chore(deps): update helm release cert-manager to v1.19.3 #749
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Basic Tests | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| defaults: | |
| run: | |
| shell: bash -el {0} | |
| jobs: | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.x | |
| - uses: pre-commit/action@v3.0.1 | |
| - uses: pre-commit-ci/lite-action@v1.1.0 | |
| if: always() | |
| update-diagram: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: prefix-dev/setup-pixi@v0.9.3 | |
| with: | |
| cache: false | |
| environments: diagram | |
| - name: Run generate-diagram | |
| run: pixi run generate-diagram | |
| - name: download-current | |
| run: curl -L -o diagram-current.png https://diracx-docs-static.s3.cern.ch/assets/images/admin/explanations/architecture_diragram.png | |
| - name: compare-diagrams | |
| run: | | |
| normalized=$(pixi run -e diagram magick compare -metric SSIM diagram-current.png architecture_diagram.png null 2>&1 | grep -oP '(?<=\()[\d.]+(?=\))') | |
| echo "The difference between the diagrams is: ${normalized}" | |
| if [ "$(echo "$normalized < 0.02" | bc -l)" -eq 1 ]; then | |
| echo "Images are very similar" | |
| else | |
| echo "Images are different" | |
| exit 1 | |
| fi | |
| - name: upload-image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: architeture-diagram | |
| path: architecture_diagram.png | |
| if: ${{ failure() }} | |
| run-demo: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Start demo | |
| run: | | |
| ./run_demo.sh --exit-when-done | |
| - name: Modify refresh token expiry and upgrade | |
| run: | | |
| # Modify the values.yaml to change the refresh token expiry | |
| sed -i 's/DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES: "[0-9]*"/DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES: "12345"/' .demo/values.yaml | |
| # Run helm upgrade to apply the changes | |
| export KUBECONFIG=$PWD/.demo/kube.conf | |
| export HELM_DATA_HOME=$PWD/.demo/helm_data | |
| $PWD/.demo/helm upgrade --debug diracx-demo $PWD/diracx --values .demo/values.yaml | |
| - name: Verify environment variable is set correctly | |
| run: | | |
| export KUBECONFIG=$PWD/.demo/kube.conf | |
| # Wait for the deployment to be ready after upgrade | |
| $PWD/.demo/kubectl rollout status deployment/diracx-demo --timeout=300s | |
| # Get the environment variable value from the deployment | |
| env_value=$(.demo/kubectl exec deployments/diracx-demo -c diracx -- env | grep DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES | awk -F '=' {'print $NF'}) | |
| if [ "$env_value" != "12345" ]; then | |
| echo "ERROR: Environment variable DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES is not set to 12345, got: $env_value" | |
| exit 1 | |
| fi | |
| echo "SUCCESS: Environment variable DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES is correctly set to 12345" | |
| - name: Debugging information | |
| run: | | |
| export KUBECONFIG=$PWD/.demo/kube.conf | |
| .demo/kubectl get pods | |
| for pod_name in $(.demo/kubectl get pods -o json | jq -r '.items[] | .metadata.name' | grep -vE '(dex|minio|mysql|rabbitmq|opensearch)'); do | |
| echo "${pod_name}" | |
| .demo/kubectl describe pod/"${pod_name}" || true | |
| for container_name in $(.demo/kubectl get pods $pod_name -o jsonpath='{.spec.initContainers[*].name} {.spec.containers[*].name}'); do | |
| echo $pod_name $container_name | |
| .demo/kubectl logs "${pod_name}" -c "${container_name}" || true | |
| done | |
| done | |
| - name: Check for success | |
| run: | | |
| if [ ! -f ".demo/.success" ]; then | |
| echo "Demo failed" | |
| cat ".demo/.failed" | |
| exit 1 | |
| fi | |
| # Same as run-demo except mount the sources inside the container | |
| run-demo-mount-sources: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Clone source | |
| run: | | |
| git clone https://github.com/DIRACGrid/diracx.git /tmp/diracx | |
| git clone https://github.com/DIRACGrid/diracx-web.git /tmp/diracx-web | |
| git clone https://github.com/DIRACGrid/DIRAC.git /tmp/DIRAC | |
| # We have to copy the code to another directory | |
| # and make it a git repository by itself because otherwise the | |
| # root in the pyproject do not make sense once mounted | |
| # in the containers. | |
| # The directory needs to be named after the module, | |
| # otherwise the script will try to mount it in a location which | |
| # kubernetes does not expect, and we get an error | |
| cp -r /tmp/DIRAC/dirac-common /tmp/DIRACCommon | |
| sed -i 's@\.\.@.@g' /tmp/DIRACCommon/pyproject.toml | |
| git init /tmp/DIRACCommon/ | |
| git config --global user.email "so_annoying@example.com" | |
| git config --global user.name "so_annoying" | |
| git -C /tmp/DIRACCommon add . | |
| git -C /tmp/DIRACCommon commit -m 'init' | |
| # We need a tag with a big version because the diracx packages | |
| # specify a minimal DIRACCommon version. So for pip to resolve | |
| # that, we need a large number | |
| git -C /tmp/DIRACCommon tag -a 99.99.99 -m 99.99.99 | |
| - name: Start demo | |
| run: | | |
| ./run_demo.sh --exit-when-done --ci-values demo/ci_values.yaml /tmp/diracx /tmp/DIRACCommon/ /tmp/diracx-web | |
| - name: Modify refresh token expiry and upgrade | |
| run: | | |
| # Modify the values.yaml to change the refresh token expiry | |
| sed -i 's/DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES: "[0-9]*"/DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES: "12345"/' .demo/values.yaml | |
| # Run helm upgrade to apply the changes | |
| export KUBECONFIG=$PWD/.demo/kube.conf | |
| export HELM_DATA_HOME=$PWD/.demo/helm_data | |
| $PWD/.demo/helm upgrade --debug diracx-demo $PWD/diracx --values .demo/values.yaml | |
| - name: Verify environment variable is set correctly | |
| run: | | |
| export KUBECONFIG=$PWD/.demo/kube.conf | |
| # Wait for the deployment to be ready after upgrade | |
| $PWD/.demo/kubectl rollout status deployment/diracx-demo --timeout=300s | |
| # Get the environment variable value from the deployment | |
| env_value=$(.demo/kubectl exec deployments/diracx-demo -c diracx -- env | grep DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES | awk -F '=' {'print $NF'}) | |
| if [ "$env_value" != "12345" ]; then | |
| echo "ERROR: Environment variable DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES is not set to 12345, got: $env_value" | |
| exit 1 | |
| fi | |
| echo "SUCCESS: Environment variable DIRACX_SERVICE_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES is correctly set to 12345" | |
| - name: Debugging information | |
| run: | | |
| export KUBECONFIG=$PWD/.demo/kube.conf | |
| .demo/kubectl get pods | |
| for pod_name in $(.demo/kubectl get pods -o json | jq -r '.items[] | .metadata.name' | grep -vE '(dex|minio|mysql|rabbitmq|opensearch)'); do | |
| echo "${pod_name}" | |
| .demo/kubectl describe pod/"${pod_name}" || true | |
| for container_name in $(.demo/kubectl get pods $pod_name -o jsonpath='{.spec.initContainers[*].name} {.spec.containers[*].name}'); do | |
| echo $pod_name $container_name | |
| .demo/kubectl logs "${pod_name}" -c "${container_name}" || true | |
| done | |
| done | |
| - name: Check for success | |
| run: | | |
| if [ ! -f ".demo/.success" ]; then | |
| echo "Demo failed" | |
| cat ".demo/.failed" | |
| exit 1 | |
| fi |