update k8s deps #67

Workflow file for this run

	name: PR
	on:
	pull_request:
	push:

	jobs:
	pr-gotest:
	name: Run go tests
	runs-on: ubuntu-latest
	steps:
	- name: checkout
	uses: actions/checkout@v3
	- name: Ensure go version
	uses: actions/setup-go@v4
	with:
	go-version-file: 'go.mod'
	check-latest: true
	- name: run tests
	run: go test -json ./... > test.json
	- name: Annotate tests
	if: always()
	uses: guyarb/[email protected]
	with:
	test-results: test.json

	pr-shellcheck:
	name: Lint bash code with shellcheck
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: Run ShellCheck
	uses: bewuethr/shellcheck-action@v2

	pr-lint-code:
	name: Lint golang code
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: Ensure go version
	uses: actions/setup-go@v4
	with:
	go-version-file: 'go.mod'
	check-latest: true
	- name: Lint cmd folder
	uses: Jerome1337/[email protected]
	with:
	golint-path: './cmd/...'
	- name: Lint pkg folder
	uses: Jerome1337/[email protected]
	with:
	golint-path: './pkg/...'

	pr-check-docs-links:
	name: Check docs for incorrect links
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: Link Checker
	uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421
	env:
	GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
	with:
	args: --verbose --no-progress '.md' '.yaml' '//*.go' --exclude-link-local
	fail: true

	# This should not be made a mandatory test
	# It is only used to make us aware of any potential security failure, that
	# should trigger a bump of the image in build/.
	pr-vuln-scan:
	name: Build image and scan it against known vulnerabilities
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: Ensure go version
	uses: actions/setup-go@v4
	with:
	go-version-file: 'go.mod'
	check-latest: true
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	- name: Setup GoReleaser
	run: make bootstrap-tools
	- name: Find current tag version
	run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
	id: tags
	- name: Build image
	run: VERSION="${{ steps.tags.outputs.sha_short }}" make image
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@b43daad0c3c96202fc5800b511dfae8e6ecce864
	with:
	image-ref: 'ghcr.io/${{ github.repository }}:${{ steps.tags.outputs.sha_short }}'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

	# This ensures the latest code works with the manifests built from tree.
	# It is useful for two things:
	# - Test manifests changes (obviously), ensuring they don't break existing clusters
	# - Ensure manifests work with the latest versions even with no manifest change
	# (compared to helm charts, manifests cannot easily template changes based on versions)
	# Helm charts are _trailing_ releases, while manifests are done during development.
	e2e-manifests:
	name: End-to-End test with kured with code and manifests from HEAD
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	kubernetes:
	- "1.25"
	- "1.26"
	- "1.27"
	steps:
	- uses: actions/checkout@v3
	- name: Ensure go version
	uses: actions/setup-go@v4
	with:
	go-version-file: 'go.mod'
	check-latest: true
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	- name: Setup GoReleaser
	run: make bootstrap-tools
	- name: Find current tag version
	run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
	id: tags
	- name: Build artifacts
	run: \|
	VERSION="${{ steps.tags.outputs.sha_short }}" make image
	VERSION="${{ steps.tags.outputs.sha_short }}" make manifest

	- name: Workaround "Failed to attach 1 to compat systemd cgroup /actions_job/..." on gh actions
	run: \|
	sudo bash << EOF
	cp /etc/docker/daemon.json /etc/docker/daemon.json.old
	echo '{}' > /etc/docker/daemon.json
	systemctl restart docker \|\| journalctl --no-pager -n 500
	systemctl status docker
	EOF

	# Default name for helm/kind-action kind clusters is "chart-testing"
	- name: Create kind cluster with 5 nodes
	uses: helm/[email protected]
	with:
	config: .github/kind-cluster-${{ matrix.kubernetes }}.yaml
	version: v0.14.0

	- name: Preload previously built images onto kind cluster
	run: kind load docker-image ghcr.io/${{ github.repository }}:${{ steps.tags.outputs.sha_short }} --name chart-testing

	- name: Do not wait for an hour before detecting the rebootSentinel
	run: \|
	sed -i 's/#$.*$--period=1h/\1--period=30s/g' kured-ds.yaml

	- name: Install kured with kubectl
	run: \|
	kubectl apply -f kured-rbac.yaml && kubectl apply -f kured-ds.yaml

	- name: Ensure kured is ready
	uses: nick-invision/[email protected]
	with:
	timeout_minutes: 10
	max_attempts: 10
	retry_wait_seconds: 60
	# DESIRED CURRENT READY UP-TO-DATE AVAILABLE should all be = to cluster_size
	command: "kubectl get ds -n kube-system kured \| grep -E 'kured.5.5.5.5.*5'"

	- name: Create reboot sentinel files
	run: \|
	./tests/kind/create-reboot-sentinels.sh

	- name: Follow reboot until success
	env:
	DEBUG: true
	run: \|
	./tests/kind/follow-coordinated-reboot.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update k8s deps #67

Workflow file

update k8s deps #67

Jobs

Run details

Workflow file for this run