tests

tests, branch:3011/merge, triggered by @tao12345666333 #12635

Workflow file for this run

	name: tests
	run-name: tests, branch:${{ github.ref_name }}, triggered by @${{ github.actor }}

	concurrency:
	# Run only for most recent commit in PRs but for all tags and commits on main
	# Ref: https://docs.github.com/en/actions/using-jobs/using-concurrency
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.sha }}
	cancel-in-progress: true

	on:
	merge_group:
	branches:
	- 'main'
	pull_request:
	branches:
	- '**'
	- 'release/*'
	push:
	branches:
	- 'main'
	- 'release/*'
	tags:
	- '*'
	workflow_dispatch: {}

	# NOTE: Some jobs add GITHUB_API_TOKEN env so that some mise plugins which
	# download GitHub release assets can access GitHub's API authenticated and thus
	# not get rate-limited (which causes failures).

	# NOTE: Some jobs require GITHUB_TOKEN env which is used by mise itself to access
	# GitHub's API authenticated and thus not get rate-limited (which causes failures).
	# Ref: https://mise.jdx.dev/getting-started.html#github-api-rate-limiting.
	#
	# Recent versions of mise started to also accept MISE_GITHUB_TOKEN as an alternative to
	# GITHUB_TOKEN. That env var is set by the mise-action automatically.

	permissions:
	contents: read
	attestations: read

	env:
	MISE_VERBOSE: 1

	jobs:
	check-docs-only:
	runs-on: ubuntu-latest
	outputs:
	docs_only: ${{ steps.check-files.outputs.docs_only }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	with:
	fetch-depth: 0
	- id: check-files
	name: Check if only documentation files changed
	run: ./scripts/check-docs-only-changes.sh ${{ github.event.pull_request.base.sha \|\| 'HEAD~1' }} ${{ github.sha }}

	ensure-actions-sha-pin:
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- uses: zgosalvez/github-actions-ensure-sha-pinned-actions@6124774845927d14c601359ab8138699fa5b70c3 # v4.0.1

	ossf-scorecard:
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	# Ref: https://github.com/ossf/scorecard
	- run: \|
	GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
	REPO=github.com/${{ github.repository }} \
	COMMIT=${{ github.sha }} \
	make docker.run.openssf

	lint:
	runs-on: ubuntu-latest
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: Checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: Setup go
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: run lint
	env:
	# Our .golangci.yaml has fix: true, but we don't want that in CI therefore the below override.
	GOLANGCI_LINT_FLAGS: "--fix=false"
	run: make lint

	- name: run lint.api
	run: make lint.api

	- name: run lint.actions
	run: make lint.actions

	lint-markdownlint:
	runs-on: ubuntu-latest
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: Setup go
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: run lint.markdownlint
	run: make lint.markdownlint

	govulncheck:
	runs-on: ubuntu-latest
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: Checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- name: Setup go
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod
	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false
	- run: make govulncheck

	verify:
	runs-on: ubuntu-latest
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: Checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: Setup go
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: Verify manifests consistency
	run: make verify.manifests

	- name: Verify generators consistency
	uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
	with:
	timeout_minutes: 8
	max_attempts: 3
	retry_wait_seconds: 30
	command: make verify.generators

	matrix_k8s_node_versions:
	runs-on: ubuntu-latest
	outputs:
	matrix: ${{ steps.set-matrix.outputs.matrix }}
	latest: ${{ steps.set-latest.outputs.latest }}
	steps:
	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- id: set-matrix
	run: \|
	(
	echo 'matrix<<EOF'
	yq eval -o=json '.' .github/supported_k8s_node_versions.yaml
	echo 'EOF'
	) >> "${GITHUB_OUTPUT}"
	- id: set-latest
	run: \|
	(
	echo 'latest<<EOF'
	yq eval -r -o=json '. \| sort \| reverse \| .[0]' .github/supported_k8s_node_versions.yaml
	echo 'EOF'
	) >> "${GITHUB_OUTPUT}"

	samples:
	runs-on: ubuntu-latest
	needs:
	- check-docs-only
	- matrix_k8s_node_versions
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: Checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: Setup go
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- name: Create k8s KinD Cluster
	uses: helm/kind-action@92086f6be054225fa813e0a4b13787fc9088faab # v1.13.0
	with:
	# NOTE: default is 0.29.0 https://github.com/helm/kind-action/blob/a1b0e391336a6ee6713a0583f8c6240d70863de3/kind.sh#L21
	# so bump this manually
	version: v0.30.0
	node_image: kindest/node:${{ needs.matrix_k8s_node_versions.outputs.latest }}

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	# We use install.all to install all CRDs and resources also the ones that are not bundled
	# in base kustomization (e.g. currently AIGateway) but which have samples defined.
	- name: Verify installing CRDs via kustomize works
	run: make install.all

	- name: Install and delete each sample one by one
	run: make test.samples

	- name: Verify that uninstalling operator CRDs via kustomize works
	run: make ignore-not-found=true uninstall.all

	install-with-kustomize:
	runs-on: ubuntu-latest
	needs:
	- check-docs-only
	- matrix_k8s_node_versions
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	env:
	IMG: kong-operator
	TAG: e2e-${{ github.sha }}
	CLUSTER_NAME: install-with-kustomize
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: Checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: Setup go
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- name: build docker image
	run: make docker.build

	- name: Create k8s KinD Cluster
	uses: helm/kind-action@92086f6be054225fa813e0a4b13787fc9088faab # v1.13.0
	with:
	cluster_name: ${{ env.CLUSTER_NAME }}
	# NOTE: default is 0.29.0 https://github.com/helm/kind-action/blob/a1b0e391336a6ee6713a0583f8c6240d70863de3/kind.sh#L21
	# so bump this manually
	version: v0.30.0
	node_image: kindest/node:${{ needs.matrix_k8s_node_versions.outputs.latest }}

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: Verify installing CRDs via kustomize works
	run: make install

	- name: Load image to kind cluster
	run: kind load docker-image kong-operator:e2e-${{ github.sha }} --name $CLUSTER_NAME

	- name: Verify deploying operator via kustomize works
	env:
	IMG: kong-operator
	VERSION: e2e-${{ github.sha }}
	run: make deploy

	- name: Verify that undeploying operator via kustomize works
	run: make undeploy

	- name: Verify that uninstalling operator CRDs via kustomize works
	run: make ignore-not-found=true uninstall

	build:
	runs-on: ubuntu-latest
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: setup golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- run: make build.operator

	- name: Test the binary by running it with -version flag
	run: ./bin/manager -version \| ./scripts/verify-version.sh ${{ github.repository }}

	unit-tests:
	runs-on: ubuntu-latest
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: setup golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: run unit tests
	run: make test.unit
	env:
	KONG_PLUGIN_IMAGE_REGISTRY_CREDENTIALS: ${{ secrets.KONG_PLUGIN_IMAGE_REGISTRY_CREDENTIALS }}
	GOTESTSUM_JUNITFILE: "unit-tests.xml"

	- name: collect test coverage
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: coverage-unit-tests
	path: coverage.unit.out

	- name: collect test report
	if: ${{ always() }}
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: tests-report-unit-tests
	path: unit-tests.xml

	CRDs:
	runs-on: ubuntu-latest
	needs:
	- check-docs-only
	- matrix_k8s_node_versions
	strategy:
	matrix:
	kubernetes-node-version: ${{ fromJson(needs.matrix_k8s_node_versions.outputs.matrix) }}
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: Run the crds validation tests
	run: \|
	VERSION="${{ matrix.kubernetes-node-version }}"
	# Remove leading 'v'
	VERSION="${VERSION#v}"
	# Remove patch number as envtest releases are not provided for every patch version
	VERSION="${VERSION%.*}"
	echo "Cluster version: $VERSION"
	make test.crds-validation CLUSTER_VERSION=${VERSION}

	- name: Run the API tests
	run: make test.api

	envtest-tests:
	runs-on: ubuntu-latest
	needs:
	- check-docs-only
	- matrix_k8s_node_versions
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	strategy:
	matrix:
	directory:
	- ingress-controller
	- .
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: setup golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master @ 20250107
	id: license
	with:
	op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

	- name: run envtest tests
	env:
	KONG_LICENSE_DATA: ${{ steps.license.outputs.license }}
	GOTESTSUM_JUNITFILE: "${{ matrix.directory }}/envtest-tests.xml"
	run: \|
	VERSION="${{ needs.matrix_k8s_node_versions.outputs.latest }}"
	# Remove leading 'v'
	VERSION="${VERSION#v}"
	# Remove patch number as envtest releases are not provided for every patch version
	VERSION="${VERSION%.*}"
	echo "Cluster version: $VERSION"
	make test.envtest CLUSTER_VERSION=${VERSION} TEST_DIR=${{ matrix.directory }}

	- name: collect test coverage
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: ${{ matrix.directory == '.' && 'ko' \|\| matrix.directory }}-coverage-envtest-tests
	path: ${{ matrix.directory }}/coverage.envtest.out

	- name: collect test report
	if: ${{ always() }}
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: ${{ matrix.directory == '.' && 'ko' \|\| matrix.directory }}-tests-report-envtest-tests
	path: ${{ matrix.directory }}/envtest-tests.xml

	kongintegration-tests:
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	uses: ./.github/workflows/_kongintegration_tests.yaml
	secrets: inherit

	conformance-tests:
	runs-on: ubuntu-latest
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	strategy:
	fail-fast: false
	matrix:
	include:
	- router-flavor: traditional_compatible
	- router-flavor: expressions
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	with:
	# Fetch all history so that we can get the correct commit hash for the conformance tests.
	fetch-depth: 0

	- name: setup golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: run conformance tests
	run: make test.conformance
	env:
	GOTESTSUM_JUNITFILE: conformance-tests-${{ matrix.router-flavor }}.xml
	TEST_KONG_ROUTER_FLAVOR: ${{ matrix.router-flavor }}

	- name: upload diagnostics
	if: ${{ always() }}
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: diagnostics-conformance-${{ matrix.router-flavor }}
	path: /tmp/ktf-diag*
	if-no-files-found: ignore

	- name: collect test report
	if: ${{ always() }}
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: tests-report-conformance-${{ matrix.router-flavor }}
	path: conformance-tests-${{ matrix.router-flavor }}.xml

	- name: collect conformance report
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: conformance-report-${{ matrix.router-flavor }}
	path: experimental-*-report.yaml

	- name: upload controller logs
	if: ${{ always() }}
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: controller-logs-${{ matrix.router-flavor }}
	path: /tmp/kong-operator-controller-logs*
	if-no-files-found: error

	integration-tests:
	runs-on: ubuntu-latest
	name: integration-tests
	needs:
	- check-docs-only
	- matrix_k8s_node_versions
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	strategy:
	matrix:
	directory:
	- ingress-controller
	- .
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: setup golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: run integration tests
	working-directory: ${{ matrix.directory }}
	run: make test.integration
	env:
	KONG_PLUGIN_IMAGE_REGISTRY_CREDENTIALS: ${{ secrets.KONG_PLUGIN_IMAGE_REGISTRY_CREDENTIALS }}
	KONG_CONTROLLER_OUT: stdout
	GOTESTSUM_JUNITFILE: "${{ matrix.directory }}/integration-tests.xml"
	KONG_TEST_KONNECT_ACCESS_TOKEN: ${{ secrets.KONG_TEST_KONNECT_ACCESS_TOKEN }}
	KONG_TEST_KONNECT_SERVER_URL: us.api.konghq.tech
	KONG_CLUSTER_VERSION: ${{ needs.matrix_k8s_node_versions.outputs.latest }}

	- name: upload diagnostics
	if: always()
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: diagnostics-integration-${{ matrix.directory }}
	path: /tmp/ktf-diag*
	if-no-files-found: ignore

	- name: collect test coverage
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: ${{ matrix.directory == '.' && 'ko' \|\| matrix.directory }}-coverage-integration
	path: ${{ matrix.directory }}/coverage.integration.out

	- name: collect test report
	if: ${{ always() }}
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: ${{ matrix.directory == '.' && 'ko' \|\| matrix.directory }}-tests-report-integration
	path: ${{ matrix.directory }}/integration-tests.xml

	integration-tests-validating-webhook:
	runs-on: ubuntu-latest
	needs:
	- check-docs-only
	- matrix_k8s_node_versions
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: setup golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: run integration tests
	run: make test.integration_validatingwebhook
	env:
	KONG_CONTROLLER_OUT: stdout
	GOTESTSUM_JUNITFILE: integration-tests.xml
	KONG_CLUSTER_VERSION: ${{ needs.matrix_k8s_node_versions.outputs.latest }}

	- name: upload diagnostics
	if: always()
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: diagnostics-integration-validating-webhook
	path: /tmp/ktf-diag*
	if-no-files-found: ignore

	- name: collect test coverage
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: coverage-integration-validating-webhook
	path: coverage.integration-validatingwebhook.out

	- name: collect test report
	if: always()
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: tests-report-integration-validating-webhook
	path: integration-tests.xml

	integration-tests-bluegreen:
	runs-on: ubuntu-latest
	name: integration-tests-bluegreen
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: setup golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: run integration tests
	run: make test.integration_bluegreen
	env:
	KONG_CONTROLLER_OUT: stdout
	GOTESTSUM_JUNITFILE: integration-tests-bluegreen.xml
	KONG_TEST_KONNECT_ACCESS_TOKEN: ${{ secrets.KONG_TEST_KONNECT_ACCESS_TOKEN }}
	KONG_TEST_KONNECT_SERVER_URL: us.api.konghq.tech

	- name: upload diagnostics
	if: always()
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: diagnostics-integration-bluegreen
	path: /tmp/ktf-diag*
	if-no-files-found: ignore

	- name: collect test coverage
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: coverage-integration-bluegreen
	path: coverage.integration-bluegreen.out

	- name: collect test report
	if: always()
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: tests-report-integration-bluegreen
	path: integration-tests-bluegreen.xml

	e2e-tests:
	runs-on: ubuntu-latest
	needs: [check-docs-only]
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	with:
	fetch-depth: 0

	- name: setup golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- name: build docker image
	env:
	IMG: kong-operator
	TAG: e2e-${{ github.sha }}
	run: make docker.build

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: run e2e tests
	run: make test.e2e
	env:
	KONG_TEST_KONG_OPERATOR_IMAGE_LOAD: kong-operator:e2e-${{ github.sha }}
	GOTESTSUM_JUNITFILE: "e2e-tests.xml"

	- name: upload diagnostics
	if: always()
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: diagnostics-e2e
	path: /tmp/ktf-diag*
	if-no-files-found: ignore

	- name: collect test report
	if: ${{ always() }}
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: tests-report-e2e
	path: e2e-tests.xml

	e2e-tests-chainsaw:
	runs-on: ubuntu-latest
	needs:
	- check-docs-only
	- matrix_k8s_node_versions
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	env:
	IMG: kong-operator
	TAG: e2e-${{ github.sha }}
	CLUSTER_NAME: e2e-chainsaw
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: setup golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: go.mod

	- name: build docker image
	run: make docker.build

	- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
	with:
	install: false

	- name: Create k8s KinD Cluster with ktf
	run: \|
	go install github.com/kong/kubernetes-testing-framework/cmd/ktf@latest
	ktf environments create --name ${{ env.CLUSTER_NAME }} --addon metallb --addon cert-manager

	- name: Load image to kind cluster
	run: kind load docker-image ${{ env.IMG }}:${{ env.TAG }} --name ${{ env.CLUSTER_NAME }}

	- name: Deploy operator with Helm
	run: \|
	helm install kong-operator charts/kong-operator \
	--namespace kong-system \
	--create-namespace \
	--set image.repository=${{ env.IMG }} \
	--set image.tag=${{ env.TAG }} \
	--set env.enable_controller_konnect=true \
	--wait

	- name: run chainsaw e2e tests
	run: make test.e2e.chainsaw
	env:
	KONNECT_TOKEN: ${{ secrets.KONG_TEST_KONNECT_ACCESS_TOKEN }}
	KONNECT_SERVER_URL: us.api.konghq.tech
	TEST_ID: ${{ github.run_id }}

	buildpulse-report:
	needs:
	- check-docs-only
	- unit-tests
	- envtest-tests
	- integration-tests
	- conformance-tests
	- e2e-tests
	if: ${{ always() && needs.check-docs-only.outputs.docs_only != 'true' }}
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit

	- name: checkout repository
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: download tests report
	id: download-coverage
	uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
	with:
	pattern: tests-report*
	path: report
	merge-multiple: true

	- name: Upload test results to BuildPulse for flaky test detection
	if: ${{ !cancelled() }}
	uses: buildpulse/buildpulse-action@d4d8e00c645a2e3db0419a43664bbcf868080234 # v0.12.0
	with:
	account: 962416
	repository: 477814940
	path: report/*.xml
	key: ${{ secrets.BUILDPULSE_ACCESS_KEY_ID }}
	secret: ${{ secrets.BUILDPULSE_SECRET_ACCESS_KEY }}

	# We need this step to fail the workflow if any of the previous steps failed or were cancelled.
	# It allows to use this particular job as a required check for PRs.
	# Ref: https://github.com/orgs/community/discussions/26822#discussioncomment-3305794
	passed:
	runs-on: ubuntu-latest
	needs:
	- check-docs-only
	- ensure-actions-sha-pin
	- ossf-scorecard
	- lint
	- lint-markdownlint
	- govulncheck
	- verify
	- samples
	- install-with-kustomize
	- build
	- CRDs
	- unit-tests
	- envtest-tests
	- kongintegration-tests
	- conformance-tests
	- integration-tests
	- integration-tests-bluegreen
	- integration-tests-validating-webhook
	- e2e-tests
	# TODO: reenable when chainsaw e2e tests are stable
	# https://github.com/Kong/kong-operator/issues/2960
	# - e2e-tests-chainsaw
	- buildpulse-report
	if: always()
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- name: Check if docs-only changes
	run: \|
	if [[ "${{ needs.check-docs-only.outputs.docs_only }}" == "true" ]]; then
	echo "Only documentation files were changed, skipping tests"
	exit 0
	fi

	- name: Check test results
	if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }}
	run: \|
	if [[ "${{ contains(needs..result, 'failure') \|\| contains(needs..result, 'cancelled') }}" == "true" ]]; then
	echo "Some jobs failed or were cancelled."
	exit 1
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

tests, branch:3011/merge, triggered by @tao12345666333 #12635

Workflow file

tests, branch:3011/merge, triggered by @tao12345666333 #12635

Uh oh!

Workflow file for this run