ci: merge upgrade test into integration script

.github/workflows/.reusable-integration-test.yml

@@ -49,6 +49,7 @@ jobs:
             "pre-config",
             "other-ns",
             "configured-cert",
+            "upgrade",
           ]
     services:
       alerting-endpoint:
@@ -173,88 +174,3 @@ jobs:
         if: failure()
         run: |
           kubectl logs -n connaisseur -lapp.kubernetes.io/name=connaisseur --prefix=true
-
-  upgrade-test:
-    runs-on: ubuntu-latest
-    if: inputs.skip_integration_tests != 'non-required'
-    permissions:
-      packages: read
-    env:
-      IMAGE: ${{ inputs.build_image }}
-      COSIGN_PUBLIC_KEY: ${{ inputs.cosign_public_key }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
-      - name: Login with registry
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
-        with:
-          registry: ${{ inputs.build_registry }}
-          username: ${{ inputs.repo_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Install yq and bash
-        run: |
-          sudo snap install yq
-      - uses: ./.github/actions/k8s-version-config
-        name: Setup k8s cluster
-        with:
-          k8s-version: v1.25
-      - name: Configure Cluster
-        run: |
-          kubectl create ns connaisseur
-          kubectl create secret generic ${IMAGEPULLSECRET} \
-            --from-file=.dockerconfigjson=$HOME/.docker/config.json \
-            --type=kubernetes.io/dockerconfigjson \
-            --namespace=connaisseur
-      - name: Checkout code (master)
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
-        with:
-          ref: "master"
-      - name: Checkout required current files
-        uses: Bhacaz/checkout-files@e3e34e7daef91a5f237485bb88a260aee4be29dd # v2
-        with:
-          files: tests/integration/ghcr-values.yaml
-          branch: ${{ github.head_ref || github.ref_name }}
-      - name: Configure Connaisseur (master)
-        run: |
-          COSIGN_PUBLIC_KEY="$(printf -- "${COSIGN_PUBLIC_KEY//<br>/\\n          }")"
-          envsubst < tests/integration/ghcr-values.yaml > update
-          yq '. *+ load("update")' -i helm/values.yaml
-          rm update
-          yq e '.' helm/values.yaml
-      - name: Install Connaisseur (master)
-        run: |
-          make install
-      - name: Get image name & version (master)
-        run: |
-          kubectl get pods -n connaisseur -o jsonpath="{.items[*].spec.containers[*].image}"
-      - name: Run integration tests (master)
-        run: |
-          bash tests/integration/upgrade-integration-test.sh
-      - name: Display k8s logs if integration test failed
-        if: failure()
-        run: |
-          kubectl logs -n connaisseur -lapp.kubernetes.io/name=connaisseur --prefix=true
-      - name: Checkout code
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
-      - name: Configure current version
-        run: |
-          envsubst < tests/integration/var-img.yaml > update
-          yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' helm/values.yaml update
-          yq e '.' helm/values.yaml
-          rm update
-      - name: Upgrade Connaisseur to current branch
-        run: |
-          make upgrade
-      - name: Get image name & version (branch)
-        run: |
-          kubectl get pods -n connaisseur -o jsonpath="{.items[*].spec.containers[*].image}"
-      - name: Run integration tests (branch)
-        run: |
-          bash tests/integration/upgrade-integration-test.sh
-      - name: Display k8s logs if integration test failed
-        if: failure()
-        run: |
-          kubectl logs -n connaisseur -lapp.kubernetes.io/name=connaisseur --prefix=true
-      - name: Uninstall Connaisseur
-        run: |
-          make uninstall

tests/integration/cases.yaml

@@ -19,14 +19,14 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:signed
     namespace: default
-    expected_msg: pod/pod-rs created
+    expected_msg: pod/pod-rs-${RAND} created
     expected_result: VALID
   - id: rsds
     txt: Testing signed image with designated signer...
     type: deploy
     ref: securesystemsengineering/testimage:special_sig
     namespace: default
-    expected_msg: pod/pod-rsds created
+    expected_msg: pod/pod-rsds-${RAND} created
     expected_result: VALID
   - id: rsmds
     txt: Testing image with missing designated signer...
@@ -61,7 +61,7 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:signed@sha256:c5327b291d702719a26c6cf8cc93f72e7902df46547106a9930feda2c002a4a7
     namespace: default
-    expected_msg: pod/pod-rstd created
+    expected_msg: pod/pod-rstd-${RAND} created
     expected_result: VALID
   cosign:
   - id: cu
@@ -83,7 +83,7 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:co-signed
     namespace: default
-    expected_msg: pod/pod-cs created
+    expected_msg: pod/pod-cs-${RAND} created
     expected_result: null
   - id: cstd
     txt: Testing signed cosign image with tag and digest...
@@ -102,7 +102,7 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:multi-cosigned-alice-bob-charlie
     namespace: default
-    expected_msg: pod/pod-mc-s created
+    expected_msg: pod/pod-mc-s-${RAND} created
     expected_result: null
   - id: mct2-u
     txt: Testing multi-cosigned image `threshold` => 2, not reached...
@@ -116,7 +116,7 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:multi-cosigned-bob-charlie
     namespace: default
-    expected_msg: pod/pod-mct2-s created
+    expected_msg: pod/pod-mct2-s-${RAND} created
     expected_result: null
   - id: mcr-u
     txt: Testing multi-cosigned image `required` signers => ['alice', 'charlie'], not reached...
@@ -130,7 +130,7 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:multi-cosigned-charlie-alice
     namespace: default
-    expected_msg: pod/pod-mcr-s created
+    expected_msg: pod/pod-mcr-s-${RAND} created
     expected_result: null
   rekor-cosigned:
   - id: rcu
@@ -152,7 +152,7 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:rekor-cosigned-tl
     namespace: default
-    expected_msg: pod/pod-rcstl created
+    expected_msg: pod/pod-rcstl-${RAND} created
     expected_result: null
   ignore-namespace-val:
   - id: iuu
@@ -167,14 +167,14 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:signed
     namespace: default
-    expected_msg: pod/pod-isu created
+    expected_msg: pod/pod-isu-${RAND} created
     expected_result: null
   - id: iui
     txt: Testing unsigned image in ignored namespace...
     type: deploy
     ref: securesystemsengineering/testimage:unsigned
     namespace: ignoredns
-    expected_msg: pod/pod-iui created
+    expected_msg: pod/pod-iui-${RAND} created
     expected_result: null
   validate-namespace-val:
   - id: vue
@@ -189,14 +189,14 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:signed
     namespace: validatedns
-    expected_msg: pod/pod-vse created
+    expected_msg: pod/pod-vse-${RAND} created
     expected_result: null
   - id: vuu
     txt: Testing unsigned image in unlabelled namespace...
     type: deploy
     ref: securesystemsengineering/testimage:unsigned
     namespace: default
-    expected_msg: pod/pod-vuu created
+    expected_msg: pod/pod-vuu-${RAND} created
     expected_result: null
   deployment:
   - id: d1s
@@ -275,15 +275,15 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:signed
     namespace: default
-    expected_msg: pod/pod-pnv1s created
+    expected_msg: pod/pod-pnv1s-${RAND} created
     expected_result: null
   - id: poff
     txt: Testing signed official docker image...
     type: deploy
     # choose official image that doesn't exit, so we can check ready status
     ref: docker.io/library/nginx
     namespace: default
-    expected_msg: pod/pod-poff created
+    expected_msg: pod/pod-poff-${RAND} created
     expected_result: null
   certificate:
   - id: x509u
@@ -298,5 +298,5 @@ test_cases:
     type: deploy
     ref: securesystemsengineering/testimage:signed
     namespace: default
-    expected_msg: pod/pod-x509s created
+    expected_msg: pod/pod-x509s-${RAND} created
     expected_result: VALID