-
Notifications
You must be signed in to change notification settings - Fork 56
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Install from the release and run tests.
Signed-off-by: Ville Aikas <[email protected]>
- Loading branch information
Showing
3 changed files
with
119 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
# Copyright 2021 Chainguard, Inc. | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
name: Fulcio&Rekor E2E Tests Using Release | ||
|
||
on: | ||
pull_request: | ||
branches: [ main ] | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
working-directory: ./src/github.com/vaikas/sigstore-scaffolding | ||
|
||
concurrency: | ||
group: fulcio-rekor-kind-using-release-${{ github.head_ref }} | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
fulcio-rekor-ctlog-tests-using-release: | ||
name: e2e tests using release | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false # Keep running if one leg fails. | ||
matrix: | ||
k8s-version: | ||
- v1.21.x | ||
|
||
leg: | ||
- fulcio rekor ctlog e2e | ||
|
||
env: | ||
KNATIVE_VERSION: "1.1.0" | ||
RELEASE_VERSION: "v0.1.8-alpha" | ||
KO_DOCKER_REPO: registry.local:5000/knative | ||
KOCACHE: ~/ko | ||
|
||
steps: | ||
- name: Configure DockerHub mirror | ||
working-directory: ./ | ||
run: | | ||
tmp=$(mktemp) | ||
jq '."registry-mirrors" = ["https://mirror.gcr.io"]' /etc/docker/daemon.json > "$tmp" | ||
sudo mv "$tmp" /etc/docker/daemon.json | ||
sudo service docker restart | ||
- name: Check out our repo | ||
uses: actions/checkout@v2 | ||
with: | ||
path: ./src/github.com/vaikas/sigstore-scaffolding | ||
|
||
- name: Setup Cluster | ||
working-directory: ./src/github.com/vaikas/sigstore-scaffolding | ||
run: | | ||
./hack/setup-kind.sh \ | ||
--registry-url $(echo ${KO_DOCKER_REPO} | cut -d'/' -f 1) \ | ||
--cluster-suffix cluster.local \ | ||
--k8s-version ${{ matrix.k8s-version }} \ | ||
--knative-version ${KNATIVE_VERSION} | ||
- name: Install all the everythings | ||
working-directory: ./src/github.com//vaikas/sigstore-scaffolding | ||
timeout-minutes: 10 | ||
run: | | ||
curl -L https://github.com/vaikas/sigstore-scaffolding/releases/download/${{ env.RELEASE_VERSION }}/release.yaml | kubectl apply -f - | ||
# Wait for all the ksvc to be up. | ||
kubectl wait --timeout 10m -A --for=condition=Ready ksvc --all | ||
- name: Run Tests | ||
working-directory: ./src/github.com/vaikas/sigstore-scaffolding | ||
run: | | ||
# Grab the secret from the ctlog-system namespace and make a copy | ||
# in our namespace so we can get access to the CT Log public key | ||
# so we can verify the SCT coming from there. | ||
kubectl -n ctlog-system get secrets ctlog-public-key -oyaml | sed 's/namespace: .*/namespace: default/' | kubectl apply -f - | ||
curl -L https://github.com/vaikas/sigstore-scaffolding/releases/download/${{ env.RELEASE_VERSION }}/testrelease.yaml | kubectl create -f - | ||
kubectl wait --for=condition=Complete --timeout=90s job/check-oidc | ||
kubectl wait --for=condition=Complete --timeout=90s job/checktree | ||
- name: Collect node diagnostics | ||
if: ${{ failure() }} | ||
run: | | ||
for x in $(kubectl get nodes -oname); do | ||
echo "::group:: describe $x" | ||
kubectl describe $x | ||
echo '::endgroup::' | ||
done | ||
- name: Collect pod diagnostics | ||
if: ${{ failure() }} | ||
run: | | ||
for ns in fulcio-system rekor-system trillian-system ctlog-system; do | ||
kubectl get pods -n${ns} | ||
for x in $(kubectl get pods -n${ns} -oname); do | ||
echo "::group:: describe $x" | ||
kubectl describe -n${ns} $x | ||
echo '::endgroup::' | ||
done | ||
done | ||
- name: Collect logs | ||
if: ${{ failure() }} | ||
run: | | ||
mkdir -p /tmp/logs | ||
kind export logs /tmp/logs | ||
- name: Upload artifacts | ||
if: ${{ failure() }} | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: logs | ||
path: /tmp/logs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters