use dockerhub instead of ghcr.io and rename image to replicated-sdk #323
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR/main branch CI | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
env: | |
APP_SLUG: replicated-sdk-e2e | |
jobs: | |
make-tests: | |
env: | |
PACT_VERSION: ${{ github.sha }} | |
PACT_BROKER_BASE_URL: ${{ vars.PACT_BROKER_BASE_URL }} | |
PACT_BROKER_TOKEN: ${{ secrets.PACT_BROKER_TOKEN }} | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '^1.20' | |
cache: false | |
- uses: replicatedhq/action-install-pact@v1 | |
- run: make test | |
build-and-push-e2e: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '^1.20' | |
- name: build and push replicated for e2e | |
env: | |
USER: automated-${{ github.run_id }} | |
run: make build-ttl.sh | |
validate-chart: | |
runs-on: ubuntu-22.04 | |
needs: [ build-and-push-e2e ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: validate chart | |
run: | | |
output=$(helm template oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0) | |
if echo $output | grep -q integration-enabled; then | |
printf "'integration-enabled' key should not exist if value is not set by the user:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
if echo $output | grep -q 'kind: ConfigMap'; then | |
printf "legacy/deprecated configmap should not exist:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
if ! echo $output | grep -q 'kind: ServiceAccount'; then | |
printf "default service account should exist if user does not set serviceAccountName:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
if ! echo $output | grep -q 'kind: Role'; then | |
printf "default role should exist if user does not set serviceAccountName:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
if ! echo $output | grep -q 'kind: RoleBinding'; then | |
printf "default rolebinding should exist if user does not set serviceAccountName:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
if ! echo $output | grep -q 'statusInformers: null'; then | |
printf "default statusInformers should be null:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
output=$(helm template oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --set integration.enabled=true) | |
if ! echo $output | grep -q integration-enabled; then | |
printf "'integration-enabled' key should exist if value is set by the user:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
output=$(helm template oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --set isAirgap=true) | |
if ! echo $output | grep -q 'name: DISABLE_OUTBOUND_CONNECTIONS value: "true"'; then | |
printf "'DISABLE_OUTBOUND_CONNECTIONS' env var should be set to to 'true' in airgap mode:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
output=$(helm template oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --set serviceAccountName=foo) | |
if echo $output | grep -q 'kind: ServiceAccount'; then | |
printf "default service account should not exist if user sets serviceAccountName:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
if echo $output | grep -q 'kind: Role'; then | |
printf "default role should not exist if user sets serviceAccountName:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
if echo $output | grep -q 'kind: RoleBinding'; then | |
printf "default rolebinding should not exist if user sets serviceAccountName:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
if ! echo $output | grep -q 'serviceAccountName: foo'; then | |
printf "user-set serviceAccountName reference should exist:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
cat << EOF > test-values.yaml | |
extraEnv: | |
- name: TEST_EXTRA_ENV | |
value: test-extra-env | |
EOF | |
output=$(helm template oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --values test-values.yaml) | |
if ! echo $output | grep -q 'TEST_EXTRA_ENV'; then | |
printf "user-set extraEnv should exist:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
cat << EOF > test-values.yaml | |
tolerations: | |
- key: "test-toleration-key" | |
operator: "Equal" | |
value: "test-toleration-value" | |
effect: "NoSchedule" | |
EOF | |
output=$(helm template oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --values test-values.yaml) | |
if ! echo $output | grep -q 'tolerations:'; then | |
printf "user-set tolerations should exist:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
if ! echo $output | grep -q 'test-toleration-key'; then | |
printf "user-set tolerations key should exist:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
cat << EOF > test-values.yaml | |
statusInformers: [] | |
EOF | |
output=$(helm template oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --values test-values.yaml) | |
if ! echo $output | grep -q 'statusInformers: \[\]'; then | |
printf "user-set empty statusInformers should exist:\n\n%s\n\n" "$output" | |
exit 1 | |
fi | |
create-test-release: | |
runs-on: ubuntu-22.04 | |
needs: [ build-and-push-e2e ] | |
outputs: | |
license-id: ${{ steps.create-customer.outputs.license-id }} | |
customer-id: ${{ steps.create-customer.outputs.customer-id }} | |
channel-slug: ${{ steps.create-release.outputs.channel-slug }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Package test chart | |
env: | |
REPLICATED_CHART_NAME: replicated | |
REPLICATED_REPOSITORY: oci://ttl.sh/automated-${{ github.run_id }} | |
REPLICATED_CHART_VERSION: 0.0.0 | |
run: | | |
cd test-chart | |
envsubst < Chart.yaml.tmpl > Chart.yaml | |
helm dep update | |
helm package . | |
- name: Create release | |
id: create-release | |
uses: replicatedhq/replicated-actions/create-release@v1.5.2 | |
with: | |
app-slug: ${{ env.APP_SLUG }} | |
api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} | |
chart: test-chart/test-chart-0.1.0.tgz | |
promote-channel: automated-${{ github.run_id }} | |
version: 0.1.0 | |
- name: Create customer | |
id: create-customer | |
uses: replicatedhq/replicated-actions/create-customer@main | |
with: | |
app-slug: ${{ env.APP_SLUG }} | |
api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} | |
customer-name: automated-${{ github.run_id }} | |
customer-email: testcustomer@replicated.com | |
license-type: dev | |
channel-slug: ${{ steps.create-release.outputs.channel-slug }} | |
entitlements: | | |
- name: "num_seats" | |
value: "10" | |
is-kots-install-enabled: "false" | |
validate-e2e: | |
runs-on: ubuntu-22.04 | |
needs: [ create-test-release ] | |
strategy: | |
fail-fast: false | |
matrix: | |
cluster: [ | |
{distribution: k3s, version: 1.26}, | |
{distribution: eks, version: 1.27}, | |
{distribution: gke, version: 1.27}, | |
{distribution: kind, version: 1.27}, | |
{distribution: openshift, version: 4.13.0-okd} | |
] | |
env: | |
LICENSE_ID: ${{ needs.create-test-release.outputs.license-id }} | |
CHANNEL_SLUG: ${{ needs.create-test-release.outputs.channel-slug }} | |
LICENSE_FIELDS: '[{"name":"expires_at","value": ""},{"name":"num_seats","value":"10"}]' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Create cluster | |
id: create-cluster | |
uses: replicatedhq/replicated-actions/create-cluster@v1.1.1 | |
with: | |
api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} | |
kubernetes-distribution: ${{ matrix.cluster.distribution }} | |
kubernetes-version: ${{ matrix.cluster.version }} | |
cluster-name: automated-${{ github.run_id }}-${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }} | |
ttl: 2h | |
export-kubeconfig: true | |
- name: Install via Helm as standalone in integration mode | |
run: helm install replicated oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --set integration.licenseID=$LICENSE_ID --wait --timeout 2m | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
integration-enabled: 'true' | |
- name: Uninstall replicated via Helm | |
run: helm uninstall replicated --wait --timeout 2m | |
- name: Install via kubectl as standalone in integration mode | |
run: | | |
helm template replicated oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --set integration.licenseID=$LICENSE_ID | kubectl apply -f - | |
kubectl rollout status deployment replicated --timeout=2m | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
integration-enabled: 'true' | |
deployed-via-kubectl: 'true' | |
- name: Uninstall replicated via kubectl | |
run: | | |
helm template replicated oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --set integration.licenseID=$LICENSE_ID | kubectl delete -f - | |
kubectl wait --for=delete deployment/replicated --timeout=2m | |
- name: Login to registry | |
run: helm registry login registry.replicated.com --username $LICENSE_ID --password $LICENSE_ID | |
- name: Install via Helm as subchart in integration mode | |
run: helm install test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --wait --timeout 2m | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
integration-enabled: 'true' | |
- name: Uninstall test-chart via Helm | |
run: helm uninstall test-chart --wait --timeout 2m | |
- name: Install via kubectl as subchart in integration mode | |
run: | | |
helm template test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart | kubectl apply -f - | |
kubectl rollout status deployment test-chart --timeout=2m | |
kubectl rollout status deployment replicated --timeout=2m | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
integration-enabled: 'true' | |
deployed-via-kubectl: 'true' | |
- name: Uninstall test-chart via kubectl | |
run: | | |
helm template test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart | kubectl delete -f - | |
kubectl wait --for=delete deployment/test-chart --timeout=2m | |
kubectl wait --for=delete deployment/replicated --timeout=2m | |
# we have to explicitly disable integration mode here because we're using a "dev" license | |
- name: Install via Helm as subchart in production mode | |
run: helm install test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false --wait --timeout 2m | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
integration-enabled: 'false' | |
- name: Upgrade via Helm as subchart in production mode to a new version | |
run: | | |
oldpodname=$(kubectl get pods -l app.kubernetes.io/name=replicated -o jsonpath='{.items[0].metadata.name}') | |
helm upgrade test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false --set replicated.versionLabel=1.0.0 --wait --timeout 2m | |
COUNTER=1 | |
while kubectl get pods -l app.kubernetes.io/name=replicated -o jsonpath='{.items[0].metadata.name}' | grep -q $oldpodname; do | |
((COUNTER += 1)) | |
if [ $COUNTER -gt 60 ]; then | |
echo "Pod did not restart after upgrade" | |
exit 1 | |
fi | |
sleep 1 | |
done | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
version-label: '1.0.0' | |
integration-enabled: 'false' | |
- name: Uninstall test-chart via Helm | |
run: helm uninstall test-chart --wait --timeout 2m | |
# we have to explicitly disable integration mode here because we're using a "dev" license | |
- name: Install via kubectl as subchart in production mode | |
run: | | |
helm template test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false | kubectl apply -f - | |
kubectl rollout status deployment test-chart --timeout=2m | |
kubectl rollout status deployment replicated --timeout=2m | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
integration-enabled: 'false' | |
deployed-via-kubectl: 'true' | |
- name: Upgrade via kubectl as subchart in production mode | |
run: | | |
oldpodname=$(kubectl get pods -l app.kubernetes.io/name=replicated -o jsonpath='{.items[0].metadata.name}') | |
helm template test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false --set replicated.versionLabel=1.0.0 | kubectl apply -f - | |
kubectl rollout status deployment test-chart --timeout=2m | |
kubectl rollout status deployment replicated --timeout=2m | |
COUNTER=1 | |
while kubectl get pods -l app.kubernetes.io/name=replicated -o jsonpath='{.items[0].metadata.name}' | grep -q $oldpodname; do | |
((COUNTER += 1)) | |
if [ $COUNTER -gt 60 ]; then | |
echo "Pod did not restart after upgrade" | |
exit 1 | |
fi | |
sleep 1 | |
done | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
integration-enabled: 'false' | |
version-label: '1.0.0' | |
deployed-via-kubectl: 'true' | |
- name: Uninstall test-chart via kubectl | |
run: | | |
helm template test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false | kubectl delete -f - | |
kubectl wait --for=delete deployment/test-chart --timeout=2m | |
kubectl wait --for=delete deployment/replicated --timeout=2m | |
# validate status informers | |
- name: Create empty status informers for validation | |
run: | | |
cat << EOF > test-values.yaml | |
replicated: | |
statusInformers: [] | |
EOF | |
- name: Install via Helm as subchart in production mode and pass empty status informers | |
run: | | |
helm install test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false -f test-values.yaml --wait --timeout 2m | |
COUNTER=1 | |
while ! kubectl logs deploy/replicated | grep -qv 'Generating status informers from Helm release'; do | |
((COUNTER += 1)) | |
if [ $COUNTER -gt 60 ]; then | |
echo "Did not receive empty status informers" | |
kubectl logs deploy/replicated | |
exit 1 | |
fi | |
sleep 1 | |
done | |
- name: Upgrade via Helm as subchart in production mode to use default status informers | |
run: | | |
helm upgrade test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false --wait --timeout 2m | |
COUNTER=1 | |
while ! kubectl logs deploy/replicated | grep -q 'Generating status informers from Helm release'; do | |
((COUNTER += 1)) | |
if [ $COUNTER -gt 60 ]; then | |
echo "Did not receive default status informers" | |
kubectl logs deploy/replicated | |
exit 1 | |
fi | |
sleep 1 | |
done | |
- name: Uninstall test-chart via Helm | |
run: helm uninstall test-chart --wait --timeout 2m | |
- name: Install via kubectl as subchart in production mode and pass empty status informers | |
run: | | |
helm template test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false -f test-values.yaml | kubectl apply -f - | |
kubectl rollout status deployment test-chart --timeout=2m | |
kubectl rollout status deployment replicated --timeout=2m | |
COUNTER=1 | |
while ! kubectl logs deploy/replicated | grep -qv 'Generating status informers from Helm release'; do | |
((COUNTER += 1)) | |
if [ $COUNTER -gt 60 ]; then | |
echo "Did not receive empty status informers" | |
kubectl logs deploy/replicated | |
exit 1 | |
fi | |
sleep 1 | |
done | |
- name: Uninstall test-chart via kubectl | |
run: | | |
helm template test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false -f test-values.yaml | kubectl delete -f - | |
kubectl wait --for=delete deployment/test-chart --timeout=2m | |
kubectl wait --for=delete deployment/replicated --timeout=2m | |
# validate airgap | |
- name: Download support-bundle binary | |
run: | | |
RELEASE="$( | |
curl -sfL https://api.github.com/repos/replicatedhq/troubleshoot/releases/latest | \ | |
grep '"tag_name":' | \ | |
sed -E 's/.*"(v[^"]+)".*/\1/' | |
)" | |
curl -fsLO "https://github.com/replicatedhq/troubleshoot/releases/download/${RELEASE}/support-bundle_linux_amd64.tar.gz" | |
tar xzf support-bundle_linux_amd64.tar.gz | |
- name: Install via Helm as subchart in production mode | |
run: | | |
helm install test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false --set replicated.isAirgap=true --wait --timeout 2m | |
COUNTER=1 | |
while ! kubectl get secret/replicated-instance-report; do | |
((COUNTER += 1)) | |
if [ $COUNTER -gt 60 ]; then | |
echo "Did not create replicated-instance-report secret" | |
exit 1 | |
fi | |
sleep 1 | |
done | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
integration-enabled: 'false' | |
is-airgap: 'true' | |
- name: Validate support bundle instance report | |
run: | | |
./support-bundle --load-cluster-specs --interactive=false | |
tar xzf support-bundle-*.tar.gz | |
if ! ls support-bundle-*/secrets/*/replicated-instance-report/report.json; then | |
echo "Did not find replicated-instance-report in support bundle" | |
exit 1 | |
fi | |
rm -rf support-bundle-* | |
- name: Uninstall test-chart via Helm | |
run: | | |
helm uninstall test-chart --wait --timeout 2m | |
COUNTER=1 | |
while kubectl get secret/replicated-instance-report; do | |
((COUNTER += 1)) | |
if [ $COUNTER -gt 60 ]; then | |
echo "Did not delete replicated-instance-report secret" | |
exit 1 | |
fi | |
sleep 1 | |
done | |
- name: Install via kubectl as subchart in production mode | |
run: | | |
helm template test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false --set replicated.isAirgap=true | kubectl apply -f - | |
kubectl rollout status deployment test-chart --timeout=2m | |
kubectl rollout status deployment replicated --timeout=2m | |
COUNTER=1 | |
while ! kubectl get secret/replicated-instance-report; do | |
((COUNTER += 1)) | |
if [ $COUNTER -gt 60 ]; then | |
echo "Did not create replicated-instance-report secret" | |
exit 1 | |
fi | |
sleep 1 | |
done | |
- name: Validate endpoints | |
uses: ./.github/actions/validate-endpoints | |
with: | |
license-id: ${{ env.LICENSE_ID }} | |
license-fields: ${{ env.LICENSE_FIELDS }} | |
integration-enabled: 'false' | |
deployed-via-kubectl: 'true' | |
is-airgap: 'true' | |
- name: Validate support bundle instance report | |
run: | | |
./support-bundle --load-cluster-specs --interactive=false | |
tar xzf support-bundle-*.tar.gz | |
if ! ls support-bundle-*/secrets/*/replicated-instance-report/report.json; then | |
echo "Did not find replicated-instance-report in support bundle" | |
exit 1 | |
fi | |
rm -rf support-bundle-* | |
- name: Uninstall test-chart via kubectl | |
run: | | |
helm template test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false --set replicated.isAirgap=true | kubectl delete -f - | |
kubectl wait --for=delete deployment/test-chart --timeout=2m | |
kubectl wait --for=delete deployment/replicated --timeout=2m | |
COUNTER=1 | |
while kubectl get secret/replicated-instance-report; do | |
((COUNTER += 1)) | |
if [ $COUNTER -gt 60 ]; then | |
echo "Did not delete replicated-instance-report secret" | |
exit 1 | |
fi | |
sleep 1 | |
done | |
- name: Remove Cluster | |
uses: replicatedhq/replicated-actions/remove-cluster@v1.1.1 | |
if: ${{ success() || cancelled() }} | |
with: | |
api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} | |
cluster-id: ${{ steps.create-cluster.outputs.cluster-id }} | |
cleanup-test-release: | |
runs-on: ubuntu-22.04 | |
needs: [ create-test-release, validate-e2e ] | |
steps: | |
- name: Archive Customer | |
if: ${{ needs.create-test-release.outputs.customer-id != '' }} | |
uses: replicatedhq/replicated-actions/archive-customer@v1.1.1 | |
with: | |
api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} | |
customer-id: ${{ needs.create-test-release.outputs.customer-id }} | |
- name: Archive Channel | |
if: ${{ needs.create-test-release.outputs.channel-slug != '' }} | |
uses: replicatedhq/replicated-actions/archive-channel@v1.1.1 | |
with: | |
app-slug: ${{ env.APP_SLUG }} | |
api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} | |
channel-slug: ${{ needs.create-test-release.outputs.channel-slug }} |