Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI Workflow: Add all Azure supported k8s versions #26356

Merged
merged 2 commits into from
Jun 21, 2023
Merged

CI Workflow: Add all Azure supported k8s versions #26356

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e0b55fd
ci/workflow: add all azure supported k8s versions
brlbil Jun 20, 2023
236187d
ci/workflow: add schema validation
brlbil Jun 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/actions/azure/k8s-versions-schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
include: list(include('includeItem'))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

somewhat meta, but should .github/actions/ (maybe even all of .github) be CODEOWNED by by the cilium/ci-structure team instead of contributing? This feels far in the GHA action territory.

---
includeItem:
version: str()
location: str()
default: bool(required=False)
10 changes: 10 additions & 0 deletions .github/actions/azure/k8s-versions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# List of k8s version for AKS tests
---
include:
- version: "1.24"
tgraf marked this conversation as resolved.
Show resolved Hide resolved
location: westeurope
- version: "1.25"
location: westus
default: true
- version: "1.26"
location: australiaeast
199 changes: 140 additions & 59 deletions .github/workflows/conformance-aks-v1.11.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,7 @@ concurrency:

env:
name: ${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }}
location: westeurope
cost_reduction: --node-vm-size Standard_B2s --node-osdisk-size 30
k8s_version: 1.23
# renovate: datasource=github-releases depName=cilium/cilium-cli
cilium_cli_version: v0.14.7
cilium_cli_ci_version:
Expand Down Expand Up @@ -114,11 +112,103 @@ jobs:
src:
- '!(test|Documentation)/**'

setup-report:
runs-on: ubuntu-latest
brlbil marked this conversation as resolved.
Show resolved Hide resolved
needs: check_changes
name: Set commit status
outputs:
sha: ${{ steps.vars.outputs.sha }}
owner: ${{ steps.vars.outputs.owner }}
steps:
- name: Set up job variables
id: vars
run: |
if [ ${{ github.event.issue.pull_request || github.event.pull_request }} ]; then
PR_API_JSON=$(curl \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
${{ github.event.issue.pull_request.url || github.event.pull_request.url }})
SHA=$(echo "$PR_API_JSON" | jq -r ".head.sha")
OWNER=$(echo "$PR_API_JSON" | jq -r ".number")
elif [ "${{ github.event_name }}" = "schedule" ]; then
curl https://api.github.com/repos/cilium/cilium/branches/v1.11 > branch.json
SHA=$(jq -r '.commit.sha' branch.json)
OWNER=v1-11
else
SHA=${{ github.sha }}
OWNER=${{ github.sha }}
fi
echo sha=${SHA} >> $GITHUB_OUTPUT
echo owner=${OWNER} >> $GITHUB_OUTPUT

- name: Set commit status to pending
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f # v1.1.6
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ steps.vars.outputs.sha }}
context: ${{ github.workflow }}
description: Connectivity test in progress...
state: pending
target_url: ${{ env.check_url }}

skip-test-run:
# If the modified files are not relevant for this test then we can skip
# this test and mark it as successful.
if: github.event.comment.body == '/test' && needs.check_changes.outputs.tested == 'false'
runs-on: ubuntu-latest
needs: setup-report
name: Set commit status to success (skipped)
steps:
- name: Set commit status to success
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f # v1.1.6
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ needs.setup-report.outputs.sha }}
context: ${{ github.workflow }}
description: Connectivity test skipped
state: success
target_url: ${{ env.check_url }}

generate-matrix:
runs-on: ubuntu-latest
needs: setup-report
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout PR code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ needs.setup-report.outputs.sha }}
persist-credentials: false

- name: Convert YAML to JSON
run: |
work_dir=".github/actions/azure"
destination_directory="/tmp/generated/azure"
mkdir -p "${destination_directory}"

yq -o=json "${work_dir}/k8s-versions.yaml" | jq . > "${destination_directory}/azure.json"

- name: Generate Matrix
id: set-matrix
run: |
cd /tmp/generated/azure

if [ "${{ github.event_name }}" == "schedule" ];then
cp azure.json /tmp/matrix.json
else
jq '{ "include": [ .include[] | select(.default) ] }' azure.json > /tmp/matrix.json
fi

echo "Generated matrix:"
cat /tmp/matrix.json
echo "matrix=$(jq -c . < /tmp/matrix.json)" >> $GITHUB_OUTPUT

# This job is skipped when the workflow was triggered with the generic `/test`
# trigger if the only modified files were under `test/` or `Documentation/`.
installation-and-connectivity:
name: "Installation and Connectivity Test"
needs: check_changes
needs: [check_changes, setup-report, generate-matrix]
if: |
(github.event_name == 'issue_comment' && (
github.event.comment.body == '/ci-aks-1.11' ||
Expand All @@ -130,9 +220,13 @@ jobs:
timeout-minutes: 60
env:
job_name: "Installation and Connectivity Test"
strategy:
fail-fast: false
matrix: ${{fromJson(needs.generate-matrix.outputs.matrix)}}

steps:
- name: Checkout main branch to access local actions
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ github.event.repository.default_branch }}
persist-credentials: false
Expand All @@ -142,22 +236,7 @@ jobs:
- name: Set up job variables
id: vars
run: |
if [ ${{ github.event.issue.pull_request || github.event.pull_request }} ]; then
PR_API_JSON=$(curl \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
${{ github.event.issue.pull_request.url || github.event.pull_request.url }})
SHA=$(echo "$PR_API_JSON" | jq -r ".head.sha")
OWNER=$(echo "$PR_API_JSON" | jq -r ".number")
elif [ "${{ github.event_name }}" = "schedule" ]; then
curl https://api.github.com/repos/cilium/cilium/branches/v1.11 > branch.json
SHA=$(jq -r '.commit.sha' branch.json)
OWNER=v1-11
else
SHA=${{ github.sha }}
OWNER=${{ github.sha }}
fi

SHA="${{ needs.setup-report.outputs.sha }}"
CILIUM_INSTALL_DEFAULTS="--cluster-name=${{ env.name }} \
--chart-directory=install/kubernetes/cilium \
--helm-set=image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/cilium-ci \
Expand All @@ -173,7 +252,7 @@ jobs:
--helm-set=hubble.relay.image.repository=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/hubble-relay-ci \
--helm-set=hubble.relay.image.tag=${SHA} \
--helm-set=debug.enabled=true \
--azure-resource-group ${{ env.name }} \
--azure-resource-group ${{ env.name }}-${{ matrix.location }} \
--wait=false \
--rollback=false \
--config monitor-aggregation=none \
Expand All @@ -186,18 +265,6 @@ jobs:
echo cilium_install_defaults=${CILIUM_INSTALL_DEFAULTS} >> $GITHUB_OUTPUT
echo hubble_enable_defaults=${HUBBLE_ENABLE_DEFAULTS} >> $GITHUB_OUTPUT
echo connectivity_test_defaults=${CONNECTIVITY_TEST_DEFAULTS} >> $GITHUB_OUTPUT
echo sha=${SHA} >> $GITHUB_OUTPUT
echo owner=${OWNER} >> $GITHUB_OUTPUT

- name: Set commit status to pending
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f # v1.1.6
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ steps.vars.outputs.sha }}
context: ${{ github.workflow }}
description: Connectivity test in progress...
state: pending
target_url: ${{ env.check_url }}

- name: Install Cilium CLI
uses: cilium/cilium-cli@9fcfef089e5b7dd3212f2eac21ba8cfae6f05cca # v0.14.7
Expand All @@ -220,16 +287,16 @@ jobs:
run: |
# Create group
az group create \
--name ${{ env.name }} \
--location ${{ env.location }} \
--tags usage=${{ github.repository_owner }}-${{ github.event.repository.name }} owner=${{ steps.vars.outputs.owner }}
--name ${{ env.name }}-${{ matrix.location }} \
--location ${{ matrix.location }} \
--tags usage=${{ github.repository_owner }}-${{ github.event.repository.name }} owner=${{ needs.setup-report.outputs.owner }}

# Create AKS cluster
az aks create \
--resource-group ${{ env.name }} \
--resource-group ${{ env.name }}-${{ matrix.location }} \
--name ${{ env.name }} \
--location ${{ env.location }} \
--kubernetes-version ${{ env.k8s_version }} \
--location ${{ matrix.location }} \
--kubernetes-version ${{ matrix.version }} \
--network-plugin azure \
--node-count 2 \
${{ env.cost_reduction }} \
Expand All @@ -238,22 +305,22 @@ jobs:
- name: Get cluster credentials
run: |
az aks get-credentials \
--resource-group ${{ env.name }} \
--resource-group ${{ env.name }}-${{ matrix.location }} \
--name ${{ env.name }}

- name: Wait for images to be available
timeout-minutes: 10
shell: bash
run: |
for image in cilium-ci operator-azure-ci hubble-relay-ci ; do
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ steps.vars.outputs.sha }} &> /dev/null; do sleep 45s; done
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ needs.setup-report.outputs.sha }} &> /dev/null; do sleep 45s; done
done

# Checkout source code to install Cilium using local Helm chart.
- name: Checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ steps.vars.outputs.sha }}
ref: ${{ needs.setup-report.outputs.sha }}
persist-credentials: false

- name: Install Cilium
Expand All @@ -278,10 +345,11 @@ jobs:
run: |
mkdir -p cilium-junits

- name: Run connectivity test
- name: Run connectivity test (${{ join(matrix.*, ', ') }})
run: |
cilium connectivity test ${{ steps.vars.outputs.connectivity_test_defaults }} \
--junit-file "cilium-junits/${{ env.job_name }} - 1.xml" --junit-property github_job_step="Run connectivity test"
--junit-file "cilium-junits/${{ env.job_name }} (${{ join(matrix.*, ', ') }}) - 1.xml" \
--junit-property github_job_step="Run connectivity test (${{ join(matrix.*, ', ') }})"

- name: Clean up Cilium
run: |
Expand Down Expand Up @@ -311,10 +379,11 @@ jobs:
sleep 10s
[[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]]

- name: Run connectivity test with IPSec
- name: Run connectivity test with IPSec (${{ join(matrix.*, ', ') }})
run: |
cilium connectivity test ${{ steps.vars.outputs.connectivity_test_defaults }} --force-deploy \
--junit-file "cilium-junits/${{ env.job_name }} - 2.xml" --junit-property github_job_step="Run connectivity test with IPSec"
--junit-file "cilium-junits/${{ env.job_name }} (${{ join(matrix.*, ', ') }}) - 2.xml" \
--junit-property github_job_step="Run connectivity test with IPSec (${{ join(matrix.*, ', ') }})"

- name: Post-test information gathering
if: ${{ !success() }}
Expand All @@ -327,7 +396,7 @@ jobs:
- name: Clean up AKS
if: ${{ always() }}
run: |
az group delete --name ${{ env.name }} --yes --no-wait
az group delete --name ${{ env.name }}-${{ matrix.location }} --yes --no-wait
shell: bash {0} # Disable default fail-fast behaviour so that all commands run independently

- name: Upload artifacts
Expand All @@ -352,34 +421,46 @@ jobs:
with:
junit-directory: "cilium-junits"

- name: Set commit status to success
if: ${{ success() }}
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f # v1.1.6
report-success:
runs-on: ubuntu-latest
needs: [setup-report, installation-and-connectivity]
name: Set commit status to success
if: ${{ success() }}
steps:
- uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f # v1.1.6
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ steps.vars.outputs.sha }}
sha: ${{ needs.setup-report.outputs.sha }}
context: ${{ github.workflow }}
description: Connectivity test successful
state: success
target_url: ${{ env.check_url }}

- name: Set commit status to failure
if: ${{ failure() }}
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f # v1.1.6
report-failure:
runs-on: ubuntu-latest
needs: [setup-report, installation-and-connectivity]
name: Set commit status to failure
if: ${{ failure() }}
steps:
- uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f # v1.1.6
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ steps.vars.outputs.sha }}
sha: ${{ needs.setup-report.outputs.sha }}
context: ${{ github.workflow }}
description: Connectivity test failed
state: failure
target_url: ${{ env.check_url }}

- name: Set commit status to cancelled
if: ${{ cancelled() }}
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f # v1.1.6
report-cancelled:
runs-on: ubuntu-latest
needs: [setup-report, installation-and-connectivity]
name: Set commit status to cancelled
if: ${{ cancelled() }}
steps:
- uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f # v1.1.6
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ steps.vars.outputs.sha }}
sha: ${{ needs.setup-report.outputs.sha }}
context: ${{ github.workflow }}
description: Connectivity test cancelled
state: error
Expand Down