charts tests, branch:3011/merge, triggered by @tao12345666333 #7053
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: charts tests | |
| run-name: charts tests, branch:${{ github.ref_name }}, triggered by @${{ github.actor }} | |
| concurrency: | |
| # Run only for most recent commit in PRs but for all tags and commits on main | |
| # Ref: https://docs.github.com/en/actions/using-jobs/using-concurrency | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.sha }} | |
| cancel-in-progress: true | |
| on: | |
| merge_group: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| branches: | |
| - '**' | |
| - 'release/*' | |
| push: | |
| branches: | |
| - 'main' | |
| - 'release/*' | |
| tags: | |
| - '*' | |
| workflow_dispatch: {} | |
| # NOTE: Some jobs require GITHUB_TOKEN env which is used by mise itself to access | |
| # GitHub's API authenticated and thus not get rate-limited (which causes failures). | |
| # Ref: https://mise.jdx.dev/getting-started.html#github-api-rate-limiting. | |
| # | |
| # Recent versions of mise started to also accept MISE_GITHUB_TOKEN as an alternative to | |
| # GITHUB_TOKEN. That env var is set by the mise-action automatically. | |
| permissions: | |
| contents: read | |
| attestations: read | |
| env: | |
| MISE_VERBOSE: 1 | |
| MISE_DEBUG: 1 | |
| # Specify this here because these tests rely on ktf to run kind for cluster creation. | |
| # renovate: datasource=github-releases depName=kubernetes-sigs/kind | |
| KIND_VERSION: "0.30.0" | |
| jobs: | |
| check-docs-only: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| docs_only: ${{ steps.check-files.outputs.docs_only }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - id: check-files | |
| name: Check if only documentation files changed | |
| run: ./scripts/check-docs-only-changes.sh ${{ github.event.pull_request.base.sha || 'HEAD~1' }} ${{ github.sha }} | |
| generate: | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-latest | |
| needs: [check-docs-only] | |
| if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Setup go | |
| uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: go.mod | |
| - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 | |
| with: | |
| install: false | |
| - name: Run manifests.charts | |
| run: make manifests.charts | |
| - name: Check generated files for diff | |
| run: make verify.diff | |
| lint: | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-latest | |
| needs: [check-docs-only] | |
| if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 | |
| with: | |
| install: false | |
| - name: Run linters | |
| run: make lint.charts | |
| matrix_k8s_node_versions: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - id: set-matrix | |
| run: | | |
| ( | |
| echo 'matrix<<EOF' | |
| yq eval -o=json '.' .github/supported_k8s_node_versions.yaml | |
| echo 'EOF' | |
| ) >> "${GITHUB_OUTPUT}" | |
| lint-test: | |
| timeout-minutes: 30 | |
| needs: | |
| - check-docs-only | |
| - matrix_k8s_node_versions | |
| if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| kubernetes-node-version: ${{ fromJson(needs.matrix_k8s_node_versions.outputs.matrix) }} | |
| chart-name: | |
| - kong-operator | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 | |
| with: | |
| install: false | |
| - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 | |
| with: | |
| python-version: "3.13" | |
| - uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 | |
| with: | |
| # Specify version to get https://github.com/helm/chart-testing/pull/721 | |
| # --wait flag to helm uninstall | |
| # Can be removed when action is updated to use chart-testing >= 3.13.0 | |
| # | |
| # renovate: datasource=github-releases depName=helm/chart-testing | |
| version: "3.14.0" | |
| - name: Run chart-testing (lint) | |
| run: ct lint --target-branch main --check-version-increment=false | |
| - name: setup testing environment (kind-cluster) | |
| env: | |
| KUBERNETES_VERSION: ${{ matrix.kubernetes-node-version }} | |
| CHART_NAME: ${{ matrix.chart-name }} | |
| run: ./scripts/charts-test-env.sh | |
| - name: Install cert-manager | |
| run: make install.helm.cert-manager | |
| - name: Run chart-testing (install) | |
| run: | | |
| kubectl create ns kong-test | |
| make install.helm.cert-manager | |
| make test.charts.ct.install CHART_NAME=${{ matrix.chart-name}} | |
| # No need to delete the ns the cluster is scrapped after the job anyway. | |
| golden-tests: | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-latest | |
| name: golden-tests | |
| needs: [check-docs-only] | |
| if: ${{ needs.check-docs-only.outputs.docs_only != 'true' }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 | |
| with: | |
| install: false | |
| - name: run golden tests | |
| run: make test.charts.golden | |
| # Workaround to allow checking the matrix tests as required tests without adding the individual cases | |
| # Ref: https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 | |
| charts-passed: | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-latest | |
| needs: | |
| - check-docs-only | |
| - generate | |
| - lint | |
| - lint-test | |
| - golden-tests | |
| if: always() | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Check if docs-only changes | |
| run: | | |
| if [[ "${{ needs.check-docs-only.outputs.docs_only }}" == "true" ]]; then | |
| echo "Only documentation files were changed, skipping charts tests" | |
| exit 0 | |
| fi | |
| - name: Check test results | |
| if: ${{ needs.check-docs-only.outputs.docs_only != 'true' && (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) }} | |
| run: | | |
| echo "Some jobs failed or were cancelled." | |
| exit 1 |