deps: update camunda-platform-images (patch) #49631
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Basic test for maintenance Camunda 8 Helm charts. | |
| name: "Test - Chart Version" | |
| on: | |
| pull_request: | |
| merge_group: | |
| types: [checks_requested] | |
| workflow_dispatch: | |
| inputs: | |
| manual-trigger: | |
| description: "Manual trigger" | |
| required: false | |
| default: "none" | |
| type: choice | |
| options: | |
| - none | |
| - "all" | |
| - "8.4" | |
| - "8.5" | |
| - "8.6" | |
| - "8.7" | |
| - "8.8" | |
| - "8.9" | |
| - "8.10" | |
| run-all-e2e-tests: | |
| description: "Run all E2E tests (playwright)" | |
| required: false | |
| default: false | |
| type: boolean | |
| platforms: | |
| description: The deployment cloud platform | |
| default: "gke" | |
| required: false | |
| type: choice | |
| options: | |
| - gke | |
| - eks | |
| - rosa | |
| - gke,eks | |
| flows: | |
| description: The flows to run | |
| default: "" | |
| required: false | |
| type: choice | |
| options: | |
| - install | |
| - upgrade-patch | |
| - upgrade-minor | |
| - install,upgrade-patch | |
| - install,upgrade-minor | |
| - install,upgrade-patch,upgrade-minor | |
| e2e-enabled: | |
| description: | | |
| Whether to run the end-to-end tests (playwright). | |
| Note: The full test suite is changing often. This might not work. We need to change the ways of working between the application teams, distro and QA. | |
| required: false | |
| default: true | |
| type: boolean | |
| deployment-ttl: | |
| description: | | |
| The deployment time-to-live, after which it will be automatically deleted. | |
| Examples: "30m", "1h", "2h", "1d". | |
| required: false | |
| default: "" | |
| type: string | |
| scenario: | |
| description: Scenario | |
| required: false | |
| default: "elasticsearch" | |
| type: choice | |
| options: | |
| - all | |
| - elasticsearch | |
| - elasticsearch-arm | |
| - elasticsearch-basic | |
| - gateway-keycloak | |
| - keycloak-mt | |
| - keycloak-original | |
| - keycloak-rba | |
| - oidc | |
| - opensearch | |
| - upgrade-migration | |
| test-enabled: | |
| description: Whether to run the IT tests | |
| required: false | |
| default: true | |
| type: boolean | |
| always-delete-namespace: | |
| description: Always delete the namespace after the test run. To make sure we clean up the namespace even after a workflow is cancelled, we need to set the ttl to something. This causes a conflict with always deleting the namespace as now the empty ttl cannot be used to trigger a deletion. This flag now performs that function. | |
| default: true | |
| type: boolean | |
| required: false | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.run_id }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| id-token: write | |
| deployments: write | |
| packages: read | |
| statuses: write | |
| jobs: | |
| init: | |
| name: Generate chart matrix | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.annotate-cache.outputs.matrix || steps.generate-chart-versions.outputs.matrix || steps.empty-matrix.outputs.matrix }} | |
| camunda-versions: ${{ steps.generate-chart-versions.outputs.camunda-versions || steps.empty-matrix.outputs.camunda-versions }} | |
| workspace: ${{ github.workspace }} | |
| pr-head-sha: ${{ steps.resolve-pr-sha.outputs.pr-head-sha }} | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| # Detect whether any chart/CI-relevant files changed. On non-PR events | |
| # (merge_group, workflow_dispatch) we always consider changes present. | |
| - name: Detect relevant file changes | |
| id: changes | |
| if: github.event_name == 'pull_request' | |
| uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 | |
| with: | |
| filters: | | |
| charts: | |
| - '.github/workflows/chart-validate-template.yaml' | |
| - '.github/workflows/test-unit-template.yaml' | |
| - '.github/workflows/test-integration-runner.yaml' | |
| - '.github/workflows/test-integration-template.yaml' | |
| - '.github/workflows/test-chart-version-template.yaml' | |
| - '.github/workflows/test-chart-version.yaml' | |
| - '.github/config/external-secret/**' | |
| - 'scripts/**' | |
| - '.tool-versions' | |
| - 'charts/camunda-platform-8*/**' | |
| - '!charts/camunda-platform-8*/*.md' | |
| - '!charts/camunda-platform-8*/*.MD' | |
| - '!charts/camunda-platform-8*/*.txt' | |
| # Short-circuit: if no relevant files changed, emit empty matrix and skip | |
| # all downstream jobs. CI Gate (if: always()) still reports success. | |
| - name: Emit empty matrix (no relevant changes) | |
| id: empty-matrix | |
| if: github.event_name == 'pull_request' && steps.changes.outputs.charts != 'true' | |
| run: | | |
| echo "No chart/CI files changed — emitting empty matrix." | |
| echo 'matrix={"include":[]}' >> "$GITHUB_OUTPUT" | |
| echo 'camunda-versions=[]' >> "$GITHUB_OUTPUT" | |
| - name: Generate chart versions | |
| id: generate-chart-versions | |
| if: github.event_name != 'pull_request' || steps.changes.outputs.charts == 'true' | |
| uses: ./.github/actions/generate-chart-matrix | |
| with: | |
| manual-trigger: ${{ github.event.inputs.manual-trigger }} | |
| manual-scenario: ${{ github.event.inputs.scenario || 'none' }} | |
| manual-flow: ${{ github.event.inputs.flows || 'none' }} | |
| tier: ${{ github.event_name == 'pull_request' && '1' || '' }} | |
| # Resolve PR HEAD SHA for cache operations. | |
| # - pull_request: directly available from event context | |
| # - merge_group: extract PR number from head_ref and query API | |
| - name: Resolve PR HEAD SHA | |
| id: resolve-pr-sha | |
| if: github.event_name == 'merge_group' || github.event_name == 'pull_request' | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| echo "pr-head-sha=${{ github.event.pull_request.head.sha }}" >> "$GITHUB_OUTPUT" | |
| elif [[ "${{ github.event_name }}" == "merge_group" ]]; then | |
| PR_NUM=$(echo "${{ github.event.merge_group.head_ref }}" | grep -oP 'pr-\K\d+') | |
| if [[ -n "$PR_NUM" ]]; then | |
| SHA=$(gh pr view "$PR_NUM" --json headRefOid -q .headRefOid) | |
| echo "pr-head-sha=${SHA}" >> "$GITHUB_OUTPUT" | |
| echo "Resolved PR #${PR_NUM} HEAD SHA: ${SHA}" | |
| else | |
| echo "Warning: could not extract PR number from merge_group head_ref" | |
| echo "pr-head-sha=" >> "$GITHUB_OUTPUT" | |
| fi | |
| fi | |
| # Annotate matrix with cache status (merge_group only). | |
| # Scenarios that already passed for the same content hash are marked cached=true | |
| # and will be routed to a fast-path job, skipping the full GKE deploy+test cycle. | |
| - name: Setup Go for cache annotation | |
| if: github.event_name == 'merge_group' && steps.resolve-pr-sha.outputs.pr-head-sha != '' | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 | |
| with: | |
| go-version-file: scripts/ci-result-cache/go.mod | |
| cache: true | |
| cache-dependency-path: scripts/ci-result-cache/go.sum | |
| - name: Annotate matrix with cache status | |
| id: annotate-cache | |
| if: github.event_name == 'merge_group' && steps.resolve-pr-sha.outputs.pr-head-sha != '' | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| GITHUB_REPOSITORY: ${{ github.repository }} | |
| run: | | |
| cd scripts/ci-result-cache && go build -o /tmp/ci-result-cache . | |
| ANNOTATED=$(echo '${{ steps.generate-chart-versions.outputs.matrix }}' | \ | |
| /tmp/ci-result-cache annotate-matrix \ | |
| --sha "${{ steps.resolve-pr-sha.outputs.pr-head-sha }}" \ | |
| --repo-root "${{ github.workspace }}") | |
| echo "matrix=${ANNOTATED}" >> "$GITHUB_OUTPUT" | |
| unit-testing: | |
| if: ${{ needs.init.outputs.camunda-versions != '[]' && !contains(github.head_ref, 'release-please--branches--') }} | |
| name: ${{ matrix.version }} - Unit Test | |
| needs: [init] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: ${{ fromJson(needs.init.outputs.camunda-versions) }} | |
| uses: ./.github/workflows/test-unit-template.yaml | |
| with: | |
| identifier: "${{ github.event.pull_request.number || github.ref }}-unit-${{ matrix.version }}" | |
| camunda-helm-dir: "camunda-platform-${{ matrix.version }}" | |
| camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}" | |
| validation: | |
| if: ${{ needs.init.outputs.camunda-versions != '[]' }} | |
| name: ${{ matrix.version }} - Validation | |
| needs: [init] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: ${{ fromJson(needs.init.outputs.camunda-versions) }} | |
| uses: ./.github/workflows/chart-validate-template.yaml | |
| with: | |
| identifier: "${{ github.event.pull_request.number || github.ref }}-vald-${{ matrix.version }}" | |
| camunda-helm-dir: "camunda-platform-${{ matrix.version }}" | |
| camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}" | |
| kind-testing: | |
| if: ${{ needs.init.outputs.camunda-versions != '[]' && !contains(github.head_ref, 'release-please--branches--') }} | |
| name: Local cluster - KIND ${{ matrix.version }} | |
| needs: [init, validation] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: ${{ fromJson(needs.init.outputs.camunda-versions) }} | |
| permissions: | |
| contents: read | |
| secrets: inherit | |
| uses: ./.github/workflows/test-local-template.yaml | |
| with: | |
| identifier: "${{ github.event.pull_request.number || github.ref }}-loc-${{ matrix.version }}" | |
| camunda-helm-dir: "camunda-platform-${{ matrix.version }}" | |
| camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}" | |
| integration-tests: | |
| # Skip integration tests for Renovate image/digest PRs - these images are already | |
| # validated by AlwaysGreen before publishing. Only golden file updates are needed. | |
| # Also skip on empty matrix; without this gate the matrix produces zero jobs and | |
| # report-cla-status.needs.integration-tests resolves as a failed dependency on merge_group. | |
| if: >- | |
| ${{ | |
| needs.init.outputs.camunda-versions != '[]' && | |
| !contains(github.head_ref, 'release-please--branches--') && | |
| !(startsWith(github.head_ref, 'renovate/') && ( | |
| contains(github.head_ref, 'camunda-platform-images') || | |
| contains(github.head_ref, 'camunda-platform-digests') | |
| )) | |
| }} | |
| name: ${{ matrix.version }} - ${{ matrix.shortname }} - ${{ matrix.flow }} - ${{ matrix.case }} - ${{ inputs.platforms || 'gke' }} | |
| needs: [init] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.init.outputs.matrix) }} | |
| uses: ./.github/workflows/test-chart-version-template.yaml | |
| secrets: inherit | |
| with: | |
| pr-number: ${{ github.event.pull_request.number || matrix.flow }} | |
| camunda-version: ${{ matrix.version }} | |
| case: ${{ matrix.case }} | |
| scenario: ${{ matrix.scenario }} | |
| shortname: ${{ matrix.shortname }} | |
| auth: ${{ matrix.auth }} | |
| platforms: ${{ inputs.platforms || matrix.platforms || 'gke' }} | |
| exclude: ${{ matrix.exclude }} | |
| e2e-enabled: ${{ inputs.e2e-enabled || true }} | |
| run-all-e2e-tests: ${{ inputs.run-all-e2e-tests || false }} # The full test suite is changing often. This might not work. We need to change the ways of working between the applciation teams, distro and QA | |
| flows: ${{ matrix.flow }} | |
| deployment-ttl: ${{ inputs.deployment-ttl }} | |
| camunda-version-previous: ${{ matrix.camundaVersionPrevious }} | |
| test-enabled: ${{ inputs.test-enabled || true }} | |
| always-delete-namespace: ${{ inputs.always-delete-namespace || true }} | |
| infra-type-gke: ${{ matrix.infraTypeGke || 'preemptible' }} | |
| infra-type-eks: ${{ matrix.infraTypeEks || 'preemptible' }} | |
| # Selection + composition model fields from CI matrix | |
| test-identity: ${{ matrix.identity }} | |
| test-persistence: ${{ matrix.persistence }} | |
| test-features: ${{ matrix.features }} | |
| test-qa: ${{ matrix.qa == 'true' }} | |
| test-upgrade: ${{ matrix.upgrade == 'true' }} | |
| skip-e2e: ${{ matrix.skipE2E == 'true' }} | |
| skip-it: ${{ matrix.skipIT == 'true' }} | |
| helm-version: ${{ matrix.helmVersion }} | |
| cached: ${{ matrix.cached == 'true' }} | |
| pr-head-sha: ${{ needs.init.outputs.pr-head-sha }} | |
| # Aggregation gate job that fails if any CI job fails. | |
| # Add this job's name ("CI Gate") to the ruleset's required status checks | |
| # so the merge queue will not merge PRs with broken CI. | |
| ci-gate: | |
| name: "CI Gate" | |
| if: always() | |
| needs: [init, unit-testing, validation, kind-testing, integration-tests] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check job results | |
| run: | | |
| results=( | |
| "${{ needs.init.result }}" | |
| "${{ needs.unit-testing.result }}" | |
| "${{ needs.validation.result }}" | |
| "${{ needs.kind-testing.result }}" | |
| "${{ needs.integration-tests.result }}" | |
| ) | |
| for result in "${results[@]}"; do | |
| if [[ "$result" == "failure" || "$result" == "cancelled" ]]; then | |
| echo "::error::Required job reported: $result" | |
| exit 1 | |
| fi | |
| done | |
| echo "All required jobs passed (or were skipped)." | |
| # Report license/cla commit status on merge queue commits. | |
| # The CLA bot only reports on pull_request events; the merge queue creates | |
| # ephemeral commits that never receive the status. This job bridges that gap | |
| # by immediately reporting success — the CLA was already verified on the PR. | |
| report-cla-status: | |
| name: "Report CLA status" | |
| if: ${{ github.event_name == 'merge_group' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Report license/cla status | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh api "repos/${{ github.repository }}/statuses/${{ github.sha }}" \ | |
| -f state="success" \ | |
| -f context="license/cla" \ | |
| -f description="Contributor License Agreement is signed." \ | |
| -f target_url="https://cla-assistant.io/${{ github.repository }}" | |