spiffe-step-ssh server #2175
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Helm Chart CI | |
on: | |
workflow_dispatch: | |
pull_request: | |
types: [synchronize, opened, reopened] | |
paths: | |
- 'charts/**' | |
- '.github/workflows/helm-chart-ci.yaml' | |
- '.github/kind/conf/kind-config.yaml' | |
- '.github/tests/**/*.yaml' | |
- '.github/tests/**/*.sh' | |
- '.github/tests/**/*.json' | |
- 'examples/**/*.yaml' | |
- 'examples/**/*.sh' | |
- 'tests/**/*' | |
- 'helm-docs.sh' | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
HELM_VERSION: v3.16.2 | |
PYTHON_VERSION: 3.11.3 | |
KIND_VERSION: v0.24.0 | |
CHART_TESTING_VERSION: v3.8.0 | |
jobs: | |
checks: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Verify Docs updated | |
run: ./helm-docs.sh | |
- name: Verify Spire appVersion | |
run: | | |
set +e | |
BASEVER=$(yq e .appVersion Chart.yaml) | |
for FILE in spiffe-oidc-discovery-provider spire-agent spire-server; do | |
VER=$(yq .appVersion charts/$FILE/Chart.yaml) | |
if [ "$VER" != "$BASEVER" ]; then | |
{ | |
echo "## Version mismatch" | |
echo | |
echo "There is a mismatch between the chart version ($BASEVER) and subchart version ($VER). The issue may be in file $FILE. Please fix." | |
} >> "$GITHUB_STEP_SUMMARY" | |
exit 1 | |
fi | |
done | |
- name: Check objects for images without overrides | |
run: | | |
set +e | |
set -o pipefail | |
# Look for image: definitions that are not templated. If we find none, exit is not 0 and we invert the error code to get the | |
# test to pass. Ignore tests for now... | |
grep -r "image:" charts/spire | grep "templates/" | grep -v 'image: {{ template "' > /tmp/findings | |
res=$? | |
if [ $res -eq 0 ]; then | |
{ | |
echo "## Hardcoded images" | |
echo | |
echo ":x: These templates were found to be using statically defined images and not overridable ones. Please fix." | |
echo | |
cat /tmp/findings | |
} >> "$GITHUB_STEP_SUMMARY" | |
exit 1 | |
fi | |
- name: Setup Go | |
uses: actions/[email protected] | |
with: | |
go-version-file: tests/go.mod | |
cache-dependency-path: tests/go.sum | |
check-latest: true | |
- name: Install do dependencies | |
run: | | |
go mod download | |
go install github.com/onsi/ginkgo/v2/ginkgo@latest | |
working-directory: ./tests/unit | |
- name: Run Unit Tests | |
run: ginkgo | |
working-directory: ./tests/unit | |
lint-chart: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Setup chart-testing | |
uses: helm/[email protected] | |
with: | |
version: ${{ env.CHART_TESTING_VERSION }} | |
- name: Run chart-testing (lint) | |
run: TARGET_BRANCH=${{ github.base_ref }} make lint${{ github.base_ref == 'release' && '-release' || '' }} | |
test: | |
runs-on: ubuntu-22.04 | |
needs: | |
- lint-chart | |
strategy: | |
fail-fast: false | |
matrix: | |
# Choose tags corresponding to the version of Kind being used. | |
# At a minimum, we should test the currently supported versions of | |
# Kubernetes, but can go back farther as long as we don't need heroics | |
# to pull it off (i.e. kubectl version juggling). | |
k8s: | |
- v1.31.1 | |
- v1.30.4 | |
- v1.29.8 | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Setup chart-testing | |
uses: helm/[email protected] | |
with: | |
version: ${{ env.CHART_TESTING_VERSION }} | |
- name: Create kind ${{ matrix.k8s }} cluster | |
uses: helm/[email protected] | |
# Only build a kind cluster if there are chart changes to test. | |
with: | |
version: ${{ env.KIND_VERSION }} | |
node_image: kindest/node:${{ matrix.k8s }} | |
config: .github/kind/conf/kind-config.yaml | |
verbosity: 1 | |
- name: Setup Test dependencies | |
run: ./pre-install.sh | |
working-directory: .github/tests | |
- name: Run chart-testing (install) | |
run: | | |
helm install -n spire-server spire-crds charts/spire-crds | |
ct install --config ct.yaml --excluded-charts spire-crds,spiffe-step-ssh \ | |
--target-branch ${{ github.base_ref }} | |
- name: Test summary | |
if: always() | |
run: ./post-install.sh | |
working-directory: .github/tests | |
build-matrix: | |
name: Build matrix | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- id: set-matrix-example | |
name: Collect all examples | |
run: | | |
examples="$(find examples -maxdepth 2 -type f -name run-tests.sh | xargs -I % dirname %)" | |
examples_json="$(echo "$examples" | jq -c --slurp --raw-input 'split("\n") | map(select(. != ""))')" | |
echo "${examples_json}" | |
echo "examples=$examples_json" >>"$GITHUB_OUTPUT" | |
- id: set-matrix-integration | |
name: Collect all integration tests | |
run: | | |
integrationtests="$(find tests/integration -maxdepth 2 -type f -name run-tests.sh | xargs -I % dirname %)" | |
integrationtests_json="$(echo "$integrationtests" | jq -c --slurp --raw-input 'split("\n") | map(select(. != ""))')" | |
echo "${integrationtests_json}" | |
echo "integrationtests=$integrationtests_json" >>"$GITHUB_OUTPUT" | |
outputs: | |
examples: ${{ steps.set-matrix-example.outputs.examples }} | |
integrationtests: ${{ steps.set-matrix-integration.outputs.integrationtests }} | |
example-test: | |
runs-on: ubuntu-22.04 | |
needs: | |
- lint-chart | |
- build-matrix | |
strategy: | |
fail-fast: false | |
matrix: | |
k8s: | |
- v1.31.1 | |
- v1.30.4 | |
- v1.29.8 | |
example: | |
- ${{ fromJson(needs.build-matrix.outputs.examples) }} | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Create kind cluster | |
uses: helm/[email protected] | |
# Only build a kind cluster if there are chart changes to test. | |
with: | |
version: ${{ env.KIND_VERSION }} | |
node_image: kindest/node:${{ matrix.k8s }} | |
config: .github/kind/conf/kind-config.yaml | |
verbosity: 1 | |
- name: Install and test example | |
run: | | |
if [ "${{ matrix.example }}" = "examples/federation" -o "${{ matrix.example }}" = "examples/nested-full" -o "${{ matrix.example }}" = "examples/nested-security" ]; then | |
kubectl create namespace spire-mgmt | |
helm install -n spire-mgmt spire-crds charts/spire-crds | |
else | |
kubectl create namespace spire-server | |
helm install -n spire-server spire-crds charts/spire-crds | |
fi | |
export K8S="${{ matrix.k8s }}" | |
${{ matrix.example }}/run-tests.sh | |
integration-test: | |
runs-on: ubuntu-22.04 | |
needs: | |
- lint-chart | |
- build-matrix | |
strategy: | |
fail-fast: false | |
matrix: | |
k8s: | |
- v1.31.1 | |
- v1.30.4 | |
- v1.29.8 | |
integrationtest: | |
- ${{ fromJson(needs.build-matrix.outputs.integrationtests) }} | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Create kind cluster | |
uses: helm/[email protected] | |
# Only build a kind cluster if there are chart changes to test. | |
with: | |
version: ${{ env.KIND_VERSION }} | |
node_image: kindest/node:${{ matrix.k8s }} | |
config: .github/kind/conf/kind-config.yaml | |
verbosity: 1 | |
- name: Install and test integration | |
run: | | |
helm install --create-namespace -n spire-mgmt spire-crds charts/spire-crds | |
${{ matrix.integrationtest }}/run-tests.sh | |
upgrade-test: | |
runs-on: ubuntu-22.04 | |
needs: | |
- lint-chart | |
- build-matrix | |
strategy: | |
fail-fast: false | |
matrix: | |
k8s: | |
- v1.31.1 | |
- v1.30.4 | |
- v1.29.8 | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Create kind cluster | |
uses: helm/[email protected] | |
# Only build a kind cluster if there are chart changes to test. | |
with: | |
version: ${{ env.KIND_VERSION }} | |
node_image: kindest/node:${{ matrix.k8s }} | |
config: .github/kind/conf/kind-config.yaml | |
verbosity: 1 | |
- name: Install and test example | |
run: tests/integration/production/run-tests.sh -u |