Skip to content

chore: Bump version for automation-flavors#286 & add scanner-v4 parameter to demos #2329

chore: Bump version for automation-flavors#286 & add scanner-v4 parameter to demos

chore: Bump version for automation-flavors#286 & add scanner-v4 parameter to demos #2329

Workflow file for this run

name: PR Workflow
on:
pull_request:
types:
- opened
- synchronize
defaults:
run:
working-directory: go/src/github.com/stackrox/infra
concurrency: pr-${{ github.ref }}
env:
CLUSTER_NAME: infra-pr-${{ github.event.pull_request.number }}
GH_TOKEN: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }}
jobs:
lint:
uses: ./.github/workflows/lint.yaml
unit-tests:
uses: ./.github/workflows/unit-tests.yaml
build-and-push:
uses: ./.github/workflows/build-and-push.yaml
secrets: inherit
create-dev-cluster:
runs-on: ubuntu-latest
steps:
- uses: stackrox/actions/infra/create-cluster@v1
with:
flavor: gke-default
name: infra-pr-${{ github.event.pull_request.number }}
args: machine-type=e2-medium,nodes=3,gcp-image-type=ubuntu_containerd
lifespan: ${{ github.actor == 'dependabot[bot]' && '1h' || '24h' }}
wait: true
token: ${{ secrets.INFRA_TOKEN }}
comment-on-PR:
needs:
- build-and-push
- create-dev-cluster
runs-on: ubuntu-latest
container:
image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.4
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
path: go/src/github.com/stackrox/infra
- name: Add PR comment for deploy to dev
env:
GITHUB_TOKEN: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }}
run: |
./scripts/add-PR-comment-for-deploy-to-dev.sh "${{ github.event.pull_request.html_url }}" "$CLUSTER_NAME"
deploy-and-test:
needs:
- build-and-push
- create-dev-cluster
runs-on: ubuntu-latest
container:
image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.4
env:
KUBECONFIG: /github/home/artifacts/kubeconfig
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
INFRACTL: bin/infractl -k -e localhost:8443
USE_GKE_GCLOUD_AUTH_PLUGIN: "True"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
path: go/src/github.com/stackrox/infra
- name: Authenticate to GCloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.INFRA_CI_AUTOMATION_GCP_SA }}
- name: Set up Cloud SDK
uses: "google-github-actions/setup-gcloud@v2"
with:
install_components: "gke-gcloud-auth-plugin"
- name: Download production infractl
uses: stackrox/actions/infra/install-infractl@v1
- name: Download artifacts
run: |
/github/home/.local/bin/infractl artifacts "$CLUSTER_NAME" -d /github/home/artifacts >> "$GITHUB_STEP_SUMMARY"
kubectl get nodes -o wide || true
- name: Deploy infra to dev cluster
run: |
ENVIRONMENT=development TEST_MODE=true make install-argo clean-argo-config install-monitoring helm-deploy
sleep 10 # wait for old pods to disappear so the svc port-forward doesn't connect to them
kubectl -n infra port-forward svc/infra-server-service 8443:8443 &
sleep 10
kubectl -n infra logs -l app=infra-server --tail=-1
make pull-infractl-from-dev-server
kill %1
- name: Check the deployment
run: |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 &
sleep 10
version="$($INFRACTL version --json)"
echo "$version"
client="$(echo "$version" | jq -r '.Client.Version')"
server="$(echo "$version" | jq -r '.Server.Version')"
if [[ "$client" == "$server" ]]; then
echo "Client and server versions match"
else
echo "Client and server versions are mismatched"
exit 1
fi
tag="$(make tag)"
if [[ "$client" == "$tag" ]]; then
echo "Infra and make tag match"
else
echo "Infra and make tag are mismatched (make tag: $tag)"
exit 1
fi
kill %1
- name: Install Argo CLI
run: |
ARGO_VERSION=$(grep "github.com/argoproj/argo-workflows/v3" go.mod | awk '{ print $2 }')
curl -sLO "https://github.com/argoproj/argo-workflows/releases/download/${ARGO_VERSION}/argo-linux-amd64.gz"
gunzip argo-linux-amd64.gz
chmod +x argo-linux-amd64
mv ./argo-linux-amd64 /usr/local/bin/argo
argo version
- name: Lint Argo workflows
# We're linting here, because Argo Lint requires a workflow server
run: |
make argo-workflow-lint
- name: Run BATS e2e tests
env:
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN_DEV }}
run: |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 &
sleep 5
$INFRACTL whoami || true
$INFRACTL version || true
make bats-e2e-tests || touch FAIL
kubectl -n infra logs -l app=infra-server --tail=-1
kill %1
[[ ! -f FAIL ]]
- name: Run Go e2e tests
env:
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN_DEV }}
run: |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 &
sleep 5
make go-e2e-tests