forked from cilium/cilium
-
Notifications
You must be signed in to change notification settings - Fork 7
217 lines (187 loc) · 7.5 KB
/
tests-ces-migrate.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
name: CiliumEndpointSlice migration (ci-ces-migrate)
# Any change in triggers needs to be reflected in the concurrency group.
on:
pull_request: {}
push:
branches:
- v1.16
- ft/v1.16/**
# By specifying the access of one of the scopes, all of those that are not
# specified are set to 'none'.
permissions:
# To read actions state with catchpoint/workflow-telemetry-action
actions: read
# To be able to access the repository with actions/checkout
contents: read
# To allow retrieving information from the PR API
pull-requests: read
# To be able to set commit status
statuses: write
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
cancel-in-progress: true
env:
cilium_cli_ci_version:
KIND_CONFIG: .github/kind-config.yaml
jobs:
check_changes:
name: Deduce required tests from code changes
runs-on: ubuntu-24.04
outputs:
tested: ${{ steps.tested-tree.outputs.src }}
steps:
- name: Checkout code
if: ${{ !github.event.pull_request }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
- name: Check code changes
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: tested-tree
with:
# For `push` events, compare against the `ref` base branch
# For `pull_request` events, this is ignored and will compare against the pull request base branch
base: ${{ github.ref }}
filters: |
src:
- '!(test|Documentation)/**'
setup-and-test:
needs: check_changes
if: ${{ needs.check_changes.outputs.tested == 'true' }}
runs-on: ubuntu-24.04
name: Installation and Migration Test
timeout-minutes: 70
env:
job_name: "Installation and Migration Test"
steps:
- name: Collect Workflow Telemetry
uses: catchpoint/workflow-telemetry-action@94c3c3d9567a0205de6da68a76c428ce4e769af1 # v2.0.0
with:
comment_on_pr: false
- name: Checkout target branch to access local actions
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.base_ref || github.ref }}
persist-credentials: false
- name: Set Environment Variables
uses: ./.github/actions/set-env-variables
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set image tag
id: sha
run: |
if [ "${{ github.event.pull_request.head.sha }}" != "" ]; then
echo sha=${{ github.event.pull_request.head.sha }} >> $GITHUB_OUTPUT
else
echo sha=${{ github.sha }} >> $GITHUB_OUTPUT
fi
- name: Create kind cluster
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
with:
version: ${{ env.KIND_VERSION }}
node_image: ${{ env.KIND_K8S_IMAGE }}
kubectl_version: ${{ env.KIND_K8S_VERSION }}
config: ${{ env.KIND_CONFIG }}
wait: 0 # The control-plane never becomes ready, since no CNI is present
- name: Wait for images to be available
timeout-minutes: 30
shell: bash
run: |
for image in cilium-ci operator-generic-ci hubble-relay-ci ; do
until docker manifest inspect quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/$image:${{ steps.sha.outputs.sha }} &> /dev/null; do sleep 45s; done
done
- name: Set up install variables
id: cilium-config
uses: ./.github/actions/cilium-config
with:
image-tag: ${{ steps.sha.outputs.sha }}
chart-dir: 'install/kubernetes/cilium'
ipv6: false
egress-gateway: false # Currently incompatible with CES
mutual-auth: false
misc: 'bpfClockProbe=false,cni.uninstall=false'
- name: Install Cilium CLI
uses: cilium/cilium-cli@f313219850d324b516748ff7b00a6f9fa30d34ae # v0.16.23
with:
repository: ${{ env.CILIUM_CLI_RELEASE_REPO }}
release-version: ${{ env.CILIUM_CLI_VERSION }}
ci-version: ${{ env.cilium_cli_ci_version }}
binary-name: cilium-cli
binary-dir: ./
- name: Install Cilium
id: install-cilium
run: |
./cilium-cli install ${{ steps.cilium-config.outputs.config }}
- name: Wait for Cilium status to be ready
run: |
./cilium-cli status --wait
kubectl get pods --all-namespaces -o wide
mkdir -p cilium-junits
kubectl -n kube-system exec daemonset/cilium -c cilium-agent -- cilium-dbg status
- name: Setup conn-disrupt-test
uses: ./.github/actions/conn-disrupt-test-setup
- name: Enable CiliumEndpointSlice
shell: bash
run: |
kubectl patch -n kube-system configmap cilium-config --type merge --patch '{"data":{"enable-cilium-endpoint-slice":"true"}}'
kubectl rollout restart -n kube-system deployment cilium-operator
for i in $(seq 1 6);
do
if [[ $(kubectl get crd ciliumendpointslices.cilium.io) != "" ]]; then
break
fi
sleep 10
done
kubectl wait --for condition=established --timeout=2m crd/ciliumendpointslices.cilium.io
kubectl rollout restart -n kube-system ds cilium
./cilium-cli status --wait
kubectl get pods --all-namespaces -o wide
kubectl -n kube-system exec daemonset/cilium -c cilium-agent -- cilium-dbg status
- name: Run tests after migration
uses: ./.github/actions/conn-disrupt-test-check
with:
job-name: ces-enable
full-test: 'true'
- name: Features tested
uses: ./.github/actions/feature-status
with:
title: "Summary of all features tested"
json-filename: "${{ env.job_name }}"
cilium-cli: './cilium-cli'
- name: Fetch artifacts
if: ${{ failure() && steps.install-cilium.outcome != 'skipped' }}
# The following is needed to prevent hubble from receiving an empty
# file (EOF) on stdin and displaying no flows.
shell: 'script -q -e -c "bash --noprofile --norc -eo pipefail {0}"'
run: |
echo "=== Retrieve cluster state ==="
kubectl get pods --all-namespaces -o wide
./cilium-cli status
mkdir -p cilium-sysdumps
./cilium-cli sysdump --output-filename cilium-sysdumps-out
- name: Upload cilium-sysdumps
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: ${{ failure() }}
with:
name: cilium-sysdumps-out.zip
path: cilium-sysdumps-out.zip
- name: Upload JUnits [junit]
if: ${{ always() }}
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: cilium-junits
path: cilium-junits/*.xml
- name: Upload features tested
if: ${{ always() }}
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: features-tested
path: ${{ env.job_name }}*.json
- name: Publish Test Results As GitHub Summary
if: ${{ always() }}
uses: aanm/junit2md@332ebf0fddd34e91b03a832cfafaa826306558f9 # v0.0.3
with:
junit-directory: "cilium-junits"