diff --git a/.github/actions/configure-hosts/action.yaml b/.github/actions/configure-hosts/action.yaml new file mode 100644 index 0000000000..c7f478a94c --- /dev/null +++ b/.github/actions/configure-hosts/action.yaml @@ -0,0 +1,16 @@ +name: Configure hosts +description: Introduces an entry to the /etc/hosts file resolving k3d-kcp-registry to localhost. +runs: + using: composite + steps: + - name: Configure hosts + shell: bash + run: | + FILE=/etc/hosts + if [ -f "$FILE" ]; then + sudo echo "127.0.0.1 k3d-kcp-registry" | sudo tee -a $FILE + else + echo "$FILE does not exist." + exit 1 + fi + echo "/etc/hosts file patched" diff --git a/.github/actions/create-k3d-cluster/action.yaml b/.github/actions/create-k3d-cluster/action.yaml new file mode 100644 index 0000000000..58e814e8c8 --- /dev/null +++ b/.github/actions/create-k3d-cluster/action.yaml @@ -0,0 +1,32 @@ +name: Create k3d cluster +description: Creates a k3d cluster. +inputs: + cluster_name: + description: The name of the cluster to create. + required: true + k8s_version: + description: The version of k8s to use. + required: true + args: + description: Additional arguments to pass to the k3d cluster create command separated by semicolon (;). + required: false +runs: + using: composite + steps: + - name: Create k3d cluster + shell: bash + run: | + IFS=';' read -ra splitted_args <<< "${{ inputs.args }}" + + create_command="k3d cluster create ${{ inputs.cluster_name }} " + + for arg in "${splitted_args[@]}"; + do + create_command+="$arg " + done + + create_command+="--image rancher/k3s:v${{ inputs.k8s_version }}-k3s1 " + create_command+="--k3s-arg --disable=traefik@server:* " + create_command+="--k3s-arg --tls-san=host.k3d.internal@server:* " + + eval ${create_command} diff --git a/.github/actions/deploy-cert-manager/action.yaml b/.github/actions/deploy-cert-manager/action.yaml new file mode 100644 index 0000000000..aa1cb7be1d --- /dev/null +++ b/.github/actions/deploy-cert-manager/action.yaml @@ -0,0 +1,14 @@ +name: Deploy cert-manager +description: Deploys cert-manager in the currently configured context. +inputs: + cert_manager_version: + description: The version of cert-manager to deploy. For example, 1.13.3. + required: true +runs: + using: composite + steps: + - name: Deploy cert-manager + shell: bash + run: | + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v${{ inputs.cert_manager_version }}/cert-manager.yaml + cmctl check api --wait=2m diff --git a/.github/actions/deploy-istio/action.yaml b/.github/actions/deploy-istio/action.yaml new file mode 100644 index 0000000000..c1359f8c89 --- /dev/null +++ b/.github/actions/deploy-istio/action.yaml @@ -0,0 +1,9 @@ +name: Deploy istio +description: Deploys istio in the currently configured context. +runs: + using: composite + steps: + - name: Deploy istio + shell: bash + run: | + istioctl install --set profile=demo -y diff --git a/.github/actions/deploy-lifecycle-manager-e2e/action.yaml b/.github/actions/deploy-lifecycle-manager-e2e/action.yaml new file mode 100644 index 0000000000..8e65400435 --- /dev/null +++ b/.github/actions/deploy-lifecycle-manager-e2e/action.yaml @@ -0,0 +1,91 @@ +name: Deploy lifecycle-manager E2E +description: Applies E2E test-specific patches to the lifecycle-manager kustomize and deploys it. +inputs: + klm_version_tag: + description: The version tag for the KLM image. For example, PR-123. + required: true + klm_image_repo: + description: The repository for the KLM image. For example, dev. + required: true +runs: + using: composite + steps: + - name: Patch purge finalizer flags + if: ${{ matrix.e2e-test == 'purge-controller' || matrix.e2e-test == 'purge-metrics'}} + working-directory: lifecycle-manager + shell: bash + run: | + pushd config/watcher_local_test + echo \ + "- op: add + path: /spec/template/spec/containers/0/args/- + value: --enable-purge-finalizer=true + - op: add + path: /spec/template/spec/containers/0/args/- + value: --purge-finalizer-timeout=5s" >> purge_finalizer.yaml + cat purge_finalizer.yaml + kustomize edit add patch --path purge_finalizer.yaml --kind Deployment + popd + - name: Patch metrics cleanup interval + if : ${{ matrix.e2e-test == 'kyma-metrics' }} + working-directory: lifecycle-manager + shell: bash + run: | + pushd config/watcher_local_test + echo \ + "- op: add + path: /spec/template/spec/containers/0/args/- + value: --metrics-cleanup-interval=1" >> metrics_cleanup.yaml + cat metrics_cleanup.yaml + kustomize edit add patch --path metrics_cleanup.yaml --kind Deployment + popd + - name: Patch self signed certificate lifetime + if: ${{matrix.e2e-test == 'self-signed-certificate-rotation'}} + working-directory: lifecycle-manager + shell: bash + run: | + pushd config/watcher_local_test + echo \ + "- op: add + path: /spec/template/spec/containers/0/args/- + value: --self-signed-cert-duration=1h + - op: add + path: /spec/template/spec/containers/0/args/- + value: --self-signed-cert-renew-before=59m + - op: add + path: /spec/template/spec/containers/0/args/- + value: --self-signed-cert-renew-buffer=1m" >> self-signed-cert.yaml + cat self-signed-cert.yaml + kustomize edit add patch --path self-signed-cert.yaml --kind Deployment + popd + - name: Patch CA certificate renewBefore + if: ${{matrix.e2e-test == 'ca-certificate-rotation'}} + working-directory: lifecycle-manager + shell: bash + run: | + pushd config/watcher_local_test + echo \ + "- op: replace + path: /spec/renewBefore + value: 59m + - op: replace + path: /spec/duration + value: 1h">> certificate_renewal.yaml + cat certificate_renewal.yaml + kustomize edit add patch --path certificate_renewal.yaml --kind Certificate --group cert-manager.io --version v1 --name watcher-serving-cert + popd + - name: Deploy LM local testing kustomize + uses: ./lifecycle-manager/.github/actions/deploy-lifecycle-manager + with: + klm_version_tag: ${{ inputs.klm_version_tag }} + klm_image_repo: ${{ inputs.klm_image_repo }} + - name: Expose Metrics Endpoint + working-directory: lifecycle-manager + if: ${{ matrix.e2e-test == 'kyma-metrics' || + matrix.e2e-test == 'purge-metrics' || + matrix.e2e-test == 'self-signed-certificate-rotation' || + matrix.e2e-test == 'mandatory-module-metrics' + }} + shell: bash + run: | + kubectl patch svc klm-metrics-service -p '{"spec": {"type": "LoadBalancer"}}' -n kcp-system diff --git a/.github/actions/deploy-lifecycle-manager/action.yaml b/.github/actions/deploy-lifecycle-manager/action.yaml new file mode 100644 index 0000000000..2587d68d5b --- /dev/null +++ b/.github/actions/deploy-lifecycle-manager/action.yaml @@ -0,0 +1,31 @@ +name: Deploy lifecycle-manager +description: Deploys lifecycle-manager. +inputs: + klm_version_tag: + description: The version tag for the KLM image. For example, PR-123. + required: true + klm_image_repo: + description: The repository for the KLM image. For example, dev. + required: true +runs: + using: composite + steps: + - name: Deploy LM local testing kustomize + working-directory: lifecycle-manager + shell: bash + run: | + maxRetry=5 + for retry in $(seq 1 $maxRetry) + do + if make local-deploy-with-watcher IMG=europe-docker.pkg.dev/kyma-project/${{ inputs.klm_image_repo }}/lifecycle-manager:${{ inputs.klm_version_tag }}; then + kubectl wait pods -n kcp-system -l app.kubernetes.io/name=lifecycle-manager --for condition=Ready --timeout=90s + echo "KLM deployed successfully" + exit 0 + elif [[ $retry -lt $maxRetry ]]; then + echo "Deploy encountered some error, will retry after 20 seconds" + sleep 20 + else + echo "KLM deployment failed" + exit 1 + fi + done diff --git a/.github/actions/deploy-template-operator/action.yaml b/.github/actions/deploy-template-operator/action.yaml new file mode 100644 index 0000000000..a411232416 --- /dev/null +++ b/.github/actions/deploy-template-operator/action.yaml @@ -0,0 +1,90 @@ +name: Deploy template-operator +description: Deploys a test-specific template-operator. +runs: + using: composite + steps: + - name: Create Template Operator Module and apply + working-directory: template-operator + if: ${{ matrix.e2e-test == 'kyma-metrics' || + matrix.e2e-test == 'non-blocking-deletion' || + matrix.e2e-test == 'purge-controller' || + matrix.e2e-test == 'purge-metrics' || + matrix.e2e-test == 'kyma-deprovision-with-foreground-propagation' || + matrix.e2e-test == 'kyma-deprovision-with-background-propagation' || + matrix.e2e-test == 'module-consistency' || + matrix.e2e-test == 'skip-manifest-reconciliation' || + matrix.e2e-test == 'misconfigured-kyma-secret' + }} + shell: bash + run: | + make build-manifests + kyma alpha create module --module-config-file ./module-config.yaml --path . --registry k3d-kcp-registry:5111 --insecure + sed -i 's/k3d-kcp-registry:5111/k3d-kcp-registry:5000/g' ./template.yaml + kubectl get crds + kubectl apply -f template.yaml + - name: Create Template Operator Module for regular and fast channels + working-directory: lifecycle-manager + if: ${{ matrix.e2e-test == 'module-upgrade-channel-switch' || + matrix.e2e-test == 'module-upgrade-new-version' || + matrix.e2e-test == 'upgrade-under-deletion' + }} + shell: bash + run: | + kubectl apply -f tests/moduletemplates/moduletemplate_template_operator_v2_fast.yaml + kubectl apply -f tests/moduletemplates/moduletemplate_template_operator_v1_regular.yaml + - name: Create Template Operator Module as Mandatory Module + working-directory: lifecycle-manager + if: ${{ matrix.e2e-test == 'mandatory-module' || + matrix.e2e-test == 'mandatory-module-metrics' + }} + shell: bash + run: | + kubectl apply -f tests/moduletemplates/mandatory_moduletemplate_template_operator_v1.yaml + - name: Apply Template Operator Module V2, fast channel + working-directory: ./lifecycle-manager + if: ${{ matrix.e2e-test == 'non-blocking-deletion' }} + shell: bash + run: | + kubectl apply -f tests/moduletemplates/moduletemplate_template_operator_v2_fast.yaml + - name: Create Template Operator Module with final state and final deletion state as `Warning` and apply + working-directory: template-operator + if: ${{ matrix.e2e-test == 'module-status-propagation'}} + shell: bash + run: | + pushd config/default + echo \ + "- op: replace + path: /spec/template/spec/containers/0/args/1 + value: --final-state=Warning + - op: replace + path: /spec/template/spec/containers/0/args/2 + value: --final-deletion-state=Warning" >> warning_patch.yaml + cat warning_patch.yaml + kustomize edit add patch --path warning_patch.yaml --kind Deployment + popd + kyma alpha create module --kubebuilder-project --channel=regular --name kyma.project.io/module/template-operator --version 1.1.1 --path . --registry k3d-kcp-registry:5111 --insecure --module-archive-version-overwrite / + sed -i 's/k3d-kcp-registry:5111/k3d-kcp-registry:5000/g' ./template.yaml + kubectl get crds + kubectl apply -f template.yaml + - name: Create Template Operator Module without default CR and apply + working-directory: template-operator + if: ${{ matrix.e2e-test == 'module-without-default-cr' }} + shell: bash + run: | + make build-manifests + echo "name: kyma-project.io/module/template-operator + channel: regular + version: v1.0.0 + manifest: template-operator.yaml + security: sec-scanners-config.yaml + annotations: + operator.kyma-project.io/doc-url: https://kyma-project.io" >> module-config-no-cr.yaml + kyma alpha create module \ + --module-config-file ./module-config-no-cr.yaml \ + --path . \ + --registry k3d-kcp-registry:5111 \ + --insecure + sed -i 's/k3d-kcp-registry:5111/k3d-kcp-registry:5000/g' ./template.yaml + kubectl get crds + kubectl apply -f template.yaml + diff --git a/.github/actions/export-kubeconfigs/action.yaml b/.github/actions/export-kubeconfigs/action.yaml new file mode 100644 index 0000000000..d5a598cfc5 --- /dev/null +++ b/.github/actions/export-kubeconfigs/action.yaml @@ -0,0 +1,15 @@ +name: Export kubeconfigs +description: Merges the configs from KCP and SKR k3d clusters into the default kubeconfig and exports the same as environment variables KCP_KUBECONFIG and SKR_KUBECONFIG. +inputs: + context_name: + description: The name of the context to use. + required: true +runs: + using: composite + steps: + - name: Export kubeconfigs + shell: bash + run: | + k3d kubeconfig merge -a -d + echo "KCP_KUBECONFIG=$(k3d kubeconfig write kcp)" >> $GITHUB_ENV + echo "SKR_KUBECONFIG=$(k3d kubeconfig write skr)" >> $GITHUB_ENV diff --git a/.github/actions/get-configuration/action.yaml b/.github/actions/get-configuration/action.yaml new file mode 100644 index 0000000000..f91d5db4ed --- /dev/null +++ b/.github/actions/get-configuration/action.yaml @@ -0,0 +1,38 @@ +name: Get configuration +description: Defines configuration variables such as versions. Exposes globally needed environment variables. +outputs: + k8s_version: + description: The version of k8s to use. For example, 1.28.7. + value: ${{ steps.define-variables.outputs.k8s_version }} + istio_version: + description: The version of Istio to install. For example, 1.20.3. + value: ${{ steps.define-variables.outputs.istio_version }} + k3d_version: + description: The version of k3d to install. For example, 5.6.0. + value: ${{ steps.define-variables.outputs.k3d_version }} + cert_manager_version: + description: The version of cert-manager to deploy. For example, 1.13.3. + value: ${{ steps.define-variables.outputs.cert_manager_version }} + klm_version_tag: + description: The version tag for the KLM image. For example, PR-123. + value: ${{ steps.define-variables.outputs.klm_version_tag }} + klm_image_repo: + description: The repository for the KLM image. For example, dev. + value: ${{ steps.define-variables.outputs.klm_image_repo }} +runs: + using: composite + steps: + - name: Define variables + id: define-variables + shell: bash + run: | + echo "k8s_version=${{ github.event.inputs.k8s_version || '1.28.7' }}" >> $GITHUB_OUTPUT + echo "istio_version=1.20.3" >> $GITHUB_OUTPUT + echo "k3d_version=5.6.0" >> $GITHUB_OUTPUT + echo "cert_manager_version=1.13.3" >> $GITHUB_OUTPUT + echo "klm_version_tag=PR-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT + echo "klm_image_repo=dev" >> $GITHUB_OUTPUT + - name: Expose environment variables + shell: bash + run: | + echo "GOSUMDB=off" >> $GITHUB_ENV diff --git a/.github/actions/install-cmctl/action.yaml b/.github/actions/install-cmctl/action.yaml new file mode 100644 index 0000000000..1c83e91bb8 --- /dev/null +++ b/.github/actions/install-cmctl/action.yaml @@ -0,0 +1,14 @@ +name: Install cmctl +description: Downloads cmctl (cert-manager Command Line Tool) and installs it locally. +runs: + using: composite + steps: + - name: Install cmctl + shell: bash + run: | + OS=$(go env GOOS) + ARCH=$(go env GOARCH) + + curl -fsSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/latest/download/cmctl-$OS-$ARCH.tar.gz + tar xzf cmctl.tar.gz + sudo mv cmctl /usr/local/bin diff --git a/.github/actions/install-istioctl/action.yaml b/.github/actions/install-istioctl/action.yaml new file mode 100644 index 0000000000..24dbd52971 --- /dev/null +++ b/.github/actions/install-istioctl/action.yaml @@ -0,0 +1,15 @@ +name: Install istioctl +description: Downloads istioctl and installs it locally. +inputs: + istio_version: + description: The version of istioctl to install. For example, 1.20.3. + required: true +runs: + using: composite + steps: + - name: Install istioctl + shell: bash + run: | + curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${{ inputs.istio_version }} TARGET_ARCH=x86_64 sh - + chmod +x istio-${{ inputs.istio_version }}/bin/istioctl + mv istio-${{ inputs.istio_version }}/bin/istioctl /usr/local/bin diff --git a/.github/actions/install-k3d/action.yaml b/.github/actions/install-k3d/action.yaml new file mode 100644 index 0000000000..b7aacf6df2 --- /dev/null +++ b/.github/actions/install-k3d/action.yaml @@ -0,0 +1,13 @@ +name: Install k3d +description: Downloads k3d and installs it locally. +inputs: + k3d_version: + description: The version of k3d to install. For example, 5.6.0. + required: true +runs: + using: composite + steps: + - name: Install k3d + shell: bash + run: | + wget -qO - https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v${{ inputs.k3d_version }} bash diff --git a/.github/actions/install-kubectl/action.yaml b/.github/actions/install-kubectl/action.yaml new file mode 100644 index 0000000000..b74b463cfb --- /dev/null +++ b/.github/actions/install-kubectl/action.yaml @@ -0,0 +1,32 @@ +name: Install kubectl +description: Downloads kubectl and installs it locally. Follows the instructions for Debian-based distributions at https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-native-package-management. +inputs: + k8s_version: + description: The version of Kubernetes to install. For example, 1.28.7. + required: true +runs: + using: composite + steps: + - name: Parse K8s minor version + id: parse_k8s_minor_version + shell: bash + run: | + full_version=${{ inputs.k8s_version }} + split=( ${full_version//./ } ) + k8s_minor_version=${split[0]}.${split[1]} + + echo Using K8s minor version ${k8s_minor_version} + echo "k8s_minor_version=${k8s_minor_version}" >> $GITHUB_OUTPUT + - name: Download the public signing key for the Kubernetes package repositories + shell: bash + run: | + curl -fsSL https://pkgs.k8s.io/core:/stable:/v${{ steps.parse_k8s_minor_version.outputs.k8s_minor_version }}/deb/Release.key | sudo gpg --batch --yes --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg + - name: Add the appropriate Kubernetes apt repository + shell: bash + run: | + echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v${{ steps.parse_k8s_minor_version.outputs.k8s_minor_version }}/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list + - name: Install kubectl + shell: bash + run: | + sudo apt-get update + sudo apt-get install -y kubectl diff --git a/.github/actions/install-kyma-cli/action.yaml b/.github/actions/install-kyma-cli/action.yaml new file mode 100644 index 0000000000..1e2e347155 --- /dev/null +++ b/.github/actions/install-kyma-cli/action.yaml @@ -0,0 +1,12 @@ +name: Install kyma-cli +description: Downloads kyma-cli and installs it locally. +runs: + using: composite + steps: + - name: Install kyma-cli + shell: bash + run: | + wget https://storage.googleapis.com/kyma-cli-unstable/kyma-linux + chmod +x kyma-linux && mv kyma-linux /usr/local/bin/kyma-unstable + echo "PATH=/usr/local/bin/kyma-unstable" >> $GITHUB_OUTPUT + ln -s /usr/local/bin/kyma-unstable /usr/local/bin/kyma diff --git a/.github/actions/setup-test-clusters/action.yaml b/.github/actions/setup-test-clusters/action.yaml new file mode 100644 index 0000000000..47c8106bd9 --- /dev/null +++ b/.github/actions/setup-test-clusters/action.yaml @@ -0,0 +1,31 @@ +name: Setup test clusters +description: Creates and configures the KCP and SKR clusters. +inputs: + k8s_version: + description: The version of k8s to use. For example, 1.28.7 + required: true + cert_manager_version: + description: The version of cert-manager to depoy. For example, 1.13.3. + required: true +runs: + using: composite + steps: + - uses: ./lifecycle-manager/.github/actions/configure-hosts + - uses: ./lifecycle-manager/.github/actions/create-k3d-cluster + with: + cluster_name: skr + k8s_version: ${{ inputs.k8s_version }} + args: "-p 10080:80@loadbalancer;-p 10443:443@loadbalancer" + - uses: ./lifecycle-manager/.github/actions/create-k3d-cluster + with: + cluster_name: kcp + k8s_version: ${{ inputs.k8s_version }} + args: "-p 9443:443@loadbalancer;-p 9080:80@loadbalancer;-p 9081:8080@loadbalancer;--registry-create k3d-kcp-registry:5111" + - uses: ./lifecycle-manager/.github/actions/export-kubeconfigs + - uses: ./lifecycle-manager/.github/actions/switch-kubectl-context + with: + context_name: k3d-kcp + - uses: ./lifecycle-manager/.github/actions/deploy-istio + - uses: ./lifecycle-manager/.github/actions/deploy-cert-manager + with: + cert_manager_version: ${{ inputs.cert_manager_version }} diff --git a/.github/actions/setup-tools/action.yaml b/.github/actions/setup-tools/action.yaml new file mode 100644 index 0000000000..f9ed2a9a2c --- /dev/null +++ b/.github/actions/setup-tools/action.yaml @@ -0,0 +1,36 @@ +name: Setup tools +description: Downloads, installs and configures all the tools needed to setup and run the tests. +inputs: + k8s_version: + description: The version of Kubernetes to install. For example, 1.28.7. + required: true + istio_version: + description: The version of Istio to install. For example, 1.20.3. + required: true + k3d_version: + description: The version of k3d to install. For example, 5.6.0. + required: true + go-version-file: + description: The path to the Go version file. + required: true + cache-dependency-path: + description: The path to the Go dependency file. + required: true +runs: + using: composite + steps: + - uses: ./lifecycle-manager/.github/actions/install-kubectl + with: + k8s_version: ${{ inputs.k8s_version }} + - uses: ./lifecycle-manager/.github/actions/install-istioctl + with: + istio_version: ${{ inputs.istio_version }} + - uses: ./lifecycle-manager/.github/actions/install-kyma-cli + - uses: ./lifecycle-manager/.github/actions/install-cmctl + - uses: ./lifecycle-manager/.github/actions/install-k3d + with: + k3d_version: ${{ inputs.k3d_version }} + - uses: actions/setup-go@v4 + with: + go-version-file: ${{ inputs.go-version-file }} + cache-dependency-path: ${{ inputs.cache-dependency-path }} diff --git a/.github/actions/switch-kubectl-context/action.yaml b/.github/actions/switch-kubectl-context/action.yaml new file mode 100644 index 0000000000..c173dd74e8 --- /dev/null +++ b/.github/actions/switch-kubectl-context/action.yaml @@ -0,0 +1,13 @@ +name: Switch kubectl context +description: Switches kubectl to use the context with the provided name. +inputs: + context_name: + description: The name of the context to use. + required: true +runs: + using: composite + steps: + - name: Configure kubectl + shell: bash + run: | + kubectl config use-context ${{ inputs.context_name }} diff --git a/.github/actions/wait-for-image-build/action.yaml b/.github/actions/wait-for-image-build/action.yaml new file mode 100644 index 0000000000..74005f6803 --- /dev/null +++ b/.github/actions/wait-for-image-build/action.yaml @@ -0,0 +1,34 @@ +name: Wait for image build +description: Waits for the image to be built. Exits with error if not built within the given timeout. +inputs: + token: + description: The GitHub token to use for making API requests. + required: true + statusName: + description: The name of the GitHub status check to wait for. For example, `build` or `deploy`. + required: true + timeoutSeconds: + description: The number of seconds to wait for the status check to complete. + required: false + default: "900" + intervalSeconds: + description: The number of seconds to wait before each poll of the GitHub API. + required: false + default: "10" +runs: + using: composite + steps: + - name: Wait for image build + id: wait-for-build + with: + token: ${{ inputs.token }} + statusName: ${{ inputs.statusName }} + timeoutSeconds: ${{ inputs.timeoutSeconds }} + intervalSeconds: ${{ inputs.intervalSeconds }} + uses: autotelic/action-wait-for-status-check@v1 + - name: Exit if build failed + if: steps.wait-for-build.outputs.state != 'success' + shell: bash + run: | + echo "Image build did not succeed!" + exit 1 diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml new file mode 100644 index 0000000000..85d38c5a02 --- /dev/null +++ b/.github/workflows/test-e2e.yaml @@ -0,0 +1,94 @@ +name: TestSuite E2E + +on: + pull_request: + branches: + - main + workflow_dispatch: + inputs: + k8s_version: + description: With Kubernetes version + required: false + +jobs: + wait-for-image-build: + name: Wait for image build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/wait-for-image-build + with: + token: ${{ secrets.GITHUB_TOKEN }} + statusName: pull-lifecycle-mgr-build + e2e-integration: + name: E2E + needs: wait-for-image-build + strategy: + matrix: + e2e-test: + - watcher-enqueue + - kyma-deprovision-with-foreground-propagation + - kyma-deprovision-with-background-propagation + - module-status-propagation + - kyma-metrics + - module-without-default-cr + - module-consistency + - non-blocking-deletion + - upgrade-under-deletion + - purge-controller + - purge-metrics + - module-upgrade-channel-switch + - module-upgrade-new-version + - skip-manifest-reconciliation + - ca-certificate-rotation + - self-signed-certificate-rotation + - mandatory-module + - mandatory-module-metrics + - misconfigured-kyma-secret + - rbac-privileges + runs-on: ubuntu-latest + timeout-minutes: 20 + steps: + - name: Checkout lifecycle-manager + uses: actions/checkout@v4 + with: + path: lifecycle-manager + + - name: Checkout template-operator + uses: actions/checkout@v4 + with: + repository: kyma-project/template-operator + path: template-operator + + - name: Get configuration + uses: ./lifecycle-manager/.github/actions/get-configuration + id: configuration + + - name: Setup tools + uses: ./lifecycle-manager/.github/actions/setup-tools + with: + k8s_version: ${{ steps.configuration.outputs.k8s_version }} + istio_version: ${{ steps.configuration.outputs.istio_version }} + k3d_version: ${{ steps.configuration.outputs.k3d_version }} + go-version-file: lifecycle-manager/go.mod + cache-dependency-path: lifecycle-manager/go.sum + + - name: Setup test clusters + uses: ./lifecycle-manager/.github/actions/setup-test-clusters + with: + k8s_version: ${{ steps.configuration.outputs.k8s_version }} + cert_manager_version: ${{ steps.configuration.outputs.cert_manager_version }} + + - name: Deploy lifecycle-manager + uses: ./lifecycle-manager/.github/actions/deploy-lifecycle-manager-e2e + with: + klm_version_tag: ${{ steps.configuration.outputs.klm_version_tag }} + klm_image_repo: ${{ steps.configuration.outputs.klm_image_repo }} + + - name: Deploy template-operator + uses: ./lifecycle-manager/.github/actions/deploy-template-operator + + - name: Run '${{ matrix.e2e-test }}' test + working-directory: lifecycle-manager + run: | + make -C tests/e2e ${{ matrix.e2e-test }} diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml deleted file mode 100644 index a8e8b0c10a..0000000000 --- a/.github/workflows/test-e2e.yml +++ /dev/null @@ -1,324 +0,0 @@ -name: TestSuite E2E - -on: - pull_request: - branches: [ "main" ] - workflow_dispatch: - inputs: - k8s_version: - description: "With Kubernetes version" - required: false -jobs: - wait-for-img: - name: "Wait for Image Build" - runs-on: ubuntu-latest - steps: - - uses: autotelic/action-wait-for-status-check@v1 - id: wait-for-build - with: - token: ${{ secrets.GITHUB_TOKEN }} - # Context for which we should look for the matching status - statusName: ${{ (github.event_name == 'pull_request') && 'pull-lifecycle-mgr-build' || 'main-lifecycle-mgr-build' }} - timeoutSeconds: 900 - intervalSeconds: 10 - - name: Exit If Failing Build Requirement - if: steps.wait-for-build.outputs.state != 'success' - run: | - echo "Image build did not succeed, skipping E2E Test!" - exit 1 - - e2e-integration: - strategy: - matrix: - e2e-test: [ "watcher-enqueue", - "kyma-deprovision-with-foreground-propagation", - "kyma-deprovision-with-background-propagation", - "module-status-propagation", - "kyma-metrics", - "module-without-default-cr", - "module-consistency", - "non-blocking-deletion", - "upgrade-under-deletion", - "purge-controller", - "purge-metrics", - "module-upgrade-channel-switch", - "module-upgrade-new-version", - "skip-manifest-reconciliation", - "ca-certificate-rotation", - "self-signed-certificate-rotation", - "mandatory-module", - "mandatory-module-metrics", - "misconfigured-kyma-secret", - "rbac-privileges" - ] - name: "E2E" - needs: [wait-for-img] - runs-on: ubuntu-latest - timeout-minutes: 20 - env: - K3D_VERSION: v5.6.0 - K8S_VERSION: ${{ github.event.inputs.k8s_version || '1.28.7' }} - ISTIO_VERSION: 1.20.3 - CM_VERSION: v1.13.3 - KLM_VERSION_TAG: latest - KLM_IMAGE_REPO: prod - GOSUMDB: off - steps: - - name: Install prerequisites - run: | - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --batch --yes --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg - echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list - sudo apt update -y - sudo apt install kubectl -y - - name: Checkout lifecycle-manager - uses: actions/checkout@v4 - with: - path: lifecycle-manager - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version-file: 'lifecycle-manager/go.mod' - cache-dependency-path: 'lifecycle-manager/go.sum' - - name: Install Istio CLI - run: | - curl -L https://istio.io/downloadIstio | TARGET_ARCH=x86_64 sh - - chmod +x istio-$ISTIO_VERSION/bin/istioctl - mv istio-$ISTIO_VERSION/bin/istioctl /usr/local/bin - - name: Install Kyma CLI - run: | - wget https://storage.googleapis.com/kyma-cli-unstable/kyma-linux - chmod +x kyma-linux && mv kyma-linux /usr/local/bin/kyma-unstable - echo "PATH=/usr/local/bin/kyma-unstable" >> $GITHUB_OUTPUT - - run: ln -s /usr/local/bin/kyma-unstable /usr/local/bin/kyma - - name: Install Cert Manager Command Line Tool - run: | - OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -fsSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/latest/download/cmctl-$OS-$ARCH.tar.gz - tar xzf cmctl.tar.gz - sudo mv cmctl /usr/local/bin - - name: Install k3d - run: wget -qO - https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=$K3D_VERSION bash - - name: Provision SKR cluster - run: | - k3d cluster create skr \ - -p 10080:80@loadbalancer \ - -p 10443:443@loadbalancer \ - --image rancher/k3s:v$K8S_VERSION-k3s1 \ - --k3s-arg '--disable=traefik@server:*' \ - --k3s-arg '--tls-san=host.k3d.internal@server:*' - - name: Provision KCP cluster - run: | - k3d cluster create kcp \ - -p 9443:443@loadbalancer \ - -p 9080:80@loadbalancer \ - -p 9081:8080@loadbalancer \ - --image rancher/k3s:v$K8S_VERSION-k3s1 \ - --registry-create k3d-kcp-registry:5111 \ - --k3s-arg '--disable=traefik@server:*' \ - --k3s-arg '--tls-san=host.k3d.internal@server:*' - - name: Update Kubeconfigs - run: k3d kubeconfig merge -a -d - - name: Export required Kubeconfig Env vars - run: | - echo "KCP_KUBECONFIG=$(k3d kubeconfig write kcp)" >> $GITHUB_ENV - echo "SKR_KUBECONFIG=$(k3d kubeconfig write skr)" >> $GITHUB_ENV - - name: Patch /etc/hosts - run: | - FILE=/etc/hosts - if [ -f "$FILE" ]; then - sudo echo "127.0.0.1 k3d-kcp-registry" | sudo tee -a $FILE - else - echo "$FILE does not exist." - exit 1 - fi - echo "/etc/hosts file patched" - - name: Switch kubeconfig context to KCP cluster - run: kubectl config use-context k3d-kcp - - name: Deploy Istio on KCP Cluster - run: | - istioctl install --set profile=demo -y - - name: Deploy Cert Manager on KCP Cluster - run: | - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/$CM_VERSION/cert-manager.yaml - cmctl check api --wait=2m - - name: Override Kustomize Controller Image TAG and Image repository environment variables in Pull Request to PR Image - if: ${{ github.event_name == 'pull_request' }} - run: | - echo "KLM_VERSION_TAG=PR-${{ github.event.pull_request.number }}" >> $GITHUB_ENV - echo "KLM_IMAGE_REPO=dev" >> $GITHUB_ENV - - name: Patch purge finalizer flags - if: ${{ matrix.e2e-test == 'purge-controller' || matrix.e2e-test == 'purge-metrics'}} - working-directory: lifecycle-manager - run: | - pushd config/watcher_local_test - echo \ - "- op: add - path: /spec/template/spec/containers/0/args/- - value: --enable-purge-finalizer=true - - op: add - path: /spec/template/spec/containers/0/args/- - value: --purge-finalizer-timeout=5s" >> purge_finalizer.yaml - cat purge_finalizer.yaml - kustomize edit add patch --path purge_finalizer.yaml --kind Deployment - popd - - name: Patch metrics cleanup interval - if : ${{ matrix.e2e-test == 'kyma-metrics' }} - working-directory: lifecycle-manager - run: | - pushd config/watcher_local_test - echo \ - "- op: add - path: /spec/template/spec/containers/0/args/- - value: --metrics-cleanup-interval=1" >> metrics_cleanup.yaml - cat metrics_cleanup.yaml - kustomize edit add patch --path metrics_cleanup.yaml --kind Deployment - popd - - name: Patch self signed certificate lifetime - if: ${{matrix.e2e-test == 'self-signed-certificate-rotation'}} - working-directory: lifecycle-manager - run: | - pushd config/watcher_local_test - echo \ - "- op: add - path: /spec/template/spec/containers/0/args/- - value: --self-signed-cert-duration=1h - - op: add - path: /spec/template/spec/containers/0/args/- - value: --self-signed-cert-renew-before=59m - - op: add - path: /spec/template/spec/containers/0/args/- - value: --self-signed-cert-renew-buffer=1m" >> self-signed-cert.yaml - cat self-signed-cert.yaml - kustomize edit add patch --path self-signed-cert.yaml --kind Deployment - popd - - name: Patch CA certificate renewBefore - if: ${{matrix.e2e-test == 'ca-certificate-rotation'}} - working-directory: lifecycle-manager - run: | - pushd config/watcher_local_test - echo \ - "- op: replace - path: /spec/renewBefore - value: 59m - - op: replace - path: /spec/duration - value: 1h">> certificate_renewal.yaml - cat certificate_renewal.yaml - kustomize edit add patch --path certificate_renewal.yaml --kind Certificate --group cert-manager.io --version v1 --name watcher-serving-cert - popd - - name: Deploy LM local testing kustomize - working-directory: lifecycle-manager - run: | - maxRetry=5 - for retry in $(seq 1 $maxRetry) - do - if make local-deploy-with-watcher IMG=europe-docker.pkg.dev/kyma-project/$KLM_IMAGE_REPO/lifecycle-manager:$KLM_VERSION_TAG; then - kubectl wait pods -n kcp-system -l app.kubernetes.io/name=lifecycle-manager --for condition=Ready --timeout=90s - echo "KLM deployed successfully" - exit 0 - elif [[ $retry -lt $maxRetry ]]; then - echo "Deploy encountered some error, will retry after 20 seconds" - sleep 20 - else - echo "KLM deployment failed" - exit 1 - fi - done - - name: Checkout template-operator - uses: actions/checkout@v4 - with: - repository: kyma-project/template-operator - path: template-operator - - name: Create Template Operator Module and apply - working-directory: template-operator - if: ${{ matrix.e2e-test == 'kyma-metrics' || - matrix.e2e-test == 'non-blocking-deletion' || - matrix.e2e-test == 'purge-controller' || - matrix.e2e-test == 'purge-metrics' || - matrix.e2e-test == 'kyma-deprovision-with-foreground-propagation' || - matrix.e2e-test == 'kyma-deprovision-with-background-propagation' || - matrix.e2e-test == 'module-consistency' || - matrix.e2e-test == 'skip-manifest-reconciliation' || - matrix.e2e-test == 'misconfigured-kyma-secret' - }} - run: | - make build-manifests - kyma alpha create module --module-config-file ./module-config.yaml --path . --registry k3d-kcp-registry:5111 --insecure - sed -i 's/k3d-kcp-registry:5111/k3d-kcp-registry:5000/g' ./template.yaml - kubectl config use-context k3d-kcp - kubectl get crds - kubectl apply -f template.yaml - - name: Create Template Operator Module for regular and fast channels - working-directory: lifecycle-manager - if: ${{ matrix.e2e-test == 'module-upgrade-channel-switch' || - matrix.e2e-test == 'module-upgrade-new-version' || - matrix.e2e-test == 'upgrade-under-deletion' - }} - run: | - kubectl apply -f tests/moduletemplates/moduletemplate_template_operator_v2_fast.yaml - kubectl apply -f tests/moduletemplates/moduletemplate_template_operator_v1_regular.yaml - - name: Create Template Operator Module as Mandatory Module - working-directory: lifecycle-manager - if: ${{ matrix.e2e-test == 'mandatory-module' || - matrix.e2e-test == 'mandatory-module-metrics' - }} - run: | - kubectl apply -f tests/moduletemplates/mandatory_moduletemplate_template_operator_v1.yaml - - name: Apply Template Operator Module V2, fast channel - working-directory: ./lifecycle-manager - if: ${{ matrix.e2e-test == 'non-blocking-deletion' }} - run: | - kubectl apply -f tests/moduletemplates/moduletemplate_template_operator_v2_fast.yaml - - name: Create Template Operator Module with final state and final deletion state as `Warning` and apply - working-directory: template-operator - if: ${{ matrix.e2e-test == 'module-status-propagation'}} - run: | - pushd config/default - echo \ - "- op: replace - path: /spec/template/spec/containers/0/args/1 - value: --final-state=Warning - - op: replace - path: /spec/template/spec/containers/0/args/2 - value: --final-deletion-state=Warning" >> warning_patch.yaml - cat warning_patch.yaml - kustomize edit add patch --path warning_patch.yaml --kind Deployment - popd - kyma alpha create module --kubebuilder-project --channel=regular --name kyma.project.io/module/template-operator --version 1.1.1 --path . --registry k3d-kcp-registry:5111 --insecure --module-archive-version-overwrite / - sed -i 's/k3d-kcp-registry:5111/k3d-kcp-registry:5000/g' ./template.yaml - kubectl config use-context k3d-kcp - kubectl get crds - kubectl apply -f template.yaml - - name: Create Template Operator Module without default CR and apply - working-directory: template-operator - if: ${{ matrix.e2e-test == 'module-without-default-cr' }} - run: | - make build-manifests - echo "name: kyma-project.io/module/template-operator - channel: regular - version: v1.0.0 - manifest: template-operator.yaml - security: sec-scanners-config.yaml - annotations: - operator.kyma-project.io/doc-url: https://kyma-project.io" >> module-config-no-cr.yaml - kyma alpha create module \ - --module-config-file ./module-config-no-cr.yaml \ - --path . \ - --registry k3d-kcp-registry:5111 \ - --insecure - sed -i 's/k3d-kcp-registry:5111/k3d-kcp-registry:5000/g' ./template.yaml - kubectl config use-context k3d-kcp - kubectl get crds - kubectl apply -f template.yaml - - name: Expose Metrics Endpoint - working-directory: lifecycle-manager - if: ${{ matrix.e2e-test == 'kyma-metrics' || - matrix.e2e-test == 'purge-metrics' || - matrix.e2e-test == 'self-signed-certificate-rotation' || - matrix.e2e-test == 'mandatory-module-metrics' - }} - run: | - kubectl patch svc klm-metrics-service -p '{"spec": {"type": "LoadBalancer"}}' -n kcp-system - - name: Run ${{ matrix.e2e-test }} - working-directory: lifecycle-manager - run: | - make -C tests/e2e ${{ matrix.e2e-test }}