Service per pod #96
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint & Test Charts | |
on: pull_request | |
jobs: | |
pull_request: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.13 | |
- name: Set up chart-testing | |
uses: helm/[email protected] | |
- name: Create Playground Account for Tests | |
run: | | |
playground_account_raw=`curl https://api.prod.us-east-1.warpstream.com/api/v1/signup -X POST -d '{"primary_user_first_name": "chart-ci", "primary_user_last_name": "Account", "tenant_name": "chart-ci-organization-'$(uuidgen)'", "primary_user_email": "chart-ci-email@'$(uuidgen)'", "primary_user_password": "chart-ci-password-'$(uuidgen)'", "is_demo": true}'` | |
export DefaultVirtualClusterID=`echo ${playground_account_raw} | jq -r .DefaultVirtualClusterID` | |
export DefaultVirtualClusterAgentKeySecret=`echo ${playground_account_raw} | jq -r .DefaultVirtualClusterAgentKeySecret` | |
echo "DefaultVirtualClusterID=${DefaultVirtualClusterID}" >> $GITHUB_ENV | |
echo "DefaultVirtualClusterAgentKeySecret=${DefaultVirtualClusterAgentKeySecret}" >> $GITHUB_ENV | |
- name: Generate Tests | |
run: | | |
./hack/ci/scripts/generate-tests.sh | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | |
if [[ -n "$changed" ]]; then | |
echo "changed=true" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Run chart-testing (lint) | |
if: steps.list-changed.outputs.changed == 'true' | |
run: ct lint --target-branch ${{ github.event.repository.default_branch }} | |
- name: Create kind cluster | |
if: steps.list-changed.outputs.changed == 'true' | |
uses: helm/kind-action@v1 | |
- name: Create Secret for Tests from Playground Account | |
run: | | |
kubectl create secret generic external-secret --from-literal=agentkey=${DefaultVirtualClusterAgentKeySecret} | |
- name: Generate Certificate for TLS testing | |
run: | | |
mkdir /tmp/certificates | |
cd /tmp/certificates | |
mkdir -p ca/private | |
chmod 700 ca/private | |
# Generate CA | |
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout ca/private/ca_key.pem -out ca/ca_cert.pem -subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=example.com" | |
# Create server private key and certificate request | |
mkdir -p server/private | |
chmod 700 ca/private | |
openssl genrsa -out server/private/server_key.pem 4096 | |
openssl req -new -key server/private/server_key.pem -out server/server.csr -subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=WarpStream Agent" -addext 'subjectAltName = DNS:playground-sts-cert, DNS:playground-sts-cert-kafka, DNS:playground-sts-cert.default.svc.cluster.local, DNS:*.playground-sts-cert-headless.default.svc.cluster.local' | |
# Create client private key and certificate request | |
mkdir -p client/private | |
chmod 700 client/private | |
openssl genrsa -out client/private/client_key.pem 4096 | |
openssl req -new -key client/private/client_key.pem -out client/client.csr -subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=WarpStream Client" | |
# Generate certificates | |
openssl x509 -req -days 1460 -in server/server.csr -CA ca/ca_cert.pem -CAkey ca/private/ca_key.pem -CAcreateserial -out server/server_cert.pem -copy_extensions copyall | |
openssl x509 -req -days 1460 -in client/client.csr -CA ca/ca_cert.pem -CAkey ca/private/ca_key.pem -CAcreateserial -out client/client_cert.pem -copy_extensions copyall | |
# Create Kubernetes Secrets | |
kubectl create secret tls ci-certificate --cert=server/server_cert.pem --key=server/private/server_key.pem | |
kubectl create secret tls ci-certificate-client --cert=client/client_cert.pem --key=client/private/client_key.pem | |
kubectl create secret generic ci-certificate-ca --from-file=ca.crt=ca/ca_cert.pem | |
- name: Run chart-testing (install) | |
if: steps.list-changed.outputs.changed == 'true' | |
run: ct install --namespace default --target-branch ${{ github.event.repository.default_branch }} --upgrade --skip-missing-values |