Skip to content

add kind e2e setup

add kind e2e setup #45

Workflow file for this run

name: Lint Charts
on:
pull_request:
paths:
- "charts/**"
- ".github/**"
jobs:
check-metadata:
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
with:
python-version: 3.7
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
with:
go-version: ^1
- name: Setup helm-docs
run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
- name: Run pre-commit
uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # renovate: tag=v3.0.0
with:
extra_args: --show-diff-on-failure
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # renovate: tag=v3.5
with:
version: v3.12.3
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
with:
python-version: 3.7
- name: Set up chart-testing
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # renovate: tag=v2.4.0
- name: "Add Sigstore Repository"
run: |
helm repo add sigstore "https://sigstore.github.io/helm-charts"
helm repo update
- name: Run chart-testing (lint)
run: ct lint --config ct.yaml
- name: Create KinD Cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
with:
config: ./kind/config.yaml
- name: Install OpenShift CLI
run: |
curl -L https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz | tar xvz
sudo mv oc /usr/local/bin/
oc version
- name: Configure KinD
run: |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
kubectl apply -f ./kind/servicemonitor-crd.yaml
kubectl create ns fulcio-system
kubectl create ns rekor-system
kubectl -n fulcio-system create secret generic fulcio-secret-rh --from-file=private=./kind/testing-only-cert-key/file_ca_key.pem --from-file=public=./kind/testing-only-cert-key/file_ca_pub.pem --from-file=cert=./kind/testing-only-cert-key/fulcio-root.pem --from-literal=password=secure --dry-run=client -o yaml | oc apply -f-
kubectl -n rekor-system create secret generic rekor-private-key --from-file=private=./kind/testing-only-cert-key/rekor_key.pem --dry-run=client -o yaml | oc apply -f-
kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s
shell: bash
- name: Run chart-testing (install)
run: ct install --helm-extra-args "--wait --wait-for-jobs" --config ct-install.yaml
- name: Helm test (install)
run: |
OPENSHIFT_APPS_SUBDOMAIN=localhost envsubst < ./charts/trusted-artifact-signer/ci/ci-values.yaml | helm upgrade -i trusted-artifact-signer --debug ./charts/trusted-artifact-signer --wait --wait-for-jobs -n trusted-artifact-signer --create-namespace --values -
helm test -n trusted-artifact-signer trusted-artifact-signer
# tests are in charts/trusted-artifact-signer/templates/tests