Merge pull request #1408 from splunk/promote-develop-to-main-2.7.0 #4958
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test | |
on: push | |
jobs: | |
check-formating: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Check Source formatting | |
run: make fmt && if [[ $? -ne 0 ]]; then false; fi | |
- name: Lint source code | |
run: make vet && if [[ $? -ne 0 ]]; then false; fi | |
unit-tests: | |
runs-on: ubuntu-latest | |
needs: check-formating | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Install goveralls | |
run: | | |
go version | |
go install github.com/mattn/goveralls@latest | |
- name: Install Ginkgo | |
run: | | |
make setup/ginkgo | |
go mod tidy | |
- name: Run Unit Tests | |
run: make test | |
- name: Run Code Coverage | |
run: goveralls -coverprofile=coverage.out -service=circle-ci -repotoken ${{ secrets.COVERALLS_TOKEN }} | |
- name: Upload Coverage artifacts | |
uses: actions/upload-artifact@v4.4.0 | |
with: | |
name: coverage.out | |
path: coverage.out | |
build-operator-image: | |
runs-on: ubuntu-latest | |
needs: unit-tests | |
env: | |
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
steps: | |
- name: Set up cosign | |
uses: sigstore/cosign-installer@main | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Install Ginkgo | |
run: | | |
make setup/ginkgo | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2.5.0 | |
- name: Install Operator SDK | |
run: | | |
export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) | |
export OS=$(uname | awk '{print tolower($0)}') | |
export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }} | |
sudo curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} | |
sudo chmod +x operator-sdk_${OS}_${ARCH} | |
sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
#- name: Login to Redhat registry | |
# uses: docker/login-action@v3 | |
# with: | |
# registry: registry.redhat.io | |
# username: ${{ secrets.REDHAT_REGISTRY_ID }} | |
# password: ${{ secrets.REDHAT_REGISTRY_PASSWORD }} | |
- name: Make Splunk Operator Image | |
run: | | |
make docker-build IMG=${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA | |
- name: Push Splunk Operator Image to ECR | |
run: | | |
echo "Uploading Image to ECR:: ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA" | |
make docker-push IMG=${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ github.sha }} | |
- name: Sign Splunk Operator image with a key | |
run: | | |
cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ github.sha }} | |
env: | |
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
vulnerability-scan: | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
runs-on: ubuntu-latest | |
needs: build-operator-image | |
env: | |
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
IMAGE_NAME: ${{ secrets.ECR_REPOSITORY }}/splunk/splunk-operator:${{ github.sha }} | |
steps: | |
- name: Set up cosign | |
uses: sigstore/cosign-installer@main | |
- uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2.5.0 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Pull Splunk Operator Image Locally | |
run: | | |
docker pull ${{ env.IMAGE_NAME }} | |
- name: Verify Signed Splunk Operator image | |
run: | | |
cosign verify --key env://COSIGN_PUBLIC_KEY ${{ env.IMAGE_NAME }} | |
env: | |
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: '${{ env.IMAGE_NAME }}' | |
format: sarif | |
#exit-code: 1 | |
severity: 'CRITICAL' | |
ignore-unfixed: true | |
output: 'trivy-results.sarif' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
smoke-tests: | |
needs: vulnerability-scan | |
strategy: | |
fail-fast: false | |
matrix: | |
test: [ | |
basic, | |
appframeworksS1, | |
managerappframeworkc3, | |
managerappframeworkm4, | |
managersecret, | |
managermc, | |
] | |
runs-on: ubuntu-latest | |
env: | |
CLUSTER_NODES: 1 | |
CLUSTER_WORKERS: 3 | |
SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }} | |
SPLUNK_ENTERPRISE_RELEASE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_RELEASE_IMAGE }} | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
SPLUNK_OPERATOR_IMAGE_FILENAME: splunk-operator | |
TEST_FOCUS: "${{ matrix.test }}" | |
# This regex matches any string not containing smoke keyword | |
TEST_TO_SKIP: "^(?:[^s]+|s(?:$|[^m]|m(?:$|[^o]|o(?:$|[^k]|k(?:$|[^e])))))*$" | |
TEST_CLUSTER_PLATFORM: eks | |
EKS_VPC_PRIVATE_SUBNET_STRING: ${{ secrets.EKS_VPC_PRIVATE_SUBNET_STRING }} | |
EKS_VPC_PUBLIC_SUBNET_STRING: ${{ secrets.EKS_VPC_PUBLIC_SUBNET_STRING }} | |
TEST_BUCKET: ${{ secrets.TEST_BUCKET }} | |
TEST_INDEXES_S3_BUCKET: ${{ secrets.TEST_INDEXES_S3_BUCKET }} | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
PRIVATE_REGISTRY: ${{ secrets.ECR_REPOSITORY }} | |
S3_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
ENTERPRISE_LICENSE_LOCATION: ${{ secrets.ENTERPRISE_LICENSE_LOCATION }} | |
EKS_SSH_PUBLIC_KEY: ${{ secrets.EKS_SSH_PUBLIC_KEY }} | |
CLUSTER_WIDE: "true" | |
DEPLOYMENT_TYPE: "" | |
steps: | |
- name: Set Test Cluster Name | |
run: | | |
echo "TEST_CLUSTER_NAME=eks-integration-test-cluster-${{ matrix.test }}-$GITHUB_RUN_ID" >> $GITHUB_ENV | |
- name: Chekcout code | |
uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Change splunk enterprise to release image on main branches | |
if: github.ref == 'refs/heads/main' | |
run: | | |
echo "SPLUNK_ENTERPRISE_IMAGE=${{ steps.dotenv.outputs.SPLUNK_ENTERPRISE_RELEASE_IMAGE }}" >> $GITHUB_ENV | |
- name: Install Kubectl | |
uses: Azure/setup-kubectl@v3 | |
with: | |
version: ${{ steps.dotenv.outputs.KUBECTL_VERSION }} | |
- name: Install Python | |
uses: actions/setup-python@v2 | |
- name: Install AWS CLI | |
run: | | |
curl "${{ steps.dotenv.outputs.AWSCLI_URL}}" -o "awscliv2.zip" | |
unzip awscliv2.zip | |
sudo ./aws/install --update | |
aws --version | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Install Ginkgo | |
run: | | |
make setup/ginkgo | |
- name: Install Helm | |
run: | | |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |
chmod 700 get_helm.sh | |
./get_helm.sh | |
DESIRED_VERSION=v3.8.2 bash get_helm.sh | |
- name: Install EKS CTL | |
run: | | |
curl --silent --insecure --location "https://github.com/weaveworks/eksctl/releases/download/${{ steps.dotenv.outputs.EKSCTL_VERSION }}/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp | |
sudo mv /tmp/eksctl /usr/local/bin | |
eksctl version | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2.5.0 | |
- name: Install Operator SDK | |
run: | | |
sudo curl -L -o /usr/local/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}/operator-sdk-${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }}-x86_64-linux-gnu | |
sudo chmod +x /usr/local/bin/operator-sdk | |
- name: Configure Docker Hub credentials | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN}} | |
- name: Pull Splunk Enterprise Image | |
run: docker pull ${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Tag and Push Splunk Enterprise Image to ECR | |
run: | | |
docker tag ${{ env.SPLUNK_ENTERPRISE_IMAGE }} ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
docker push ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_ENTERPRISE_IMAGE }} | |
- name: Pull Splunk Operator Image Locally | |
run: | | |
docker pull ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA | |
- name: Change Operator Image Tag to latest | |
run: | | |
docker tag ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:latest | |
- name: Create EKS cluster | |
run: | | |
export EKS_CLUSTER_K8_VERSION=${{ steps.dotenv.outputs.EKS_CLUSTER_K8_VERSION }} | |
make cluster-up | |
- name: install metric server | |
run: | | |
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml | |
- name: install k8s dashboard | |
run: | | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.5/aio/deploy/recommended.yaml | |
- name: Setup Kustomize | |
run: | | |
sudo snap install kustomize | |
mkdir -p ./bin | |
cp /snap/bin/kustomize ./bin/kustomize | |
- name: Run smoke test | |
id: smoketest | |
run: | | |
make int-test | |
- name: Collect Test Logs | |
if: ${{ always() }} | |
run: | | |
mkdir -p /tmp/pod_logs | |
find ./test -name "*.log" -exec cp {} /tmp/pod_logs \; | |
- name: Archive Pod Logs | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v4.4.0 | |
with: | |
name: "splunk-pods-logs--artifacts-${{ matrix.test }}" | |
path: "/tmp/pod_logs/**" | |
- name: Cleanup Test Case artifacts | |
if: ${{ always() }} | |
run: | | |
make cleanup | |
make clean | |
- name: Cleanup up EKS cluster | |
if: ${{ always() }} | |
run: | | |
make cluster-down | |
#- name: Test Report | |
# uses: dorny/test-reporter@v1 | |
# if: success() || failure() # run this step even if previous step failed | |
# with: | |
# name: Integration Tests # Name of the check run which will be created | |
# path: inttest-*.xml # Path to test results | |
# reporter: jest-junit # Format of test results | |
push-latest: | |
needs: smoke-tests | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
env: | |
SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator | |
TAG: latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v2 | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2.5.0 | |
- name: Configure Docker Hub credentials | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PUSH_TOKEN}} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Pull Splunk Operator Image Locally | |
run: | | |
docker pull ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA | |
- name: Change Operator Image Tag to latest | |
run: | | |
docker tag ${{ secrets.ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:$GITHUB_SHA ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ env.TAG }} | |
- name: Push Splunk Operator Image to Docker Hub | |
run: docker push ${{ env.SPLUNK_OPERATOR_IMAGE_NAME }}:${{ env.TAG }} |