mirror of
https://github.com/status-im/consul.git
synced 2025-01-21 19:20:41 +00:00
40ca4ad6d0
* build: consolidate Envoy version management Simplify Envoy version management by consolidating all runtime, build, and CI sources of Envoy versions into a single plaintext file. The goal of this change is to avoid common mistakes missing an update of some Envoy versions (both in general and due to release branch inconsistency), and enable automated Envoy version updates in the future. * ci: add missing ref argument for get-go-version Supports nightly tests.
609 lines
26 KiB
YAML
609 lines
26 KiB
YAML
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
|
|
name: test-integrations
|
|
|
|
on:
|
|
pull_request:
|
|
branches-ignore:
|
|
- stable-website
|
|
- 'docs/**'
|
|
- 'ui/**'
|
|
- 'mktg-**' # Digital Team Terraform-generated branch prefix
|
|
- 'backport/docs/**'
|
|
- 'backport/ui/**'
|
|
- 'backport/mktg-**'
|
|
|
|
env:
|
|
TEST_RESULTS_DIR: /tmp/test-results
|
|
TEST_RESULTS_ARTIFACT_NAME: test-results
|
|
CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
|
|
GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
|
|
GOTESTSUM_VERSION: "1.11.0"
|
|
CONSUL_BINARY_UPLOAD_NAME: consul-bin
|
|
# strip the hashicorp/ off the front of github.repository for consul
|
|
CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }}
|
|
GOPRIVATE: github.com/hashicorp # Required for enterprise deps
|
|
SKIP_CHECK_BRANCH: ${{ github.head_ref || github.ref_name }}
|
|
|
|
concurrency:
|
|
group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}"
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
conditional-skip:
|
|
runs-on: ubuntu-latest
|
|
name: Get files changed and conditionally skip CI
|
|
outputs:
|
|
skip-ci: ${{ steps.read-files.outputs.skip-ci }}
|
|
steps:
|
|
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Get changed files
|
|
id: read-files
|
|
run: ./.github/scripts/check_skip_ci.sh
|
|
|
|
setup:
|
|
needs: [conditional-skip]
|
|
runs-on: ubuntu-latest
|
|
name: Setup
|
|
if: needs.conditional-skip.outputs.skip-ci != 'true'
|
|
outputs:
|
|
compute-small: ${{ steps.runners.outputs.compute-small }}
|
|
compute-medium: ${{ steps.runners.outputs.compute-medium }}
|
|
compute-large: ${{ steps.runners.outputs.compute-large }}
|
|
compute-xl: ${{ steps.runners.outputs.compute-xl }}
|
|
enterprise: ${{ steps.runners.outputs.enterprise }}
|
|
steps:
|
|
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
|
- id: runners
|
|
run: .github/scripts/get_runner_classes.sh
|
|
|
|
get-go-version:
|
|
uses: ./.github/workflows/reusable-get-go-version.yml
|
|
|
|
get-envoy-versions:
|
|
uses: ./.github/workflows/reusable-get-envoy-versions.yml
|
|
|
|
dev-build:
|
|
needs:
|
|
- setup
|
|
- get-go-version
|
|
uses: ./.github/workflows/reusable-dev-build.yml
|
|
with:
|
|
runs-on: ${{ needs.setup.outputs.compute-large }}
|
|
repository-name: ${{ github.repository }}
|
|
uploaded-binary-name: 'consul-bin'
|
|
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
|
secrets:
|
|
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
|
|
nomad-integration-test:
|
|
runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
|
|
needs:
|
|
- setup
|
|
- dev-build
|
|
permissions:
|
|
id-token: write # NOTE: this permission is explicitly required for Vault auth.
|
|
contents: read
|
|
strategy:
|
|
matrix:
|
|
nomad-version: ['v1.7.7', 'v1.6.10', 'v1.5.17']
|
|
steps:
|
|
- name: Checkout Nomad
|
|
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
|
with:
|
|
repository: hashicorp/nomad
|
|
ref: ${{ matrix.nomad-version }}
|
|
|
|
- name: Install Go
|
|
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
|
with:
|
|
# Do not explicitly set Go version here, as it should depend on what Nomad declares.
|
|
go-version-file: 'go.mod'
|
|
|
|
- name: Fetch Consul binary
|
|
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
|
with:
|
|
name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
|
|
path: ./bin
|
|
- name: Restore Consul permissions
|
|
run: |
|
|
chmod +x ./bin/consul
|
|
echo "$(pwd)/bin" >> $GITHUB_PATH
|
|
|
|
- name: Make Nomad dev build
|
|
run: |
|
|
make pkg/linux_amd64/nomad
|
|
echo "$(pwd)/pkg/linux_amd64" >> $GITHUB_PATH
|
|
|
|
- name: Run integration tests
|
|
run: |
|
|
go install gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} && \
|
|
gotestsum \
|
|
--format=github-actions \
|
|
--rerun-fails \
|
|
--rerun-fails-report=/tmp/gotestsum-rerun-fails \
|
|
--packages="./command/agent/consul" \
|
|
--junitfile $TEST_RESULTS_DIR/results.xml -- \
|
|
-run TestConsul
|
|
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Authenticate to Vault
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: vault-auth
|
|
run: vault-auth
|
|
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Fetch Secrets
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: secrets
|
|
uses: hashicorp/vault-action@v3
|
|
with:
|
|
url: ${{ steps.vault-auth.outputs.addr }}
|
|
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
|
|
token: ${{ steps.vault-auth.outputs.token }}
|
|
secrets: |
|
|
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
|
|
|
|
- name: prepare datadog-ci
|
|
if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }}
|
|
run: |
|
|
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
|
|
chmod +x /usr/local/bin/datadog-ci
|
|
|
|
- name: upload coverage
|
|
# do not run on forks
|
|
if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }}
|
|
env:
|
|
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
|
|
DD_ENV: ci
|
|
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
|
|
|
|
vault-integration-test:
|
|
runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
|
|
needs:
|
|
- setup
|
|
- get-go-version
|
|
- dev-build
|
|
permissions:
|
|
id-token: write # NOTE: this permission is explicitly required for Vault auth.
|
|
contents: read
|
|
strategy:
|
|
matrix:
|
|
vault-version: ["1.16.2", "1.15.6", "1.14.10"]
|
|
env:
|
|
VAULT_BINARY_VERSION: ${{ matrix.vault-version }}
|
|
steps:
|
|
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
|
|
|
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
|
|
- name: Setup Git
|
|
if: ${{ endsWith(github.repository, '-enterprise') }}
|
|
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
|
|
|
|
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
|
with:
|
|
# We use the current Consul Go version here since Vault is installed as a binary
|
|
# and tests are run from the Consul repo.
|
|
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
|
|
|
- name: Install Vault
|
|
run: |
|
|
wget -q -O /tmp/vault.zip "https://releases.hashicorp.com/vault/${{ env.VAULT_BINARY_VERSION }}/vault_${{ env.VAULT_BINARY_VERSION }}_linux_amd64.zip"
|
|
unzip -d /tmp /tmp/vault.zip
|
|
echo "/tmp" >> $GITHUB_PATH
|
|
|
|
- name: Run Connect CA Provider Tests
|
|
run: |
|
|
mkdir -p "${{ env.TEST_RESULTS_DIR }}"
|
|
go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
|
|
--format=github-actions \
|
|
--junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report.xml" \
|
|
-- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage.txt ./agent/connect/ca
|
|
# Run leader tests that require Vault
|
|
go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
|
|
--format=github-actions \
|
|
--junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-leader.xml" \
|
|
-- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage-leader.txt -run Vault ./agent/consul
|
|
# Run agent tests that require Vault
|
|
go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
|
|
--format=github-actions \
|
|
--junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-agent.xml" \
|
|
-- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage-agent.txt -run Vault ./agent
|
|
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Authenticate to Vault
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: vault-auth
|
|
run: vault-auth
|
|
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Fetch Secrets
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: secrets
|
|
uses: hashicorp/vault-action@v3
|
|
with:
|
|
url: ${{ steps.vault-auth.outputs.addr }}
|
|
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
|
|
token: ${{ steps.vault-auth.outputs.token }}
|
|
secrets: |
|
|
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
|
|
|
|
- name: prepare datadog-ci
|
|
if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }}
|
|
run: |
|
|
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
|
|
chmod +x /usr/local/bin/datadog-ci
|
|
|
|
- name: upload coverage
|
|
# do not run on forks
|
|
if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }}
|
|
env:
|
|
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
|
|
DD_ENV: ci
|
|
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" "${{ env.TEST_RESULTS_DIR }}/gotestsum-report.xml"
|
|
|
|
- name: upload leader coverage
|
|
# do not run on forks
|
|
if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }}
|
|
env:
|
|
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
|
|
DD_ENV: ci
|
|
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-leader.xml"
|
|
|
|
- name: upload agent coverage
|
|
# do not run on forks
|
|
if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }}
|
|
env:
|
|
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
|
|
DD_ENV: ci
|
|
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-agent.xml"
|
|
|
|
generate-envoy-job-matrices:
|
|
needs: [setup]
|
|
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
|
|
name: Generate Envoy Job Matrices
|
|
outputs:
|
|
envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }}
|
|
steps:
|
|
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
|
- name: Generate Envoy Job Matrix
|
|
id: set-matrix
|
|
env:
|
|
# TEST_SPLITS sets the number of test case splits to use in the matrix. This will be
|
|
# further multiplied in envoy-integration tests by the other dimensions in the matrix
|
|
# to determine the total number of runners used.
|
|
TEST_SPLITS: 4
|
|
JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
|
|
run: |
|
|
NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l)
|
|
|
|
if [ "$NUM_DIRS" -lt "$TEST_SPLITS" ]; then
|
|
echo "TEST_SPLITS is larger than the number of tests/packages to split."
|
|
TEST_SPLITS=$((NUM_DIRS-1))
|
|
fi
|
|
# fix issue where test splitting calculation generates 1 more split than TEST_SPLITS.
|
|
TEST_SPLITS=$((TEST_SPLITS-1))
|
|
{
|
|
echo -n "envoy-matrix="
|
|
find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \
|
|
| xargs -0 -n 1 basename \
|
|
| jq --raw-input --argjson runnercount "$TEST_SPLITS" "$JQ_SLICER" \
|
|
| jq --compact-output 'map(join("|"))'
|
|
} >> "$GITHUB_OUTPUT"
|
|
|
|
envoy-integration-test:
|
|
runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
|
|
needs:
|
|
- setup
|
|
- get-go-version
|
|
- get-envoy-versions
|
|
- generate-envoy-job-matrices
|
|
- dev-build
|
|
permissions:
|
|
id-token: write # NOTE: this permission is explicitly required for Vault auth.
|
|
contents: read
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
xds-target: ["server", "client"]
|
|
test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
|
|
env:
|
|
ENVOY_VERSION: ${{ needs.get-envoy-versions.outputs.max-envoy-version }}
|
|
XDS_TARGET: ${{ matrix.xds-target }}
|
|
AWS_LAMBDA_REGION: us-west-2
|
|
steps:
|
|
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
|
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
|
with:
|
|
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
|
|
|
- name: fetch binary
|
|
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
|
with:
|
|
name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
|
|
path: ./bin
|
|
- name: restore mode+x
|
|
run: chmod +x ./bin/consul
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
|
|
|
|
- name: Docker build
|
|
run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
|
|
|
|
- name: Envoy Integration Tests
|
|
env:
|
|
GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
|
|
GOTESTSUM_FORMAT: standard-verbose
|
|
COMPOSE_INTERACTIVE_NO_CLI: 1
|
|
LAMBDA_TESTS_ENABLED: "true"
|
|
# tput complains if this isn't set to something.
|
|
TERM: ansi
|
|
run: |
|
|
# shellcheck disable=SC2001
|
|
echo "Running $(sed 's,|, ,g' <<< "${{ matrix.test-cases }}" |wc -w) subtests"
|
|
# shellcheck disable=SC2001
|
|
sed 's,|,\n,g' <<< "${{ matrix.test-cases }}"
|
|
go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
|
|
--debug \
|
|
--rerun-fails \
|
|
--rerun-fails-report=/tmp/gotestsum-rerun-fails \
|
|
--jsonfile /tmp/jsonfile/go-test.log \
|
|
--packages=./test/integration/connect/envoy \
|
|
-- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
|
|
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Authenticate to Vault
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: vault-auth
|
|
run: vault-auth
|
|
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Fetch Secrets
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: secrets
|
|
uses: hashicorp/vault-action@v3
|
|
with:
|
|
url: ${{ steps.vault-auth.outputs.addr }}
|
|
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
|
|
token: ${{ steps.vault-auth.outputs.token }}
|
|
secrets: |
|
|
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
|
|
|
|
- name: prepare datadog-ci
|
|
if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }}
|
|
run: |
|
|
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
|
|
chmod +x /usr/local/bin/datadog-ci
|
|
|
|
- name: upload coverage
|
|
# do not run on forks
|
|
if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }}
|
|
env:
|
|
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
|
|
DD_ENV: ci
|
|
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
|
|
|
|
compatibility-integration-test:
|
|
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }} # NOTE: do not change without tuning the -p and -parallel flags in go test.
|
|
needs:
|
|
- setup
|
|
- get-go-version
|
|
- get-envoy-versions
|
|
- dev-build
|
|
permissions:
|
|
id-token: write # NOTE: this permission is explicitly required for Vault auth.
|
|
contents: read
|
|
env:
|
|
ENVOY_VERSION: ${{ needs.get-envoy-versions.outputs.max-envoy-version }}
|
|
CONSUL_DATAPLANE_IMAGE: "docker.io/hashicorppreview/consul-dataplane:1.5-dev-ubi"
|
|
steps:
|
|
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
|
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
|
|
- name: Setup Git
|
|
if: ${{ endsWith(github.repository, '-enterprise') }}
|
|
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
|
|
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
|
with:
|
|
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
|
- run: go env
|
|
- name: docker env
|
|
run: |
|
|
docker version
|
|
docker info
|
|
- name: fetch binary
|
|
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
|
with:
|
|
name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
|
|
path: .
|
|
- name: restore mode+x
|
|
run: chmod +x consul
|
|
# Build the consul:local image from the already built binary
|
|
- name: Build consul:local image
|
|
run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
|
|
- name: Build consul-envoy:target-version image
|
|
id: buildConsulEnvoyImage
|
|
continue-on-error: true
|
|
run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
|
|
- name: Retry Build consul-envoy:target-version image
|
|
if: steps.buildConsulEnvoyImage.outcome == 'failure'
|
|
run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
|
|
- name: Build consul-dataplane:local image
|
|
run: docker build -t consul-dataplane:local --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg CONSUL_DATAPLANE_IMAGE=${{ env.CONSUL_DATAPLANE_IMAGE }} -f ./test/integration/consul-container/assets/Dockerfile-consul-dataplane ./test/integration/consul-container/assets
|
|
- name: Configure GH workaround for ipv6 loopback
|
|
if: ${{ !endsWith(github.repository, '-enterprise') }}
|
|
run: |
|
|
cat /etc/hosts && echo "-----------"
|
|
sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts
|
|
cat /etc/hosts
|
|
- name: Compatibility Integration Tests
|
|
run: |
|
|
mkdir -p "/tmp/test-results"
|
|
cd ./test/integration/consul-container
|
|
docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version
|
|
go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
|
|
--raw-command \
|
|
--format=github-actions \
|
|
--rerun-fails \
|
|
-- \
|
|
go test \
|
|
-p=6 \
|
|
-parallel=4 \
|
|
-tags "${{ env.GOTAGS }}" \
|
|
-timeout=30m \
|
|
-json \
|
|
`go list -tags "${{ env.GOTAGS }}" ./... | grep -v upgrade | grep -v peering_commontopo` \
|
|
--target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
|
|
--target-version local \
|
|
--latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
|
|
--latest-version latest
|
|
ls -lrt
|
|
env:
|
|
# this is needed because of incompatibility between RYUK container and GHA
|
|
GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
|
|
GOTESTSUM_FORMAT: standard-verbose
|
|
COMPOSE_INTERACTIVE_NO_CLI: 1
|
|
# tput complains if this isn't set to something.
|
|
TERM: ansi
|
|
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Authenticate to Vault
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: vault-auth
|
|
run: vault-auth
|
|
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Fetch Secrets
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: secrets
|
|
uses: hashicorp/vault-action@v3
|
|
with:
|
|
url: ${{ steps.vault-auth.outputs.addr }}
|
|
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
|
|
token: ${{ steps.vault-auth.outputs.token }}
|
|
secrets: |
|
|
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
|
|
|
|
- name: prepare datadog-ci
|
|
if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }}
|
|
run: |
|
|
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
|
|
chmod +x /usr/local/bin/datadog-ci
|
|
|
|
- name: upload coverage
|
|
# do not run on forks
|
|
if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }}
|
|
env:
|
|
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
|
|
DD_ENV: ci
|
|
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
|
|
|
|
integration-test-with-deployer:
|
|
runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }}
|
|
needs:
|
|
- setup
|
|
- get-go-version
|
|
permissions:
|
|
id-token: write # NOTE: this permission is explicitly required for Vault auth.
|
|
contents: read
|
|
strategy:
|
|
fail-fast: false
|
|
env:
|
|
DEPLOYER_CONSUL_DATAPLANE_IMAGE: "docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.3-dev"
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
|
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
|
|
- name: Setup Git
|
|
if: ${{ endsWith(github.repository, '-enterprise') }}
|
|
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
|
|
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
|
with:
|
|
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
|
- run: go env
|
|
- name: Build image
|
|
run: make test-deployer-setup
|
|
- name: Integration Tests
|
|
run: |
|
|
mkdir -p "${{ env.TEST_RESULTS_DIR }}"
|
|
#export NOLOGBUFFER=1
|
|
cd ./test-integ
|
|
go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
|
|
--raw-command \
|
|
--format=github-actions \
|
|
-- \
|
|
go test \
|
|
-tags "${{ env.GOTAGS }}" \
|
|
-timeout=20m \
|
|
-parallel=2 \
|
|
-failfast \
|
|
-json \
|
|
`go list -tags "${{ env.GOTAGS }}" ./... | grep -v peering_commontopo | grep -v upgrade ` \
|
|
--target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
|
|
--target-version local \
|
|
--latest-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
|
|
--latest-version latest
|
|
env:
|
|
# this is needed because of incompatibility between RYUK container and GHA
|
|
GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
|
|
GOTESTSUM_FORMAT: standard-verbose
|
|
COMPOSE_INTERACTIVE_NO_CLI: 1
|
|
# tput complains if this isn't set to something.
|
|
TERM: ansi
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Authenticate to Vault
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: vault-auth
|
|
run: vault-auth
|
|
|
|
# NOTE: ENT specific step as we store secrets in Vault.
|
|
- name: Fetch Secrets
|
|
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
|
id: secrets
|
|
uses: hashicorp/vault-action@v3
|
|
with:
|
|
url: ${{ steps.vault-auth.outputs.addr }}
|
|
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
|
|
token: ${{ steps.vault-auth.outputs.token }}
|
|
secrets: |
|
|
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
|
|
|
|
- name: prepare datadog-ci
|
|
if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }}
|
|
run: |
|
|
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
|
|
chmod +x /usr/local/bin/datadog-ci
|
|
|
|
- name: upload coverage
|
|
# do not run on forks
|
|
if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }}
|
|
env:
|
|
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
|
|
DD_ENV: ci
|
|
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
|
|
|
|
test-integrations-success:
|
|
needs:
|
|
- conditional-skip
|
|
- setup
|
|
- dev-build
|
|
- nomad-integration-test
|
|
- vault-integration-test
|
|
- generate-envoy-job-matrices
|
|
- envoy-integration-test
|
|
- compatibility-integration-test
|
|
- integration-test-with-deployer
|
|
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
|
|
if: always() && needs.conditional-skip.outputs.skip-ci != 'true'
|
|
steps:
|
|
- name: evaluate upstream job results
|
|
run: |
|
|
# exit 1 if failure or cancelled result for any upstream job
|
|
if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then
|
|
printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
|
|
exit 1
|
|
fi
|