EVEREST-1502 | Remove admin policy from ConfigMap, hard-code it and load it internally #2469
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: API CI | |
| on: | |
| push: | |
| paths-ignore: | |
| - 'ui/**' | |
| - '.github/workflows/dev-fe-ci.yaml' | |
| branches: | |
| - main | |
| pull_request: | |
| paths-ignore: | |
| - 'ui/**' | |
| - '.github/workflows/dev-fe-ci.yaml' | |
| permissions: | |
| contents: read | |
| packages: write | |
| checks: write | |
| pull-requests: write | |
| jobs: | |
| test: | |
| name: Test | |
| timeout-minutes: 10 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go-version: [ 1.22.x ] | |
| may-fail: [ false ] | |
| continue-on-error: ${{ matrix.may-fail }} | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Set up Go release | |
| uses: percona-platform/setup-go@v4 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Set GO_VERSION environment variable | |
| run: | | |
| go version | |
| echo "GO_VERSION=$(go version)" >> $GITHUB_ENV | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Enable Go modules cache | |
| uses: percona-platform/cache@v3 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ matrix.os }}-go-${{ matrix.go-version }}-modules-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-modules- | |
| - name: Enable Go build cache | |
| uses: percona-platform/cache@v3 | |
| with: | |
| path: ~/.cache/go-build | |
| key: ${{ matrix.os }}-go-${{ matrix.go-version }}-build-${{ github.ref }}-${{ hashFiles('**') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-build-${{ github.ref }}- | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-build- | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Install development tools | |
| run: make init | |
| - name: Generate code | |
| run: make gen | |
| - name: Install binaries | |
| run: make build | |
| - name: Run tests | |
| run: | | |
| go clean -testcache | |
| make test-crosscover | |
| - name: Check that there are no source code changes | |
| run: | | |
| # Break job if any files were changed during its run (code generation, etc), except go.sum. | |
| # `go mod tidy` could remove old checksums from that file, and that's okay on CI, | |
| # and actually expected for PRs made by @dependabot. | |
| # Checksums of actually used modules are checked by previous `go` subcommands. | |
| pushd tools && go mod tidy -v && git checkout go.sum | |
| popd && go mod tidy -v && git checkout go.sum | |
| git diff --exit-code | |
| - name: Run debug commands on failure | |
| if: ${{ failure() }} | |
| run: | | |
| env | |
| go version | |
| go env | |
| pwd | |
| git status | |
| check: | |
| name: Check | |
| timeout-minutes: 10 | |
| if: github.event_name == 'pull_request' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go-version: [1.22.x] | |
| may-fail: [false] | |
| continue-on-error: ${{ matrix.may-fail }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go release | |
| if: matrix.go-version != 'tip' | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Set up Go tip | |
| if: matrix.go-version == 'tip' | |
| run: | | |
| git clone --depth=1 https://go.googlesource.com/go $HOME/gotip | |
| cd $HOME/gotip/src | |
| ./make.bash | |
| echo "GOROOT=$HOME/gotip" >> $GITHUB_ENV | |
| echo "$HOME/gotip/bin" >> $GITHUB_PATH | |
| - name: Set GO_VERSION environment variable | |
| run: | | |
| go version | |
| echo "GO_VERSION=$(go version)" >> $GITHUB_ENV | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Enable Go modules cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ matrix.os }}-go-${{ matrix.go-version }}-modules-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-modules- | |
| - name: Enable Go build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/go-build | |
| key: ${{ matrix.os }}-go-${{ matrix.go-version }}-build-${{ github.ref }}-${{ hashFiles('**') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-build-${{ github.ref }}- | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-build- | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Install tools | |
| run: make init | |
| - name: Run linters | |
| run: | | |
| bin/golangci-lint run --new --out-format=line-number | env REVIEWDOG_GITHUB_API_TOKEN=${{ secrets.GITHUB_TOKEN }} bin/reviewdog -f=golangci-lint -reporter=github-pr-review -filter-mode=nofilter -fail-on-error=true | |
| - name: Check that there are no source code changes | |
| run: | | |
| make format | |
| pushd tools && go mod tidy -v | |
| popd && go mod tidy -v | |
| git status | |
| git diff --exit-code | |
| - name: Check the Makefile references dev version | |
| run: | | |
| if ! grep -q "RELEASE_VERSION ?= v0.0.0" Makefile; then | |
| echo "default RELEASE_VERSION in Makefile should be 0.0.0" | |
| exit 1 | |
| fi | |
| - name: Check the quickstart script references dev version | |
| run: | | |
| if ! grep -q "perconalab/everest:0.0.0" deploy/quickstart-k8s.yaml; then | |
| echo "deploy/quickstart-k8s.yaml should reference 0.0.0 version" | |
| exit 1 | |
| fi | |
| - name: Run debug commands on failure | |
| if: ${{ failure() }} | |
| run: | | |
| env | |
| go version | |
| go env | |
| pwd | |
| git status | |
| integration_tests_api: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go-version: [ 1.22.x ] | |
| may-fail: [ false ] | |
| name: API Integration Tests | |
| runs-on: ubuntu-20.04 | |
| env: | |
| PERCONA_VERSION_SERVICE_URL: https://check-dev.percona.com/versions/v1 | |
| steps: | |
| - name: Set up Go release | |
| uses: percona-platform/setup-go@v4 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Set GO_VERSION environment variable | |
| run: | | |
| go version | |
| echo "GO_VERSION=$(go version)" >> $GITHUB_ENV | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Enable Go modules cache | |
| uses: percona-platform/cache@v3 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ matrix.os }}-go-${{ matrix.go-version }}-modules-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-modules- | |
| - name: Enable Go build cache | |
| uses: percona-platform/cache@v3 | |
| with: | |
| path: ~/.cache/go-build | |
| key: ${{ matrix.os }}-go-${{ matrix.go-version }}-build-${{ github.ref }}-${{ hashFiles('**') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-build-${{ github.ref }}- | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-build- | |
| - name: Start local Kubernetes cluster with the local registry | |
| uses: medyagh/setup-minikube@latest | |
| id: minikube | |
| with: | |
| cpus: 2 | |
| memory: 2000m | |
| addons: registry | |
| insecure-registry: 'localhost:5000' | |
| - name: Expose local registry | |
| run: | | |
| kubectl port-forward --namespace kube-system service/registry 5000:80 & | |
| - name: Build Everest API Server | |
| run: | | |
| CGO_ENABLED=0 GOOS=linux GOARCH=amd64 make build-debug | |
| - name: Build Everest docker container | |
| uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: localhost:5000/perconalab/everest | |
| tags: | |
| 0.0.0 | |
| - name: Build and Push everest dev image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| # We need to have Everest CRDs available before running provisioning and everest API Server | |
| # to have an ability to create monitoring configs and use them during the provisioning as | |
| # a mock pmm server without running a real PMM. | |
| - name: Install everest operator without Everest | |
| run: | | |
| kubectl create ns everest-system | |
| kubectl create ns everest-monitoring | |
| curl https://github.com/percona/everest-operator/main/deploy/bundle.yaml -o bundle.yaml | |
| sed -i "s/namespace: everest-operator-system/namespace: everest-system/g" bundle.yaml | |
| kubectl -n everest-system apply -f bundle.yaml | |
| # We create a dummy monitoring instance so we can enable monitoring during provisioning | |
| # without having to install PMM. | |
| - name: Create a monitoring instance | |
| run: | | |
| cat <<EOF | kubectl apply -f - | |
| kind: Secret | |
| apiVersion: v1 | |
| metadata: | |
| name: pmm-local | |
| namespace: everest-monitoring | |
| type: Opaque | |
| stringData: | |
| "apiKey": "dummy-key" | |
| EOF | |
| cat <<EOF | kubectl apply -f - | |
| kind: MonitoringConfig | |
| apiVersion: everest.percona.com/v1alpha1 | |
| metadata: | |
| name: pmm-local | |
| namespace: everest-monitoring | |
| spec: | |
| type: pmm | |
| credentialsSecretName: pmm-local | |
| pmm: | |
| url: http://localhost | |
| image: percona/pmm-client:2 | |
| EOF | |
| - name: Provision Everest using CLI | |
| shell: bash | |
| run: | | |
| make build-cli | |
| ./bin/everestctl install -v \ | |
| --version 0.0.0 \ | |
| --version-metadata-url https://check-dev.percona.com \ | |
| --operator.mongodb \ | |
| --operator.postgresql \ | |
| --operator.xtradb-cluster \ | |
| --skip-wizard \ | |
| --namespaces everest | |
| - name: Patch Everest Deployment to use the PR image | |
| run: | | |
| kubectl -n everest-system patch deployment percona-everest --type strategic --patch-file dev/patch-deployment-image.yaml | |
| kubectl -n everest-system rollout status deploy/percona-everest --timeout=120s | |
| kubectl patch sub everest-operator -n everest-system -p ' | |
| [{ | |
| "op": "add", | |
| "path": "/spec/config/env/-", | |
| "value": { | |
| "name": "PERCONA_VERSION_SERVICE_URL", | |
| "value": "https://check-dev.percona.com/versions/v1" | |
| } | |
| }]' --type=json | |
| - name: Expose Everest API Server | |
| run: | | |
| kubectl port-forward --namespace everest-system deployment/percona-everest 8080:8080 & | |
| - name: Create Everest test user | |
| run: | | |
| ./bin/everestctl accounts create -u everest_ci -p password | |
| echo "API_TOKEN=$(curl --location -s 'localhost:8080/v1/session' --header 'Content-Type: application/json' --data '{"username": "everest_ci","password": "password"}' | jq -r .token)" >> $GITHUB_ENV | |
| - name: Add CI user to admin role | |
| run: | | |
| kubectl patch configmap everest-rbac -n everest-system --patch "$(kubectl get configmap everest-rbac -n everest-system -o json | jq '.data["policy.csv"] += "\ng, everest_ci, admin:role"' | jq '{data: { "policy.csv": .data["policy.csv"] } }')" | |
| kubectl get configmap everest-rbac -n everest-system -ojsonpath='{.data.policy\.csv}' | |
| - name: Run integration tests | |
| run: | | |
| cd api-tests | |
| make init | |
| make test | |
| - name: Run debug commands on failure | |
| if: ${{ failure() }} | |
| run: | | |
| kubectl -n everest-system describe pods | |
| kubectl -n everest-monitoring describe pods | |
| kubectl -n everest describe pods | |
| kubectl -n everest-system logs deploy/percona-everest | |
| - name: Everest - run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@0.24.0 | |
| with: | |
| image-ref: "localhost:5000/perconalab/everest:0.0.0" | |
| format: 'table' | |
| severity: 'CRITICAL,HIGH' | |
| integration_tests_cli: | |
| name: CLI Integration Tests | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go-version: [ 1.22.x ] | |
| may-fail: [ false ] | |
| runs-on: ubuntu-20.04 | |
| env: | |
| PERCONA_VERSION_SERVICE_URL: https://check-dev.percona.com/versions/v1 | |
| steps: | |
| - name: Set up Go release | |
| uses: percona-platform/setup-go@v4 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Set GO_VERSION environment variable | |
| run: | | |
| go version | |
| echo "GO_VERSION=$(go version)" >> $GITHUB_ENV | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Enable Go modules cache | |
| uses: percona-platform/cache@v3 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ matrix.os }}-go-${{ matrix.go-version }}-modules-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-modules- | |
| - name: Enable Go build cache | |
| uses: percona-platform/cache@v3 | |
| with: | |
| path: ~/.cache/go-build | |
| key: ${{ matrix.os }}-go-${{ matrix.go-version }}-build-${{ github.ref }}-${{ hashFiles('**') }} | |
| restore-keys: | | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-build-${{ github.ref }}- | |
| ${{ matrix.os }}-go-${{ matrix.go-version }}-build- | |
| - name: Set up Go release for CLI | |
| uses: percona-platform/setup-go@v4 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Build CLI binary | |
| run: | | |
| make init | |
| make build-cli | |
| - name: Create KIND cluster | |
| uses: helm/kind-action@v1.10.0 | |
| - name: Run integration tests | |
| working-directory: cli-tests | |
| id: cli-tests | |
| run: | | |
| make init | |
| make install-operators | |
| kubectl patch sub everest-operator -n everest-system -p ' | |
| [{ | |
| "op": "add", | |
| "path": "/spec/config/env/-", | |
| "value": { | |
| "name": "PERCONA_VERSION_SERVICE_URL", | |
| "value": "https://check-dev.percona.com/versions/v1" | |
| } | |
| }]' --type=json | |
| make test-cli | |
| - name: Attach the report | |
| if: ${{ always() && steps.cli-tests.outcome != 'skipped' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cli-tests-report | |
| path: cli-tests/test-report | |
| overwrite: true | |
| integration_tests_flows: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| make_target: [ | |
| 'test-all-operators', | |
| 'test-mongo-operator', | |
| 'test-pg-operator', | |
| 'test-pxc-operator' | |
| ] | |
| name: CLI tests | |
| uses: ./.github/workflows/cli-tests.yml | |
| secrets: inherit | |
| with: | |
| make_target: ${{ matrix.make_target }} | |
| merge-gatekeeper: | |
| needs: [ test, check, integration_tests_api, integration_tests_flows, integration_tests_cli] | |
| name: Merge Gatekeeper | |
| if: ${{ always() }} | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Run Merge Gatekeeper | |
| uses: upsidr/merge-gatekeeper@v1.2.1 | |
| with: | |
| self: Merge Gatekeeper | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| interval: 45 | |
| timeout: 300 | |
| ignored: "license/snyk (Percona Everest), security/snyk (Percona Everest)" | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} |