feat: validate crd versions #1919
Conversation
lambdanis
added
area/ci
There was a problem hiding this comment.
Thank you for tackling this @sadath-12.
Ideally I would imagine this check as a Makefile rule, so that we can run it in CI, but also when validating changes locally. Can you define such a rule in this PR?
Please also squash the commits, so that the git history is more readable :)
can we check the commit difference in makefile ? |
Good question - we could, but it would be likely confusing what we're actually checking :) Maybe it's better to leave it as is. |
sadath-12
force-pushed
the
validate-crd
branch
3 times, most recently
from
cbb92be to
d89d947
Compare
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
Updated with other action |
There was a problem hiding this comment.
Thank you for taking on this issue!
I wanted to provide a starting point on how you can start solving this issue.
First, let's create a simple workflow. I'll start with a clean repo to make things easier.
$ git clone [email protected]:cilium/tetragon.git
$ cd tetragon
$ git switch -c crd-validation
Let's add a starting point for the action:
$ curl -s https://gist.githubusercontent.com/kkourt/f886b0a4dff79b472a179c9200205c16/raw/c4c3d1cf35c90a917e514e8ebd1b3078a0ca7bc0/validate-crd.yaml | tee .github/workflows/validate-crd.yaml
You can see the file here: https://gist.github.com/kkourt/f886b0a4dff79b472a179c9200205c16
We can now use acct to execute the action. First, we need to properly set the base and head refs (see https://nektosact.com/beginner/index.html#using-event-file-to-provide-complete-event-payload).
To do so we add and events.json file
"pull_request": {
"head": {
"ref": "crd-validation"
},
"base": {
"ref": "origin/main"
}
}
}
Now we can use acct:
$ gh act -W .github/workflows/validate-crd.yaml --eventpath event.json
Which will result in:
| origin/main
| Differences in yaml files:
| Differences in schema:
Since there are no differences.
We can start simple by creating the differences. Here's a simple commit that modifies the yaml file:
commit 9a90ffbd8063a4f1ba8caa89fc315566ba232f3a (HEAD -> crd-validation)
Author: Kornilios Kourtis <[email protected]>
Date: Tue Jan 9 13:51:27 2024 +0100
dummy
Signed-off-by: Kornilios Kourtis <[email protected]>
diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
index 31ad2495..b95412aa 100644
--- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
+++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
@@ -1390,6 +1390,7 @@ spec:
- State
- InMap
- NotInMap
+ - IsPizza
type: string
values:
description: Value to compare the argument against.
Now running act, we get:
| Differences in yaml files:
| diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpol
| icies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolici
| es.yaml
| index b95412aa..31ad2495 100644
| --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.y
| aml
| +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.y
| aml
| @@ -1390,7 +1390,6 @@ spec:
| - State
| - InMap
| - NotInMap
| - - IsPizza
| type: string
| values:
| description: Value to compare the argument ag
| ainst.
| Differences in schema:
So we can see that there are differences in the yaml files.
Please use above a starting point to develop a solution. Once finished, please provide the necessary steps for folk reviewing this PR to test the PR using acct for the two cases that we need covered: i) changes in the resources but no changes in the version, and ii) changes in both the resources and the versions. In (i) the action should fail, and in (ii) the action should succeed.
|
wow this really needs to be appreciated thanks @kkourt for taking time and finding it valuable to explain me. ill work on it |
sadath-12
force-pushed
the
validate-crd
branch
from
d89d947 to
82c7f63
Compare
|
Thank you for helping me improve @kkourt . Updated the changes and guide in description |
sadath-12
force-pushed
the
validate-crd
branch
from
82c7f63 to
ea0b42e
Compare
|
Thank you @lambdanis for improving |
If there is a change in the crd yaml files and if CustomResourceDefinitionSchemaVersion value is not updated accordingly in pkg/k8s/apis/cilium.io/v1alpha1/register.go or vice-versa . The CI will fail Signed-off-by: sadath-12 <[email protected]>
sadath-12
force-pushed
the
validate-crd
branch
from
ea0b42e to
9ad6135
Compare
|
failures seem unrelated, so merging. |
|
@kkourt issue closed but this pr not merged |
Issue
This pr Closes #1412
Description
If there is a change in the crd yaml files and if
CustomResourceDefinitionSchemaVersionvalue is not updated accordingly inpkg/k8s/apis/cilium.io/v1alpha1/version.goor vice-versa . The CI will failHow to test locally ?
follow this #1919 (review)
for the event.json thing set it as
you can replace the sha field by the latest commit on your base branch
here I added CustomResourceDefinitionSchemaVersion to
pkg/k8s/apis/cilium.io/v1alpha1/version.goin both branchesand changed yaml files
pkg/k8s/apis/cilium.io/v1alpha1/version.goand CustomResourceDefinitionSchemaVersion in HEAD branch (test-dev-2)change the branch
git checkout test-dev-2(the branch that makes the pr request because we have HEAD in the yaml)then you should see the success output as I saw
if you changed crd yaml files but not version you will see the failure output something as I see here
And for vice-versa