-
Notifications
You must be signed in to change notification settings - Fork 1
137 lines (130 loc) · 4.34 KB
/
tests.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Tests
on:
push:
branches:
- master
tags:
- "*"
pull_request:
schedule:
- cron: '0 5 * * *'
jobs:
style:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11'
cache: 'gradle'
- name: Check style
run: make -C functionaltest-jenkins-plugin style
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '8'
cache: 'maven'
- name: Initialize CodeQL
if: github.event_name == 'push'
uses: github/codeql-action/init@v2
with:
languages: java, javascript
- name: Build with Maven
run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom
- uses: actions/upload-artifact@v3
with:
name: stackrox-container-image-scanner.hpi
path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi
- uses: actions/upload-artifact@v3
with:
name: stackrox-container-image-scanner.jar
path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar
- name: Perform CodeQL Analysis
if: github.event_name == 'push'
uses: github/codeql-action/analyze@v2
e2e:
if: github.event_name == 'push' || !github.event.pull_request.head.repo.fork
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: stackrox/stackrox
path: stackrox
- uses: docker/setup-buildx-action@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11'
cache: 'gradle'
- name: Install kubectl
run: sudo snap install kubectl --classic
- name: Install gcloud
run: |
sudo snap install google-cloud-cli --classic
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update
sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin
- uses: actions/download-artifact@v3
with:
name: stackrox-container-image-scanner.hpi
path: jenkins
- uses: actions/download-artifact@v3
with:
name: stackrox-container-image-scanner.hpi
path: stackrox-container-image-scanner/target/
- name: Build jenkins image
uses: docker/build-push-action@v5
with:
tags: jenkins-test
context: jenkins
push: false
load: true
- name: Run jenkins in background
run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test
- name: Create GKE cluster
id: create-cluster
env:
GCP_SERVICE_ACCOUNT_STACKROX_CI: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }}
run: |
cd stackrox
source "scripts/ci/gke.sh"
provision_gke_cluster "jenkins-plugin-e2e" 3 e2-standard-4
echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT
wait_for_cluster
- name: Deploy Stackrox
id: deploy
env:
MAIN_IMAGE_TAG: latest
MONITORING_SUPPORT: false
run: |
cd stackrox
./deploy/k8s/central.sh
pass=$(cat deploy/k8s/central-deploy/password)
echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT
- name: Wait for API
run: |
cd stackrox
source "tests/e2e/lib.sh"
export USE_MIDSTREAM_IMAGES=false
wait_for_api
- name: Run tests
env:
ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }}
ROX_ENDPOINT: https://localhost:8000
JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000
run: make -C functionaltest-jenkins-plugin test
- name: Teardown GKE cluster
if: always() && steps.create-cluster.outputs.CLUSTER_NAME != ''
env:
CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }}
run: |
source "stackrox/scripts/ci/gke.sh"
teardown_gke_cluster