Skip to content

Commit

Permalink
Merge branch 'main' into resolve-eslint-max-depth
Browse files Browse the repository at this point in the history
  • Loading branch information
cmwylie19 authored Oct 23, 2024
2 parents e9d8bb4 + 91a4aea commit 1759a4d
Show file tree
Hide file tree
Showing 19 changed files with 317 additions and 40 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/container-scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
- name: Build Pepr Controller Image
run: npm run build:image
- name: Vulnerability Scan
uses: anchore/scan-action@4e08a16a68fb1b35d2fca00f0607db0b5b5120a7 # v5.0.0
uses: anchore/scan-action@ef0b0b023552a0c077534074723a9915280284bb # v5.1.0
with:
image: "pepr:dev"
fail-build: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
- name: 'Checkout Repository'
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: 'Dependency Review'
uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5

circular-dependencies:
runs-on: ubuntu-latest
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
steps:
- name: Get token to trigger defenseunicorns/pepr-docs workflow
id: get_workflow_trigger_token
uses: peter-murray/workflow-application-token-action@baa1ef2638c3d9e5967b7c8b86219f8fc919e1bb # v3.0.1
uses: peter-murray/workflow-application-token-action@8e4e6fbf6fcc8a272781d97597969d21b3812974 # v4.0.0
with:
application_id: ${{ secrets.DOCS_WORKFLOW_GITHUB_APP_ID }}
application_private_key: ${{ secrets.DOCS_WORKFLOW_GITHUB_APP_SECRET }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/node.js.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18, 20, latest]
node-version: [18, 20, 22]
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Use Node.js ${{ matrix.node-version }}
Expand All @@ -45,10 +45,10 @@ jobs:
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

- name: Use Node.js latest
- name: Use Node.js 22
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version: latest
node-version: 22
cache: "npm"
- name: Setup Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
Expand Down
17 changes: 11 additions & 6 deletions .github/workflows/pepr-excellent-examples.yml
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ jobs:
if: needs.examples-matrix.outputs.matrix != ''
strategy:
fail-fast: false
max-parallel: 5
max-parallel: 32 # Roughly matches the number of E2E tests and below GitHub concurrency limit
matrix: ${{ fromJSON(needs.examples-matrix.outputs.matrix) }}
steps:
- name: Harden Runner
Expand Down Expand Up @@ -187,11 +187,16 @@ jobs:
npm ci
- name: run e2e tests
run: |
cd "$PEPR_EXCELLENT_EXAMPLES_PATH"
npm run --workspace=${{ matrix.name }} test:e2e -- \
--image pepr:dev \
--custom-package ../pepr-0.0.0-development.tgz
uses: nick-fields/retry@v3
with:
max_attempts: 3
retry_on: error
timeout_minutes: 6
command: |
cd "$PEPR_EXCELLENT_EXAMPLES_PATH"
npm run --workspace=${{ matrix.name }} test:e2e -- \
--image pepr:dev \
--custom-package ../pepr-0.0.0-development.tgz
- name: upload artifacts (troubleshooting)
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
Expand Down
212 changes: 212 additions & 0 deletions .github/workflows/soak-interrupts.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,212 @@
name: Soak Interrupts Test

permissions: read-all
on:
workflow_dispatch:
inputs:
branch:
description: 'Branch to run the workflow on'
required: true
default: 'main'
http2:
description: 'use http2 watcher'
required: false
default: 'false'
schedule:
- cron: '0 4 * * *' # 12AM EST/9PM PST

jobs:
pepr-build:
name: controller image
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit

- name: clone pepr
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
repository: defenseunicorns/pepr
path: pepr

- name: "set env: PEPR"
run: echo "PEPR=${GITHUB_WORKSPACE}/pepr" >> "$GITHUB_ENV"

- name: setup node
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version: 20
cache: "npm"
cache-dependency-path: pepr

- name: install pepr deps
run: |
cd "$PEPR"
npm ci
- name: build pepr image
run: |
cd "$PEPR"
npm run build:image
- name: tar pepr image
run: |
PEPR_TAR="${GITHUB_WORKSPACE}/pepr-img.tar"
echo "PEPR_TAR=${PEPR_TAR}" >> "$GITHUB_ENV"
docker image save --output "$PEPR_TAR" pepr:dev
- name: upload image tar artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: pepr-img.tar
path: pepr-img.tar
retention-days: 1

soak-interrupts-test:
name: soak-interrupts-test
runs-on: ubuntu-latest
needs:
- pepr-build

steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit

- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

- name: "install k3d"
run: "curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash"
shell: bash

- name: dowload image tar artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: pepr-img.tar
path: ${{ github.workspace }}

- name: import pepr image from tar
run: |
PEPR_TAR="${GITHUB_WORKSPACE}/pepr-img.tar"
echo "PEPR_TAR=${PEPR_TAR}" >> "$GITHUB_ENV"
docker image load --input "$PEPR_TAR"
- name: Create k3d Cluster
run: "k3d cluster create"
shell: bash

- name: Import pepr image into k3d
run: "k3d image import pepr:dev -c k3s-default"
shell: bash

- name: Install istioctl
run: |
curl -L https://istio.io/downloadIstio | sh -
shell: bash

- name: Install default profile
run: |
cd istio*/bin
./istioctl install --set profile=demo -y
- name: Set up Kubernetes
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
with:
version: 'latest'

- name: Create logs directory
run: mkdir -p logs

- name: Deploy Pepr
if: ${{ (github.event.inputs.http2 || 'none') != 'true' }}
run: |
kubectl apply -f hack/soak.ci.yaml
- name: Deploy http2 Pepr
if: ${{ (github.event.inputs.http2 || 'none') == 'true' }}
run: |
kubectl apply -f hack/soak-http2.ci.yaml
- name: Deploy applications
run: |
kubectl apply -f hack/auditor.ci.yaml
- name: Wait for 15 minutes before starting pod checks
run: |
sleep 10s
kubectl wait --for=condition=ready -n istio-system pod -l istio=pilot
kubectl wait --for=condition=ready -n istio-system pod -l app=istio-ingressgateway
kubectl wait --for=condition=ready -n watch-auditor pod -l app=watch-auditor
kubectl wait --for=condition=ready -n pepr-system pod -l app=pepr-soak-ci-watcher
- name: Run the soak test and collect metrics
run: |
# Initialize the map to store pod counts
declare -A pod_map
update_pod_map() {
for pod in $(kubectl get pods -n pepr-demo -o jsonpath='{.items[*].metadata.name}'); do
count=${pod_map[$pod]}
if [ -z "$count" ]; then
pod_map[$pod]=1
else
pod_map[$pod]=$((count + 1))
fi
done
}
touch logs/auditor-log.txt
touch logs/informer-log.txt
update_pod_map
collect_metrics() {
kubectl exec metrics-collector -n watch-auditor -- curl watch-auditor:8080/metrics | grep watch_controller_failures_total > logs/auditor-log.txt || true
kubectl exec metrics-collector -n watch-auditor -- curl -k https://pepr-soak-ci-watcher.pepr-system.svc.cluster.local/metrics | egrep -E "pepr_cache_miss|pepr_resync_failure_count" > logs/informer-log.txt
kubectl logs -n pepr-system deploy/pepr-soak-ci-watcher > logs/watch-log.txt
}
# Start collecting metrics every 5 minutes and checking pod counts every 30 minutes
for i in {1..13}; do # 13 iterations cover 65 minutes (1 hours and 5 minutes) (Every 5 mins x 13 = 65 mins = 1 hour 5 mins)
collect_metrics
cat logs/informer-log.txt
cat logs/auditor-log.txt
if [ $((i % 2)) -eq 0 ]; then # Every 10 minutes
update_pod_map
# get a list of pods every 10 mins
kubectl get pods -n pepr-demo
kubectl top po -n pepr-system
kubectl get po -n pepr-system
# Verify that no pod's count exceeds 1
for pod in "${!pod_map[@]}"; do
echo "$pod: ${pod_map[$pod]}"
if [ "${pod_map[$pod]}" -gt 1 ]; then
echo "Test failed: Pod $pod has count ${pod_map[$pod]}"
exit 1
fi
done
# Every 20 minutes, scale up or down the `watch-auditor` deployment
if [ $((i % 4)) -eq 0 ]; then
echo "Scaling down the watch-auditor deployment to 0 replicas"
kubectl scale deploy/watch-auditor -n watch-auditor --replicas=0
else
echo "Scaling up the watch-auditor deployment to 1 replica"
kubectl scale deploy/watch-auditor -n watch-auditor --replicas=1
fi
fi
sleep 300s # Sleep for 5 minutes before the next iteration
done
echo "Soak interrupt test passed successfully!"
shell: bash

- name: Upload logs
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: soak-test-logs
path: logs
1 change: 1 addition & 0 deletions .github/workflows/soak.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,7 @@ jobs:
kubectl get pods -n pepr-demo
kubectl top po -n pepr-system
kubectl get po -n pepr-system
# Verify that no pod's count exceeds 1
for pod in "${!pod_map[@]}"; do
Expand Down
36 changes: 36 additions & 0 deletions .github/workflows/uds-http2-watcher.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
const { resolve } = require("node:path");
const { access, copyFile, readFile, writeFile } = require("node:fs/promises");

async function run(args) {
// args[0] = <path to node bin>
// args[1] = <path to this script>
// args[2] = <path to package.json>

const pathArg = args[2];
if (!pathArg) {
throw "arg error: must pass path to package.json";
}

if (!pathArg.endsWith("package.json")) {
throw `arg error: path (${pathArg}) must end in 'package.json'`;
}

let path = resolve(pathArg);
access(path).catch(e => {
throw e;
});

await copyFile(path, `${path}.bak`);

const pkg = JSON.parse(await readFile(path, "utf8"));
let env = pkg?.pepr?.env || {};
env = { ...env, PEPR_HTTP2_WATCH: "true" };
pkg.pepr.env = env;

await writeFile(path, JSON.stringify(pkg, null, 2));
}

run(process.argv).catch(err => {
console.error(err);
process.exit(-1);
});
15 changes: 15 additions & 0 deletions .github/workflows/uds.yml
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,25 @@ jobs:
- name: "set env: PEPR_IMG"
run: echo "PEPR_IMG=${GITHUB_WORKSPACE}/pepr-img.tar" >> "$GITHUB_ENV"

- name: clone pepr
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
repository: defenseunicorns/pepr
path: pepr

- name: "set env: PEPR"
run: echo "PEPR=${GITHUB_WORKSPACE}/pepr" >> "$GITHUB_ENV"

- name: import docker image from pepr tar
run: |
docker image load --input "$PEPR_IMG"
- name: swap-in HTTP2-based watcher
run: |
cd "$UDS_CORE"
node "$PEPR/.github/workflows/uds-http2-watcher.js" ./package.json
cat ./package.json
- name: uds run
run: |
cd "$UDS_CORE"
Expand Down
3 changes: 3 additions & 0 deletions .npmignore
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,6 @@ jest.config.json
*.toml
*.test.*
*.tgz

# Exclude all test files
src/**/*.test.ts
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
# Any other changes to Dockerfile should be reflected in Publish

# crane digest cgr.dev/chainguard/node-lts:latest-dev
FROM cgr.dev/chainguard/node:latest-dev@sha256:b0b04bbb69f6d39a65a341cfcaf3989c993a51a5fd26f0d6a818b970ada7d7d8 AS build
FROM cgr.dev/chainguard/node:latest-dev@sha256:96260affdd273eb612d5fa031b8230cde59e06e21cdaf67f85a8f6399abd889a AS build

WORKDIR /app

Expand Down
4 changes: 2 additions & 2 deletions Dockerfile.kfc
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
# Any other changes to Dockerfile should be reflected in Publish

# crane digest cgr.dev/chainguard/node-lts:latest-dev
FROM cgr.dev/chainguard/node:latest-dev@sha256:8a604e50086fdfa5c6298722bdf86bfbffd82e64e3ecc736b133bc0dbcb9d121 AS build
FROM cgr.dev/chainguard/node:latest-dev@sha256:96260affdd273eb612d5fa031b8230cde59e06e21cdaf67f85a8f6399abd889a AS build

WORKDIR /app

Expand Down Expand Up @@ -46,7 +46,7 @@ RUN cp -r kubernetes-fluent-client/src node_modules/kubernetes-fluent-client/src
##### DELIVER #####

# crane digest cgr.dev/chainguard/node-lts:latest
FROM cgr.dev/chainguard/node:latest@sha256:2ec55b47bddaa173fbcd6283d492b10e903da51dc7da12988024829ad0454dd7
FROM cgr.dev/chainguard/node:latest@sha256:f771505c29d1f766c1dc4d3b2ed0f8660a76553685b9d886728bc55d6f430ce8

WORKDIR /app

Expand Down
Loading

0 comments on commit 1759a4d

Please sign in to comment.