Skip to content

feat: Prevent unallowed internal/beta module installation #912

feat: Prevent unallowed internal/beta module installation

feat: Prevent unallowed internal/beta module installation #912

name: TestSuite E2E with ModuleReleaseMeta
on:
workflow_dispatch:
inputs:
k8s_version:
description: "With Kubernetes version (format: X.Y.Z)"
required: false
pull_request:
types: [opened, edited, synchronize, reopened, ready_for_review]
jobs:
wait-for-image-build:
name: Wait for image build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set Image
run: |
if [ -n "${{ github.event.pull_request.head.sha }}" ]; then
echo "IMAGE=europe-docker.pkg.dev/kyma-project/dev/lifecycle-manager:${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
else
# Manually executed workflow should use the latest image of main branch
echo "IMAGE=europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager:latest" >> $GITHUB_ENV
fi
- name: Wait for the Docker image
timeout-minutes: 20
env:
ITERATIONS: 40
SLEEP_SECONDS: 30
run: ./.github/scripts/release/wait_for_image.sh ${{ env.IMAGE }} ${{ env.ITERATIONS }} ${{ env.SLEEP_SECONDS}}
e2e-integration:
name: E2E With ModuleReleaseMeta
needs: wait-for-image-build
strategy:
fail-fast: false
matrix:
e2e-test:
- watcher-enqueue
- kyma-deprovision-with-foreground-propagation
- kyma-deprovision-with-background-propagation
- module-status-decoupling-with-statefulset
- module-status-decoupling-with-deployment
- kyma-metrics
- module-without-default-cr
- module-consistency
- non-blocking-deletion
- modulereleasemeta-upgrade-under-deletion
- purge-controller
- purge-metrics
- module-upgrade-channel-switch
- modulereleasemeta-module-upgrade-new-version
- unmanage-module
- skip-manifest-reconciliation
- ca-certificate-rotation
- istio-gateway-secret-rotation
- self-signed-certificate-rotation
- mandatory-module
- mandatory-module-metrics
- misconfigured-kyma-secret
- rbac-privileges
- modulereleasemeta-with-obsolete-moduletemplate
- modulereleasemeta-sync
- module-status-on-skr-connection-lost
- modulereleasemeta-watch-trigger
- modulereleasemeta-not-allowed-installation
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout lifecycle-manager
uses: actions/checkout@v4
with:
path: lifecycle-manager
- name: Checkout template-operator
uses: actions/checkout@v4
with:
repository: kyma-project/template-operator
path: template-operator
- name: Get configuration
uses: ./lifecycle-manager/.github/actions/get-configuration
id: configuration
- name: Setup tools
uses: ./lifecycle-manager/.github/actions/setup-tools
with:
k8s_version: ${{ steps.configuration.outputs.k8s_version }}
istio_version: ${{ steps.configuration.outputs.istio_version }}
k3d_version: ${{ steps.configuration.outputs.k3d_version }}
modulectl_version: ${{ steps.configuration.outputs.modulectl_version }}
go-version-file: lifecycle-manager/go.mod
cache-dependency-path: lifecycle-manager/go.sum
- name: Setup test clusters
uses: ./lifecycle-manager/.github/actions/setup-test-clusters
with:
k8s_version: ${{ steps.configuration.outputs.k8s_version }}
cert_manager_version: ${{ steps.configuration.outputs.cert_manager_version }}
- name: Deploy lifecycle-manager
uses: ./lifecycle-manager/.github/actions/deploy-lifecycle-manager-e2e
with:
klm_version_tag: ${{ steps.configuration.outputs.klm_version_tag }}
klm_image_repo: ${{ steps.configuration.outputs.klm_image_repo }}
- name: Deploy template-operator
uses: ./lifecycle-manager/.github/actions/deploy-template-operator-with-modulereleasemeta
env:
ModuleDeploymentName: template-operator-controller-manager
ModuleDeploymentNameInNewerVersion: template-operator-v2-controller-manager
ModuleDeploymentNameInOlderVersion: template-operator-v1-controller-manager
NewerVersion: 2.4.2-e2e-test
OlderVersion: 1.1.1-e2e-test
VersionForStatefulSetInWarning: 1.0.0-warning-statefulset
VersionForDeploymentInWarning: 1.0.0-warning-deployment
VersionForMisconfiguredDeploymentImage: 1.0.0-misconfigured-deployment
VersionForMisconfiguredStatefulSetImage: 1.0.0-misconfigured-statefulset
VersionForNoDefaultCR: 1.0.0-no-default-cr
MisconfiguredModuleName: template-operator-misconfigured
ModuleName: template-operator
- name: Run '${{ matrix.e2e-test }}' test
working-directory: lifecycle-manager
run: |
make -C tests/e2e ${{ matrix.e2e-test }}