Ingress policy enforcement v1.25 #573
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI run integration tests | |
on: | |
pull_request_target: | |
types: [opened, synchronize, reopened] | |
jobs: | |
proxylib: | |
timeout-minutes: 360 | |
name: Run unit tests for proxylib | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
# renovate: datasource=golang-version depName=go | |
go-version: 1.20.10 | |
- name: Checkout code | |
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
with: | |
persist-credentials: false | |
- name: Check module vendoring | |
run: | | |
go mod tidy | |
go mod vendor | |
test -z "$(git status --porcelain)" || (echo "please run 'go mod tidy && go mod vendor', and submit your changes"; exit 1) | |
- name: Run unit tests | |
run: | | |
make -C proxylib test | |
tests: | |
timeout-minutes: 360 | |
name: Run integration tests on amd64 | |
runs-on: ubuntu-latest-64-cores-256gb | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
- name: Login to quay.io | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_ENVOY_USERNAME_DEV }} | |
password: ${{ secrets.QUAY_ENVOY_PASSWORD_DEV }} | |
- name: Enable Docker IPv6 | |
run: | | |
modprobe -v ipv6 | |
sudo sed -i -e '1s!^{!\{ "ipv6": true, "fixed-cidr-v6": "fd00::/80",!' /etc/docker/daemon.json || echo '{ "ipv6": true, "fixed-cidr-v6": "fd00::/80" }' | sudo tee /etc/docker/daemon.json | |
sudo systemctl restart docker | |
- name: Cache Docker layers | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: /tmp/buildx-cache | |
key: docker-cache-tests | |
restore-keys: docker-cache-master | |
- name: Checkout PR Source Code | |
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Prep for build | |
run: | | |
echo "${{ github.event.pull_request.head.sha }}" >SOURCE_VERSION | |
echo "ENVOY_VERSION=$(cat ENVOY_VERSION)" >> $GITHUB_ENV | |
echo "BAZEL_VERSION=$(cat .bazelversion)" >> $GITHUB_ENV | |
echo "BUILDER_DOCKER_HASH=$(git ls-tree --full-tree HEAD -- ./Dockerfile.builder.tests | awk '{ print $3 }')" >> $GITHUB_ENV | |
- name: Checking if cilium-envoy-builder image exists | |
id: cilium-builder-tests-tag-in-repositories | |
shell: bash | |
run: | | |
if docker buildx imagetools inspect quay.io/${{ github.repository_owner }}/cilium-envoy-builder-dev:test-${{ env.BAZEL_VERSION }}-${{ env.BUILDER_DOCKER_HASH }} &>/dev/null; then | |
echo exists="true" >> $GITHUB_OUTPUT | |
else | |
echo exists="false" >> $GITHUB_OUTPUT | |
fi | |
- name: PR Multi-arch build & push of Builder image (dev) | |
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 | |
if: steps.cilium-builder-tests-tag-in-repositories.outputs.exists == 'false' | |
id: docker_build_builder_tests_ci | |
with: | |
provenance: false | |
context: . | |
file: ./Dockerfile.builder.tests | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: quay.io/${{ github.repository_owner }}/cilium-envoy-builder-dev:test-${{ env.BAZEL_VERSION }}-${{ env.BUILDER_DOCKER_HASH }} | |
- name: Run integration tests on amd64 | |
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 | |
id: docker_tests_ci | |
with: | |
provenance: false | |
context: . | |
file: ./Dockerfile.tests | |
platforms: linux/amd64 | |
build-args: | | |
BUILDER_BASE=quay.io/${{ github.repository_owner }}/cilium-envoy-builder-dev:test-${{ env.BAZEL_VERSION }}-${{ env.BUILDER_DOCKER_HASH }} | |
ARCHIVE_IMAGE=quay.io/${{ github.repository_owner }}/cilium-envoy-builder:test-${{ github.base_ref }}-archive-latest | |
BAZEL_BUILD_OPTS=--remote_upload_local_results=false | |
BAZEL_TEST_OPTS=--test_timeout=300 --local_test_jobs=1 | |
cache-from: type=local,src=/tmp/buildx-cache | |
push: false |