Skip to content

Changing secret propagation from manifests to policy #4214

Changing secret propagation from manifests to policy

Changing secret propagation from manifests to policy #4214

Workflow file for this run

# SPDX-FileCopyrightText: The RamenDR authors
# SPDX-License-Identifier: Apache-2.0
---
# yamllint disable rule:line-length
name: CI
# This workflow will run when developer push a topic branch to their
# fork in github, minimizing noise for maintainers. This
# workflow also runs on nightly basis at 12:00 AM (00:00 UTC)
on: # yamllint disable-line rule:truthy
push:
pull_request:
schedule:
- cron: '0 0 * * *'
env:
# Values can be overriden by repository variables.
IMAGE_TAG_BASE: ${{ vars.IMAGE_TAG_BASE || 'quay.io/ramendr/ramen' }}
IMAGE_REPOSITORY: ${{ vars.IMAGE_REPOSITORY || 'ramendr' }}
IMAGE_NAME: ${{ vars.IMAGE_NAME || 'ramen' }}
OPERATOR_SUGGESTED_NAMESPACE: ${{ vars.OPERATOR_SUGGESTED_NAMESPACE || 'ramen-system' }}
# Constants
GO_VERSION: "1.22"
IMAGE_REGISTRY: "quay.io"
IMAGE_TAG: "ci"
DOCKERCMD: "podman"
DRIVER: "container"
defaults:
run:
shell: bash
jobs:
lint:
name: Linters
runs-on: ubuntu-20.04
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install prereqs
run: |
echo 'APT::Acquire::Retries "5";' | sudo tee /etc/apt/apt.conf.d/80-retries
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y python3-pip ruby
sudo gem install mdl
sudo pip3 install yamllint
- name: Run linters
run: ./hack/pre-commit.sh
- name: Check that generated files were not modified
run: |
make generate
make manifests
go mod tidy
git --no-pager diff
git diff-index --quiet HEAD
golangci:
name: Golangci Lint
runs-on: ubuntu-20.04
strategy:
matrix:
directory: [., api, e2e]
# golangci-lint has a limitation that it doesn't lint subdirectories if
# they are a different module.
# see https://github.com/golangci/golangci-lint/issues/828
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
# when the files to be extracted are already present,
# tar extraction in Golangci Lint fails with the "File exists"
# errors. These files appear to be present because of
# cache in setup-go, on disabling the cache we are no more seeing
# such error. Cache is to be enabled once the fix is available for
# this issue.
go-version: ${{ env.GO_VERSION }}
cache: false
- name: GolangCI Lint
uses: golangci/golangci-lint-action@v6
with:
version: v1.55.2
working-directory: ${{ matrix.directory }}
unit-test:
name: Unit tests
runs-on: ubuntu-20.04
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Run unit tests
run: make test
drenv-test:
name: drenv tests
runs-on: ubuntu-22.04
strategy:
matrix:
python-version:
- "3.10"
- "3.11"
- "3.12"
- "3.13"
- "3.14-dev"
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install minikube
run: |
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube
minikube version
- name: Install kubectl
run: |
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install ./kubectl /usr/local/bin/
kubectl version --client --output=yaml
- name: Install tools
run: pip install -r requirements.txt
- name: Enable coverage for child processes
run: cp coverage.pth $(python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])')
- name: Install drenv
run: pip install -e test
- name: Run flake8
run: make flake8
working-directory: test
- name: Run pylint
run: make pylint
working-directory: test
- name: Run black
run: make black
working-directory: test
- name: Start test cluster
run: make cluster
working-directory: test
- name: Run tests
run: make test
working-directory: test
- name: Report test coverage
run: make coverage
working-directory: test
- name: Clean up
run: make clean
working-directory: test
ramenctl-test:
name: ramenctl tests
runs-on: ubuntu-22.04
strategy:
matrix:
python-version:
- "3.10"
- "3.11"
- "3.12"
- "3.13"
- "3.14-dev"
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install tools
run: pip install -r requirements.txt
- name: Install drenv
run: pip install -e test
- name: Run flake8
run: make flake8
working-directory: ramenctl
- name: Run pylint
run: make pylint
working-directory: ramenctl
- name: Run black
run: make black
working-directory: ramenctl
build-image:
name: Build image
runs-on: ubuntu-20.04
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Build image
run: make docker-build
- name: Export image
run: ${{env.DOCKERCMD}} save -o /tmp/ramen-operator.tar ${IMAGE_TAG_BASE}-operator:${IMAGE_TAG}
- name: Save image artifact
uses: actions/upload-artifact@v4
with:
name: ramen-operator
path: /tmp/ramen-operator.tar
retention-days: 1
deploy-check:
name: Check artifacts and operator deployment
needs: [build-image]
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
kubernetes_version: ["1.29.1"]
include:
- kubernetes_version: "1.29.1"
kind_image: "1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144"
kind_version: "v0.21.0"
env:
KUBERNETES_VERSION: ${{ matrix.kubernetes_version }}
KIND_VERSION: ${{ matrix.kind_version }}
KIND_IMAGE: ${{ matrix.kind_image }}
KIND_CLUSTER_NAME: "ci"
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install kubectl
run: |
curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
sudo install ./kubectl /usr/local/bin/
- name: Create Kind kubernetes cluster
run: ./hack/setup-kind-cluster.sh
- name: Download image artifact
uses: actions/download-artifact@v4
with:
name: ramen-operator
path: /tmp
- name: Load image artifact
run: |
kind load image-archive /tmp/ramen-operator.tar --name ${KIND_CLUSTER_NAME}
- name: Deploy dependent CRDs
run: |
kubectl apply -f hack/test/
- name: Deploy operator
run: |
make deploy
kubectl get deployment -n ramen-system
kubectl -n ramen-system wait --for=condition=Available --timeout=60s deploy/ramen-hub-operator
kubectl -n ramen-system wait --for=condition=Available --timeout=60s deploy/ramen-dr-cluster-operator
- name: Display failure logs
if: ${{ failure() }}
run: |
echo "===> BEGIN failure details <==="
echo "===> NODE details <==="
kubectl get node -o yaml
echo "===> Ramen POD details <==="
kubectl get pods -n ramen-system -o yaml
echo "===> Ramen POD describe <==="
kubectl describe pods -n ramen-system
echo "===> Ramen DR Orchestrator POD logs <==="
kubectl logs -n ramen-system deployment/ramen-hub-operator -c manager
echo "===> Ramen DR Manager POD logs <==="
kubectl logs -n ramen-system deployment/ramen-dr-cluster-operator -c manager
echo "===> END failure details <==="
publish-image:
name: Publish built image
needs: [deploy-check, lint, golangci, unit-test, build-image]
if: >
(vars.PUBLISH_IMAGES == 'true') &&
(github.event_name == 'push') &&
(github.ref == 'refs/heads/main' ||
startsWith(github.ref, 'refs/heads/release-') ||
startsWith(github.ref, 'refs/tags/v'))
runs-on: ubuntu-20.04
steps:
- name: Download image artifact
uses: actions/download-artifact@v4
with:
name: ramen-operator
path: /tmp
- name: Load image artifact
run: |
${{env.DOCKERCMD}} load -i /tmp/ramen-operator.tar
- name: Login to Quay
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
- name: Determine image tag
run: |
[[ "${{ github.ref }}" =~ ^refs\/(heads|tags)\/(release-)?(.*) ]]
echo "heads or tags? ${BASH_REMATCH[1]}"
echo "release? ${BASH_REMATCH[2]}"
echo "version? ${BASH_REMATCH[3]}"
TAG=""
if test "${BASH_REMATCH[1]}" = "heads"; then
if test "${BASH_REMATCH[2]}" = "" && test "${BASH_REMATCH[3]}" = "main"; then
TAG="canary"
elif test "${BASH_REMATCH[2]}" = "release-"; then
TAG="${BASH_REMATCH[3]}-canary"
fi
elif test "${BASH_REMATCH[1]}" == "tags" && test "${BASH_REMATCH[2]}" = ""; then
TAG="${BASH_REMATCH[3]}"
fi
test "${TAG}" = "" && exit 1
echo "Publish image tag ${TAG}"
echo "publish_image_tag=${TAG}" >> $GITHUB_ENV
- name: Push operator image to Quay
run: |
${{env.DOCKERCMD}} tag "${IMAGE_TAG_BASE}-operator:${IMAGE_TAG}" "${IMAGE_TAG_BASE}-operator:${{ env.publish_image_tag }}"
${{env.DOCKERCMD}} push "${IMAGE_TAG_BASE}-operator:${{ env.publish_image_tag }}"
# TODO: We do not need to build bundles and catalogs each time, fix once we reach alpha
- name: Checkout source
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Build and push bundle images to Quay
run: |
IMAGE_TAG="${{ env.publish_image_tag }}" make bundle-build bundle-push
- name: Build and push catalog image to Quay
run: |
IMAGE_TAG="${{ env.publish_image_tag }}" make catalog-build catalog-push
# TODO: Test built bundles and catalog based install