Skip to content
.github/workflows/ccm-integration-tests.yml

ci: skip integration tests if CLOUDSCALE_API_TOKEN is missing #391

Sign in to view logs

ci: skip integration tests if CLOUDSCALE_API_TOKEN is missing

ci: skip integration tests if CLOUDSCALE_API_TOKEN is missing #391

Workflow file for this run

.github/workflows/ccm-integration-tests.yml at af8413c
name: CCM Integration Tests

Check failure on line 1 in .github/workflows/ccm-integration-tests.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/ccm-integration-tests.yml

Invalid workflow file 

(Line: 128, Col: 9): Unrecognized named-value: 'secrets'. Located at position 46 within expression: github.event_name == 'workflow_dispatch' || 
secrets.CLOUDSCALE_API_TOKEN != ''
on:
push:
branches:
- main
pull_request:
# Allow to run this workflow manually from the Actions tab
workflow_dispatch:
# Run this regularly, to get integration tests results against new
# Kubernetes releases.
schedule:
- cron: '15 3 * * *'
permissions:
contents: read
env:
GO_VERSION: 1.25
jobs:
lint:
name: "Run Linters"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
go-version: '${{ env.GO_VERSION }}'
- name: Restore cache
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with:
path: |
~/.cache/golangci-lint
~/.cache/go-build
key: lint-${{ hashFiles('go.mod') }}
- name: Install go tools
run: go mod tidy -modfile tool.mod
- name: Run Linter
run: make lint
- name: Save cache
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with:
path: |
~/.cache/golangci-lint
~/.cache/go-build
key: lint-${{ hashFiles('go.mod') }}
unit:
name: "Run Unit Tests"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
with:
go-version: '${{ env.GO_VERSION }}'
- name: Run Unit Tests
run: make test
test-matrix:
name: "Get Kubernetes Releases"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- name: "Generate Test Matrix"
id: list
run: 'echo "tests=$(helpers/test-matrix)" >> $GITHUB_OUTPUT'
outputs:
tests: ${{ steps.list.outputs.tests }}
build-image:
name: "Build Container Image"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- name: Evaluate image name
run: 'helpers/image-from-ref >> $GITHUB_ENV'
- name: Build image
run: 'docker build --platform=linux/amd64 --tag "$IMAGE" .'
- name: Export image
run: 'docker image save "$IMAGE" -o image.tar'
- name: Store hash
run: 'shasum -a 256 image.tar | tee image.tar.sha256'
- name: Store image
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: tested-image
path: |
image.tar
image.tar.sha256
retention-days: 30d
integration:
name: "Kubernetes ${{ matrix.kubernetes }}"
runs-on: ubuntu-latest
# Skip integration tests if the API token is missing (e.g., Dependabot or forks).
# Admins can manually trigger this job for a specific branch via the 'Actions' tab
# using 'workflow_dispatch' after reviewing the code changes.
if: |
github.event_name == 'workflow_dispatch' ||
secrets.CLOUDSCALE_API_TOKEN != ''
needs:
- lint
- unit
- test-matrix
- build-image
strategy:
fail-fast: false
max-parallel: 1
matrix:
include: "${{ fromJson(needs.test-matrix.outputs.tests) }}"
env:
CLOUDSCALE_API_TOKEN: ${{ secrets.CLOUDSCALE_API_TOKEN }}
HTTP_ECHO_BRANCH: ${{ vars.HTTP_ECHO_BRANCH }}
KUBERNETES: '${{ matrix.kubernetes }}'
SUBNET: '${{ matrix.subnet }}'
CLUSTER_PREFIX: '${{ matrix.cluster_prefix }}'
IMAGE_SOURCE: import
# Prevent integration tests from running in parallel. Ideally this should
# be seuqential, but that won't work due to the following issue:
#
# https://github.com/orgs/community/discussions/5435
#
# Instead we ensure that only one integration test per supported version
# is run at any given time.
concurrency:
group: integration-${{ matrix.kubernetes }}
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- name: Load image
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: tested-image
- name: Validate hash
run: 'shasum --check image.tar.sha256'
- uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
with:
go-version: '${{ env.GO_VERSION }}'
- name: Evaluate image name
run: 'helpers/image-from-ref >> $GITHUB_ENV'
- name: Cleanup Leftovers
if: always()
run: helpers/cleanup
- name: Create Test Cluster
run: helpers/run-in-test-cluster
- name: Wait For CCM Startup
run: sleep 60
- name: Run Integration Tests
run: make integration
- name: Wait For Kubernetes-Internal Cleanup
if: always()
run: sleep 30
- name: Destroy Test Cluster
if: always()
run: helpers/cleanup
validate-workflows:
name: Validate GitHub Workflows
runs-on: ubuntu-latest
# More Information:
# https://github.com/zizmorcore/zizmor-action?tab=readme-ov-file#usage-with-github-advanced-security-recommended
#
# Use `uvx zizmor .github/` for a local preview using the latest zizmor version.
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- name: Run zizmor 🌈
uses: zizmorcore/zizmor-action@e639db99335bc9038abc0e066dfcd72e23d26fb4 # v0.3.0