-
-
Notifications
You must be signed in to change notification settings - Fork 324
293 lines (267 loc) · 10.8 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
name: test
on:
pull_request:
env:
RUST_BACKTRACE: 1
# Spend CI time only on latest ref: https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
unit:
strategy:
# Prevent GitHub from cancelling all in-progress jobs when a matrix job fails.
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions-rs/toolchain@v1
with:
override: true
toolchain: stable
profile: minimal
# Smart caching for Rust projects.
# Includes workaround for macos cache corruption.
# - https://github.com/rust-lang/cargo/issues/8603
# - https://github.com/actions/cache/issues/403
- uses: Swatinem/rust-cache@v2
# Install OpenSSL Libraries for Windows
# - name: install openssl
# if: matrix.os == 'windows-latest'
# run: |
# $ErrorActionPreference = "Stop"
# choco install --verbose openssl
# openssl version
# refreshenv
# echo "OPENSSL_LIB_DIR=C:/Program Files/OpenSSL-Win64/lib" >> $env:GITHUB_ENV
# echo "OPENSSL_DIR=C:/Program Files/OpenSSL-Win64/" >> $env:GITHUB_ENV
# echo "OPENSSL_INCLUDE_DIR=C:/Program Files/OpenSSL-Win64/include" >> $env:GITHUB_ENV
# Real CI work starts here
- name: Build workspace
run: cargo build
- name: Build no-tls
run: cargo build -p kube --no-default-features --features=client
if: matrix.os == 'ubuntu-latest' # only linux tests all feature combinations
# Workspace unit tests with various feature sets
- name: Run workspace unit tests (no default features)
run: cargo test --workspace --lib --no-default-features -j6
if: matrix.os == 'ubuntu-latest' # only linux tests all feature combinations
- name: Run workspace unit tests (default features)
run: cargo test --workspace --lib --exclude kube-examples --exclude e2e -j6
if: matrix.os != 'macos-latest'
- name: Run workspace unit tests (all features)
if: matrix.os != 'windows-latest'
run: cargo test --workspace --lib --all-features --exclude kube-examples --exclude e2e -j6
# Workspace documentation (all features only)
- name: Run workspace doc tests
run: cargo test --workspace --doc --all-features --exclude kube-examples --exclude e2e -j6
if: matrix.os == 'ubuntu-latest'
- name: Run ad-hoc doc test verification
run: |
if rg "\`\`\`ignored"; then
echo "ignored doctests are not allowed, use compile_fail or no_run"
exit 1
fi
if: matrix.os == 'ubuntu-latest'
# Examples
- name: Test examples
if: matrix.os != 'windows-latest'
run: cargo test -p kube-examples --examples -j6
doc:
runs-on: ubuntu-latest
name: doc
steps:
- uses: actions/checkout@v4
- name: Install nightly
uses: dtolnay/rust-toolchain@nightly
- name: cargo doc
run: cargo doc --no-deps --all-features
env:
RUSTDOCFLAGS: --cfg docsrs
msrv:
# Run `cargo check` on our minimum supported Rust version
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@main
- name: Find MSRV
id: msrv
run: |
MSRV=$(grep MSRV README.md | grep -oE "[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+")
echo $MSRV
echo "msrv=${MSRV}" >> $GITHUB_OUTPUT
- uses: actions-rs/toolchain@v1
with:
toolchain: ${{ steps.msrv.outputs.msrv }}
profile: minimal
override: true
- uses: Swatinem/rust-cache@v2
- name: Check
uses: actions-rs/cargo@v1
with:
command: check
args: --workspace
- name: Check rust-version keys matches MSRV consistently
run: |
if [[ $(cat ./*/Cargo.toml | grep "rust-version" | uniq | wc -l) -gt 1 ]]; then
echo "inconsistent rust-version keys set in various kube-crates:"
rg "rust-version" ./*/Cargo.toml
exit 1
fi
if ! cat kube/Cargo.toml | grep "rust-version" | grep "${{ steps.msrv.outputs.msrv }}"; then
echo "msrv policy inconsistent with rust-version key"
exit 1
fi
- name: Check devcontainer matches MSRV
run: |
versions=$(sed -nE 's|^FROM (.*/)?rust:([^ ]+)|\2|p' .devcontainer/Dockerfile)
echo "Versions: $versions"
mismatches=$(echo "$versions" | grep -v '^${{ steps.msrv.outputs.msrv }}' || true)
echo "Mismatches: $mismatches"
if [ -n "$mismatches" ]; then
echo "::error ::Devcontainer includes incorrect rust version(s): $mismatches"
exit 1
fi
integration:
runs-on: ubuntu-latest
strategy:
# Prevent GitHub from cancelling all in-progress jobs when a matrix job fails.
fail-fast: false
matrix:
# Run these tests against older clusters as well
k8s: [v1.23, latest]
steps:
- uses: actions/checkout@v4
- uses: actions-rs/toolchain@v1
with:
override: true
toolchain: stable
profile: minimal
# Smart caching for Rust projects.
# Includes workaround for macos cache corruption.
# - https://github.com/rust-lang/cargo/issues/8603
# - https://github.com/actions/cache/issues/403
- uses: Swatinem/rust-cache@v2
- uses: nolar/setup-k3d-k3s@v1
with:
version: ${{matrix.k8s}}
# k3d-kube
k3d-name: kube
# Used to avoid rate limits when fetching the releases from k3s repo.
# Anonymous access is limited to 60 requests / hour / worker
# github-token: ${{ secrets.GITHUB_TOKEN }}
k3d-args: "--no-lb --no-rollback --k3s-arg --disable=traefik,servicelb,metrics-server@server:*"
# Real CI work starts here
- name: Build workspace
run: cargo build
# Run the equivalent of `just integration`
- name: Run all integration library tests
run: cargo test --lib --workspace --exclude e2e --all-features -j6 -- --ignored
- name: Run crd example tests
run: cargo run -p kube-examples --example crd_api
- name: Run derive example tests
run: cargo run -p kube-examples --example crd_derive
mk8sv:
# comile check e2e tests against mk8sv
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Find MK8SV
id: mk8sv
run: |
MK8SV=$(grep MK8SV README.md | grep -oE "[[:digit:]]+\.[[:digit:]]+" | head -n 1)
echo $MK8SV
echo "mk8sv=${MK8SV}" >> $GITHUB_OUTPUT
echo "mk8svdash=v${MK8SV/\./_}" >> $GITHUB_OUTPUT
- name: Check ci jobs run against advertised MK8SV
run: |
if ! grep "${{ steps.mk8sv.outputs.mk8sv }}" -q .github/workflows/ci.yml; then
echo "mk8sv not set correctly in tests"
exit 1
fi
if ! grep "${{ steps.mk8sv.outputs.mk8svdash }}" e2e/Cargo.toml | grep mk8sv; then
echo "mk8sv not set correctly in e2e features"
exit 1
fi
- uses: actions-rs/toolchain@v1
with:
override: true
toolchain: stable
profile: minimal
# Smart caching for Rust projects.
# Includes workaround for macos cache corruption.
# - https://github.com/rust-lang/cargo/issues/8603
# - https://github.com/actions/cache/issues/403
- uses: Swatinem/rust-cache@v2
- uses: nolar/setup-k3d-k3s@v1
with:
version: v1.23
# k3d-kube
k3d-name: kube
# Used to avoid rate limits when fetching the releases from k3s repo.
# Anonymous access is limited to 60 requests / hour / worker
# github-token: ${{ secrets.GITHUB_TOKEN }}
k3d-args: "--no-lb --no-rollback --k3s-arg --disable=traefik,servicelb,metrics-server@server:*"
# Real CI work starts here
- name: Build workspace
run: cargo build
- name: boot openssl, latest k8s
run: cargo run -p e2e --bin boot --features=openssl,latest
- name: boot openssl, minimum supported k8s
run: cargo run -p e2e --bin boot --features=openssl,mk8sv
- name: boot rustls, latest k8s
run: cargo run -p e2e --bin boot --features=rustls,latest
- name: boot rustls, minimum supported k8s
run: cargo run -p e2e --bin boot --features=rustls,mk8sv
in-cluster:
# in-cluster e2e via docker on linux
runs-on: ubuntu-latest
strategy:
# Prevent GitHub from cancelling all in-progress jobs when a matrix job fails.
fail-fast: false
matrix:
tls: [openssl, rustls]
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v2
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git
target
key: musl-cargo-${{ hashFiles('**/Cargo.toml') }}-${{matrix.tls}}
- uses: nolar/setup-k3d-k3s@v1
with:
version: latest
# k3d-kube
k3d-name: kube
# Used to avoid rate limits when fetching the releases from k3s repo.
# Anonymous access is limited to 60 requests / hour / worker
# github-token: ${{ secrets.GITHUB_TOKEN }}
k3d-args: "--no-lb --no-rollback --k3s-arg --disable=traefik,servicelb,metrics-server@server:*"
- name: Compile e2e job against ${{matrix.tls}}
run: |
mkdir -p ~/.cargo/{git,registry}
docker run --rm -t \
--mount type=bind,source=${{ github.workspace }},target=/volume \
--mount type=bind,source=$HOME/.cargo/registry,target=/root/.cargo/registry \
--mount type=bind,source=$HOME/.cargo/git,target=/root/.cargo/git \
clux/muslrust:stable \
cargo build -p e2e --release --bin=job --features=latest,${{matrix.tls}} -v
cp target/x86_64-unknown-linux-musl/release/job e2e/
- name: Build image
run: "docker build -t clux/kube-e2e:${{ github.sha }} e2e/"
- name: Import image
run: "k3d image import clux/kube-e2e:${{ github.sha }} --cluster kube"
- run: sed -i 's/latest/${{ github.sha }}/g' e2e/deployment.yaml
- name: Create resource
run: kubectl apply -f e2e/deployment.yaml -n apps
- run: kubectl get all -n apps
- run: kubectl describe jobs/e2e -n apps
- name: Wait for job to complete
run: |
kubectl wait --for=condition=complete job/e2e -n apps --timeout=50s || kubectl logs -f job/e2e -n apps
kubectl get all -n apps
kubectl wait --for=condition=complete job/e2e -n apps --timeout=10s || kubectl get pods -n apps | grep e2e | grep Completed