HaRP/.github/workflows/tests-deploy-k8s.yml at main · nextcloud/HaRP · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT
# Adapted from nextcloud/app_api's tests-deploy-k8s.yml so HaRP PRs exercise
# the integration with AppAPI against a freshly built HaRP image.
name: Tests - K8s Deploy (NodePort)

on:
  pull_request:
    branches: [main]
  push:
    branches: [main]
  workflow_dispatch:

permissions:
  contents: read

concurrency:
  group: tests-deploy-k8s-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

env:
  HP_SHARED_KEY: 'test_shared_key_12345'

jobs:
  k8s-deploy-nodeport:
    runs-on: ubuntu-22.04
    name: K8s Deploy Lifecycle (NodePort)

    services:
      postgres:
        image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest # zizmor: ignore[unpinned-images]
        ports:
          - 4444:5432/tcp
        env:
          POSTGRES_USER: root
          POSTGRES_PASSWORD: rootpassword
          POSTGRES_DB: nextcloud
        options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5

    steps:
      - name: Checkout server
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
          submodules: true
          repository: nextcloud/server
          ref: master

      - name: Checkout AppAPI
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
          repository: nextcloud/app_api
          ref: main
          path: apps/app_api

      - name: Checkout HaRP (this PR)
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
          path: harp

      - name: Set up php
        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
        with:
          php-version: '8.3'
          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, pgsql, pdo_pgsql
          coverage: none
          ini-file: development
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Check composer file existence
        id: check_composer
        uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v2
        with:
          files: apps/app_api/composer.json

      - name: Set up dependencies
        if: steps.check_composer.outputs.files_exists == 'true'
        working-directory: apps/app_api
        run: composer i

      - name: Set up Nextcloud
        env:
          DB_PORT: 4444
        run: |
          mkdir data
          ./occ maintenance:install --verbose --database=pgsql --database-name=nextcloud --database-host=127.0.0.1 \
            --database-port=$DB_PORT --database-user=root --database-pass=rootpassword \
            --admin-user admin --admin-pass admin
          ./occ config:system:set loglevel --value=0 --type=integer
          ./occ config:system:set debug --value=true --type=boolean
          ./occ app:enable --force app_api

      - name: Install k3s
        run: |
          curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik --disable servicelb" sh -
          sudo chmod 644 /etc/rancher/k3s/k3s.yaml
          echo "KUBECONFIG=/etc/rancher/k3s/k3s.yaml" >> $GITHUB_ENV

      - name: Wait for k3s and create namespace
        run: |
          kubectl wait --for=condition=Ready node --all --timeout=120s
          kubectl create namespace nextcloud-exapps
          NODE_IP=$(kubectl get node -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}')
          echo "NODE_IP=${NODE_IP}" >> $GITHUB_ENV
          echo "k3s node IP: $NODE_IP"

      - name: Configure Nextcloud for k3s networking
        run: |
          ./occ config:system:set overwrite.cli.url --value "http://${{ env.NODE_IP }}" --type=string
          ./occ config:system:set trusted_domains 1 --value "${{ env.NODE_IP }}"

      - name: Create K8s service account for HaRP
        run: |
          kubectl -n nextcloud-exapps create serviceaccount harp-sa
          kubectl create clusterrolebinding harp-admin \
            --clusterrole=cluster-admin \
            --serviceaccount=nextcloud-exapps:harp-sa
          K3S_TOKEN=$(kubectl -n nextcloud-exapps create token harp-sa --duration=2h)
          echo "K3S_TOKEN=${K3S_TOKEN}" >> $GITHUB_ENV

      - name: Pre-pull ExApp image into k3s
        run: sudo k3s ctr images pull ghcr.io/nextcloud/app-skeleton-python:latest

      - name: Build HaRP image (this PR)
        working-directory: harp
        run: docker build -t ghcr.io/nextcloud/nextcloud-appapi-harp:latest .

      - name: Start HaRP with K8s backend
        run: |
          docker run --net host --name appapi-harp \
            -e HP_SHARED_KEY="${{ env.HP_SHARED_KEY }}" \
            -e NC_INSTANCE_URL="http://${{ env.NODE_IP }}" \
            -e HP_LOG_LEVEL="debug" \
            -e HP_K8S_ENABLED="true" \
            -e HP_K8S_API_SERVER="https://127.0.0.1:6443" \
            -e HP_K8S_BEARER_TOKEN="${{ env.K3S_TOKEN }}" \
            -e HP_K8S_NAMESPACE="nextcloud-exapps" \
            -e HP_K8S_VERIFY_SSL="false" \
            --restart unless-stopped \
            -d ghcr.io/nextcloud/nextcloud-appapi-harp:latest

      - name: Start nginx proxy
        run: |
          docker run --net host --name nextcloud --rm \
            -v $(pwd)/apps/app_api/tests/simple-nginx-NOT-FOR-PRODUCTION.conf:/etc/nginx/conf.d/default.conf:ro \
            -d nginx

      - name: Start Nextcloud
        run: PHP_CLI_SERVER_WORKERS=2 php -S 0.0.0.0:8080 &

      - name: Wait for HaRP K8s readiness
        run: |
          for i in $(seq 1 30); do
            if curl -sf http://${{ env.NODE_IP }}:8780/exapps/app_api/info \
                -H "harp-shared-key: ${{ env.HP_SHARED_KEY }}" 2>/dev/null | grep -q '"kubernetes"'; then
              echo "HaRP is ready with K8s backend"
              exit 0
            fi
            echo "Waiting for HaRP... ($i/30)"
            sleep 2
          done
          echo "HaRP K8s readiness check failed"
          docker logs appapi-harp
          exit 1

      - name: Register K8s daemon
        run: |
          ./occ app_api:daemon:register \
            k8s_test "K8s Test" "kubernetes-install" "http" "${{ env.NODE_IP }}:8780" "http://${{ env.NODE_IP }}" \
            --harp --harp_shared_key "${{ env.HP_SHARED_KEY }}" \
            --k8s --k8s_expose_type=nodeport --set-default
          ./occ app_api:daemon:list

      - name: Run K8s integration tests
        env:
          K8S_EXPOSE_TYPE: nodeport
        run: python3 apps/app_api/tests/test_occ_commands_k8s.py

      - name: Verify HaRP routing across enable lifecycle (NodePort)
        env:
          K8S_EXPOSE_TYPE: nodeport
        run: pip install --quiet requests && python3 harp/tests/test_k8s_routing.py

      - name: Collect HaRP logs
        if: always()
        run: docker logs appapi-harp > harp.log 2>&1

      - name: Collect K8s resources
        if: always()
        run: |
          kubectl -n nextcloud-exapps get all -o wide > k8s-resources.txt 2>&1 || true
          kubectl -n nextcloud-exapps describe pods > k8s-pods-describe.txt 2>&1 || true
          kubectl -n nextcloud-exapps get pvc -o wide >> k8s-resources.txt 2>&1 || true

      - name: Show all logs
        if: always()
        run: |
          echo "=== HaRP logs ===" && cat harp.log || true
          echo "=== K8s resources ===" && cat k8s-resources.txt || true
          echo "=== K8s pods ===" && cat k8s-pods-describe.txt || true
          echo "=== Nextcloud log (last 100 lines) ===" && tail -100 data/nextcloud.log || true

      - name: Upload HaRP logs
        if: always()
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
        with:
          name: k8s_deploy_nodeport_harp.log
          path: harp.log
          if-no-files-found: warn

      - name: Upload K8s resources
        if: always()
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
        with:
          name: k8s_deploy_nodeport_resources.txt
          path: |
            k8s-resources.txt
            k8s-pods-describe.txt
          if-no-files-found: warn

      - name: Upload NC logs
        if: always()
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
        with:
          name: k8s_deploy_nodeport_nextcloud.log
          path: data/nextcloud.log
          if-no-files-found: warn

  tests-success:
    permissions:
      contents: none
    runs-on: ubuntu-22.04
    needs: [k8s-deploy-nodeport]
    name: K8s-NodePort-Tests-OK
    steps:
      - run: echo "K8s NodePort tests passed successfully"