Update Zoom meeting link #4678

Workflow file for this run

.github/workflows/execute-tests-and-promote.yml at f853d23

	name: job-promote-to-passed

	"on":
	push:
	branches:
	- master
	- release/v*
	pull_request: {}
	workflow_dispatch:

	jobs:
	lint: ########################################################################
	runs-on: ubuntu-latest
	env:
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- shell: bash
	run: \|
	make lint-deps
	- shell: bash
	run: \|
	make lint
	- uses: ./.github/actions/after-job
	if: always()

	generate: ####################################################################
	runs-on: ubuntu-latest
	env:
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- name: "Git Login"
	run: \|
	if [[ -n '${{ secrets.GHA_SSH_KEY }}' ]]; then
	install -m700 -d ~/.ssh
	install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}'
	fi
	- name: "Docker Login"
	uses: docker/login-action@v2
	with:
	registry: ${{ (!startsWith(secrets.RELEASE_REGISTRY, 'docker.io/')) && secrets.RELEASE_REGISTRY \|\| null }}
	username: ${{ secrets.GH_DOCKER_RELEASE_USERNAME }}
	password: ${{ secrets.GH_DOCKER_RELEASE_TOKEN }}
	- name: "'make generate'"
	shell: bash
	run: \|
	make generate
	- name: "Update dependency information after dependabot change"
	uses: datawire/go-mkopensource/actions/[email protected]
	id: changed-by-dependabot
	with:
	branches_to_skip: master
	- name: "Abort if dependencies changed"
	if: steps.changed-by-dependabot.outputs.is_dirty == 'true'
	run: \|
	echo "Dependabot triggered a dependency update. Aborting workflow."
	exit 1
	- uses: ./.github/actions/git-dirty-check
	name: "Check Git not dirty from 'make generate'"
	- name: "'make generate' (again!)"
	shell: bash
	run: \|
	make generate
	- uses: ./.github/actions/git-dirty-check
	name: "Check Git not dirty from 'make generate' (again!)"
	- uses: ./.github/actions/after-job
	if: always()

	check-envoy-protos: ####################################################################
	runs-on: ubuntu-latest
	env:
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- name: "Git Login"
	run: \|
	if [[ -n '${{ secrets.GHA_SSH_KEY }}' ]]; then
	install -m700 -d ~/.ssh
	install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}'
	fi
	- name: "Docker Login"
	uses: docker/login-action@v2
	with:
	registry: ${{ (!startsWith(secrets.RELEASE_REGISTRY, 'docker.io/')) && secrets.RELEASE_REGISTRY \|\| null }}
	username: ${{ secrets.GH_DOCKER_RELEASE_USERNAME }}
	password: ${{ secrets.GH_DOCKER_RELEASE_TOKEN }}
	- name: "'make compile-envoy-protos'"
	shell: bash
	run: \|
	make compile-envoy-protos
	- name: "Check Git not dirty from 'make compile-envoy-protos'"
	uses: ./.github/actions/git-dirty-check
	- uses: ./.github/actions/after-job
	if: always()

	check-envoy-version: #########################################################
	runs-on: ubuntu-latest
	env:
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- name: "Git Login"
	run: \|
	if [[ -n '${{ secrets.GHA_SSH_KEY }}' ]]; then
	install -m700 -d ~/.ssh
	install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}'
	fi
	- name: "Docker Login"
	# This is important if ENVOY_DOCKER_REPO is a private repo.
	uses: docker/login-action@v2
	with:
	registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY \|\| null }}
	username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }}
	password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }}
	- run: make check-envoy-version
	- uses: ./.github/actions/after-job
	if: always()

	# Tests ######################################################################
	apiext-e2e:
	runs-on: ubuntu-latest
	env:
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	APIEXT_E2E: ""
	APIEXT_BUILD_ARCH: linux/amd64
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver-opts: \|
	network=host
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- name: Install k3d
	shell: bash
	run: \|
	curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh \| TAG=v5.6.0 bash
	k3d --version
	- name: go mod vendor
	shell: bash
	run: \|
	make vendor
	- name: run apiext-e2e tests
	shell: bash
	run: \|
	go test -p 1 -parallel 1 -v -tags=apiext ./test/apiext/... -timeout 15m
	check-gotest:
	runs-on: ubuntu-latest
	env:
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- name: "Docker Login"
	uses: docker/login-action@v2
	with:
	registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY \|\| null }}
	username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }}
	password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }}
	- name: make gotest
	shell: bash
	run: \|
	make gotest
	- uses: ./.github/actions/after-job
	if: always()
	check-pytest:
	runs-on: ubuntu-latest
	env:
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	# See pkg/kubeapply/resource_kubeapply.go
	DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }}
	DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }}
	DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }}
	strategy:
	fail-fast: false
	matrix:
	test:
	- integration-tests
	- kat-envoy3-tests-1-of-5
	- kat-envoy3-tests-2-of-5
	- kat-envoy3-tests-3-of-5
	- kat-envoy3-tests-4-of-5
	- kat-envoy3-tests-5-of-5
	name: pytest-${{ matrix.test }}
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- name: "Docker Login"
	uses: docker/login-action@v2
	with:
	registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY \|\| null }}
	username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }}
	password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }}
	- name: Create integration test cluster
	run: \|
	sudo sysctl -w fs.file-max=1600000
	sudo sysctl -w fs.inotify.max_user_instances=4096

	make ci/setup-k3d
	- name: Setup integration test environment
	run: \|
	export DEV_KUBE_NO_PVC=yes
	export KAT_REQ_LIMIT=900
	export DEV_KUBECONFIG=~/.kube/config
	export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }}
	make python-integration-test-environment
	- name: Run ${{ matrix.test }}
	run: \|
	export DEV_KUBE_NO_PVC=yes
	export KAT_REQ_LIMIT=900
	export DEV_KUBECONFIG=~/.kube/config
	export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }}
	make pytest-${{ matrix.test }}
	- uses: ./.github/actions/after-job
	if: always()
	with:
	jobname: check-pytest-${{ matrix.test }}
	check-pytest-unit:
	runs-on: ubuntu-latest
	env:
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	name: pytest-unit
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- name: "Docker Login"
	uses: docker/login-action@v2
	with:
	registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY \|\| null }}
	username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }}
	password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }}
	- name: Create Python virtual environment
	run: \|
	export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }}
	make python-virtual-environment
	- name: Run Python unit tests
	run: \|
	export PYTEST_ARGS=' --cov-branch --cov=ambassador --cov-report html:/tmp/cov_html '
	make pytest-unit-tests
	- uses: ./.github/actions/after-job
	if: always()
	check-chart:
	runs-on: ubuntu-latest
	env:
	DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }}
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	# See pkg/kubeapply/resource_kubeapply.go
	DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }}
	DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }}
	DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }}
	steps:
	- uses: docker/login-action@v2
	with:
	registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY \|\| null }}
	username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }}
	password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }}
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	ref: ${{ github.event.pull_request.head.sha }}
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- name: make test-chart
	run: \|
	make ci/setup-k3d
	export DEV_KUBECONFIG=~/.kube/config

	make test-chart
	- uses: ./.github/actions/after-job
	if: always()

	build: #######################################################################
	runs-on: ubuntu-latest
	env:
	DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }}
	# See docker/base-python.docker.gen
	BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }}
	outputs:
	image-tag: ${{ steps.build-image.outputs.image-tag }}
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	ref: ${{ github.event.pull_request.head.sha }}
	- name: Install Deps
	uses: ./.github/actions/setup-deps
	- name: "Docker Login"
	uses: docker/login-action@v2
	with:
	registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY \|\| null }}
	username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }}
	password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }}
	- name: "make push"
	shell: bash
	run: \|
	make push
	- name: "capture image tag"
	id: build-image
	shell: bash
	run: \|
	echo "image-tag=$(build-aux/version.sh)" >> $GITHUB_OUTPUT
	- name: "make push-dev"
	shell: bash
	run: \|
	make push-dev
	- uses: ./.github/actions/after-job
	if: always()

	######################################################################
	######################### CVE Scanning ###############################
	trivy-container-scan:
	runs-on: ubuntu-latest
	needs: [build]
	steps:
	# upload of results to github uses git so checkout of code is needed
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	ref: ${{ github.event.pull_request.head.sha }}
	- name: "Log image-tag"
	shell: bash
	run: echo ${{needs.build.outputs.image-tag}}
	- name: Scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "${{secrets.DEV_REGISTRY}}/emissary:${{needs.build.outputs.image-tag}}"
	format: "sarif"
	exit-code: 0 # only warn for now until we have backed it into our processes
	output: "trivy-results.sarif"
	ignore-unfixed: true
	vuln-type: "os,library"
	severity: "CRITICAL,HIGH"
	- name: Upload Scan to GitHub Security Tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: "trivy-results.sarif"

	##############################################################################
	pass:
	name: "job-promote-to-passed" # This is the job name that the branch protection looks for
	needs:
	- apiext-e2e
	- lint
	- build
	- generate
	- check-envoy-protos
	- check-envoy-version
	- check-gotest
	- check-pytest
	- check-pytest-unit
	- check-chart
	- trivy-container-scan
	runs-on: ubuntu-latest
	steps:
	- name: No-Op
	if: ${{ false }}
	run: "echo Pass"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Zoom meeting link #4678

Workflow file

Update Zoom meeting link #4678

Jobs

Run details

Workflow file for this run