITICAL,HIGH" + exit-code: + required: true + type: number + publish: + required: true + type: boolean + +jobs: + trivy-scan: + name: Trivy - ${{ inputs.runs-on }} - ${{ inputs.scan-type }} ${{ inputs.image-ref }} + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@v3 + + - name: Run Trivy + uses: aquasecurity/trivy-action@0.7.1 + with: + scan-type: ${{ inputs.scan-type }} + image-ref: ${{ inputs.image-ref }} + ignore-unfixed: false + format: ${{ inputs.format }} + output: trivy.sarif + exit-code: ${{ inputs.exit-code }} + severity: ${{ inputs.severity }} + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + if: ${{ inputs.publish }} + with: + sarif_file: trivy.sarif diff --git a/.github/workflows/template-versions-smoke-tests.yml b/.github/workflows/template-versions-smoke-tests.yml new file mode 100644 index 00000000000..e67799bf511 --- /dev/null +++ b/.github/workflows/template-versions-smoke-tests.yml @@ -0,0 +1,29 @@ +name: Reusable workflow to run smoke tests on different k8s versions + +on: + workflow_call: + +jobs: + smoke-tests: + name: ubuntu-latest + strategy: + fail-fast: false + matrix: + kubernetesVersion: [v1.24, v1.23, v1.22, v1.21, v1.20] + include: + - kubernetesVersion: v1.24 + kindImage: kindest/node:v1.24.0@sha256:406fd86d48eaf4c04c7280cd1d2ca1d61e7d0d61ddef0125cb097bc7b82ed6a1 + - kubernetesVersion: v1.23 + kindImage: kindest/node:v1.23.6@sha256:1af0f1bee4c3c0fe9b07de5e5d3fafeb2eec7b4e1b268ae89fcab96ec67e8355 + - kubernetesVersion: v1.22 + kindImage: kindest/node:v1.22.9@sha256:6e57a6b0c493c7d7183a1151acff0bfa44bf37eb668826bf00da5637c55b6d5e + - kubernetesVersion: v1.21 + kindImage: kindest/node:v1.21.12@sha256:ae05d44cc636ee961068399ea5123ae421790f472c309900c151a44ee35c3e3e + - kubernetesVersion: v1.20 + kindImage: kindest/node:v1.20.15@sha256:a6ce604504db064c5e25921c6c0fffea64507109a1f2a512b1b562ac37d652f3 + + uses: kedacore/keda/.github/workflows/template-smoke-tests.yml@main + with: + runs-on: ubuntu-latest + kubernetesVersion: ${{ matrix.kubernetesVersion }} + kindImage: ${{ matrix.kindImage }} diff --git a/CHANGELOG.md b/CHANGELOG.md index b07b5256a91..114108ab41c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -89,6 +89,7 @@ None. ### Other - **General:** Execute trivy scan (on PRs) only if there are changes in deps ([#3540](https://github.com/kedacore/keda/issues/3540)) +- **General:** Use re-usable workflows for GitHub Actions ([#2569](https://github.com/kedacore/keda/issues/2569)) ## v2.8.0 diff --git a/Makefile b/Makefile index 164c0220a8b..65a197da549 100644 --- a/Makefile +++ b/Makefile @@ -103,9 +103,9 @@ e2e-test-clean-crds: ## Delete all scaled objects and jobs across all namespaces e2e-test-clean: get-cluster-context ## Delete all namespaces labeled with type=e2e kubectl delete ns -l type=e2e -.PHONY: arm-smoke-test -arm-smoke-test: ## Run e2e tests against Kubernetes cluster configured in ~/.kube/config. - ./tests/run-arm-smoke-tests.sh +.PHONY: smoke-test +smoke-test: ## Run e2e tests against Kubernetes cluster configured in ~/.kube/config. + ./tests/run-smoke-tests.sh ################################################## # Development # diff --git a/tests/run-arm-smoke-tests.sh b/tests/run-smoke-tests.sh similarity index 98% rename from tests/run-arm-smoke-tests.sh rename to tests/run-smoke-tests.sh index c4516e62764..e31e9af3ae8 100755 --- a/tests/run-arm-smoke-tests.sh +++ b/tests/run-smoke-tests.sh @@ -4,6 +4,7 @@ set -u DIR=$(dirname "$0") cd $DIR +# use only e2e test which support running on ARM test_files=( "scalers/kubernetes_workload/kubernetes_workload_test.go" "scalers/activemq/activemq_test.go"