-
Notifications
You must be signed in to change notification settings - Fork 54
255 lines (223 loc) · 9.63 KB
/
cilium-integration-tests.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
name: Cilium Integration Tests
on:
push:
branches:
- v1.29
pull_request_target:
types:
- opened
- reopened
- synchronize
branches:
- v1.29
issue_comment:
types:
- created
# By specifying the access of one of the scopes, all of those that are not specified are set to 'none'.
permissions:
# To be able to access the repository with actions/checkout
contents: read
# To allow writing PR comments and setting emojis
pull-requests: write
env:
KIND_VERSION: v0.18.0
CILIUM_REPO_OWNER: cilium
CILIUM_REPO_REF: main
CILIUM_CLI_REF: latest
jobs:
cilium-connectivity-tests:
timeout-minutes: 360
name: Cilium Connectivity Tests
if: |
(
github.event_name == 'issue_comment' &&
github.event.issue.pull_request &&
startsWith(github.event.comment.body, '/test-cilium-integration') &&
contains(fromJson('["MEMBER", "COLLABORATOR", "OWNER"]'), github.event.comment.author_association)
) ||
github.event_name == 'push' ||
github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
runs-on: ubuntu-latest
steps:
- name: Prepare variables for pushes to ${{ github.base_ref }}
if: github.event_name == 'push'
run: |
echo "PROXY_IMAGE=quay.io/cilium/cilium-envoy" >> $GITHUB_ENV
echo "PROXY_TAG=${{ github.sha }}" >> $GITHUB_ENV
echo "PROXY_GITHUB_REPO=github.com/cilium/proxy" >> $GITHUB_ENV
- name: Prepare variables for PR
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
run: |
echo "PROXY_IMAGE=quay.io/cilium/cilium-envoy-dev" >> $GITHUB_ENV
echo "PROXY_TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
echo "PROXY_GITHUB_REPO=github.com/${{github.event.pull_request.head.repo.full_name}}" >> $GITHUB_ENV
- name: Prepare variables for issue comment on a PR
if: github.event_name == 'issue_comment'
run: |
echo "PROXY_IMAGE=quay.io/cilium/cilium-envoy-dev" >> $GITHUB_ENV
echo "PROXY_TAG=$(curl -s ${{ github.event.issue.pull_request.url }} | jq -r '.head.sha')" >> $GITHUB_ENV
echo "PROXY_GITHUB_REPO=github.com/$(curl -s ${{ github.event.issue.pull_request.url }} | jq -r '.head.repo.full_name')" >> $GITHUB_ENV
commentBody="${{ github.event.comment.body }}"
ciliumRepoOwner=${CILIUM_REPO_OWNER}
if [[ "$commentBody" == *" ciliumRepoOwner="* ]]; then
ciliumRepoOwner=$(echo "$commentBody" | sed -E 's|.* ciliumRepoOwner=([^ ]*).*|\1|g')
fi
echo "CILIUM_REPO_OWNER=${ciliumRepoOwner}" >> $GITHUB_ENV
ciliumRef=${CILIUM_REPO_REF}
if [[ "$commentBody" == *" cilium="* ]]; then
ciliumRef=$(echo "$commentBody" | sed -E 's|.* cilium=([^ ]*).*|\1|g')
fi
echo "CILIUM_REPO_REF=${ciliumRef}" >> $GITHUB_ENV
ciliumCliRef=${CILIUM_CLI_REF}
if [[ "$commentBody" == *" ciliumCli="* ]]; then
ciliumCliRef=$(echo "$commentBody" | sed -E 's|.* ciliumCli=([^ ]*).*|\1|g')
fi
echo "CILIUM_CLI_REF=${ciliumCliRef}" >> $GITHUB_ENV
- name: Reporting start to issue comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: github.event_name == 'issue_comment'
with:
script: |
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: ${{ github.event.comment.id }},
body: `${{ github.event.comment.body }}
👋 https://github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }}`
})
await github.rest.reactions.createForIssueComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: ${{ github.event.comment.id }},
content: 'rocket'
})
- name: Checkout Cilium ${{ env.CILIUM_REPO_REF }}
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
repository: ${{ env.CILIUM_REPO_OWNER }}/cilium # Be aware that this is the Cilium repository and not the one of the proxy itself!
ref: ${{ env.CILIUM_REPO_REF }}
persist-credentials: false
- name: Extracting Cilium version
run: |
echo "CILIUM_IMAGE_TAG=v$(cat ./VERSION)" >> $GITHUB_ENV
- name: Install Cilium CLI ${{ env.CILIUM_CLI_REF }}
run: |
versionPattern="^v[0-9]+\.[0-9]+\.[0-9]+$"
if [[ ${{ env.CILIUM_CLI_REF }} =~ $versionPattern ]]; then
curl -sSL --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${{ env.CILIUM_CLI_REF }}/cilium-linux-amd64.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
rm cilium-linux-amd64.tar.gz{,.sha256sum}
else
cid=$(docker create quay.io/cilium/cilium-cli-ci:${{ env.CILIUM_CLI_REF }} ls)
sudo docker cp $cid:/usr/local/bin/cilium /usr/local/bin
docker rm $cid
fi
cilium version
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
version: ${{ env.KIND_VERSION }}
config: '.github/kind-config.yaml'
cluster_name: 'kind'
- name: Patch Cilium Agent Dockerfile
shell: bash
run: |
sed -i -E 's|(ARG CILIUM_ENVOY_IMAGE=)(quay\.io\/cilium\/cilium-envoy:)(.*)(@sha256:[0-9a-z]*)|\1${{ env.PROXY_IMAGE }}:${{ env.PROXY_TAG }}|' ./images/cilium/Dockerfile
cat ./images/cilium/Dockerfile
if git diff --exit-code ./images/cilium/Dockerfile; then
echo "Dockerfile not modified"
exit 1
fi
- name: Install Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
# renovate: datasource=golang-version depName=go
go-version: 1.22.8
- name: Redirect proxy module
shell: bash
if: env.PROXY_GITHUB_REPO != 'github.com/cilium/proxy'
run: echo "replace github.com/cilium/proxy => ${{ env.PROXY_GITHUB_REPO }} ${{ env.PROXY_TAG }}" >> go.mod
- name: Update proxy module
shell: bash
if: env.PROXY_GITHUB_REPO == 'github.com/cilium/proxy'
run: go get ${{ env.PROXY_GITHUB_REPO }}@${{ env.PROXY_TAG }}
- name: Vendor proxy module
shell: bash
run: |
go mod tidy && \
go mod verify && \
go mod vendor
- name: Wait for Cilium Proxy image to be available
timeout-minutes: 45
shell: bash
run: until docker manifest inspect ${{ env.PROXY_IMAGE }}:${{ env.PROXY_TAG }} &> /dev/null; do sleep 15s; done
- name: Build Cilium Agent & Operator with patched Cilium Proxy Image
shell: bash
run: DOCKER_IMAGE_TAG=${{ env.CILIUM_IMAGE_TAG }} make docker-cilium-image docker-operator-generic-image
- name: Load Cilium Images into kind
shell: bash
run: |
kind load docker-image \
--name kind \
quay.io/cilium/operator-generic:${{ env.CILIUM_IMAGE_TAG }} \
quay.io/cilium/cilium:${{ env.CILIUM_IMAGE_TAG }}
- name: Install Cilium
timeout-minutes: 10
shell: bash
run: |
cilium install \
--chart-directory install/kubernetes/cilium \
--helm-set bpf.monitorAggregation=none \
--helm-set loadBalancer.l7.backend=envoy \
--helm-set tls.secretsBackend=k8s \
--helm-set image.repository=quay.io/cilium/cilium \
--helm-set image.tag=${{ env.CILIUM_IMAGE_TAG }} \
--helm-set image.useDigest=false \
--helm-set image.pullPolicy=Never \
--helm-set operator.image.repository=quay.io/cilium/operator \
--helm-set operator.image.suffix= \
--helm-set operator.image.tag=${{ env.CILIUM_IMAGE_TAG }} \
--helm-set operator.image.useDigest=false \
--helm-set operator.image.pullPolicy=Never \
--helm-set debug.enabled=true \
--helm-set debug.verbose=envoy
cilium hubble enable
cilium status --wait
cilium hubble port-forward&
- name: Execute Cilium L7 Connectivity Tests
shell: bash
run: cilium connectivity test --test=l7
- name: Reporting success to issue comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: success() && github.event_name == 'issue_comment'
with:
script: |
await github.rest.reactions.createForIssueComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: ${{ github.event.comment.id }},
content: '+1'
})
- name: Gather Cilium system dump
if: failure()
shell: bash
run: cilium sysdump --output-filename cilium-integration-test-sysdump
- name: Upload Cilium system dump
if: failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: cilium-integration-test-sysdump
path: cilium-integration-test-sysdump.zip
retention-days: 5
- name: Reporting failure to issue comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: failure() && github.event_name == 'issue_comment'
with:
script: |
await github.rest.reactions.createForIssueComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: ${{ github.event.comment.id }},
content: '-1'
})