feat: rbac config access #3318
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| pull_request: | |
| name: Test | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Install Go | |
| uses: buildjet/setup-go@555ce355a95ff01018ffcf8fbbd9c44654db8374 # v5 | |
| with: | |
| go-version: 1.25.x | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| .bin | |
| key: cache-${{ hashFiles('**/go.sum') }}-${{ hashFiles('.bin/*') }} | |
| restore-keys: | | |
| cache- | |
| - name: Test | |
| run: make test | |
| e2e: | |
| runs-on: ubuntu-latest | |
| services: | |
| loki: | |
| image: grafana/loki:3.5.1 | |
| ports: | |
| - 3100:3100 | |
| options: >- | |
| --health-cmd "wget --no-verbose --tries=1 --spider http://localhost:3100/ready || exit 1" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| opensearch: | |
| image: opensearchproject/opensearch:2.11.1 | |
| ports: | |
| - 9200:9200 | |
| - 9600:9600 | |
| env: | |
| discovery.type: single-node | |
| plugins.security.disabled: true | |
| bootstrap.memory_lock: true | |
| OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m | |
| options: >- | |
| --health-cmd "curl -f http://localhost:9200/_cluster/health || exit 1" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| --health-start-period 30s | |
| --ulimit memlock=-1:-1 | |
| --ulimit nofile=65536:65536 | |
| steps: | |
| - name: Install Go | |
| uses: buildjet/setup-go@555ce355a95ff01018ffcf8fbbd9c44654db8374 # v5 | |
| with: | |
| go-version: 1.25.x | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| .bin | |
| key: cache-${{ hashFiles('**/go.sum') }}-${{ hashFiles('.bin/*') }} | |
| restore-keys: | | |
| cache- | |
| - name: E2E Test | |
| run: | | |
| make ginkgo | |
| ginkgo -r tests/e2e/ | |
| env: | |
| DUTY_DB_DISABLE_RLS: 'true' | |
| LOKI_URL: http://localhost:3100 | |
| OPENSEARCH_URL: http://localhost:9200 | |
| test-prod: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Install Go | |
| uses: buildjet/setup-go@555ce355a95ff01018ffcf8fbbd9c44654db8374 # v5 | |
| with: | |
| go-version: 1.25.x | |
| - name: Install Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1 | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| .bin | |
| key: cache-${{ hashFiles('**/go.sum') }}-${{ hashFiles('.bin/*') }} | |
| restore-keys: | | |
| cache- | |
| - name: Test | |
| run: make test-prod | |
| test-clickhouse: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Free up disk space | |
| run: | | |
| initial_space=$(df / | grep / | awk '{print $4}') | |
| sudo docker system prune -af | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /usr/local/lib/android | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /usr/local/share/boost | |
| sudo rm -rf $AGENT_TOOLSDIRECTORY | |
| sudo rm -rf /opt/hostedtoolcache | |
| final_space=$(df / | grep / | awk '{print $4}') | |
| difference=$((final_space - initial_space)) | |
| echo "Disk space difference (in KB): $difference" | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Kubernetes KinD Cluster | |
| uses: container-tools/kind-action@0ad70e2299366b0e1552c7240f4e4567148f723e # v2 | |
| - name: Install Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| - name: Verify cluster is ready | |
| run: | | |
| echo "Waiting for cluster to be ready..." | |
| kubectl wait --for=condition=Ready nodes --all --timeout=300s | |
| kubectl get nodes | |
| kubectl get pods -A | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: ./build/Dockerfile | |
| push: true | |
| tags: localhost:5000/flanksource/config-db:latest | |
| - name: Package helm chart | |
| run: | | |
| helm dependency build ./chart | |
| helm package ./chart --version 1.0.0 | |
| - name: Install Helm chart | |
| run: | | |
| helm install config-db config-db-1.0.0.tgz \ | |
| --namespace default \ | |
| --set clickhouse.enabled=true \ | |
| --set imageRegistry="kind-registry:5000" | |
| - name: Check pod status | |
| run: | | |
| sleep 60 | |
| kubectl get pods | |
| kubectl describe pods | |
| sleep 60 | |
| kubectl get pods | |
| kubectl describe pods | |
| - name: Run clickhouse fixture | |
| run: | | |
| kubectl cp fixtures/clickhouse.yaml config-db-0:/app/clickhouse.yaml | |
| kubectl exec -it config-db-0 -- /app/config-db run /app/clickhouse.yaml | |
| test-load: | |
| if: false # disabled for now | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Install Go | |
| uses: buildjet/setup-go@555ce355a95ff01018ffcf8fbbd9c44654db8374 # v5 | |
| with: | |
| go-version: 1.25.x | |
| - name: Setup kubernetes cluster | |
| uses: container-tools/kind-action@0ad70e2299366b0e1552c7240f4e4567148f723e # v2 | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| .bin | |
| key: cache-${{ hashFiles('**/go.sum') }}-${{ hashFiles('.bin/*') }} | |
| restore-keys: | | |
| cache- | |
| - name: Test | |
| run: make test-load |