ci: set trivy db repository to public.ecr.aws/aquasecurity/trivy-db:2… #13759
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build x86 Image | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| - release-* | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**.md' | |
| push: | |
| branches: | |
| - master | |
| - release-* | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**.md' | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.ref }}" | |
| cancel-in-progress: true | |
| env: | |
| GOSEC_VERSION: '2.15.0' | |
| HELM_VERSION: v3.11.1 | |
| jobs: | |
| build-kube-ovn: | |
| name: Build kube-ovn | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: actions/setup-go@v5 | |
| id: setup-go | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-x86-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-go-${{ env.GO_VERSION }}-x86- | |
| - name: Unit test | |
| run: | | |
| go install -mod=mod github.com/onsi/ginkgo/ginkgo | |
| make ut | |
| - name: Install gosec | |
| run: | | |
| tmp=$(mktemp -d) | |
| archive="gosec_${{ env.GOSEC_VERSION }}_$(go env GOHOSTOS)_$(go env GOHOSTARCH).tar.gz" | |
| wget -q -O "$tmp/$archive" https://github.com/securego/gosec/releases/download/v${{ env.GOSEC_VERSION }}/$archive | |
| tar --no-same-owner -C "$tmp" -xzf "$tmp/$archive" | |
| install "$tmp/gosec" /usr/local/bin | |
| rm -rf $tmp | |
| - name: Build | |
| run: | | |
| go mod tidy | |
| make lint | |
| make image-kube-ovn | |
| make tar-kube-ovn | |
| - name: Upload images to artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| path: kube-ovn.tar | |
| build-vpc-nat-gateway: | |
| name: Build vpc-nat-gateway | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Build | |
| run: | | |
| make image-vpc-nat-gateway | |
| make tar-vpc-nat-gateway | |
| - name: Upload image to artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: vpc-nat-gateway | |
| path: vpc-nat-gateway.tar | |
| build-e2e-binaries: | |
| name: Build E2E Binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - uses: actions/setup-go@v5 | |
| id: setup-go | |
| with: | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - run: make e2e-build | |
| working-directory: ${{ env.E2E_DIR }} | |
| netpol-path-filter: | |
| name: Network Policy Path Filter | |
| if: github.event_name != 'pull_request' | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| test-netpol: ${{ steps.filter.outputs.kube-ovn-controller }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| id: setup-go | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Generate path filter | |
| run: | | |
| filter=".github/path-filters.yaml" | |
| cat > $filter <<EOF | |
| kube-ovn-controller: | |
| - go.mod | |
| - go.sum | |
| EOF | |
| sh hack/go-list.sh pkg/controller | while read f; do | |
| echo "- $f" | tee -a $filter | |
| done | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| base: ${{ github.base_ref || github.ref_name }} | |
| filters: .github/path-filters.yaml | |
| list-files: csv | |
| k8s-conformance-e2e: | |
| name: Kubernetes Conformance E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| mode: | |
| - overlay | |
| - underlay | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - name: Remove DNS search domain | |
| run: | | |
| sudo sed -i '/^search/d' /etc/resolv.conf | |
| sudo systemctl restart docker | |
| - uses: actions/setup-go@v5 | |
| id: setup-go | |
| with: | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-${{ matrix.mode }}-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_BRANCH: ${{ github.base_ref || github.ref_name }} | |
| E2E_IP_FAMILY: ${{ matrix.ip-family }} | |
| E2E_NETWORK_MODE: ${{ matrix.mode }} | |
| run: make k8s-conformance-e2e | |
| - name: kubectl ko log | |
| if: failure() | |
| run: | | |
| make kubectl-ko-log | |
| mv kubectl-ko-log.tar.gz k8s-conformance-e2e-${{ matrix.ip-family }}-${{ matrix.mode }}-ko-log.tar.gz | |
| - name: upload kubectl ko log | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: k8s-conformance-e2e-${{ matrix.ip-family }}-${{ matrix.mode }}-ko-log | |
| path: k8s-conformance-e2e-${{ matrix.ip-family }}-${{ matrix.mode }}-ko-log.tar.gz | |
| k8s-netpol-e2e: | |
| name: Kubernetes Network Policy E2E | |
| if: | | |
| always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && | |
| (needs.netpol-path-filter.outputs.test-netpol == 1 || contains(github.event.pull_request.labels.*.name, 'network policy')) | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| - netpol-path-filter | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - name: Remove DNS search domain | |
| run: | | |
| sudo sed -i '/^search/d' /etc/resolv.conf | |
| sudo systemctl restart docker | |
| - uses: actions/setup-go@v5 | |
| id: setup-go | |
| with: | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: make k8s-netpol-e2e | |
| cyclonus-netpol-e2e: | |
| name: Cyclonus Network Policy E2E | |
| if: | | |
| always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && | |
| (needs.netpol-path-filter.outputs.test-netpol == 1 || contains(github.event.pull_request.labels.*.name, 'network policy')) | |
| needs: | |
| - build-kube-ovn | |
| - netpol-path-filter | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: make cyclonus-netpol-e2e | |
| kube-ovn-conformance-e2e: | |
| name: Kube-OVN Conformance E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| mode: | |
| - overlay | |
| - underlay | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - uses: actions/setup-go@v5 | |
| id: setup-go | |
| with: | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-${{ matrix.mode }}-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_BRANCH: ${{ github.base_ref || github.ref_name }} | |
| E2E_IP_FAMILY: ${{ matrix.ip-family }} | |
| E2E_NETWORK_MODE: ${{ matrix.mode }} | |
| run: make kube-ovn-conformance-e2e | |
| - name: kubectl ko log | |
| if: failure() | |
| run: | | |
| make kubectl-ko-log | |
| mv kubectl-ko-log.tar.gz kube-ovn-conformance-e2e-${{ matrix.mode }}-${{ matrix.ip-family }}-ko-log.tar.gz | |
| - name: upload kubectl ko log | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: kube-ovn-conformance-e2e-${{ matrix.mode }}-${{ matrix.ip-family }}-ko-log | |
| path: kube-ovn-conformance-e2e-${{ matrix.mode }}-${{ matrix.ip-family }}-ko-log.tar.gz | |
| - name: Cleanup | |
| run: | | |
| if [ "${{ matrix.mode }}" != underlay ]; then | |
| sh -x dist/images/cleanup.sh | |
| fi | |
| kube-ovn-ic-conformance-e2e: | |
| name: Kube-OVN IC Conformance E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - uses: actions/setup-go@v5 | |
| id: setup-go | |
| with: | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind clusters | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-ovn-ic | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-ovn-ic | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_BRANCH: ${{ github.base_ref || github.ref_name }} | |
| E2E_IP_FAMILY: ${{ matrix.ip-family }} | |
| run: make kube-ovn-ic-conformance-e2e | |
| chart-installation-test: | |
| needs: build-kube-ovn | |
| name: Chart Installation Test | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-chart | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| ha-installation-test: | |
| needs: build-kube-ovn | |
| name: HA Installation Test | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-ha | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: sudo ENABLE_SSL=true make kind-install | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| underlay-logical-gateway-installation-test: | |
| name: Underlay Logical Gateway Installation Test | |
| needs: build-kube-ovn | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-dual | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install-underlay-logical-gateway-dual | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| no-ovn-lb-test: | |
| name: Disable OVN LB Test | |
| needs: build-kube-ovn | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN without LoadBalancer | |
| env: | |
| ENABLE_LB: "false" | |
| run: make kind-install | |
| - name: kubectl ko log | |
| if: failure() | |
| run: | | |
| make kubectl-ko-log | |
| mv kube-ovn-no-lb-ko-log.tar.gz | |
| - name: upload kubectl ko log | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: kube-ovn-no-lb-ko-log | |
| path: kube-ovn-no-lb-ko-log.tar.gz | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| no-np-test: | |
| name: Disable Network Policy Test | |
| needs: build-kube-ovn | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| env: | |
| ENABLE_NP: "false" | |
| run: make kind-install | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| installation-compatibility-test: | |
| name: Installation Compatibility Test | |
| needs: build-kube-ovn | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH k8s_version=v1.23.13 make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: make kind-install | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| cilium-chaining-e2e: | |
| name: Cilium Chaining E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: azure/setup-helm@v4 | |
| with: | |
| version: '${{ env.HELM_VERSION }}' | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - name: Remove DNS search domain | |
| run: | | |
| sudo sed -i '/^search/d' /etc/resolv.conf | |
| sudo systemctl restart docker | |
| - uses: actions/setup-go@v5 | |
| id: setup-go | |
| with: | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN with Cilium chaining | |
| run: make kind-install-cilium-chaining | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_CILIUM_CHAINING: "true" | |
| run: make k8s-conformance-e2e | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| kube-ovn-security-e2e: | |
| name: Kube-OVN Security E2E | |
| needs: | |
| - build-kube-ovn | |
| - build-e2e-binaries | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ssl: | |
| - "true" | |
| - "false" | |
| bind-local: | |
| - "true" | |
| - "false" | |
| ip-family: | |
| - ipv4 | |
| - ipv6 | |
| - dual | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create the default branch directory | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| run: mkdir -p test/e2e/source | |
| - name: Check out the default branch | |
| if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 1 | |
| path: test/e2e/source | |
| - name: Export E2E directory | |
| run: | | |
| if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
| echo "E2E_DIR=." >> "$GITHUB_ENV" | |
| else | |
| echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
| fi | |
| - uses: actions/setup-go@v5 | |
| id: setup-go | |
| with: | |
| go-version-file: ${{ env.E2E_DIR }}/go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Export Go full version | |
| run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
| - name: Go cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
| restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Install ginkgo | |
| working-directory: ${{ env.E2E_DIR }} | |
| run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
| - name: Download image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Load image | |
| run: docker load --input kube-ovn.tar | |
| - name: Create kind cluster | |
| run: | | |
| sudo pip3 install j2cli | |
| sudo pip3 install "j2cli[yaml]" | |
| sudo PATH=~/.local/bin:$PATH make kind-init-ha-${{ matrix.ip-family }} | |
| sudo cp -r /root/.kube/ ~/.kube/ | |
| sudo chown -R $(id -un). ~/.kube/ | |
| - name: Install Kube-OVN | |
| run: | | |
| sudo ENABLE_SSL=${{ matrix.ssl }} ENABLE_BIND_LOCAL_IP=${{ matrix.bind-local }} \ | |
| make kind-install-${{ matrix.ip-family }} | |
| - name: Run E2E | |
| working-directory: ${{ env.E2E_DIR }} | |
| env: | |
| E2E_BRANCH: ${{ github.base_ref || github.ref_name }} | |
| E2E_IP_FAMILY: ${{ matrix.ip-family }} | |
| run: make kube-ovn-security-e2e | |
| - name: Cleanup | |
| run: sh dist/images/cleanup.sh | |
| push: | |
| name: Push Images | |
| needs: | |
| - k8s-conformance-e2e | |
| # - k8s-netpol-e2e | |
| - cyclonus-netpol-e2e | |
| - kube-ovn-conformance-e2e | |
| - kube-ovn-ic-conformance-e2e | |
| - ha-installation-test | |
| - underlay-logical-gateway-installation-test | |
| - chart-installation-test | |
| - installation-compatibility-test | |
| - no-ovn-lb-test | |
| - no-np-test | |
| - cilium-chaining-e2e | |
| - kube-ovn-security-e2e | |
| if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download kube-ovn image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn | |
| - name: Download vpc-nat-gateway image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: vpc-nat-gateway | |
| - name: Load Image | |
| run: | | |
| docker load --input kube-ovn.tar | |
| docker load --input vpc-nat-gateway.tar | |
| - name: Security Scan | |
| env: | |
| TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 | |
| run: | | |
| sudo apt-get install wget apt-transport-https gnupg lsb-release | |
| wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | |
| echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt-get update | |
| sudo apt-get install trivy | |
| make scan | |
| - name: Push | |
| if: github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, 'release-') | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| COMMIT: ${{ github.sha }} | |
| run: | | |
| cat VERSION | |
| TAG=$(cat VERSION) | |
| echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
| docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn-dev:$COMMIT-x86 | |
| docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn:$TAG-x86 | |
| docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway-dev:$COMMIT-x86 | |
| docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway:$TAG-x86 | |
| docker images | |
| docker push kubeovn/kube-ovn:$TAG-x86 | |
| docker push kubeovn/kube-ovn-dev:$COMMIT-x86 | |
| docker push kubeovn/vpc-nat-gateway:$TAG-x86 | |
| docker push kubeovn/vpc-nat-gateway-dev:$COMMIT-x86 |