kong-operator/.github/workflows/__integration_tests.yaml at f0c9376cca6cf74715d60d57576c28c8c9d6e728 · Kong/kong-operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Integration tests

on:
  workflow_call:
    inputs:
      cluster_version:
        description: "The Kubernetes cluster version to use for envtest"
        type: string
        required: true

permissions:
  contents: read

env:
  MISE_VERBOSE: 1
  MISE_DEBUG: 1

jobs:
  integration-tests:
    timeout-minutes: ${{ fromJSON(vars.GHA_EXTENDED_TIMEOUT_MINUTES || 60) }}
    runs-on: ubuntu-latest
    name: ${{ format('{0} {1} {2}', matrix.suite, matrix.router_flavor, inputs.cluster_version) }}
    strategy:
      matrix:
        include:
          - suite: ko
          - suite: kic
          - suite: bluegreen
          - suite: validatingwebhook
            router_flavor: traditional_compatible
          - suite: validatingwebhook
            router_flavor: expressions
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
      with:
        egress-policy: audit
    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

    - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
      with:
        go-version-file: go.mod
        cache: false

    - uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3
      with:
        install: false

    - run: echo "GO_MOD_CACHE=$(go env GOMODCACHE)" >> $GITHUB_ENV
    - run: echo "GO_BUILD_CACHE=$(go env GOCACHE)" >> $GITHUB_ENV

    # Create cache keys just for the suite. Different e.g. flavors do not warrant
    # a separate cache since they all use the same dependencies, so we can save some
    # cache storage and increase hit rate by not including the router flavor in the key.
    #
    # bluegreen and ko suites are using the same dependencies, so we can use the same cache for them.
    - run: echo "GO_CACHE_KEY=go-integrationtests-${{ matrix.suite == 'bluegreen' && 'ko' || matrix.suite }}-${{ runner.os }}-${{ runner.arch }}-go-${{ hashFiles('**/go.mod') }}" >> $GITHUB_ENV
    - run: echo "GO_CACHE_KEY_2=go-integrationtests-${{ matrix.suite == 'bluegreen' && 'ko' || matrix.suite }}-${{ runner.os }}-${{ runner.arch }}-go-" >> $GITHUB_ENV

    - name: Go cache main branch
      if: ${{ github.ref == 'refs/heads/main' }}
      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
      with:
        path: |
          ${{ env.GO_MOD_CACHE }}
          ${{ env.GO_BUILD_CACHE }}
        key: ${{ env.GO_CACHE_KEY }}
        restore-keys: |
          ${{ env.GO_CACHE_KEY }}
          ${{ env.GO_CACHE_KEY_2 }}

    - name: Go cache (restore only for non-main branches)
      if: ${{ github.ref != 'refs/heads/main' }}
      uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
      with:
        path: |
          ${{ env.GO_MOD_CACHE }}
          ${{ env.GO_BUILD_CACHE }}
        key: ${{ env.GO_CACHE_KEY }}
        restore-keys: |
          ${{ env.GO_CACHE_KEY }}
          ${{ env.GO_CACHE_KEY_2 }}

    - name: install and start tcpdump capture
      run: |
        cat /proc/net/tcp
        lsof -i tcp
        ss -tnpo state established
        sudo tcpdump -i any 'dst port 443' -w /tmp/capture-${{ matrix.suite }}-${{ matrix.router_flavor }}.pcap &
        echo $! > /tmp/tcpdump.pid

    - name: run integration tests
      run: make test.integration-${{ matrix.suite }}
      env:
        KONG_PLUGIN_IMAGE_REGISTRY_CREDENTIALS: ${{ secrets.KONG_PLUGIN_IMAGE_REGISTRY_CREDENTIALS }}
        KONG_CONTROLLER_OUT: stdout
        GOTESTSUM_JUNITFILE: "integration-tests-${{ matrix.suite }}-${{ matrix.router_flavor }}.xml"
        KONG_TEST_KONNECT_ACCESS_TOKEN: ${{ secrets.KONG_TEST_KONNECT_ACCESS_TOKEN }}
        KONG_TEST_KONNECT_SERVER_URL: us.api.konghq.tech
        KONG_CLUSTER_VERSION: ${{ inputs.cluster_version }}
        # This is needed for ktf to find latest releases of addons.
        # This could be changed so that ktf addons have their versions pinned
        # in the test Makefile instead.
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: stop tcpdump capture
      if: always()
      run: |
        cat /proc/net/tcp
        lsof -i tcp
        ss -tnpo state established
        if [ -f /tmp/tcpdump.pid ]; then
          sudo kill "$(cat /tmp/tcpdump.pid)" || true
          sleep 2
        fi

    - name: upload pcap capture
      if: failure()
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: pcap-integration-${{ matrix.suite }}-${{ matrix.router_flavor }}
        path: /tmp/capture-${{ matrix.suite }}-${{ matrix.router_flavor }}.pcap
        if-no-files-found: ignore

    - name: upload diagnostics
      if: always()
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: diagnostics-integration-${{ matrix.suite }}
        path: /tmp/ktf-diag*
        if-no-files-found: ignore

    - name: collect test coverage
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: ${{ matrix.suite }}-coverage-integration
        path: coverage.integration.${{ matrix.suite }}-${{ matrix.router_flavor }}.out

    - name: collect test report
      if: ${{ always() }}
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: ${{ matrix.suite }}-tests-report-integration
        path: integration-tests-${{ matrix.suite }}-${{ matrix.router_flavor }}.xml