Merge branch 'develop' into CSPL_2920 #81
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test | |
on: | |
push: | |
branches: | |
- CSPL_2920 | |
jobs: | |
check-formating: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Check Source formatting | |
run: make fmt && if [[ $? -ne 0 ]]; then false; fi | |
- name: Lint source code | |
run: make vet && if [[ $? -ne 0 ]]; then false; fi | |
#unit-tests: | |
# runs-on: ubuntu-latest | |
# needs: check-formating | |
# steps: | |
# - uses: actions/checkout@v2 | |
# - name: Dotenv Action | |
# id: dotenv | |
# uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
# - name: Setup Go | |
# uses: actions/setup-go@v2 | |
# with: | |
# go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
# - name: Install goveralls | |
# run: | | |
# go version | |
# go install github.com/mattn/goveralls@latest | |
# - name: Install Ginkgo | |
# run: | | |
# make setup/ginkgo | |
# go mod tidy | |
# - name: Run Unit Tests | |
# run: make test | |
# - name: Run Code Coverage | |
# run: goveralls -coverprofile=coverage.out -service=circle-ci -repotoken ${{ secrets.COVERALLS_TOKEN }} | |
# - name: Upload Coverage artifacts | |
# uses: actions/[email protected] | |
# with: | |
# name: coverage.out | |
# path: coverage.out | |
build-operator-image: | |
runs-on: ubuntu-latest | |
#needs: unit-tests | |
env: | |
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
steps: | |
- name: Set up cosign | |
uses: sigstore/cosign-installer@main | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Install Ginkgo | |
run: | | |
make setup/ginkgo | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Install Operator SDK | |
run: | | |
export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) | |
export OS=$(uname | awk '{print tolower($0)}') | |
export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }} | |
sudo curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} | |
sudo chmod +x operator-sdk_${OS}_${ARCH} | |
sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build and push Splunk Operator Image | |
run: | | |
export PLATFORMS=linux/arm64 | |
export BUILDPLATFORM=linux/arm64 | |
export TARGETOS=linux | |
export TARGETARCH=arm64 | |
export TARGET_OS_IMAGE=public.ecr.aws/amazonlinux/amazonlinux:2023.0.20211014 | |
docker buildx build --push --platform=linux/arm64,linux/amd64 --tag ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA -f Dockerfile.graviton . | |
- name: Sign Splunk Operator image with a key | |
run: | | |
cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ github.sha }} | |
env: | |
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
vulnerability-scan: | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
runs-on: ubuntu-latest | |
needs: build-operator-image | |
env: | |
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
IMAGE_NAME: ${{ secrets.ECR_REPOSITORY }}/splunk/splunk-operator:${{ github.sha }} | |
steps: | |
- name: Set up cosign | |
uses: sigstore/cosign-installer@main | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Pull Splunk Operator Image Locally | |
run: | | |
docker pull ${{ env.IMAGE_NAME }} | |
- name: Verify Signed Splunk Operator image | |
run: | | |
cosign verify --key env://COSIGN_PUBLIC_KEY ${{ env.IMAGE_NAME }} | |
env: | |
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: '${{ env.IMAGE_NAME }}' | |
format: sarif | |
#exit-code: 1 | |
severity: 'CRITICAL' | |
ignore-unfixed: true | |
output: 'trivy-results.sarif' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
smoke-tests: | |
needs: vulnerability-scan | |
strategy: | |
fail-fast: false | |
matrix: | |
test: [ | |
basic, | |
#appframeworks1, | |
#managerappframeworkc3, | |
#managerappframeworkm4, | |
#managersecret, | |
#managermc, | |
] | |
runs-on: ubuntu-latest | |
env: | |
CLUSTER_NODES: 1 | |
CLUSTER_WORKERS: 3 | |
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE_GRAVITON }} | |
SPLUNK_ENTERPRISE_RELEASE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE_GRAVITON }} | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
SPLUNK_OPERATOR_IMAGE_FILENAME: splunk-operator | |
TEST_FOCUS: "${{ matrix.test }}" | |
# This regex matches any string not containing smoke keyword | |
TEST_TO_SKIP: "^(?:[^s]+|s(?:$|[^m]|m(?:$|[^o]|o(?:$|[^k]|k(?:$|[^e])))))*$" | |
TEST_CLUSTER_PLATFORM: eks | |
EKS_VPC_PRIVATE_SUBNET_STRING: ${{ secrets.EKS_VPC_PRIVATE_SUBNET_STRING }} | |
EKS_VPC_PUBLIC_SUBNET_STRING: ${{ secrets.EKS_VPC_PUBLIC_SUBNET_STRING }} | |
TEST_BUCKET: ${{ secrets.TEST_BUCKET }} | |
TEST_INDEXES_S3_BUCKET: ${{ secrets.TEST_INDEXES_S3_BUCKET }} | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
PRIVATE_REGISTRY: ${{ secrets.ECR_REPOSITORY }} | |
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
ENTERPRISE_LICENSE_LOCATION: ${{ secrets.ENTERPRISE_LICENSE_LOCATION }} | |
EKS_SSH_PUBLIC_KEY: ${{ secrets.EKS_SSH_PUBLIC_KEY }} | |
CLUSTER_WIDE: "true" | |
DEPLOYMENT_TYPE: "" | |
steps: | |
- name: Set Test Cluster Name | |
run: | | |
echo "TEST_CLUSTER_NAME=eks-integration-test-cluster-${{ matrix.test }}-$GITHUB_RUN_ID" >> $GITHUB_ENV | |
- name: Chekcout code | |
uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Change splunk enterprise to release image on main branches | |
if: github.ref == 'refs/heads/main' | |
run: | | |
echo "SPLUNK_ENTERPRISE_IMAGE=${{ steps.dotenv.outputs.SPLUNK_ENTERPRISE_RELEASE_IMAGE }}" >> $GITHUB_ENV | |
- name: Install Kubectl | |
uses: Azure/setup-kubectl@v3 | |
with: | |
version: ${{ steps.dotenv.outputs.KUBECTL_VERSION }} | |
- name: Install Python | |
uses: actions/setup-python@v2 | |
- name: Install AWS CLI | |
run: | | |
curl "${{ steps.dotenv.outputs.AWSCLI_URL}}" -o "awscliv2.zip" | |
unzip awscliv2.zip | |
sudo ./aws/install --update | |
aws --version | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Install Ginkgo | |
run: | | |
make setup/ginkgo | |
- name: Install Helm | |
run: | | |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |
chmod 700 get_helm.sh | |
./get_helm.sh | |
DESIRED_VERSION=v3.8.2 bash get_helm.sh | |
- name: Install EKS CTL | |
run: | | |
curl --silent --insecure --location "https://github.com/weaveworks/eksctl/releases/download/${{ steps.dotenv.outputs.EKSCTL_VERSION }}/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp | |
sudo mv /tmp/eksctl /usr/local/bin | |
eksctl version | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Install Operator SDK | |
run: | | |
sudo curl -L -o /usr/local/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}/operator-sdk-${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}-x86_64-linux-gnu | |
sudo chmod +x /usr/local/bin/operator-sdk | |
- name: Configure Docker Hub credentials | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN}} | |
- name: Set Splunk Operator image | |
run: | | |
echo "SPLUNK_OPERATOR_IMAGE=${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA" >> $GITHUB_ENV | |
- name: Pull Splunk Enterprise Image | |
run: docker pull ${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Tag and Push Splunk Enterprise Image to ECR | |
run: | | |
docker tag ${{ env.SPLUNK_ENTERPRISE_IMAGE }} ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
docker push ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
- name: Create EKS cluster | |
run: | | |
export EKS_CLUSTER_K8_VERSION=${{ steps.dotenv.outputs.EKS_CLUSTER_K8_VERSION }} | |
export PLATFORMS=linux/arm64 | |
export BUILDPLATFORM=linux/arm64 | |
export TARGETOS=linux | |
export TARGETARCH=arm64 | |
export TARGET_OS_IMAGE=public.ecr.aws/amazonlinux/amazonlinux:2023.0.20211014 | |
export EKS_INSTANCE_TYPE=${{ steps.dotenv.outputs.EKS_INSTANCE_TYPE_GRAVITON }} | |
make cluster-up | |
- name: install metric server | |
run: | | |
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml | |
- name: install k8s dashboard | |
run: | | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.5/aio/deploy/recommended.yaml | |
- name: Setup Kustomize | |
run: | | |
sudo snap install kustomize | |
mkdir -p ./bin | |
cp /snap/bin/kustomize ./bin/kustomize | |
- name: Run smoke test | |
id: smoketest | |
run: | | |
make int-test | |
- name: Collect Test Logs | |
if: ${{ always() }} | |
run: | | |
mkdir -p /tmp/pod_logs | |
find ./test -name "*.log" -exec cp {} /tmp/pod_logs \; | |
- name: Archive Pod Logs | |
if: ${{ always() }} | |
uses: actions/[email protected] | |
with: | |
name: "splunk-pods-logs--artifacts-${{ matrix.test }}" | |
path: "/tmp/pod_logs/**" | |
- name: Cleanup Test Case artifacts | |
if: ${{ always() }} | |
run: | | |
make cleanup | |
make clean | |
- name: Cleanup up EKS cluster | |
if: ${{ always() }} | |
run: | | |
make cluster-down | |
#- name: Test Report | |
# uses: dorny/test-reporter@v1 | |
# if: success() || failure() # run this step even if previous step failed | |
# with: | |
# name: Integration Tests # Name of the check run which will be created | |
# path: inttest-*.xml # Path to test results | |
# reporter: jest-junit # Format of test results | |
push-latest: | |
needs: smoke-tests | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
env: | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
TAG: latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Configure Docker Hub credentials | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PUSH_TOKEN}} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Re-tag Splunk Operator Image | |
run: | | |
docker pull ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA | |
docker buildx imagetools create -t ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ env.TAG }} ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA | |
- name: Push Splunk Operator Image to Docker Hub | |
run: docker push ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ env.TAG }} |