FilesExpand file tree

 master

/

scanner-e2e-test.yaml

Copy path

View Runs

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

131 lines (120 loc) · 4.95 KB

 master

/

scanner-e2e-test.yaml

Top

File metadata and controls

• Code
• Blame

131 lines (120 loc) · 4.95 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

name: Scanner functional tests

on:

workflow_dispatch:

pull_request:

types:

- opened

- reopened

- synchronize

jobs:

scanner-ft-images:

name: Wait for images

if: >

github.event_name != 'pull_request'

|| contains(github.event.pull_request.labels.*.name, 'scanner-functional-tests')

runs-on: ubuntu-latest

steps:

- name: Checkout repo

uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6

with:

fetch-depth: 0

ref: "${{ github.event.pull_request.head.sha }}"

- name: Get tag

run: |

echo "tag=$(make --quiet --no-print-directory tag)" >> "$GITHUB_ENV"

- name: Wait for images

uses: stackrox/actions/release/wait-for-image@9238e423c3ae1ac4eb0f254cbb98da9daae24d86 # ratchet:stackrox/actions/release/wait-for-image@v1

with:

token: ${{ secrets.QUAY_RHACS_ENG_BEARER_TOKEN }}

image: |

rhacs-eng/scanner-v4:${{ env.tag }}

rhacs-eng/scanner-v4-db:${{ env.tag }}

scanner-ft-run:

name: Deploy and run

needs:

- scanner-ft-images

runs-on: ubuntu-latest

env:

SCANNER_E2E_QUAY_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RO_USERNAME }}

SCANNER_E2E_QUAY_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RO_PASSWORD }}

# TODO Add registry.redhat.io secrets.

SCANNER_E2E_REDHAT_USERNAME: ${{ secrets.REDHAT_USERNAME }}

SCANNER_E2E_REDHAT_PASSWORD: ${{ secrets.REDHAT_PASSWORD }}

steps:

- name: Checkout

uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6

with:

fetch-depth: 0

ref: "${{ github.event.pull_request.head.sha }}"

- uses: ./.github/actions/job-preamble

with:

gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }}

- name: Create cluster (minikube)

uses: medyagh/setup-minikube@e9e035a86bbc3caea26a450bd4dbf9d0c453682e # ratchet:medyagh/setup-minikube@latest

with:

driver: docker

cpus: max

memory: max

mount-path: ${{ runner.temp }}:/runner

container-runtime: cri-o

- name: Deploy scanner

run: |

mkdir -m 777 "${{ runner.temp }}"/pgdata

# TODO(ROX-28174) Rename the targets and charts to "scanner functional

# tests".

make -C scanner e2e-deploy db-host-path="/runner/pgdata"

- name: Wait for deployments

run: |

info() { echo >&2 ">>> INFO (Wait for deployments): $*"; }

timeout=1m

while : ; do

info "Waiting for deployments to become ready (in $timeout)..."

kubectl -n stackrox wait pod --for=condition=Ready --all --timeout="$timeout" && break

info "Deployments are not ready yet"

info "Describing all pods:"

kubectl -n stackrox describe pods

for app in scanner-v4-db scanner-v4; do

info "Showing deployment logs ($app):"

kubectl -n stackrox logs -l app="$app" --all-containers=true

done

info "Abort if any pod has failed:"

kubectl \

-n stackrox get pods \

-o jsonpath='{range .items[*]}{.metadata.name} status={.status.phase}{range .status.containerStatuses[*]} restart={.restartCount}/{.name}{end}{"\n"}{end}' \

| grep -E 'status=Failed' && exit 1

done

- name: Run tests

run: |

kubectl -n stackrox expose deployment scanner-v4

kubectl -n stackrox get svc

while true; do

kubectl -n stackrox port-forward \

"$(kubectl -n stackrox get pods \

-l app=scanner-v4 \

-o jsonpath="{.items[*].metadata.name}")" \

8443:8443 || continue

done &

PID1=$!

while true; do

kubectl -n stackrox port-forward \

"$(kubectl -n stackrox get pods \

-l app=scanner-v4-db \

-o jsonpath="{.items[*].metadata.name}")" \

5432:5432 || continue

done &

PID2=$!

trap 'kill $PID1 $PID2' EXIT

PGPASSWORD=$(kubectl get secret "scanner-v4-db-password" -o json -n stackrox | jq .data.password -r | base64 -d)

# TODO(ROX-28174) Rename the targets and charts to "scanner functional

# tests".

PGPASSWORD="$PGPASSWORD" make -C scanner e2e-run NODEPS=1

- name: Describe and show logs

if: failure() || success()

run: |

info() { echo >&2 ">>> INFO (Describe and show logs): $*"; }

info "Describing all pods:"

kubectl -n stackrox describe pods

for app in scanner-v4-db scanner-v4; do

info "Showing deployment logs ($app):"

kubectl -n stackrox logs -l app="$app" --all-containers=true

done