Merge pull request #10 from kpython/increase-trivy-scan-timeout #57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update KubeOne cluster | |
on: | |
push: | |
branches: [ master ] | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
deploy: | |
name: 'deploy cluster' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Setup configuration data | |
if: github.ref == 'refs/heads/master' | |
env: | |
TF_OVERRIDE: ${{ secrets.TF_OVERRIDE }} | |
TF_CREDENTIALS: ${{ secrets.TF_CREDENTIALS }} | |
CONFIG: ${{ secrets.CONFIG }} | |
SSHKEY: ${{ secrets.SSHKEY }} | |
run: | | |
mkdir -p ~/.terraform.d || true | |
echo "${TF_CREDENTIALS}" > ~/.terraform.d/credentials.tfrc.json | |
echo "${TF_OVERRIDE}" > terraform/override.tf | |
echo "${CONFIG}" > config.yaml | |
echo "${SSHKEY}" > ssh_key_id_rsa | |
chmod 600 ssh_key_id_rsa | |
ssh-keygen -f ssh_key_id_rsa -y > ssh_key_id_rsa.pub | |
chmod 600 ssh_key_id_rsa.pub | |
- name: Setup SSH agent | |
uses: webfactory/[email protected] | |
if: github.ref == 'refs/heads/master' | |
with: | |
ssh-private-key: ${{ secrets.SSHKEY }} | |
- name: Setup tooling | |
run: | | |
make install-tools | |
sudo mv -f ~/bin/* /usr/local/bin/ | |
- name: Run Config generation | |
if: github.ref == 'refs/heads/master' | |
run: make config | |
- name: Run Terraform | |
if: github.ref == 'refs/heads/master' | |
run: make terraform | |
- name: Install Kubernetes | |
if: github.ref == 'refs/heads/master' | |
run: make kubeone | |
- name: Deploy components | |
if: github.ref == 'refs/heads/master' | |
run: make deployments | |
- name: Cleanup | |
if: ${{ always() }} | |
run: | | |
rm -f config.yaml || true | |
rm -f kubeone-kubeconfig || true | |
rm -f credentials.yaml || true | |
rm -f terraform/terraform.tfvars || true | |
rm -f ~/.terraform.d/credentials.tfrc.json || true | |
rm -f ssh_key_id_rsa || true | |
rm -f ssh_key_id_rsa.pub || true | |
sonobuoy: | |
name: 'run sonobuoy testing' | |
needs: [ deploy ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup kubeconfig | |
if: github.ref == 'refs/heads/master' | |
env: | |
KUBECONFIG: ${{ secrets.KUBECONFIG }} | |
run: echo "${KUBECONFIG}" > kubeone-kubeconfig | |
- name: Run Sonobuoy | |
run: | | |
wget --quiet https://github.com/vmware-tanzu/sonobuoy/releases/download/v0.56.10/sonobuoy_0.56.10_linux_amd64.tar.gz | |
tar -xvzf sonobuoy_0.56.10_linux_amd64.tar.gz | |
chmod +x sonobuoy | |
export KUBECONFIG=kubeone-kubeconfig | |
./sonobuoy delete --wait || true | |
./sonobuoy run --mode quick --wait --plugin-env=e2e.E2E_EXTRA_ARGS=--non-blocking-taints=CriticalAddonsOnly,true,NoExecute,NoSchedule,node-role.kubernetes.io/control-plane | |
./sonobuoy status | |
results=$(./sonobuoy retrieve) | |
./sonobuoy results $results | |
./sonobuoy delete --wait | |
- name: Cleanup | |
if: ${{ always() }} | |
run: | | |
rm -f kubeone-kubeconfig || true | |
testsuite: | |
name: 'run kubernetes testsuite' | |
needs: [ sonobuoy ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout kubernetes-testing | |
uses: actions/checkout@v3 | |
with: | |
repository: swisscom/kubernetes-testing | |
ref: master | |
- name: Setup Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '2.7' | |
bundler-cache: true | |
- name: Setup configs | |
if: github.ref == 'refs/heads/master' | |
env: | |
KUBECONFIG: ${{ secrets.KUBECONFIG }} | |
TESTING_CONFIG: ${{ secrets.TESTING_CONFIG }} | |
run: | | |
echo "${KUBECONFIG}" > kubeone-kubeconfig | |
echo "${TESTING_CONFIG}" > config.yml | |
- name: Setup Chrome | |
uses: ./.github/actions/setup-chrome | |
- name: Run kubernetes-testing specs | |
run: | | |
export KUBECONFIG=kubeone-kubeconfig | |
make test | |
- name: Cleanup | |
if: ${{ always() }} | |
run: | | |
rm -f kubeone-kubeconfig || true | |
rm -f config.yml || true | |
rm -f config.yaml || true |