chore: Bump version for automation-flavors#286 & add scanner-v4 parameter to demos #2329
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Workflow | |
on: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
defaults: | |
run: | |
working-directory: go/src/github.com/stackrox/infra | |
concurrency: pr-${{ github.ref }} | |
env: | |
CLUSTER_NAME: infra-pr-${{ github.event.pull_request.number }} | |
GH_TOKEN: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }} | |
jobs: | |
lint: | |
uses: ./.github/workflows/lint.yaml | |
unit-tests: | |
uses: ./.github/workflows/unit-tests.yaml | |
build-and-push: | |
uses: ./.github/workflows/build-and-push.yaml | |
secrets: inherit | |
create-dev-cluster: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: stackrox/actions/infra/create-cluster@v1 | |
with: | |
flavor: gke-default | |
name: infra-pr-${{ github.event.pull_request.number }} | |
args: machine-type=e2-medium,nodes=3,gcp-image-type=ubuntu_containerd | |
lifespan: ${{ github.actor == 'dependabot[bot]' && '1h' || '24h' }} | |
wait: true | |
token: ${{ secrets.INFRA_TOKEN }} | |
comment-on-PR: | |
needs: | |
- build-and-push | |
- create-dev-cluster | |
runs-on: ubuntu-latest | |
container: | |
image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.4 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
path: go/src/github.com/stackrox/infra | |
- name: Add PR comment for deploy to dev | |
env: | |
GITHUB_TOKEN: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }} | |
run: | | |
./scripts/add-PR-comment-for-deploy-to-dev.sh "${{ github.event.pull_request.html_url }}" "$CLUSTER_NAME" | |
deploy-and-test: | |
needs: | |
- build-and-push | |
- create-dev-cluster | |
runs-on: ubuntu-latest | |
container: | |
image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.4 | |
env: | |
KUBECONFIG: /github/home/artifacts/kubeconfig | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | |
INFRACTL: bin/infractl -k -e localhost:8443 | |
USE_GKE_GCLOUD_AUTH_PLUGIN: "True" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
path: go/src/github.com/stackrox/infra | |
- name: Authenticate to GCloud | |
uses: google-github-actions/auth@v2 | |
with: | |
credentials_json: ${{ secrets.INFRA_CI_AUTOMATION_GCP_SA }} | |
- name: Set up Cloud SDK | |
uses: "google-github-actions/setup-gcloud@v2" | |
with: | |
install_components: "gke-gcloud-auth-plugin" | |
- name: Download production infractl | |
uses: stackrox/actions/infra/install-infractl@v1 | |
- name: Download artifacts | |
run: | | |
/github/home/.local/bin/infractl artifacts "$CLUSTER_NAME" -d /github/home/artifacts >> "$GITHUB_STEP_SUMMARY" | |
kubectl get nodes -o wide || true | |
- name: Deploy infra to dev cluster | |
run: | | |
ENVIRONMENT=development TEST_MODE=true make install-argo clean-argo-config install-monitoring helm-deploy | |
sleep 10 # wait for old pods to disappear so the svc port-forward doesn't connect to them | |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 & | |
sleep 10 | |
kubectl -n infra logs -l app=infra-server --tail=-1 | |
make pull-infractl-from-dev-server | |
kill %1 | |
- name: Check the deployment | |
run: | | |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 & | |
sleep 10 | |
version="$($INFRACTL version --json)" | |
echo "$version" | |
client="$(echo "$version" | jq -r '.Client.Version')" | |
server="$(echo "$version" | jq -r '.Server.Version')" | |
if [[ "$client" == "$server" ]]; then | |
echo "Client and server versions match" | |
else | |
echo "Client and server versions are mismatched" | |
exit 1 | |
fi | |
tag="$(make tag)" | |
if [[ "$client" == "$tag" ]]; then | |
echo "Infra and make tag match" | |
else | |
echo "Infra and make tag are mismatched (make tag: $tag)" | |
exit 1 | |
fi | |
kill %1 | |
- name: Install Argo CLI | |
run: | | |
ARGO_VERSION=$(grep "github.com/argoproj/argo-workflows/v3" go.mod | awk '{ print $2 }') | |
curl -sLO "https://github.com/argoproj/argo-workflows/releases/download/${ARGO_VERSION}/argo-linux-amd64.gz" | |
gunzip argo-linux-amd64.gz | |
chmod +x argo-linux-amd64 | |
mv ./argo-linux-amd64 /usr/local/bin/argo | |
argo version | |
- name: Lint Argo workflows | |
# We're linting here, because Argo Lint requires a workflow server | |
run: | | |
make argo-workflow-lint | |
- name: Run BATS e2e tests | |
env: | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN_DEV }} | |
run: | | |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 & | |
sleep 5 | |
$INFRACTL whoami || true | |
$INFRACTL version || true | |
make bats-e2e-tests || touch FAIL | |
kubectl -n infra logs -l app=infra-server --tail=-1 | |
kill %1 | |
[[ ! -f FAIL ]] | |
- name: Run Go e2e tests | |
env: | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN_DEV }} | |
run: | | |
kubectl -n infra port-forward svc/infra-server-service 8443:8443 & | |
sleep 5 | |
make go-e2e-tests |