openstack/magnum-capi-helm-charts
Code Issues Proposed changes
magnum-capi-helm-charts/.github/workflows/test.yaml
azimuth-ci-bot[bot] d7ab954b86
Update azimuth-images to 0.10.0 (#325) 
* Update azimuth-images to 0.10.0

* Add Kubernetes 1.30 to CI

---------

Co-authored-by: mkjpryor <642657+mkjpryor@users.noreply.github.com>
Co-authored-by: Matt Pryor <matt@stackhpc.com>
2024-05-01 13:45:21 +01:00

475 lines
18 KiB
YAML
Raw Blame History

name: Test OpenStack cluster chart
on:
workflow_call:
inputs:
images:
type: string
description: JSON-encoded dictionary of images and versions
chart-version:
type: string
description: The version of the charts to test
ref:
type: string
description: The Git ref under test.
required: true
tests-full:
type: boolean
description: Indicates whether to run the full test suite or just a sanity check
required: true
default: false
jobs:
# This job tests a clean deployment against the latest version
# It is the only job that runs when tests-full=false
# For tests-full=true it creates an internal network + router and runs Sonobuoy in conformance mode
# For tests-full=false it uses a pre-existing internal network and runs Sonobuoy in quick mode
latest:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: Create kind cluster
uses: helm/kind-action@v1.8.0
- name: Set up test environment
uses: ./.github/actions/setup
- name: Write cloud credential
run: echo "$CLOUD" > ./clouds.yaml
env:
CLOUD: ${{ secrets.CLOUD }}
- name: Write Helm values
run: echo "$VALUES" > ./values.yaml
env:
VALUES: |
clouds:
openstack:
auth:
project_id: ${{ secrets.PROJECT_ID }}
verify: false
controlPlane:
machineFlavor: ${{ vars.CONTROL_PLANE_FLAVOR }}
machineCount: 1
nodeGroups:
- name: md-0
machineFlavor: ${{ vars.NODE_GROUP_FLAVOR }}
machineCount: 2
- name: Apply network configuration
run: echo "$NETWORKING" >> ./values.yaml
env:
NETWORKING: |
clusterNetworking:
externalNetworkId: ${{ vars.EXTERNAL_NETWORK_ID }}
if: ${{ inputs.tests-full }}
- name: Apply network configuration
run: echo "$NETWORKING" >> ./values.yaml
env:
NETWORKING: |
clusterNetworking:
externalNetworkId: ${{ vars.EXTERNAL_NETWORK_ID }}
internalNetwork:
networkFilter:
tags: capi-helm-chart-ci
if: ${{ !inputs.tests-full }}
# This is the point at which we start to consume OpenStack resources
# We use the same resource as the Azimuth CI, so acquire the same CI lock
- name: Acquire S3 lock
uses: stackhpc/github-actions/s3-lock@master
with:
host: ${{ vars.CI_S3_LOCK_HOST }}
access-key: ${{ secrets.CI_S3_LOCK_ACCESS_KEY }}
secret-key: ${{ secrets.CI_S3_LOCK_SECRET_KEY }}
bucket: ${{ vars.CI_S3_LOCK_BUCKET }}
action: acquire
# Include the job ID in the process ID
process-id: ${{ github.repository }}/${{ github.run_id }}/${{ github.job }}
# GitHub terminates jobs after 6 hours
# We don't want jobs to acquire the lock then get timed out before they can finish
# So wait a maximum of 3 hours to acquire the lock, leaving 3 hours for other tasks in the workflow
timeout-minutes: 180
if: ${{ vars.CI_S3_LOCK_HOST != '' }}
- name: Test clean Kubernetes 1.30 deployment
uses: ./.github/actions/upgrade-and-test
with:
name: ci-${{ github.run_id }}-${{ github.job }}
chart-version: ${{ inputs.chart-version }}
kubernetes-version: ${{ fromJson(inputs.images).kube-1-30-version }}
image-id: ${{ fromJson(inputs.images).kube-1-30-image }}
sonobuoy-mode: ${{ inputs.tests-full && 'certified-conformance' || 'quick' }}
sonobuoy-upload: ${{ inputs.tests-full && 'yes' || 'no' }}
- name: Delete Kubernetes 1.30 deployment
run: helm delete ci-${{ github.run_id }}-${{ github.job }} --wait
if: ${{ always() }}
- name: Upload logs
uses: ./.github/actions/upload-logs
with:
name-suffix: ${{ github.job }}
if: ${{ always() }}
# Release the CI lock when we are done
- name: Release S3 lock
uses: stackhpc/github-actions/s3-lock@master
with:
host: ${{ vars.CI_S3_LOCK_HOST }}
access-key: ${{ secrets.CI_S3_LOCK_ACCESS_KEY }}
secret-key: ${{ secrets.CI_S3_LOCK_SECRET_KEY }}
bucket: ${{ vars.CI_S3_LOCK_BUCKET }}
action: release
process-id: ${{ github.repository }}/${{ github.run_id }}/${{ github.job }}
if: ${{ vars.CI_S3_LOCK_HOST != '' && always() }}
# This job tests the etcd volume support
# It only runs for non-draft PRs
# It uses a pre-existing internal network and the default volume type
etcd-volume:
runs-on: ubuntu-latest
if: ${{ inputs.tests-full }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: Create kind cluster
uses: helm/kind-action@v1.8.0
- name: Set up test environment
uses: ./.github/actions/setup
- name: Write cloud credential
run: echo "$CLOUD" > ./clouds.yaml
env:
CLOUD: ${{ secrets.CLOUD }}
- name: Write Helm values
run: echo "$VALUES" > ./values.yaml
env:
VALUES: |
clouds:
openstack:
auth:
project_id: ${{ secrets.PROJECT_ID }}
verify: false
clusterNetworking:
externalNetworkId: ${{ vars.EXTERNAL_NETWORK_ID }}
internalNetwork:
networkFilter:
tags: capi-helm-chart-ci
etcd:
blockDevice:
size: 10
controlPlane:
machineFlavor: ${{ vars.CONTROL_PLANE_FLAVOR }}
machineCount: 1
nodeGroups:
- name: md-0
machineFlavor: ${{ vars.NODE_GROUP_FLAVOR }}
machineCount: 2
# This is the point at which we start to consume OpenStack resources
# We use the same resource as the Azimuth CI, so acquire the same CI lock
- name: Acquire S3 lock
uses: stackhpc/github-actions/s3-lock@master
with:
host: ${{ vars.CI_S3_LOCK_HOST }}
access-key: ${{ secrets.CI_S3_LOCK_ACCESS_KEY }}
secret-key: ${{ secrets.CI_S3_LOCK_SECRET_KEY }}
bucket: ${{ vars.CI_S3_LOCK_BUCKET }}
action: acquire
# Include the job ID in the process ID
process-id: ${{ github.repository }}/${{ github.run_id }}/${{ github.job }}
# GitHub terminates jobs after 6 hours
# We don't want jobs to acquire the lock then get timed out before they can finish
# So wait a maximum of 3 hours to acquire the lock, leaving 3 hours for other tasks in the workflow
timeout-minutes: 180
if: ${{ vars.CI_S3_LOCK_HOST != '' }}
- name: Deploy Kubernetes 1.30 for etcd volume test
uses: ./.github/actions/upgrade-and-test
with:
name: ci-${{ github.run_id }}-${{ github.job }}
chart-version: ${{ inputs.chart-version }}
kubernetes-version: ${{ fromJson(inputs.images).kube-1-30-version }}
image-id: ${{ fromJson(inputs.images).kube-1-30-image }}
- name: Delete etcd volume test deployment
run: helm delete ci-${{ github.run_id }}-${{ github.job }} --wait
if: ${{ always() }}
- name: Upload logs
uses: ./.github/actions/upload-logs
with:
name-suffix: ${{ github.job }}
if: ${{ always() }}
# Release the CI lock when we are done
- name: Release S3 lock
uses: stackhpc/github-actions/s3-lock@master
with:
host: ${{ vars.CI_S3_LOCK_HOST }}
access-key: ${{ secrets.CI_S3_LOCK_ACCESS_KEY }}
secret-key: ${{ secrets.CI_S3_LOCK_SECRET_KEY }}
bucket: ${{ vars.CI_S3_LOCK_BUCKET }}
action: release
process-id: ${{ github.repository }}/${{ github.run_id }}/${{ github.job }}
if: ${{ vars.CI_S3_LOCK_HOST != '' && always() }}
# This job tests Kubernetes upgrade
# It only runs for non-draft PRs
# It uses a pre-existing internal network
kube-upgrade:
runs-on: ubuntu-latest
if: ${{ inputs.tests-full }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: Create kind cluster
uses: helm/kind-action@v1.8.0
- name: Set up test environment
uses: ./.github/actions/setup
- name: Write cloud credential
run: echo "$CLOUD" > ./clouds.yaml
env:
CLOUD: ${{ secrets.CLOUD }}
- name: Write Helm values
run: echo "$VALUES" > ./values.yaml
env:
VALUES: |
clouds:
openstack:
auth:
project_id: ${{ secrets.PROJECT_ID }}
verify: false
clusterNetworking:
externalNetworkId: ${{ vars.EXTERNAL_NETWORK_ID }}
internalNetwork:
networkFilter:
tags: capi-helm-chart-ci
controlPlane:
machineFlavor: ${{ vars.CONTROL_PLANE_FLAVOR }}
machineCount: 1
nodeGroups:
- name: md-0
machineFlavor: ${{ vars.NODE_GROUP_FLAVOR }}
machineCount: 2
# This is the point at which we start to consume OpenStack resources
# We use the same resource as the Azimuth CI, so acquire the same CI lock
- name: Acquire S3 lock
uses: stackhpc/github-actions/s3-lock@master
with:
host: ${{ vars.CI_S3_LOCK_HOST }}
access-key: ${{ secrets.CI_S3_LOCK_ACCESS_KEY }}
secret-key: ${{ secrets.CI_S3_LOCK_SECRET_KEY }}
bucket: ${{ vars.CI_S3_LOCK_BUCKET }}
action: acquire
# Include the job ID in the process ID
process-id: ${{ github.repository }}/${{ github.run_id }}/${{ github.job }}
# GitHub terminates jobs after 6 hours
# We don't want jobs to acquire the lock then get timed out before they can finish
# So wait a maximum of 3 hours to acquire the lock, leaving 3 hours for other tasks in the workflow
timeout-minutes: 180
if: ${{ vars.CI_S3_LOCK_HOST != '' }}
- name: Deploy Kubernetes 1.28 for Kubernetes upgrade test
uses: ./.github/actions/upgrade-and-test
with:
name: ci-${{ github.run_id }}-${{ github.job }}
chart-version: ${{ inputs.chart-version }}
kubernetes-version: ${{ fromJson(inputs.images).kube-1-28-version }}
image-id: ${{ fromJson(inputs.images).kube-1-28-image }}
- name: Upgrade to Kubernetes 1.29
uses: ./.github/actions/upgrade-and-test
with:
name: ci-${{ github.run_id }}-${{ github.job }}
chart-version: ${{ inputs.chart-version }}
kubernetes-version: ${{ fromJson(inputs.images).kube-1-29-version }}
image-id: ${{ fromJson(inputs.images).kube-1-29-image }}
- name: Upgrade to Kubernetes 1.30
uses: ./.github/actions/upgrade-and-test
with:
name: ci-${{ github.run_id }}-${{ github.job }}
chart-version: ${{ inputs.chart-version }}
kubernetes-version: ${{ fromJson(inputs.images).kube-1-30-version }}
image-id: ${{ fromJson(inputs.images).kube-1-30-image }}
- name: Delete Kubernetes upgrade deployment
run: helm delete ci-${{ github.run_id }}-${{ github.job }} --wait
if: ${{ always() }}
- name: Upload logs
uses: ./.github/actions/upload-logs
with:
name-suffix: ${{ github.job }}
if: ${{ always() }}
# Release the CI lock when we are done
- name: Release S3 lock
uses: stackhpc/github-actions/s3-lock@master
with:
host: ${{ vars.CI_S3_LOCK_HOST }}
access-key: ${{ secrets.CI_S3_LOCK_ACCESS_KEY }}
secret-key: ${{ secrets.CI_S3_LOCK_SECRET_KEY }}
bucket: ${{ vars.CI_S3_LOCK_BUCKET }}
action: release
process-id: ${{ github.repository }}/${{ github.run_id }}/${{ github.job }}
if: ${{ vars.CI_S3_LOCK_HOST != '' && always() }}
# This jobs tests upgrading the chart + dependencies from the latest tag
# It only runs for non-draft PRs
# It uses a pre-existing internal network
# It installs ALL of the addons so that we test upgrading them
chart-upgrade:
runs-on: ubuntu-latest
if: ${{ inputs.tests-full }}
steps:
- name: Checkout current
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
path: current
- name: Get latest tag
id: latest-tag
run: |
set -eo pipefail
TAG_NAME="$(curl -fsSL "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/releases/latest" | jq -r '.tag_name')"
echo "tag-name=${TAG_NAME}" >> "$GITHUB_OUTPUT"
- name: Checkout latest tag
uses: actions/checkout@v3
with:
ref: ${{ steps.latest-tag.outputs.tag-name }}
path: latest-tag
- name: Write cloud credential
run: echo "$CLOUD" > ./clouds.yaml
env:
CLOUD: ${{ secrets.CLOUD }}
- name: Write Helm values
run: echo "$VALUES" > ./values.yaml
env:
VALUES: |
clouds:
openstack:
auth:
project_id: ${{ secrets.PROJECT_ID }}
verify: false
clusterNetworking:
externalNetworkId: ${{ vars.EXTERNAL_NETWORK_ID }}
internalNetwork:
networkFilter:
tags: capi-helm-chart-ci
controlPlane:
machineFlavor: ${{ vars.CONTROL_PLANE_FLAVOR }}
machineCount: 1
nodeGroups:
- name: md-0
machineFlavor: ${{ vars.NODE_GROUP_FLAVOR }}
machineCount: 2
addons:
kubernetesDashboard:
enabled: true
monitoring:
enabled: true
- name: Create kind cluster
uses: helm/kind-action@v1.8.0
# For the setup, we use a merged dependencies file in case new dependencies
# are added by the code under test, ensuring that the older dependencies are
# used where they are specified
- name: Create merged dependencies file
run: >
jq -s '.[0] * .[1]' \
current/dependencies.json \
latest-tag/dependencies.json \
> dependencies-merged.json
- name: Set up test environment with dependencies from latest tag
uses: ./current/.github/actions/setup
with:
dependencies-path: dependencies-merged.json
# This is the point at which we start to consume OpenStack resources
# We use the same resource as the Azimuth CI, so acquire the same CI lock
- name: Acquire S3 lock
uses: stackhpc/github-actions/s3-lock@master
with:
host: ${{ vars.CI_S3_LOCK_HOST }}
access-key: ${{ secrets.CI_S3_LOCK_ACCESS_KEY }}
secret-key: ${{ secrets.CI_S3_LOCK_SECRET_KEY }}
bucket: ${{ vars.CI_S3_LOCK_BUCKET }}
action: acquire
# Include the job ID in the process ID
process-id: ${{ github.repository }}/${{ github.run_id }}/${{ github.job }}
# GitHub terminates jobs after 6 hours
# We don't want jobs to acquire the lock then get timed out before they can finish
# So wait a maximum of 3 hours to acquire the lock, leaving 3 hours for other tasks in the workflow
timeout-minutes: 180
if: ${{ vars.CI_S3_LOCK_HOST != '' }}
- name: Deploy cluster with chart from latest tag
uses: ./current/.github/actions/upgrade-and-test
with:
name: ci-${{ github.run_id }}-${{ github.job }}
# Deploy using the tagged version here
chart-version: ${{ steps.latest-tag.outputs.tag-name }}
kubernetes-version: ${{ fromJson(inputs.images).kube-1-29-version }}
image-id: ${{ fromJson(inputs.images).kube-1-29-image }}
- name: Update test environment with current dependencies
uses: ./current/.github/actions/setup
with:
dependencies-path: current/dependencies.json
- name: Upgrade cluster to current chart
uses: ./current/.github/actions/upgrade-and-test
with:
name: ci-${{ github.run_id }}-${{ github.job }}
# And upgrade to the version under test
chart-version: ${{ inputs.chart-version }}
kubernetes-version: ${{ fromJson(inputs.images).kube-1-29-version }}
image-id: ${{ fromJson(inputs.images).kube-1-29-image }}
- name: Delete chart upgrade deployment
run: helm delete ci-${{ github.run_id }}-${{ github.job }} --wait
if: ${{ always() }}
- name: Upload logs
uses: ./current/.github/actions/upload-logs
with:
name-suffix: ${{ github.job }}
if: ${{ always() }}
# Release the CI lock when we are done
- name: Release S3 lock
uses: stackhpc/github-actions/s3-lock@master
with:
host: ${{ vars.CI_S3_LOCK_HOST }}
access-key: ${{ secrets.CI_S3_LOCK_ACCESS_KEY }}
secret-key: ${{ secrets.CI_S3_LOCK_SECRET_KEY }}
bucket: ${{ vars.CI_S3_LOCK_BUCKET }}
action: release
process-id: ${{ github.repository }}/${{ github.run_id }}/${{ github.job }}
if: ${{ vars.CI_S3_LOCK_HOST != '' && always() }}
View Git Blame Copy Permalink