-
Notifications
You must be signed in to change notification settings - Fork 2
472 lines (402 loc) · 16.1 KB
/
Copy pathreusable-test-integrations.yml
File metadata and controls
472 lines (402 loc) · 16.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
name: Integration Test Pipeline
on:
workflow_call:
inputs:
repo:
description: "Repository to checkout (e.g., strimzi/strimzi-kafka-bridge)"
required: true
type: string
ref:
description: "Repository ref to checkout (e.g., main)"
required: true
type: string
architecture:
description: "Architecture"
required: true
type: string
artifactSuffix:
description: "Suffix of the artifact (e.g., kafka-bridge)"
required: true
type: string
buildContainers:
description: "Flag whether containers should be build"
required: true
type: boolean
modules:
description: "List of modules to deploy (e.g., './,api' or 'none' to skip)"
required: true
type: string
nexusCheck:
description: "Module name to check in Nexus (e.g., 'kafka-bridge')"
required: true
type: string
javaVersion:
description: "Java version to use for build (e.g., '17')"
required: true
type: string
helmChartName:
description: "Name of the Helm Chart to be pushed"
required: true
type: string
releaseVersion:
description: "Release version like 1.5.0"
required: true
type: string
imagesLocation:
description: "Directory/file that will be used as source for containers tar ball"
required: true
type: string
clusterOperatorBuild:
description: "Flag whether it is Strimzi Operator build or not (should be set only in Strimzi Kafka Operator repo)"
required: false
type: boolean
checkTests:
description: "Flag whether unit tests should be run and verified during build (set to false for repos without tests)"
required: false
type: boolean
default: true
githubActionsRef:
description: "Ref of strimzi/github-actions to use (tag, branch, or SHA). Leave empty for local calls within github-actions repo."
required: false
type: string
default: ""
# Declare default permissions as read only
permissions:
contents: read
id-token: write # Required for OIDC keyless signing
jobs:
test-build-binaries:
name: Build Binaries
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Checkout ${{ inputs.repo }}
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
- name: Checkout github-actions
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: strimzi/github-actions
ref: ${{ inputs.githubActionsRef || github.sha }}
path: github-actions
- name: Setup actions for testing
run: |
mkdir -p .github/actions
cp -r github-actions/.github/actions/* .github/actions/
- name: Setup Java and Maven
uses: ./.github/actions/dependencies/setup-java
with:
javaVersion: ${{ inputs.javaVersion }}
- name: Install yq
uses: ./.github/actions/dependencies/install-yq
- name: Install Shellcheck
uses: ./.github/actions/dependencies/install-shellcheck
- name: Install Helm
uses: ./.github/actions/dependencies/install-helm
- name: Build binaries using build-binaries action
uses: ./.github/actions/build/build-binaries
with:
mainJavaBuild: "true"
artifactSuffix: ${{ inputs.artifactSuffix }}
clusterOperatorBuild: ${{ inputs.clusterOperatorBuild }}
env:
# Skip just ITs and rerun unit tests in case of flakes
MVN_ARGS: "-DskipITs -Dsurefire.rerunFailingTestsCount=5"
- name: Verify binaries artifact was created
run: |
if [ ! -f "binaries-${{ inputs.artifactSuffix }}.tar" ]; then
echo "❌ Binaries artifact not created"
exit 1
fi
echo "Binaries artifact contents:"
tar -tf binaries-${{ inputs.artifactSuffix }}.tar
echo "✓ Binaries artifact created successfully"
- name: Verify test results exist
if: ${{ inputs.checkTests == true }}
shell: bash
run: |
REPORT_COUNT=$(find . -path "*/surefire-reports/TEST-*.xml" -type f | wc -l)
if [ "$REPORT_COUNT" -eq 0 ]; then
echo "No surefire test reports found - unit tests may not have run"
exit 1
fi
echo "✓ Found $REPORT_COUNT surefire test report(s)"
test-deploy-java:
name: Deploy to Maven
if: ${{ inputs.modules != 'none' }}
needs: test-build-binaries
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout ${{ inputs.repo }}
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
- name: Checkout github-actions
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: strimzi/github-actions
ref: ${{ inputs.githubActionsRef || github.sha }}
path: github-actions
- name: Setup Nexus
run: github-actions/.github/tests/setup-nexus.sh
env:
NEXUS_URL: "http://localhost:8081"
NEXUS_IMAGE: "sonatype/nexus3:3.87.2"
SETTINGS_DIR: "github-actions/.github/tests/"
- name: Setup actions for testing
run: |
mkdir -p .github/actions
cp -r github-actions/.github/actions/* .github/actions/
- name: Generate GPG key for testing
run: |
# Create a test GPG key (non-interactive)
cat > gpg-key-config <<EOF
%no-protection
Key-Type: RSA
Key-Length: 2048
Name-Real: Test User
Name-Email: test@strimzi.io
Expire-Date: 0
EOF
gpg --batch --gen-key gpg-key-config
# Export the key
gpg --armor --export-secret-keys test@strimzi.io > test-gpg-key.asc
# Encode to base64
GPG_KEY_BASE64=$(cat test-gpg-key.asc | base64 -w 0)
echo "GPG_SIGNING_KEY=$GPG_KEY_BASE64" >> "$GITHUB_ENV"
echo "✓ GPG key generated for testing"
- name: Setup Java and Maven
uses: ./.github/actions/dependencies/setup-java
with:
javaVersion: ${{ inputs.javaVersion }}
- name: Install yq
uses: ./.github/actions/dependencies/install-yq
# The central-publishing-maven-plugin creates a bundle zip for release versions
# and uploads via the Central Portal API, which local Nexus doesn't support.
# Setting a SNAPSHOT version forces direct artifact deployment instead.
# This is required for projects where we use release branches, and it is used only for testing purposes.
- name: Set SNAPSHOT version for testing
shell: bash
run: |
mvn versions:set -DnewVersion=${{ inputs.releaseVersion }}-SNAPSHOT -DgenerateBackupPoms=false
- name: Deploy to local Maven repository using deploy-java action
uses: ./.github/actions/build/deploy-java
with:
modules: ${{ inputs.modules }}
gpgPassphrase: "test-passphrase"
gpgSigningKey: ${{ env.GPG_SIGNING_KEY }}
centralUsername: "admin"
centralPassword: ${{ env.NEXUS_PASSWORD }}
env:
DEPLOYMENT_URL: "http://localhost:8081/repository"
- name: Verify deployment to Nexus
run: |
echo ">>> Verifying deployment in Nexus..."
TIMEOUT=180 # 3 minutes
INTERVAL=5 # Check every 5 seconds
ELAPSED=0
while [ $ELAPSED -lt $TIMEOUT ]; do
echo "Checking for artifacts... (${ELAPSED}s/${TIMEOUT}s)"
SEARCH_RESULT=$(curl -s -u admin:${{ env.NEXUS_PASSWORD }} \
"http://localhost:8081/service/rest/v1/search?repository=maven-snapshots&name=${{ inputs.nexusCheck }}" 2>/dev/null)
ARTIFACT_COUNT=$(echo "$SEARCH_RESULT" | jq -r '.items | length' 2>/dev/null || echo "0")
if [ "$ARTIFACT_COUNT" -gt 0 ]; then
echo "✓ Found $ARTIFACT_COUNT artifact(s) deployed!"
echo ""
echo "Deployed artifacts:"
echo "$SEARCH_RESULT" | jq '.items[] | {name: .name, version: .version, repository: .repository, assets: [.assets[].path]}'
exit 0
fi
sleep $INTERVAL
ELAPSED=$((ELAPSED + INTERVAL))
done
echo "❌ Timeout: No artifacts found in maven-snapshots after ${TIMEOUT} seconds"
echo "Last search result:"
echo "$SEARCH_RESULT" | jq '.' || echo "No valid response"
exit 1
test-build-containers:
name: Build Containers
if: ${{ inputs.buildContainers == true }}
needs:
- test-build-binaries
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- name: Checkout ${{ inputs.repo }}
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
- name: Checkout github-actions
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: strimzi/github-actions
ref: ${{ inputs.githubActionsRef || github.sha }}
path: github-actions
- name: Setup actions for testing
run: |
mkdir -p .github/actions
cp -r github-actions/.github/actions/* .github/actions/
- name: Install Docker
uses: ./.github/actions/dependencies/install-docker
- name: Install yq
uses: ./.github/actions/dependencies/install-yq
- name: Install Shellcheck
uses: ./.github/actions/dependencies/install-shellcheck
- name: Build containers using build-containers action
uses: ./.github/actions/build/build-containers
with:
imagesLocation: ${{ inputs.imagesLocation }}
artifactSuffix: "${{ inputs.artifactSuffix }}"
test-push-containers:
name: Push Containers
needs:
- test-build-containers
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout ${{ inputs.repo }}
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
- name: Checkout github-actions
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: strimzi/github-actions
ref: ${{ inputs.githubActionsRef || github.sha }}
path: github-actions
- name: Setup actions for testing
run: |
mkdir -p .github/actions
cp -r github-actions/.github/actions/* .github/actions/
- name: Setup local registry
run: github-actions/.github/tests/setup-registry.sh
env:
REGISTRY_IMAGE: "registry:3"
REGISTRY_USERNAME: "strimzi"
REGISTRY_PASSWORD: "strimzi"
- name: Install Docker
uses: ./.github/actions/dependencies/install-docker
- name: Install yq
uses: ./.github/actions/dependencies/install-yq
- name: Install Syft
uses: ./.github/actions/dependencies/install-syft
- name: Push containers using push-containers action
uses: ./.github/actions/build/push-containers
with:
registryUser: "strimzi"
registryPassword: "strimzi"
containerRegistry: "registry.strimzi:443"
architectures: "amd64"
artifactSuffix: ${{ inputs.artifactSuffix }}
test-release-artifacts:
name: Release Artifacts
needs:
- test-build-binaries
- test-push-containers
if: ${{ always() && (needs.test-build-binaries.result == 'success') && (inputs.buildContainers == false || needs.test-push-containers.result == 'success') && (inputs.releaseVersion != 'none') }}
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout ${{ inputs.repo }}
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
- name: Checkout github-actions
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: strimzi/github-actions
ref: ${{ inputs.githubActionsRef || github.sha }}
path: github-actions
- name: Setup actions for testing
run: |
mkdir -p .github/actions
cp -r github-actions/.github/actions/* .github/actions/
- name: Setup Java and Maven
uses: ./.github/actions/dependencies/setup-java
with:
javaVersion: ${{ inputs.javaVersion }}
- name: Install yq
uses: ./.github/actions/dependencies/install-yq
- name: Install Helm
uses: ./.github/actions/dependencies/install-helm
- name: Install AsciiDoctor
uses: ./.github/actions/dependencies/install-ascii-doctor
- name: Test release-artifacts action
uses: ./.github/actions/build/release-artifacts
with:
artifactSuffix: "${{ inputs.artifactSuffix }}"
releaseVersion: ${{ inputs.releaseVersion }}
- name: Verify release outputs
run: |
TARBALL="release-${{ inputs.artifactSuffix }}-${{ inputs.releaseVersion }}.tar"
if [ ! -f "$TARBALL" ]; then
echo "❌ Release tarball not found: $TARBALL"
exit 1
fi
if [ ! -s "$TARBALL" ]; then
echo "❌ Release tarball is empty: $TARBALL"
exit 1
fi
echo "Release tarball contents:"
tar -tf "$TARBALL"
echo "✓ Release artifacts created successfully"
# This check is currently only for Operators repo as yamls were missing in release tar ball
- name: Verify YAML release artifacts in tarball
if: ${{ inputs.clusterOperatorBuild == true }}
run: |
TARBALL="release-${{ inputs.artifactSuffix }}-${{ inputs.releaseVersion }}.tar"
YAML_COUNT=$(tar -tf "$TARBALL" | grep -c '\.yaml$' || true)
if [ "$YAML_COUNT" -eq 0 ]; then
echo "Release tarball contents:"
tar -tf "$TARBALL"
echo "No YAML files found in release tarball for operator build"
exit 1
fi
echo "Found $YAML_COUNT YAML file(s) in release tarball:"
tar -tf "$TARBALL" | grep '\.yaml$'
test-publish-helm:
name: Publish Helm Charts
if: ${{ inputs.helmChartName != 'none' }}
needs: test-release-artifacts
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout ${{ inputs.repo }}
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
- name: Checkout github-actions
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
repository: strimzi/github-actions
ref: ${{ inputs.githubActionsRef || github.sha }}
path: github-actions
- name: Setup actions for testing
run: |
mkdir -p .github/actions
cp -r github-actions/.github/actions/* .github/actions/
- name: Setup local registry
run: github-actions/.github/tests/setup-registry.sh
env:
REGISTRY_IMAGE: "registry:3"
REGISTRY_USERNAME: "strimzi"
REGISTRY_PASSWORD: "strimzi"
- name: Install Helm
uses: ./.github/actions/dependencies/install-helm
- name: Publish Helm charts using publish-helm action
uses: ./.github/actions/build/publish-helm-chart
with:
registryUser: "strimzi"
registryPassword: "strimzi"
containerRegistry: "registry.strimzi:443"
helmChartName: ${{ inputs.helmChartName}}
releaseVersion: ${{ inputs.releaseVersion }}
artifactSuffix: ${{ inputs.artifactSuffix }}