Skip to content

Reindex outbound policy backends when a service changes #4464

Reindex outbound policy backends when a service changes

Reindex outbound policy backends when a service changes #4464

Workflow file for this run

name: Integration tests
on: pull_request
permissions:
contents: read
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
DOCKER_REGISTRY: ghcr.io/linkerd
GH_ANNOTATION: true
K3D_VERSION: v5.4.4
RUST_BACKTRACE: short
RUSTUP_MAX_RETRIES: 10
YQ_VERSION: v4.25.1
LINKERD2_PROXY_REPO: ${{ vars.LINKERD2_PROXY_REPO || 'linkerd/linkerd2-proxy' }}
LINKERD2_PROXY_RELEASE_PREFIX: ${{ vars.LINKERD2_PROXY_RELEASE_PREFIX || 'release/' }}
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref }}
cancel-in-progress: true
jobs:
meta:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- id: tag
run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT"
- uses: tj-actions/changed-files@a29e8b565651ce417abb5db7164b4a2ad8b6155c
id: core
with:
files: |
.github/workflows/integration.yml
.proxy-version
go.sum
**/*.go
**/Dockerfile*
charts/**
justfile
bin/fetch-proxy
bin/_test-helper.sh
files_ignore: |
.devcontainer/**
**/Chart.yaml
**/README*
outputs:
tag: ${{ steps.tag.outputs.tag }}
changed: ${{ steps.core.outputs.any_changed }}
info:
needs: meta
runs-on: ubuntu-22.04
timeout-minutes: 2
steps:
- name: Info
run: |
echo "tag=${{ needs.meta.outputs.tag }}"
echo "changed=${{ needs.meta.outputs.changed }}"
build-cli:
needs: meta
if: needs.meta.outputs.changed == 'true'
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- uses: ./.github/actions/docker-build
id: build
with:
docker-registry: ${{ env.DOCKER_REGISTRY }}
docker-target: linux-amd64
component: cli-bin
tag: ${{ needs.meta.outputs.tag }}
- name: Extract CLI binary
run: |
mkdir -p /home/runner/archives
id=$(docker create '${{ steps.build.outputs.image }}')
docker cp "$id:/out/linkerd-linux-amd64" /home/runner/archives/linkerd
v=$(/home/runner/archives/linkerd version --short --client)
[[ "$v" == '${{ needs.meta.outputs.tag }}' ]] || exit 1
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
name: image-archives-cli
path: /home/runner/archives
##
## Core: Test the core control plane
##
## TODO(ver) CNI configurations should be tested separately.
##
build-core:
needs: meta
if: needs.meta.outputs.changed == 'true'
runs-on: ubuntu-22.04
strategy:
matrix:
component:
- controller
- policy-controller
- proxy
timeout-minutes: 20
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- uses: ./.github/actions/docker-build
id: build
env:
LINKERD2_PROXY_GITHUB_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }}
with:
docker-registry: ${{ env.DOCKER_REGISTRY }}
docker-target: linux-amd64
component: ${{ matrix.component }}
tag: ${{ needs.meta.outputs.tag }}
- name: Run docker save
run: |
mkdir -p /home/runner/archives
docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar'
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
name: image-archives-${{ matrix.component }}
path: /home/runner/archives
test-core:
needs: [meta, build-cli, build-core]
if: needs.meta.outputs.changed == 'true'
strategy:
matrix:
test:
- cni-calico-deep
- deep
- deep-native-sidecar
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
with:
go-version: "1.22"
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
- run: find image-archives -ls
- run: bin/tests --images archive --cleanup-docker --name ${{ matrix.test }} "$HOME/linkerd"
env:
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
TAG: ${{ needs.meta.outputs.tag }}
##
## Policy: Only run policy tests when the policy controller or proxy changes
##
test-policy:
needs: [meta, build-cli, build-core]
if: needs.meta.outputs.changed == 'true'
runs-on: ubuntu-22.04
timeout-minutes: 20
strategy:
matrix:
k8s:
- v1.22
- v1.29
steps:
- uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: olix0r/cargo-action-fmt/setup@9269f3aa1ff01775d95efc97037e2cbdb41d9684
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- run: find image-archives -ls
- run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
- name: Setup deps
shell: bash
run: |
rm -rf "$HOME/.cargo"
bin/scurl -v https://sh.rustup.rs | sh -s -- -y --default-toolchain "$(./bin/rust-toolchain-version)"
# shellcheck disable=SC1090
source ~/.cargo/env
echo "PATH=$PATH" >> "$GITHUB_ENV"
bin/scurl -v "https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh" | bash
bin/scurl -vo /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && chmod +x /usr/local/bin/yq
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84
- run: cargo install cargo-nextest
- run: just policy-test-build
- run: just k3d-k8s='${{ matrix.k8s }}' k3d-create
- run: docker load <image-archives/controller.tar
- run: docker load <image-archives/policy-controller.tar
- run: docker load <image-archives/proxy.tar
- run: docker image ls
- run: just linkerd-tag='${{ needs.meta.outputs.tag }}' linkerd-exec="$HOME/linkerd" linkerd-install
- name: Load images
run: |
# Image loading is flakey in CI, so retry!
for _ in {1..6} ; do
if just linkerd-tag='${{ needs.meta.outputs.tag }}' policy-test-deps-load ; then exit 0 ; fi
sleep 10
echo retrying...
done
exit 1
- run: just policy-test-run --jobs=1
env:
# https://nexte.st/book/retries.html
NEXTEST_RETRIES: 3
##
## Ext: Run tests that require non-core components.
##
build-ext:
needs: meta
if: needs.meta.outputs.changed == 'true'
runs-on: ubuntu-22.04
strategy:
matrix:
component:
- jaeger-webhook
- metrics-api
- tap
- web
timeout-minutes: 15
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- uses: ./.github/actions/docker-build
id: build
with:
docker-registry: ${{ env.DOCKER_REGISTRY }}
docker-target: linux-amd64
component: ${{ matrix.component }}
tag: ${{ needs.meta.outputs.tag }}
- name: Run docker save
run: |
mkdir -p /home/runner/archives
docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar'
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
name: image-archives-${{ matrix.component }}
path: /home/runner/archives
# These tests exercise core functionality, but need the viz extension.
test-ext:
needs: [meta, build-cli, build-core, build-ext]
if: needs.meta.outputs.changed == 'true'
strategy:
matrix:
integration_test:
- cluster-domain
- default-policy-deny
- external
- rsa-ca
- helm-upgrade
- uninstall
- upgrade-edge
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
with:
go-version: "1.22"
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
- run: ls -l image-archives/linkerd
- run: bin/tests --images archive --cleanup-docker --name '${{ matrix.integration_test }}' "$HOME/linkerd"
env:
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
##
## Viz: Run the (flakey) `viz` suite only when the `viz` extension is updated.
##
test-viz:
needs: [meta, build-cli, build-core, build-ext]
if: needs.meta.outputs.changed == 'true'
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
with:
go-version: "1.22"
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
- run: ls -l image-archives/linkerd
- run: bin/tests --images archive --cleanup-docker --name viz "$HOME/linkerd"
env:
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
##
## Multicluster: Run 'multicluster' suite only when the 'multicluster' extension is updated.
## Tests are run on min and max k8s versions
##
test-multicluster:
needs: [meta, build-cli, build-core, build-ext]
if: needs.meta.outputs.changed == 'true'
runs-on: ubuntu-22.04
timeout-minutes: 20
strategy:
matrix:
k8s:
- v1.22
- v1.29
steps:
- uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
with:
go-version: "1.22"
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
pattern: image-archives-*
path: image-archives
merge-multiple: true
- run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
- run: ls -l image-archives/linkerd
- name: Setup deps
shell: bash
run: |
echo "PATH=$PATH" >> "$GITHUB_ENV"
bin/scurl -v "https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh" | bash
- name: Load docker images
run: |
for img in controller policy-controller proxy; do
docker load <"image-archives/${img}.tar"
done
- run: docker image ls
- run: just mc-test-build
- name: Run just mc-test-load
run: |
just linkerd-tag='${{ needs.meta.outputs.tag }}' \
k3d-k8s='${{ matrix.k8s }}' \
mc-test-load
- name: Run just mc-test-run
run: |
just linkerd-tag='${{ needs.meta.outputs.tag }}' \
k3d-k8s='${{ matrix.k8s }}' \
mc-test-run
build-ok:
needs: [build-cli, build-core, build-ext]
if: always()
runs-on: ubuntu-22.04
steps:
- name: Results
run: |
echo 'needs.build-cli.result: ${{ needs.build-cli.result }}'
echo 'needs.build-core.result: ${{ needs.build-core.result }}'
echo 'needs.build-ext.result: ${{ needs.build-ext.result }}'
- name: Verify jobs
# All jobs must succeed or be skipped.
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: exit 1
# Try to re-run the integration tests if they fail, but only up to 3 times.
integrations-retry:
needs:
[build-ok, test-core, test-policy, test-ext, test-viz, test-multicluster]
if: failure() && fromJSON(github.run_attempt) < 3 && needs.build-ok.result == 'success'
runs-on: ubuntu-22.04
permissions:
actions: write
env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
GH_DEBUG: api
REF: ${{ github.head_ref }}
steps:
- run: gh workflow run rerun.yml -F 'run_id=${{ github.run_id }}' --ref "$REF"
integrations-ok:
needs:
[build-ok, test-core, test-policy, test-ext, test-viz, test-multicluster]
if: always()
runs-on: ubuntu-22.04
steps:
- name: Results
run: |
echo 'needs.build-ok.result: ${{ needs.build-ok.result }}'
echo 'needs.test-core.result: ${{ needs.test-core.result }}'
echo 'needs.test-policy.result: ${{ needs.test-policy.result }}'
echo 'needs.test-ext.result: ${{ needs.test-ext.result }}'
echo 'needs.test-viz.result: ${{ needs.test-viz.result }}'
echo 'needs.test-multicluster.result: ${{ needs.test-multicluster.result }}'
- name: Verify jobs
# All jobs must succeed or be skipped.
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: exit 1