Skip to content

NODE-5583 Required variables for smoke-tests #334

NODE-5583 Required variables for smoke-tests

NODE-5583 Required variables for smoke-tests #334

Workflow file for this run

name: CI
on:
pull_request:
branches: [ 'stable/**' ]
types: [ 'opened', 'reopened', 'synchronize' ]
workflow_dispatch:
permissions:
contents: read
jobs:
build:
name: Build
runs-on: ${{ matrix.RUNNER }}
strategy:
fail-fast: false
matrix:
include:
- PLATFORM: amd64
ARCH: x86_64
RUNNER: self-hosted-amd64-1cpu
- PLATFORM: arm64
ARCH: aarch64
RUNNER: self-hosted-arm64-1cpu
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2
- name: Build image
run: make ARCHS=${{ matrix.ARCH }} PLATFORMS=${{ matrix.PLATFORM }} BUILDX_ARGS=--load build
- name: Save image
run: docker save -o node-${{ matrix.ARCH }}.tar docker.io/wallarm/node:test
- name: Cache image
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b
with:
retention-days: 1
name: node-${{ matrix.ARCH }}.tar
path: node-${{ matrix.ARCH }}.tar
test:
name: Test
runs-on: ${{ matrix.RUNNER }}
env:
## US preset
env_code: ingress-us1
CLIENT_ID: 7119
## EU preset
# env_code: ingress
# CLIENT_ID: 5
needs:
- build
strategy:
matrix:
case: [ single, split ]
ARCH: [ x86_64, aarch64 ]
include:
- ARCH: x86_64
RUNNER: self-hosted-amd64-2cpu
- ARCH: aarch64
RUNNER: self-hosted-arm64-2cpu
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2
- name: Import secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
id: secrets
with:
exportEnv: false
url: ${{ secrets.VAULT_URL }}
role: ${{ secrets.VAULT_ROLE }}
method: kubernetes
path: kubernetes-ci
secrets: |
kv-gitlab-ci/data/github/${{ env.env_code }} api_token ;
kv-gitlab-ci/data/github/${{ env.env_code }} api_host ;
kv-gitlab-ci/data/github/${{ env.env_code }} api_preset ;
kv-gitlab-ci/data/github/${{ env.env_code }} user_token ;
kv-gitlab-ci/data/github/${{ env.env_code }} webhook_uuid ;
kv-gitlab-ci/data/github/${{ env.env_code }} webhook_api_key ;
kv-gitlab-ci/data/github/${{ env.env_code }} allure_server_token ;
kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_name ;
kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ;
kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds registry_name ;
- name: Login
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
with:
registry: ${{ steps.secrets.outputs.registry_name }}
username: ${{ steps.secrets.outputs.token_name }}
password: ${{ steps.secrets.outputs.token_secret }}
- name: Load cache
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: node-${{ matrix.ARCH }}.tar
- name: Load images
run: docker load -i node-${{ matrix.ARCH }}.tar
- name: Run test
env:
ALLURE_PROJECT_ID: 10
ALLURE_UPLOAD_REPORT: true
ALLURE_TOKEN: ${{ steps.secrets.outputs.ALLURE_SERVER_TOKEN }}
ALLURE_ENVIRONMENT_ARCH: ${{ matrix.ARCH }}
USER_TOKEN: ${{ steps.secrets.outputs.user_token }}
WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }}
WALLARM_API_HOST: ${{ steps.secrets.outputs.api_host }}
WALLARM_API_PRESET: ${{ steps.secrets.outputs.api_preset }}
WEBHOOK_API_KEY: ${{ steps.secrets.outputs.webhook_api_key }}
WEBHOOK_UUID: ${{ steps.secrets.outputs.webhook_uuid }}
ARCH: ${{ matrix.ARCH }}
run: make ${{ matrix.case }}
- name: Upload logs
if: always()
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
retention-days: 5
name: node-logs-${{ matrix.ARCH }}-${{ matrix.case }}.tar.gz
path: node-logs-${{ matrix.ARCH }}-${{ matrix.case }}.tar.gz
scan:
name: Vulnerability scanner
runs-on: self-hosted-amd64-1cpu
permissions:
pull-requests: write
needs:
- build
env:
ARCH: x86_64
steps:
- name: Load cache
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: node-${{ env.ARCH }}.tar
- name: Import secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
id: secrets
with:
exportEnv: false
url: ${{ secrets.VAULT_URL }}
role: ${{ secrets.VAULT_ROLE }}
method: kubernetes
path: kubernetes-ci
secrets: |
kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ;
kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ;
- name: Docker Scout
uses: docker/scout-action@v1
with:
command: compare,cves
image: archive://node-${{ env.ARCH }}.tar
to: docker.io/wallarm/node:latest
ignore-unchanged: false
only-severities: critical,high
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-user: ${{ steps.secrets.outputs.DOCKERHUB_USER }}
dockerhub-password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }}