Skip to content

Commit

Permalink
ci: merge upgrade test into integration script
Browse files Browse the repository at this point in the history
  • Loading branch information
@xopham
xopham committed Mar 10, 2023
1 parent a94eb0d commit e316ff2
Show file tree
Hide file tree
Showing 3 changed files with 429 additions and 487 deletions.
86 changes: 1 addition & 85 deletions .github/workflows/.reusable-integration-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ jobs:
"pre-config",
"other-ns",
"configured-cert",
"upgrade",
]
services:
alerting-endpoint:
Expand Down Expand Up @@ -173,88 +174,3 @@ jobs:
if: failure()
run: |
kubectl logs -n connaisseur -lapp.kubernetes.io/name=connaisseur --prefix=true
upgrade-test:
runs-on: ubuntu-latest
if: inputs.skip_integration_tests != 'non-required'
permissions:
packages: read
env:
IMAGE: ${{ inputs.build_image }}
COSIGN_PUBLIC_KEY: ${{ inputs.cosign_public_key }}
steps:
- name: Checkout code
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Login with registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
registry: ${{ inputs.build_registry }}
username: ${{ inputs.repo_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Install yq and bash
run: |
sudo snap install yq
- uses: ./.github/actions/k8s-version-config
name: Setup k8s cluster
with:
k8s-version: v1.25
- name: Configure Cluster
run: |
kubectl create ns connaisseur
kubectl create secret generic ${IMAGEPULLSECRET} \
--from-file=.dockerconfigjson=$HOME/.docker/config.json \
--type=kubernetes.io/dockerconfigjson \
--namespace=connaisseur
- name: Checkout code (master)
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: "master"
- name: Checkout required current files
uses: Bhacaz/checkout-files@e3e34e7daef91a5f237485bb88a260aee4be29dd # v2
with:
files: tests/integration/ghcr-values.yaml
branch: ${{ github.head_ref || github.ref_name }}
- name: Configure Connaisseur (master)
run: |
COSIGN_PUBLIC_KEY="$(printf -- "${COSIGN_PUBLIC_KEY//<br>/\\n }")"
envsubst < tests/integration/ghcr-values.yaml > update
yq '. *+ load("update")' -i helm/values.yaml
rm update
yq e '.' helm/values.yaml
- name: Install Connaisseur (master)
run: |
make install
- name: Get image name & version (master)
run: |
kubectl get pods -n connaisseur -o jsonpath="{.items[*].spec.containers[*].image}"
- name: Run integration tests (master)
run: |
bash tests/integration/upgrade-integration-test.sh
- name: Display k8s logs if integration test failed
if: failure()
run: |
kubectl logs -n connaisseur -lapp.kubernetes.io/name=connaisseur --prefix=true
- name: Checkout code
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Configure current version
run: |
envsubst < tests/integration/var-img.yaml > update
yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' helm/values.yaml update
yq e '.' helm/values.yaml
rm update
- name: Upgrade Connaisseur to current branch
run: |
make upgrade
- name: Get image name & version (branch)
run: |
kubectl get pods -n connaisseur -o jsonpath="{.items[*].spec.containers[*].image}"
- name: Run integration tests (branch)
run: |
bash tests/integration/upgrade-integration-test.sh
- name: Display k8s logs if integration test failed
if: failure()
run: |
kubectl logs -n connaisseur -lapp.kubernetes.io/name=connaisseur --prefix=true
- name: Uninstall Connaisseur
run: |
make uninstall
30 changes: 15 additions & 15 deletions tests/integration/cases.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,14 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:signed
namespace: default
expected_msg: pod/pod-rs created
expected_msg: pod/pod-rs-${RAND} created
expected_result: VALID
- id: rsds
txt: Testing signed image with designated signer...
type: deploy
ref: securesystemsengineering/testimage:special_sig
namespace: default
expected_msg: pod/pod-rsds created
expected_msg: pod/pod-rsds-${RAND} created
expected_result: VALID
- id: rsmds
txt: Testing image with missing designated signer...
Expand Down Expand Up @@ -61,7 +61,7 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:signed@sha256:c5327b291d702719a26c6cf8cc93f72e7902df46547106a9930feda2c002a4a7
namespace: default
expected_msg: pod/pod-rstd created
expected_msg: pod/pod-rstd-${RAND} created
expected_result: VALID
cosign:
- id: cu
Expand All @@ -83,7 +83,7 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:co-signed
namespace: default
expected_msg: pod/pod-cs created
expected_msg: pod/pod-cs-${RAND} created
expected_result: null
- id: cstd
txt: Testing signed cosign image with tag and digest...
Expand All @@ -102,7 +102,7 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:multi-cosigned-alice-bob-charlie
namespace: default
expected_msg: pod/pod-mc-s created
expected_msg: pod/pod-mc-s-${RAND} created
expected_result: null
- id: mct2-u
txt: Testing multi-cosigned image `threshold` => 2, not reached...
Expand All @@ -116,7 +116,7 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:multi-cosigned-bob-charlie
namespace: default
expected_msg: pod/pod-mct2-s created
expected_msg: pod/pod-mct2-s-${RAND} created
expected_result: null
- id: mcr-u
txt: Testing multi-cosigned image `required` signers => ['alice', 'charlie'], not reached...
Expand All @@ -130,7 +130,7 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:multi-cosigned-charlie-alice
namespace: default
expected_msg: pod/pod-mcr-s created
expected_msg: pod/pod-mcr-s-${RAND} created
expected_result: null
rekor-cosigned:
- id: rcu
Expand All @@ -152,7 +152,7 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:rekor-cosigned-tl
namespace: default
expected_msg: pod/pod-rcstl created
expected_msg: pod/pod-rcstl-${RAND} created
expected_result: null
ignore-namespace-val:
- id: iuu
Expand All @@ -167,14 +167,14 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:signed
namespace: default
expected_msg: pod/pod-isu created
expected_msg: pod/pod-isu-${RAND} created
expected_result: null
- id: iui
txt: Testing unsigned image in ignored namespace...
type: deploy
ref: securesystemsengineering/testimage:unsigned
namespace: ignoredns
expected_msg: pod/pod-iui created
expected_msg: pod/pod-iui-${RAND} created
expected_result: null
validate-namespace-val:
- id: vue
Expand All @@ -189,14 +189,14 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:signed
namespace: validatedns
expected_msg: pod/pod-vse created
expected_msg: pod/pod-vse-${RAND} created
expected_result: null
- id: vuu
txt: Testing unsigned image in unlabelled namespace...
type: deploy
ref: securesystemsengineering/testimage:unsigned
namespace: default
expected_msg: pod/pod-vuu created
expected_msg: pod/pod-vuu-${RAND} created
expected_result: null
deployment:
- id: d1s
Expand Down Expand Up @@ -275,15 +275,15 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:signed
namespace: default
expected_msg: pod/pod-pnv1s created
expected_msg: pod/pod-pnv1s-${RAND} created
expected_result: null
- id: poff
txt: Testing signed official docker image...
type: deploy
# choose official image that doesn't exit, so we can check ready status
ref: docker.io/library/nginx
namespace: default
expected_msg: pod/pod-poff created
expected_msg: pod/pod-poff-${RAND} created
expected_result: null
certificate:
- id: x509u
Expand All @@ -298,5 +298,5 @@ test_cases:
type: deploy
ref: securesystemsengineering/testimage:signed
namespace: default
expected_msg: pod/pod-x509s created
expected_msg: pod/pod-x509s-${RAND} created
expected_result: VALID
Loading

0 comments on commit e316ff2

Please sign in to comment.