Skip to content
CI

refactor(make): rearrange targets #5795

Sign in to view logs

refactor(make): rearrange targets

refactor(make): rearrange targets #5795

Workflow file for this run

.github/workflows/build_test.yml at dd6823b
name: CI
on:
pull_request_target:
types:
- labeled
- opened
- synchronize
- reopened
branches:
- main
- '*-release'
paths-ignore:
- 'config/**'
- '**.md'
# push: # TODO: use if conditionals to separate PR from refs/tag for some steps; execute this WF BEFORE the releaese workflow
# tags:
# - '*'
jobs:
authorize:
concurrency:
group: authorize-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
if: ${{ contains( github.event.pull_request.labels.*.name, 'test e2e') }}
environment:
${{ (github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != github.repository) && 'external' || 'internal' }}
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ github.token }}
outputs:
config: ${{ steps.get_config.outputs.config }}
public_repo: ${{ steps.get_config.outputs.public_repo }}
runner: ${{ steps.get_config.outputs.runner }}
skip_arm: ${{ steps.get_config.outputs.skip_arm || 'true' }}
steps:
- name: Get Testing Configuration
id: get_config
run: |
config=$(gh api "/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/approvals" --jq '.[0] | .comment')
if [ -z "$config" ]; then
exit 0
fi
echo "Provided testing configuration:"
echo "$config"
if ! echo "$config" | yq e > /dev/null; then
echo "Invalid testing configuration provided"
exit 1
fi
arch=$(echo -n "$config" | yq -r '.architecture // "amd64"')
case "$arch" in
amd64)
echo "runner=ubuntu-latest" >> "$GITHUB_OUTPUT"
;;
arm64)
echo "runner=ubuntu-24.04-arm" >> "$GITHUB_OUTPUT"
;;
*)
echo "Error: unsupported architecture '$arch'"
echo "Allowed values: 'amd64' or 'arm64'"
exit 1
;;
esac
echo "skip_arm=$(echo -n "$config" | grep "architecture:.*arm64" > /dev/null && echo false || echo true)" >> "$GITHUB_OUTPUT"
echo "config=$(echo -n "$config" | yq 'del (.architecture) | select(length > 0)' | base64 -w 0)" >> "$GITHUB_OUTPUT"
if echo "$config" | yq e '... comments=""' | grep -q "hosted"; then
echo "Hosted cluster deployment was triggered. Using public repository"
echo "public_repo=true" >> "$GITHUB_OUTPUT"
fi
lint-test:
concurrency:
group: lint-test-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
name: Lint and Unit Test
runs-on: ubuntu-latest
outputs:
version: ${{ steps.vars.outputs.version }}
clusterprefix: ${{ steps.vars.outputs.clusterprefix }}
pr_merge_commit: ${{ fromJSON(steps.pr.outputs.result) }}
steps:
- name: Get PR ref
uses: actions/github-script@v8
id: pr
with:
script: |
const { data: pullRequest } = await github.rest.pulls.get({
...context.repo,
pull_number: context.payload.pull_request.number,
});
return pullRequest.merge_commit_sha;
- name: Checkout repository
uses: actions/checkout@v6
with:
ref: ${{ fromJSON(steps.pr.outputs.result) }}
fetch-depth: 0
- name: Validate PR title and commit message
shell: bash
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
set -euo pipefail
# Conventional commit regex (simplified)
CONVENTIONAL_REGEX='^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test)(\([a-zA-Z0-9_-]+\))?!?: .+$'
REVERT_REGEX='^Revert ".+"$'
pr_title="$PR_TITLE"
echo "PR title: $pr_title"
commit_title="$(git log -2 --pretty=%s | tail -n 1)"
echo "Commit title: $commit_title"
if [[ ! "$pr_title" =~ $CONVENTIONAL_REGEX && ! "$pr_title" =~ $REVERT_REGEX ]]; then
echo "::error::PR title must follow Conventional Commits (https://www.conventionalcommits.org) or be an auto-generated revert"
exit 1
fi
if [[ ! "$commit_title" =~ $CONVENTIONAL_REGEX && ! "$commit_title" =~ $REVERT_REGEX ]]; then
echo "::error::Commit message must follow Conventional Commits (https://www.conventionalcommits.org) or be an auto-generated revert"
exit 1
fi
- name: Setup Go and Cache (with Lint)
uses: ./.github/actions/setup-go-cache
- name: Lint
run: GOLANGCI_LINT_TIMEOUT=10m make lint
- name: Verify all generated pieces are up-to-date
env:
BASE_COMMIT: "origin/${{ github.event.pull_request.base.ref }}"
shell: bash
run: |
make generate-all
git add -N .
if ! git diff --exit-code; then
echo "::error::Generated files are out of date. Please run 'make generate-all'."
git diff --name-only
exit 1
fi
- name: Unit tests
env:
BASE_COMMIT: "origin/${{ github.event.pull_request.base.ref }}"
run: make test
- name: Get outputs
id: vars
run: |
GIT_VERSION=$(git describe --tags --always)
echo "version=${GIT_VERSION:1}" >> "$GITHUB_OUTPUT"
echo "clusterprefix=ci-$(date +%s | cut -b6-10)" >> "$GITHUB_OUTPUT"
controller-e2etest:
name: E2E Controller
runs-on: ${{ needs.authorize.outputs.runner || 'ubuntu-latest' }}
if: ${{ !contains( github.event.pull_request.labels.*.name, 'test e2e') }}
needs: lint-test
concurrency:
group: controller-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ needs.lint-test.outputs.pr_merge_commit }}
- name: Setup kubectl
uses: azure/setup-kubectl@v5
- name: Setup Go and Cache
uses: ./.github/actions/setup-go-cache
- name: Run E2E tests
env:
GINKGO_LABEL_FILTER: 'controller'
CLUSTER_DEPLOYMENT_PREFIX: ${{ needs.lint-test.outputs.clusterprefix }}
VERSION: ${{ needs.lint-test.outputs.version }}
SEGMENT_TOKEN: ${{ secrets.SEGMENT_TOKEN_DEV }}
run: make test-e2e
- name: Archive test results
uses: actions/upload-artifact@v7
if: always()
with:
name: support-bundles
path: "/home/runner/work/kcm/kcm/support-bundle-*"
retention-days: 1
overwrite: true
push-public:
name: Build and Push Artifacts When Required
runs-on: ${{ needs.authorize.outputs.runner || 'ubuntu-latest' }}
needs:
- authorize
- lint-test
concurrency:
group: build-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
packages: write
env:
REGISTRY_REPO: oci://ghcr.io/k0rdent/kcm/charts-ci
steps:
- name: Checkout repository
if: ${{ needs.authorize.outputs.public_repo == 'true' }}
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ needs.lint-test.outputs.pr_merge_commit }}
- name: Set up Buildx
if: ${{ needs.authorize.outputs.public_repo == 'true' }}
uses: docker/setup-buildx-action@v4
- name: Login to GHCR
if: ${{ needs.authorize.outputs.public_repo == 'true' }}
uses: docker/login-action@v4.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Go and Cache
if: ${{ needs.authorize.outputs.public_repo == 'true' }}
uses: ./.github/actions/setup-go-cache
- name: Build and push KCM controller image to the public repository
if: ${{ needs.authorize.outputs.public_repo == 'true' }}
uses: goreleaser/goreleaser-action@v7
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REGISTRY: ghcr.io/k0rdent/kcm
IMAGE_NAME: controller-ci
TELEMETRY_IMAGE_NAME: telemetry-ci
VERSION: ${{ needs.lint-test.outputs.version }}
SKIP_SCM_RELEASE: true
SKIP_ARM: ${{ needs.authorize.outputs.skip_arm }}
SEGMENT_TOKEN: ${{ secrets.SEGMENT_TOKEN_DEV }}
with:
distribution: goreleaser
version: '~> v2'
args: release --clean --verbose --skip=validate
- name: Prepare and push KCM template charts to the public repository
if: ${{ needs.authorize.outputs.public_repo == 'true' }}
shell: bash
run: |
make kcm-chart-release
make helm-push
provider-cloud-e2etest:
name: E2E Cloud Providers
runs-on: ${{ needs.authorize.outputs.runner || 'ubuntu-latest' }}
if: ${{ contains( github.event.pull_request.labels.*.name, 'test e2e') }}
timeout-minutes: 540 # 9h, the default tests timeout is 6h
needs:
- lint-test
- authorize
- push-public
concurrency:
group: cloud-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: ${{ secrets.CI_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CI_AWS_SECRET_ACCESS_KEY }}
AZURE_REGION: westus2
AZURE_SUBSCRIPTION_ID: ${{ secrets.CI_AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ secrets.CI_AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.CI_AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.CI_AZURE_CLIENT_SECRET }}
GCP_B64ENCODED_CREDENTIALS: ${{ secrets.CI_GCP_B64ENCODED_CREDENTIALS }}
GCP_PROJECT: k0rdent-ci
GCP_REGION: us-east4
PUBLIC_REPO: ${{ needs.authorize.outputs.public_repo == 'true' }}
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ needs.lint-test.outputs.pr_merge_commit }}
- name: Check cloud providers presence
id: provider_check
uses: ./.github/actions/check-provider-in-config
with:
config: ${{ needs.authorize.outputs.config }}
- name: Set public registry env variables
if: ${{ steps.provider_check.outputs.cloud_present == 'true' && env.PUBLIC_REPO == 'true' }}
run: |
echo "REGISTRY_REPO=oci://ghcr.io/k0rdent/kcm/charts-ci" >> $GITHUB_ENV
echo "IMG=ghcr.io/k0rdent/kcm/controller-ci:${{ needs.lint-test.outputs.version }}" >> $GITHUB_ENV
echo "IMG_TELEMETRY=ghcr.io/k0rdent/kcm/telemetry-ci:${{ needs.lint-test.outputs.version }}" >> $GITHUB_ENV
- name: Check remote presence
id: remote_provider_check
uses: ./.github/actions/check-provider-in-config
with:
config: ${{ needs.authorize.outputs.config }}
provider: remote
- name: Check disk space and cleanup if too low
if: ${{ steps.provider_check.outputs.cloud_present == 'true' && steps.remote_provider_check.outputs.provider_present == 'true' }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
BRANCH: refs/heads/${{ github.event.pull_request.base.ref }}
shell: bash
run: |
SPACE=$(df --output=avail -BG / | tail -1 | tr -dc '0-9')
echo "Available space: ${SPACE}G"
if [ "$SPACE" -lt 5 ]; then
echo "::warning::Low disk space (${SPACE} GiB), skipping Go cache use and cleaning caches"
echo "USE_CACHE=false" >> $GITHUB_ENV
echo "Cleaning up GitHub Actions caches for PR: $BRANCH"
cacheKeysForPR=$(gh cache list --ref "$BRANCH" --limit 100 --json id --jq '.[].id')
set +e
for cacheKey in $cacheKeysForPR; do
echo "Deleting cache with ID: $cacheKey"
gh cache delete "$cacheKey"
done
echo "Cache cleanup complete"
else
echo "USE_CACHE=true" >> $GITHUB_ENV
fi
- name: Setup kubectl
if: steps.provider_check.outputs.cloud_present == 'true'
uses: azure/setup-kubectl@v5
- name: Setup Go and Cache
if: steps.provider_check.outputs.cloud_present == 'true'
uses: ./.github/actions/setup-go-cache
- name: Load testing configuration
if: ${{ steps.provider_check.outputs.cloud_present == 'true' }}
env:
E2E_CONFIG_B64: ${{ needs.authorize.outputs.config }}
run: |
make load-e2e-config
- name: Run E2E tests
if: steps.provider_check.outputs.cloud_present == 'true'
env:
# This would run all specs with 'provider:cloud' and 'mothership' labels.
# We want the mothership tests to be run by default but we don't want to
# set up a new mothership cluster (make test-e2e) just to run these tests
# so we bundle them together with cloud provider tests.
GINKGO_LABEL_FILTER: 'provider:cloud,mothership'
CLUSTER_DEPLOYMENT_PREFIX: ${{ needs.lint-test.outputs.clusterprefix }}
VERSION: ${{ needs.lint-test.outputs.version }}
SEGMENT_TOKEN: ${{ secrets.SEGMENT_TOKEN_DEV }}
run: make test-e2e
- name: Archive test results
uses: actions/upload-artifact@v7
if: ${{ steps.provider_check.outputs.cloud_present == 'true' && always() }}
with:
name: support-bundles
path: "/home/runner/work/kcm/kcm/support-bundle-*"
retention-days: 1
overwrite: true
provider-onprem-e2etest:
name: E2E On-Prem Providers
runs-on:
group: k0rdent-public
labels: [arc-runner-set-k0rdent-public]
if: ${{ contains( github.event.pull_request.labels.*.name, 'test e2e') && needs.authorize.outputs.config != '' }}
timeout-minutes: 540 # 9h, the default tests timeout is 6h
needs:
- lint-test
- authorize
- push-public
concurrency:
group: onprem-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
OS_AUTH_URL: ${{ secrets.CI_OS_AUTH_URL }}
OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.CI_OS_APPLICATION_CREDENTIAL_ID }}
OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.CI_OS_APPLICATION_CREDENTIAL_SECRET }}
OS_INTERFACE: public
OS_REGION_NAME: RegionOne
OS_IDENTITY_API_VERSION: 3
OS_AUTH_TYPE: v3applicationcredential
OPENSTACK_CONTROL_PLANE_MACHINE_FLAVOR: m1.medium
OPENSTACK_NODE_MACHINE_FLAVOR: m1.medium
OPENSTACK_IMAGE_NAME: ubuntu-24.04-x86_64
VSPHERE_USER: ${{ secrets.CI_VSPHERE_USER }}
VSPHERE_PASSWORD: ${{ secrets.CI_VSPHERE_PASSWORD }}
VSPHERE_SERVER: ${{ secrets.CI_VSPHERE_SERVER }}
VSPHERE_THUMBPRINT: ${{ secrets.CI_VSPHERE_THUMBPRINT }}
VSPHERE_DATACENTER: ${{ secrets.CI_VSPHERE_DATACENTER }}
VSPHERE_DATASTORE: ${{ secrets.CI_VSPHERE_DATASTORE }}
VSPHERE_RESOURCEPOOL: ${{ secrets.CI_VSPHERE_RESOURCEPOOL }}
VSPHERE_FOLDER: ${{ secrets.CI_VSPHERE_FOLDER }}
VSPHERE_CONTROL_PLANE_ENDPOINT: ${{ secrets.CI_VSPHERE_CONTROL_PLANE_ENDPOINT }}
VSPHERE_VM_TEMPLATE: ${{ secrets.CI_VSPHERE_VM_TEMPLATE }}
VSPHERE_NETWORK: ${{ secrets.CI_VSPHERE_NETWORK }}
VSPHERE_SSH_KEY: ${{ secrets.CI_VSPHERE_SSH_KEY }}
PUBLIC_REPO: ${{ needs.authorize.outputs.public_repo == 'true' }}
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ needs.lint-test.outputs.pr_merge_commit }}
- name: Check on-prem providers presence
id: provider_check
uses: ./.github/actions/check-provider-in-config
with:
config: ${{ needs.authorize.outputs.config }}
- name: Set public registry env variables
if: ${{ env.PUBLIC_REPO == 'true' }}
run: |
echo "REGISTRY_REPO=oci://ghcr.io/k0rdent/kcm/charts-ci" >> $GITHUB_ENV
echo "IMG=ghcr.io/k0rdent/kcm/controller-ci:${{ needs.lint-test.outputs.version }}" >> $GITHUB_ENV
echo "IMG_TELEMETRY=ghcr.io/k0rdent/kcm/telemetry-ci:${{ needs.lint-test.outputs.version }}" >> $GITHUB_ENV
- name: Setup Go and Cache
if: steps.provider_check.outputs.onprem_present == 'true'
# we do not want to use cache on the self-hosted runner
env:
USE_CACHE: false
uses: ./.github/actions/setup-go-cache
- name: Setup kubectl
if: steps.provider_check.outputs.onprem_present == 'true'
uses: azure/setup-kubectl@v5
- name: Load testing configuration
if: ${{ steps.provider_check.outputs.onprem_present == 'true' && needs.authorize.outputs.config != '' }}
env:
E2E_CONFIG_B64: ${{ needs.authorize.outputs.config }}
run: |
make load-e2e-config
- name: Run E2E tests
if: steps.provider_check.outputs.onprem_present == 'true'
env:
GINKGO_LABEL_FILTER: 'provider:onprem'
CLUSTER_DEPLOYMENT_PREFIX: ${{ needs.lint-test.outputs.clusterprefix }}
VERSION: ${{ needs.lint-test.outputs.version }}
SEGMENT_TOKEN: ${{ secrets.SEGMENT_TOKEN_DEV }}
run: make test-e2e
- name: Archive test results
uses: actions/upload-artifact@v7
if: ${{ steps.provider_check.outputs.onprem_present == 'true' && always() }}
with:
name: support-bundles
path: "/home/gh-runner/actions-runner/_work/kcm/kcm/support-bundle-*"
retention-days: 1
overwrite: true
- name: Cleanup go build and mod cache
if: steps.provider_check.outputs.onprem_present == 'true'
run: go clean -modcache -cache
cleanup:
name: Cleanup
needs:
- lint-test
- provider-cloud-e2etest
- authorize
runs-on: ubuntu-latest
if: ${{ always() && !contains(needs.provider-cloud-e2etest.result, 'skipped') && contains(needs.lint-test.result, 'success') }}
timeout-minutes: 15
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ needs.lint-test.outputs.pr_merge_commit }}
- name: Setup Go and Cache
uses: ./.github/actions/setup-go-cache
- name: Nuke AWS and Azure resources
env:
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: ${{ secrets.CI_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CI_AWS_SECRET_ACCESS_KEY }}
AZURE_REGION: westus2
AZURE_SUBSCRIPTION_ID: ${{ secrets.CI_AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ secrets.CI_AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.CI_AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.CI_AZURE_CLIENT_SECRET }}
CLUSTER_NAME: '${{ needs.lint-test.outputs.clusterprefix }}'
run: |
make dev-aws-nuke
make dev-azure-nuke