kong-operator/.github/workflows/__integration_tests.yaml at 05fef3accbca2d6b63876b765ddc0a910e7c07fa · Kong/kong-operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Integration tests

on:
  workflow_call:
    inputs:
      cluster_version:
        description: "The Kubernetes cluster version to use for envtest"
        type: string
        required: true

permissions:
  contents: read

env:
  MISE_VERBOSE: 1
  MISE_DEBUG: 1

jobs:
  integration-tests:
    timeout-minutes: ${{ fromJSON(vars.GHA_EXTENDED_TIMEOUT_MINUTES || 60) }}
    runs-on: ubuntu-latest
    name: ${{ format('{0} {1} {2}', matrix.suite, matrix.router_flavor, inputs.cluster_version) }}
    strategy:
      matrix:
        include:
          - suite: ko
          - suite: kic
          - suite: bluegreen
          - suite: validatingwebhook
            router_flavor: traditional_compatible
          - suite: validatingwebhook
            router_flavor: expressions
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
      with:
        egress-policy: audit
    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

    - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
      with:
        go-version-file: go.mod
        cache: false

    - uses: jdx/mise-action@c1ecc8f748cd28cdeabf76dab3cccde4ce692fe4 # v4.0.0
      with:
        install: false

    - run: echo "GO_MOD_CACHE=$(go env GOMODCACHE)" >> $GITHUB_ENV
    - run: echo "GO_BUILD_CACHE=$(go env GOCACHE)" >> $GITHUB_ENV

    # Create cache keys just for the suite. Different e.g. flavors do not warrant
    # a separate cache since they all use the same dependencies, so we can save some
    # cache storage and increase hit rate by not including the router flavor in the key.
    #
    # bluegreen and ko suites are using the same dependencies, so we can use the same cache for them.
    - run: echo "GO_CACHE_KEY=go-integrationtests-${{ matrix.suite == 'bluegreen' && 'ko' || matrix.suite }}-${{ runner.os }}-${{ runner.arch }}-go-${{ hashFiles('**/go.mod') }}" >> $GITHUB_ENV
    - run: echo "GO_CACHE_KEY_2=go-integrationtests-${{ matrix.suite == 'bluegreen' && 'ko' || matrix.suite }}-${{ runner.os }}-${{ runner.arch }}-go-" >> $GITHUB_ENV

    - name: Go cache main branch
      if: ${{ github.ref == 'refs/heads/main' }}
      uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7
      with:
        path: |
          ${{ env.GO_MOD_CACHE }}
          ${{ env.GO_BUILD_CACHE }}
        key: ${{ env.GO_CACHE_KEY }}
        restore-keys: |
          ${{ env.GO_CACHE_KEY }}
          ${{ env.GO_CACHE_KEY_2 }}

    - name: Go cache (restore only for non-main branches)
      if: ${{ github.ref != 'refs/heads/main' }}
      uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7
      with:
        path: |
          ${{ env.GO_MOD_CACHE }}
          ${{ env.GO_BUILD_CACHE }}
        key: ${{ env.GO_CACHE_KEY }}
        restore-keys: |
          ${{ env.GO_CACHE_KEY }}
          ${{ env.GO_CACHE_KEY_2 }}

    - name: start tcpdump capture
      run: |
        sudo tcpdump -i any 'dst port 443' -w /tmp/capture-${{ matrix.suite }}-${{ matrix.router_flavor }}.pcap &
        echo $! > /tmp/tcpdump.pid

    - name: run integration tests
      run: make test.integration-${{ matrix.suite }}
      env:
        KONG_PLUGIN_IMAGE_REGISTRY_CREDENTIALS: ${{ secrets.KONG_PLUGIN_IMAGE_REGISTRY_CREDENTIALS }}
        KONG_CONTROLLER_OUT: stdout
        GOTESTSUM_JUNITFILE: "integration-tests-${{ matrix.suite }}-${{ matrix.router_flavor }}.xml"
        KONG_TEST_KONNECT_ACCESS_TOKEN: ${{ secrets.KONG_TEST_KONNECT_ACCESS_TOKEN }}
        KONG_TEST_KONNECT_SERVER_URL: us.api.konghq.tech
        KONG_CLUSTER_VERSION: ${{ inputs.cluster_version }}
        # This is needed for ktf to find latest releases of addons.
        # This could be changed so that ktf addons have their versions pinned
        # in the test Makefile instead.
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: stop tcpdump capture
      if: always()
      run: |
        if [ -f /tmp/tcpdump.pid ]; then
          sudo kill "$(cat /tmp/tcpdump.pid)" || true
        fi

    - name: upload pcap capture
      if: failure()
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: pcap-integration-${{ matrix.suite }}-${{ matrix.router_flavor }}
        path: /tmp/capture-${{ matrix.suite }}-${{ matrix.router_flavor }}.pcap
        if-no-files-found: ignore

    - name: upload diagnostics
      if: always()
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: diagnostics-integration-${{ matrix.suite }}
        path: /tmp/ktf-diag*
        if-no-files-found: ignore

    - name: collect test coverage
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: ${{ matrix.suite }}-coverage-integration
        path: coverage.integration.${{ matrix.suite }}-${{ matrix.router_flavor }}.out

    - name: collect test report
      if: ${{ always() }}
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: ${{ matrix.suite }}-tests-report-integration
        path: integration-tests-${{ matrix.suite }}-${{ matrix.router_flavor }}.xml