Install from the release and run tests.

Signed-off-by: Ville Aikas <[email protected]>
sigstore · Jan 18, 2022 · 1c4706a · 1c4706a
1 parent 981e2bf
commit 1c4706a
Show file tree

Hide file tree

Showing 3 changed files with 119 additions and 1 deletion.
diff --git a/.github/workflows/fulcio-rekor-kind.yaml b/.github/workflows/fulcio-rekor-kind.yaml
@@ -98,7 +98,7 @@ jobs:
 
     - name: Install all the everythings
       working-directory: ./src/github.com//vaikas/sigstore-scaffolding
-      timeout-minutes: 30
+      timeout-minutes: 10
       run: |
         ko apply -BRf ./config/
 

diff --git a/.github/workflows/test-release.yaml b/.github/workflows/test-release.yaml
@@ -0,0 +1,116 @@
+# Copyright 2021 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+name: Fulcio&Rekor E2E Tests Using Release
+
+on:
+  pull_request:
+    branches: [ main ]
+
+defaults:
+  run:
+    shell: bash
+    working-directory: ./src/github.com/vaikas/sigstore-scaffolding
+
+concurrency:
+  group: fulcio-rekor-kind-using-release-${{ github.head_ref }}
+  cancel-in-progress: true
+
+jobs:
+  fulcio-rekor-ctlog-tests-using-release:
+    name: e2e tests using release
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false # Keep running if one leg fails.
+      matrix:
+        k8s-version:
+        - v1.21.x
+
+        leg:
+        - fulcio rekor ctlog e2e
+
+    env:
+      KNATIVE_VERSION: "1.1.0"
+      RELEASE_VERSION: "v0.1.8-alpha"
+      KO_DOCKER_REPO: registry.local:5000/knative
+      KOCACHE: ~/ko
+
+    steps:
+    - name: Configure DockerHub mirror
+      working-directory: ./
+      run: |
+        tmp=$(mktemp)
+        jq '."registry-mirrors" = ["https://mirror.gcr.io"]' /etc/docker/daemon.json > "$tmp"
+        sudo mv "$tmp" /etc/docker/daemon.json
+        sudo service docker restart
+
+    - name: Check out our repo
+      uses: actions/checkout@v2
+      with:
+        path: ./src/github.com/vaikas/sigstore-scaffolding
+
+    - name: Setup Cluster
+      working-directory: ./src/github.com/vaikas/sigstore-scaffolding
+      run: |
+        ./hack/setup-kind.sh \
+          --registry-url $(echo ${KO_DOCKER_REPO} | cut -d'/' -f 1) \
+          --cluster-suffix cluster.local \
+          --k8s-version ${{ matrix.k8s-version }} \
+          --knative-version ${KNATIVE_VERSION}
+
+    - name: Install all the everythings
+      working-directory: ./src/github.com//vaikas/sigstore-scaffolding
+      timeout-minutes: 10
+      run: |
+        curl -L https://github.com/vaikas/sigstore-scaffolding/releases/download/${{ env.RELEASE_VERSION }}/release.yaml | kubectl apply -f -
+
+        # Wait for all the ksvc to be up.
+        kubectl wait --timeout 10m -A --for=condition=Ready ksvc --all
+
+    - name: Run Tests
+      working-directory: ./src/github.com/vaikas/sigstore-scaffolding
+      run: |
+        # Grab the secret from the ctlog-system namespace and make a copy
+        # in our namespace so we can get access to the CT Log public key
+        # so we can verify the SCT coming from there.
+        kubectl -n ctlog-system get secrets ctlog-public-key -oyaml | sed 's/namespace: .*/namespace: default/' | kubectl apply -f -
+
+        curl -L https://github.com/vaikas/sigstore-scaffolding/releases/download/${{ env.RELEASE_VERSION }}/testrelease.yaml | kubectl create -f -
+
+        kubectl wait --for=condition=Complete --timeout=90s job/check-oidc
+        kubectl wait --for=condition=Complete --timeout=90s job/checktree
+
+    - name: Collect node diagnostics
+      if: ${{ failure() }}
+      run: |
+        for x in $(kubectl get nodes -oname); do
+          echo "::group:: describe $x"
+          kubectl describe $x
+          echo '::endgroup::'
+        done
+
+    - name: Collect pod diagnostics
+      if: ${{ failure() }}
+      run: |
+        for ns in fulcio-system rekor-system trillian-system ctlog-system; do
+          kubectl get pods -n${ns}
+
+          for x in $(kubectl get pods -n${ns} -oname); do
+            echo "::group:: describe $x"
+            kubectl describe -n${ns} $x
+            echo '::endgroup::'
+          done
+        done
+
+    - name: Collect logs
+      if: ${{ failure() }}
+      run: |
+        mkdir -p /tmp/logs
+        kind export logs /tmp/logs
+
+    - name: Upload artifacts
+      if: ${{ failure() }}
+      uses: actions/upload-artifact@v2
+      with:
+        name: logs
+        path: /tmp/logs
diff --git a/testdata/config/sign-job/sign-job.yaml b/testdata/config/sign-job/sign-job.yaml
@@ -24,6 +24,8 @@ spec:
           value: "true"
         - name: SIGSTORE_CT_LOG_PUBLIC_KEY_FILE
           value: "/var/run/sigstore-root/rootfile.pem"
+        - name: COSIGN_REPOSITORY
+          value: "registry.local:5000/knative"
         volumeMounts:
         - name: oidc-info
           mountPath: /var/run/sigstore/cosign