fix(build): make buildtools update go dependency (#3782) #13459
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| paths-ignore: | |
| - ".claude/**" | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - ".claude/**" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: write | |
| jobs: | |
| output-vars: | |
| name: Output variables | |
| runs-on: ubuntu-latest | |
| outputs: | |
| git_sha: ${{ steps.git_sha.outputs.git_sha }} | |
| ec_version: ${{ steps.output_vars.outputs.ec_version }} | |
| helm_version: ${{ steps.output_vars.outputs.helm_version }} | |
| steps: | |
| - uses: actions/checkout@v7 | |
| with: | |
| fetch-depth: 0 # necessary for getting the last tag | |
| - uses: ./.github/actions/git-sha | |
| id: git_sha | |
| - name: Output variables | |
| id: output_vars | |
| run: | | |
| ec_version=$(git describe --tags --abbrev=4 --match='[0-9]*.[0-9]*.[0-9]*') | |
| k0s_minor_version=$(make print-K0S_MINOR_VERSION) | |
| EC_VERSION=$(./scripts/print-ec-version.sh "$ec_version" "$k0s_minor_version") | |
| echo "EC_VERSION=\"$EC_VERSION\"" | |
| echo "ec_version=$EC_VERSION" >> $GITHUB_OUTPUT | |
| # Pin the helm binary used by tests to the same version embedded-cluster ships | |
| # (versions.mk), instead of latest. | |
| helm_version=$(make print-HELM_VERSION) | |
| echo "helm_version=$helm_version" >> $GITHUB_OUTPUT | |
| sanitize: | |
| name: Sanitize | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - name: Go vet | |
| run: | | |
| make vet | |
| - name: Lint | |
| uses: golangci/golangci-lint-action@v9 | |
| with: | |
| args: --build-tags containers_image_openpgp,exclude_graphdriver_btrfs,exclude_graphdriver_devicemapper,exclude_graphdriver_overlay | |
| unit-tests: | |
| name: Unit tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - name: Unit tests | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| make unit-tests | |
| should-run-int-tests-kind: | |
| name: Should run integration tests (kind) | |
| runs-on: ubuntu-latest | |
| outputs: | |
| run: ${{ steps.changed-files.outputs.any_changed }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v47.0.6 | |
| with: | |
| files: | | |
| kinds/** | |
| pkg/** | |
| pkg-new/** | |
| tests/integration/** | |
| should-run-int-tests-preflights: | |
| name: Should run integration tests (preflights) | |
| runs-on: ubuntu-latest | |
| outputs: | |
| run: ${{ steps.changed-files.outputs.any_changed }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v47.0.6 | |
| with: | |
| files: | | |
| pkg-new/preflights/** | |
| int-tests: | |
| name: Integration tests | |
| runs-on: ubuntu-latest | |
| needs: | |
| - int-tests-kind | |
| - int-tests-kind-ha-registry | |
| - int-tests-kind-ha-registry-disable-hashi-raft | |
| if: ${{ !cancelled() }} | |
| steps: | |
| # https://docs.github.com/en/actions/learn-github-actions/contexts#needs-context | |
| - name: fail if int-tests-kind job was not successful | |
| if: needs.int-tests-kind.result != 'success' && needs.int-tests-kind.result != 'skipped' | |
| run: exit 1 | |
| - name: fail if int-tests-kind-ha-registry job was not successful | |
| if: needs.int-tests-kind-ha-registry.result != 'success' && needs.int-tests-kind-ha-registry.result != 'skipped' | |
| run: exit 1 | |
| - name: fail if int-tests-kind-ha-registry-disable-hashi-raft job was not successful | |
| if: needs.int-tests-kind-ha-registry-disable-hashi-raft.result != 'success' && needs.int-tests-kind-ha-registry-disable-hashi-raft.result != 'skipped' | |
| run: exit 1 | |
| - name: succeed if everything else passed | |
| run: echo "Integration tests succeeded" | |
| int-tests-kind: | |
| name: Integration tests (kind) | |
| runs-on: ubuntu-latest | |
| needs: | |
| - output-vars | |
| - should-run-int-tests-kind | |
| if: needs.should-run-int-tests-kind.outputs.run == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - name: Install kind | |
| uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc | |
| with: | |
| install_only: true | |
| - name: Setup Helm | |
| uses: azure/setup-helm@v5 | |
| with: | |
| version: ${{ needs.output-vars.outputs.helm_version }} | |
| - name: Run tests | |
| run: | | |
| export VERSION=${{ needs.output-vars.outputs.ec_version }} | |
| make -C tests/integration test-kind SHORT=true | |
| int-tests-preflights: | |
| name: Integration tests (preflights) | |
| runs-on: ubuntu-latest | |
| needs: | |
| - output-vars | |
| - should-run-int-tests-preflights | |
| if: needs.should-run-int-tests-preflights.outputs.run == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - name: Build preflight binary | |
| run: | | |
| make cmd/installer/goods/bins/kubectl-preflight | |
| - name: Run tests | |
| run: | | |
| CGO_ENABLED=0 PREFLIGHT_BINARY=`pwd`/cmd/installer/goods/bins/kubectl-preflight \ | |
| go test -tags osusergo,netgo -v ./pkg-new/preflights/integration/... | |
| int-tests-kind-ha-registry: | |
| name: Integration tests (kind) HA registry | |
| runs-on: ubuntu-latest | |
| needs: | |
| - output-vars | |
| - should-run-int-tests-kind | |
| if: needs.should-run-int-tests-kind.outputs.run == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - name: Free up runner disk space # this is much faster than .github/actions/free-disk-space | |
| run: &free-disk-space | | |
| df -h | |
| sudo rm -rf \ | |
| /usr/share/swift \ | |
| /usr/share/dotnet \ | |
| /usr/lib/jvm \ | |
| /usr/local/share/boost \ | |
| /usr/local/lib/heroku \ | |
| /usr/local/julia* \ | |
| /usr/local/.ghcup \ | |
| /usr/local/share/powershell \ | |
| /usr/local/bin/aliyun \ | |
| /usr/local/bin/azcopy \ | |
| /usr/local/bin/bicep \ | |
| /usr/local/bin/cpack \ | |
| /usr/local/bin/hub \ | |
| /usr/local/bin/minikube \ | |
| /usr/local/bin/packer \ | |
| /usr/local/bin/pulumi* \ | |
| /usr/local/bin/sam \ | |
| /usr/local/bin/stack \ | |
| /usr/local/bin/terraform \ | |
| /usr/local/bin/oc | |
| df -h | |
| - name: Install kind | |
| uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc | |
| with: | |
| install_only: true | |
| - name: Setup Helm | |
| uses: azure/setup-helm@v5 | |
| with: | |
| version: ${{ needs.output-vars.outputs.helm_version }} | |
| - name: Run tests | |
| run: | | |
| export VERSION=${{ needs.output-vars.outputs.ec_version }} | |
| make -C tests/integration/kind test-registry RUN=TestRegistry_EnableHAAirgap | |
| int-tests-kind-ha-registry-disable-hashi-raft: | |
| name: Integration tests (kind) HA registry migrate seaweed raft | |
| runs-on: ubuntu-latest | |
| needs: | |
| - output-vars | |
| - should-run-int-tests-kind | |
| if: needs.should-run-int-tests-kind.outputs.run == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - name: Free up runner disk space | |
| run: *free-disk-space | |
| - name: Install kind | |
| uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc | |
| with: | |
| install_only: true | |
| - name: Setup Helm | |
| uses: azure/setup-helm@v5 | |
| with: | |
| version: ${{ needs.output-vars.outputs.helm_version }} | |
| - name: Run tests | |
| run: | | |
| export VERSION=${{ needs.output-vars.outputs.ec_version }} | |
| make -C tests/integration/kind test-registry RUN=TestRegistry_DisableHashiRaft | |
| dryrun-tests: | |
| name: Dryrun tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Free up runner disk space | |
| run: *free-disk-space | |
| - name: Go cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ./dev/build/.gocache | |
| ./dev/build/.gomodcache | |
| key: dryrun-tests-go-cache-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| dryrun-tests-go-cache- | |
| - name: Run tests | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| make dryrun-tests | |
| check-operator-crds: | |
| name: Check operator CRDs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - name: Make manifests | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: make -C operator manifests | |
| - name: Check CRDs | |
| run: | | |
| git diff --exit-code --name-only | |
| if [ $? -eq 0 ]; then | |
| echo "CRDs are up to date" | |
| else | |
| echo "CRDs are out of date" | |
| exit 1 | |
| fi | |
| buildtools: | |
| name: Build buildtools | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Build across the current and previous supported k0s minors so a | |
| # K0S_MINOR_VERSION/go.mod-pin mismatch (e.g. the k0s_legacy_airgap | |
| # build tag selecting a code path the pinned k0s module can't compile) | |
| # fails the PR instead of only surfacing in a release build. | |
| n: [0, 1, 2, 3] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - name: Export k0s minor version | |
| run: | | |
| k0s_minor_version=$(make print-K0S_MINOR_VERSION) | |
| export K0S_MINOR_VERSION=$(($k0s_minor_version - ${{ matrix.n }})) | |
| echo "K0S_MINOR_VERSION=\"$K0S_MINOR_VERSION\"" | |
| echo "K0S_MINOR_VERSION=$K0S_MINOR_VERSION" >> "$GITHUB_ENV" | |
| - name: Compile buildtools | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| make buildtools | |
| - name: Upload buildtools artifact | |
| if: ${{ matrix.n == 0 }} | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: buildtools | |
| path: output/bin/buildtools | |
| - name: Upload buildtools artifact previous k0s | |
| if: ${{ matrix.n != 0 }} | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: buildtools-previous-k0s-${{ matrix.n }} | |
| path: output/bin/buildtools | |
| should-run-e2e: | |
| name: Should run e2e | |
| runs-on: ubuntu-latest | |
| outputs: | |
| run: ${{ steps.changed-files.outputs.any_changed }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v47.0.6 | |
| with: | |
| files: | | |
| e2e/** | |
| !e2e/kots-release-install-v3/** | |
| api/*.go | |
| api/types/** | |
| api/pkg/** | |
| !api/pkg/template/** | |
| cmd/** | |
| !cmd/installer/cli/headless/** | |
| kinds/** | |
| operator/** | |
| pkg/** | |
| pkg-new/** | |
| utils/** | |
| go.{mod,sum} | |
| Makefile | |
| common.mk | |
| versions.mk | |
| dagger/** | |
| deploy/** | |
| fio/** | |
| local-artifact-mirror/** | |
| scripts/** | |
| !**/*_test.go | |
| !**/integration/** | |
| build-install: | |
| name: Build current | |
| runs-on: ubuntu-latest | |
| needs: | |
| - output-vars | |
| - should-run-e2e | |
| if: needs.should-run-e2e.outputs.run == 'true' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| n: [0, 1, 2, 3] | |
| outputs: | |
| k0s_version: ${{ steps.export.outputs.k0s_version_0 }} | |
| k0s_version_1: ${{ steps.export.outputs.k0s_version_1 }} | |
| k0s_version_2: ${{ steps.export.outputs.k0s_version_2 }} | |
| k0s_version_3: ${{ steps.export.outputs.k0s_version_3 }} | |
| ec_version: ${{ steps.export.outputs.ec_version_0 }} | |
| ec_version_1: ${{ steps.export.outputs.ec_version_1 }} | |
| ec_version_2: ${{ steps.export.outputs.ec_version_2 }} | |
| ec_version_3: ${{ steps.export.outputs.ec_version_3 }} | |
| app_version: ${{ steps.export.outputs.app_version_0 }} | |
| app_version_1: ${{ steps.export.outputs.app_version_1 }} | |
| app_version_2: ${{ steps.export.outputs.app_version_2 }} | |
| app_version_3: ${{ steps.export.outputs.app_version_3 }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Free up runner disk space | |
| run: *free-disk-space | |
| - name: Cache embedded bins | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| output/bins | |
| key: bins-cache-${{ hashFiles('Makefile', 'versions.mk') }} | |
| restore-keys: | | |
| bins-cache- | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - uses: oras-project/setup-oras@v2 | |
| - uses: imjasonh/setup-crane@v0.6 | |
| - name: Install dagger | |
| run: | | |
| curl -fsSL https://dl.dagger.io/dagger/install.sh | sh | |
| sudo mv ./bin/dagger /usr/local/bin/dagger | |
| - name: Export versions | |
| run: | | |
| version_suffix= | |
| if [ ${{ matrix.n }} -gt 0 ]; then | |
| version_suffix="-previous-k0s-${{ matrix.n }}" | |
| fi | |
| k0s_minor_version=$(make print-K0S_MINOR_VERSION) | |
| export K0S_MINOR_VERSION=$(($k0s_minor_version - ${{ matrix.n }})) | |
| echo "K0S_MINOR_VERSION=\"$K0S_MINOR_VERSION\"" | |
| echo "K0S_MINOR_VERSION=$K0S_MINOR_VERSION" >> $GITHUB_ENV | |
| ec_version=$(./scripts/print-ec-version.sh "${{ needs.output-vars.outputs.ec_version }}" "$K0S_MINOR_VERSION") | |
| export EC_VERSION=${ec_version}${version_suffix} | |
| echo "EC_VERSION=\"$EC_VERSION\"" | |
| echo "EC_VERSION=$EC_VERSION" >> "$GITHUB_ENV" | |
| export APP_VERSION=appver-dev-${{ needs.output-vars.outputs.git_sha }}${version_suffix} | |
| echo "APP_VERSION=\"$APP_VERSION\"" | |
| echo "APP_VERSION=$APP_VERSION" >> "$GITHUB_ENV" | |
| - name: Build | |
| env: | |
| APP_CHANNEL: CI | |
| APP_CHANNEL_ID: 2cHXb1RCttzpR0xvnNWyaZCgDBP | |
| APP_CHANNEL_SLUG: ci | |
| RELEASE_YAML_DIR: e2e/kots-release-install | |
| S3_BUCKET: tf-staging-embedded-cluster-bin | |
| AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_EMBEDDED_CLUSTER_UPLOAD_IAM_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_EMBEDDED_CLUSTER_UPLOAD_IAM_SECRET }} | |
| AWS_REGION: "us-east-1" | |
| USE_CHAINGUARD: "1" | |
| UPLOAD_BINARIES: "1" | |
| SKIP_RELEASE: "1" | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| ./scripts/build-and-release.sh | |
| version_suffix= | |
| if [ ${{ matrix.n }} -gt 0 ]; then | |
| version_suffix="-previous-k0s-${{ matrix.n }}" | |
| fi | |
| if [ -n "$version_suffix" ]; then | |
| cp output/bin/embedded-cluster-original output/bin/embedded-cluster${version_suffix} | |
| fi | |
| - name: Upload release | |
| uses: actions/upload-artifact@v7 | |
| if: ${{ matrix.n == 0 }} | |
| with: | |
| name: current-release | |
| path: | | |
| output/bin/embedded-cluster | |
| output/bin/embedded-cluster-original | |
| output/bin/embedded-cluster-release-builder | |
| - name: Upload release previous k0s | |
| uses: actions/upload-artifact@v7 | |
| if: ${{ matrix.n != 0 }} | |
| with: | |
| name: previous-k0s-${{ matrix.n }}-release | |
| path: | | |
| output/bin/embedded-cluster-previous-k0s-${{ matrix.n }} | |
| - name: Export k0s version | |
| id: export | |
| run: | | |
| K0S_VERSION="$(make print-K0S_VERSION)" | |
| echo "K0S_VERSION=\"$K0S_VERSION\"" | |
| echo "k0s_version_${{ matrix.n }}=$K0S_VERSION" >> "$GITHUB_OUTPUT" | |
| echo "EC_VERSION=\"$EC_VERSION\"" | |
| echo "ec_version_${{ matrix.n }}=$EC_VERSION" >> "$GITHUB_OUTPUT" | |
| echo "APP_VERSION=\"$APP_VERSION\"" | |
| echo "app_version_${{ matrix.n }}=$APP_VERSION" >> "$GITHUB_OUTPUT" | |
| find-previous-stable: | |
| name: Determine previous stable version | |
| runs-on: ubuntu-latest | |
| needs: | |
| - output-vars | |
| - should-run-e2e | |
| if: needs.should-run-e2e.outputs.run == 'true' | |
| outputs: | |
| ec_version: ${{ steps.export.outputs.ec_version }} | |
| k0s_version: ${{ steps.export.outputs.k0s_version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Export k0s version | |
| id: export | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| previous_release_gap="5" # How many versions behind of EC we want to use | |
| k0s_minor_version=$(make print-K0S_MINOR_VERSION) | |
| previous_k0s_minor_version=$(($k0s_minor_version - 1)) | |
| k0s_majmin_version="1.${previous_k0s_minor_version}" | |
| # Pick the release `previous_release_gap` versions back, falling back to the | |
| # oldest available when the previous minor has fewer releases than that (e.g. | |
| # right after a new minor is added). | |
| EC_VERSION="$(gh release list --repo replicatedhq/embedded-cluster \ | |
| --exclude-drafts --exclude-pre-releases --json name --order desc \ | |
| --jq "[.[] | select(.name | contains(\"k8s-${k0s_majmin_version}\"))] | (.[${previous_release_gap}] // .[-1]) | .name")" | |
| gh release download "$EC_VERSION" --repo replicatedhq/embedded-cluster --pattern 'metadata.json' | |
| K0S_VERSION="$(jq -r '.Versions.Kubernetes' metadata.json)" | |
| echo "EC_VERSION=\"$EC_VERSION\"" | |
| echo "K0S_VERSION=\"$K0S_VERSION\"" | |
| echo "ec_version=$EC_VERSION" >> "$GITHUB_OUTPUT" | |
| echo "k0s_version=$K0S_VERSION" >> "$GITHUB_OUTPUT" | |
| build-upgrade: | |
| name: Build upgrade | |
| runs-on: ubuntu-latest | |
| needs: | |
| - output-vars | |
| - should-run-e2e | |
| if: needs.should-run-e2e.outputs.run == 'true' | |
| outputs: | |
| k0s_version: ${{ steps.export.outputs.k0s_version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Free up runner disk space | |
| run: *free-disk-space | |
| - name: Cache embedded bins | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| output/bins | |
| key: bins-cache-${{ hashFiles('Makefile', 'versions.mk') }} | |
| restore-keys: | | |
| bins-cache- | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - uses: oras-project/setup-oras@v2 | |
| - uses: imjasonh/setup-crane@v0.6 | |
| - name: Install dagger | |
| run: | | |
| curl -fsSL https://dl.dagger.io/dagger/install.sh | sh | |
| sudo mv ./bin/dagger /usr/local/bin/dagger | |
| - name: Build | |
| env: | |
| APP_CHANNEL: CI | |
| APP_CHANNEL_ID: 2cHXb1RCttzpR0xvnNWyaZCgDBP | |
| APP_CHANNEL_SLUG: ci | |
| RELEASE_YAML_DIR: e2e/kots-release-upgrade | |
| S3_BUCKET: tf-staging-embedded-cluster-bin | |
| AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_EMBEDDED_CLUSTER_UPLOAD_IAM_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_EMBEDDED_CLUSTER_UPLOAD_IAM_SECRET }} | |
| AWS_REGION: "us-east-1" | |
| USE_CHAINGUARD: "1" | |
| UPLOAD_BINARIES: "1" | |
| SKIP_RELEASE: "1" | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| export K0S_VERSION=$(make print-K0S_VERSION) | |
| export EC_VERSION=${{ needs.output-vars.outputs.ec_version }}-upgrade | |
| export APP_VERSION=appver-dev-${{ needs.output-vars.outputs.git_sha }}-upgrade | |
| ./scripts/build-and-release.sh | |
| cp output/bin/embedded-cluster output/bin/embedded-cluster-upgrade | |
| - name: Upload release | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: upgrade-release | |
| path: | | |
| output/bin/embedded-cluster-upgrade | |
| - name: Export k0s version | |
| id: export | |
| run: | | |
| K0S_VERSION="$(make print-K0S_VERSION)" | |
| echo "K0S_VERSION=\"$K0S_VERSION\"" | |
| echo "k0s_version=$K0S_VERSION" >> "$GITHUB_OUTPUT" | |
| check-images: | |
| name: Check images | |
| runs-on: ubuntu-latest | |
| needs: | |
| - buildtools | |
| - build-install | |
| strategy: | |
| fail-fast: false | |
| # Validate images for every k0s minor we build, pairing each minor's | |
| # buildtools with the embedded-cluster binary built for the same minor. | |
| # n==0 is the current minor (current-release/embedded-cluster-original); | |
| # n>0 are the previous-k0s builds. | |
| matrix: | |
| include: | |
| - n: 0 | |
| buildtools-artifact: buildtools | |
| release-artifact: current-release | |
| ec-binary: embedded-cluster-original | |
| - n: 1 | |
| buildtools-artifact: buildtools-previous-k0s-1 | |
| release-artifact: previous-k0s-1-release | |
| ec-binary: embedded-cluster-previous-k0s-1 | |
| - n: 2 | |
| buildtools-artifact: buildtools-previous-k0s-2 | |
| release-artifact: previous-k0s-2-release | |
| ec-binary: embedded-cluster-previous-k0s-2 | |
| - n: 3 | |
| buildtools-artifact: buildtools-previous-k0s-3 | |
| release-artifact: previous-k0s-3-release | |
| ec-binary: embedded-cluster-previous-k0s-3 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Download buildtools artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: ${{ matrix.buildtools-artifact }} | |
| path: output/bin | |
| - name: Download embedded-cluster artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: ${{ matrix.release-artifact }} | |
| path: output/bin | |
| - name: Check for missing images | |
| run: | | |
| chmod +x ./output/bin/buildtools | |
| chmod +x ./output/bin/${{ matrix.ec-binary }} | |
| ./output/bin/${{ matrix.ec-binary }} version metadata > version-metadata.json | |
| ./output/bin/${{ matrix.ec-binary }} version list-images > expected.txt | |
| printf "Expected images:\n$(cat expected.txt)\n" | |
| ./output/bin/buildtools metadata extract-helm-chart-images --metadata-path version-metadata.json > images.txt | |
| printf "Found images:\n$(cat images.txt)\n" | |
| missing_images=0 | |
| while read img; do | |
| grep -q "$img" expected.txt || { echo "Missing image: $img" && missing_images=$((missing_images+1)) ; } | |
| done <images.txt | |
| if [ $missing_images -gt 0 ]; then | |
| echo "Found $missing_images missing images" | |
| exit 1 | |
| fi | |
| export-version-specifier: | |
| name: Export version specifier | |
| runs-on: ubuntu-latest | |
| needs: | |
| - output-vars | |
| - should-run-e2e | |
| if: needs.should-run-e2e.outputs.run == 'true' | |
| outputs: | |
| version_specifier: ${{ steps.export-version-specifier.outputs.version_specifier }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Export version specifier | |
| id: export-version-specifier | |
| run: | | |
| export SHORT_SHA=dev-${{ needs.output-vars.outputs.git_sha }} | |
| echo "version_specifier=$SHORT_SHA" >> "$GITHUB_OUTPUT" | |
| release-app: | |
| name: Create app releases | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| needs: | |
| - output-vars | |
| - build-install | |
| - build-upgrade | |
| - find-previous-stable | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Install replicated CLI | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release download --repo replicatedhq/replicated --pattern '*linux_amd64.tar.gz' --output replicated.tar.gz | |
| tar xf replicated.tar.gz replicated && rm replicated.tar.gz | |
| mv replicated /usr/local/bin/replicated | |
| - name: Create CI releases | |
| env: | |
| REPLICATED_APP: "embedded-cluster-smoke-test-staging-app" | |
| REPLICATED_API_TOKEN: ${{ secrets.STAGING_REPLICATED_API_TOKEN }} | |
| REPLICATED_API_ORIGIN: "https://api.staging.replicated.com/vendor" | |
| APP_CHANNEL: CI | |
| S3_BUCKET: tf-staging-embedded-cluster-bin | |
| run: | | |
| export SHORT_SHA=dev-${{ needs.output-vars.outputs.git_sha }} | |
| # promote a release containing a previous stable version of embedded-cluster to test upgrades | |
| export EC_VERSION="${{ needs.find-previous-stable.outputs.ec_version }}" | |
| export APP_VERSION="appver-${SHORT_SHA}-previous-stable" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install-stable | |
| ./scripts/ci-release-app.sh | |
| # for multi-step upgrade test | |
| export EC_VERSION="${{ needs.build-install.outputs.ec_version_3 }}" | |
| export APP_VERSION="${{ needs.build-install.outputs.app_version_3 }}" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # for multi-step upgrade test | |
| export EC_VERSION="${{ needs.build-install.outputs.ec_version_2 }}" | |
| export APP_VERSION="${{ needs.build-install.outputs.app_version_2 }}" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # install the previous k0s version to ensure an upgrade occurs | |
| export EC_VERSION="${{ needs.build-install.outputs.ec_version_1 }}" | |
| export APP_VERSION="${{ needs.build-install.outputs.app_version_1 }}" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # then install the current k0s version | |
| export EC_VERSION="${{ needs.output-vars.outputs.ec_version }}" | |
| export APP_VERSION="appver-${SHORT_SHA}" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # promote a release with improved dr support | |
| export EC_VERSION="${{ needs.output-vars.outputs.ec_version }}" | |
| export APP_VERSION="appver-${SHORT_SHA}-legacydr" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install-legacydr | |
| ./scripts/ci-release-app.sh | |
| # then a noop upgrade | |
| export EC_VERSION="${{ needs.output-vars.outputs.ec_version }}" | |
| export APP_VERSION="appver-${SHORT_SHA}-noop" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # and finally an app upgrade | |
| export EC_VERSION="${{ needs.output-vars.outputs.ec_version }}-upgrade" | |
| export APP_VERSION="appver-${SHORT_SHA}-upgrade" | |
| export RELEASE_YAML_DIR=e2e/kots-release-upgrade | |
| ./scripts/ci-release-app.sh | |
| - name: Create airgap releases | |
| env: | |
| REPLICATED_APP: "embedded-cluster-smoke-test-staging-app" | |
| REPLICATED_API_TOKEN: ${{ secrets.STAGING_REPLICATED_API_TOKEN }} | |
| REPLICATED_API_ORIGIN: "https://api.staging.replicated.com/vendor" | |
| APP_CHANNEL: CI-airgap | |
| S3_BUCKET: tf-staging-embedded-cluster-bin | |
| run: | | |
| export SHORT_SHA=dev-${{ needs.output-vars.outputs.git_sha }} | |
| # promote a release containing the previous stable version of embedded-cluster to test upgrades | |
| export EC_VERSION="${{ needs.find-previous-stable.outputs.ec_version }}" | |
| export APP_VERSION="appver-${SHORT_SHA}-previous-stable" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install-stable | |
| ./scripts/ci-release-app.sh | |
| # for multi-step upgrade test | |
| export EC_VERSION="${{ needs.build-install.outputs.ec_version_3 }}" | |
| export APP_VERSION="${{ needs.build-install.outputs.app_version_3 }}" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # for multi-step upgrade test | |
| export EC_VERSION="${{ needs.build-install.outputs.ec_version_2 }}" | |
| export APP_VERSION="${{ needs.build-install.outputs.app_version_2 }}" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # install the previous k0s version to ensure an upgrade occurs | |
| export EC_VERSION="${{ needs.build-install.outputs.ec_version_1 }}" | |
| export APP_VERSION="${{ needs.build-install.outputs.app_version_1 }}" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # then install the current k0s version | |
| export EC_VERSION="${{ needs.output-vars.outputs.ec_version }}" | |
| export APP_VERSION="appver-${SHORT_SHA}" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # then a noop upgrade | |
| export EC_VERSION="${{ needs.output-vars.outputs.ec_version }}" | |
| export APP_VERSION="appver-${SHORT_SHA}-noop" | |
| export RELEASE_YAML_DIR=e2e/kots-release-install | |
| ./scripts/ci-release-app.sh | |
| # and finally an app upgrade | |
| export EC_VERSION="${{ needs.output-vars.outputs.ec_version }}-upgrade" | |
| export APP_VERSION="appver-${SHORT_SHA}-upgrade" | |
| export RELEASE_YAML_DIR=e2e/kots-release-upgrade | |
| ./scripts/ci-release-app.sh | |
| - name: Create download link message text | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| export SHORT_SHA=dev-${{ needs.output-vars.outputs.git_sha }} | |
| export EC_VERSION="${{ needs.output-vars.outputs.ec_version }}" | |
| export APP_VERSION="appver-${SHORT_SHA}" | |
| echo "This PR has been released (on staging) and is available for download with a embedded-cluster-smoke-test-staging-app [license ID](https://vendor.staging.replicated.com/apps/embedded-cluster-smoke-test-staging-app/customers?sort=name-asc)." > download-link.txt | |
| echo "" >> download-link.txt | |
| echo "Online Installer:" >> download-link.txt | |
| echo "\`\`\`" >> download-link.txt | |
| echo "curl \"https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci/${APP_VERSION}\" -H \"Authorization: \$EC_SMOKE_TEST_LICENSE_ID\" -o embedded-cluster-smoke-test-staging-app-ci.tgz" >> download-link.txt | |
| echo "\`\`\`" >> download-link.txt | |
| echo "Airgap Installer (may take a few minutes before the airgap bundle is built):" >> download-link.txt | |
| echo "\`\`\`" >> download-link.txt | |
| echo "curl \"https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci-airgap/${APP_VERSION}?airgap=true\" -H \"Authorization: \$EC_SMOKE_TEST_LICENSE_ID\" -o embedded-cluster-smoke-test-staging-app-ci.tgz" >> download-link.txt | |
| echo "\`\`\`" >> download-link.txt | |
| echo "Happy debugging!" >> download-link.txt | |
| cat download-link.txt | |
| - name: Comment download link | |
| if: github.event_name == 'pull_request' | |
| uses: mshick/add-pr-comment@v3 | |
| with: | |
| message-path: download-link.txt | |
| # e2e-docker runs the e2e tests inside a docker container rather than a full VM | |
| e2e-docker: | |
| name: E2E docker # this name is used by .github/workflows/automated-prs-manager.yaml | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - output-vars | |
| - build-install | |
| - build-upgrade | |
| - find-previous-stable | |
| - release-app | |
| - export-version-specifier | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test: | |
| - TestPreflights | |
| - TestPreflightsNoexec | |
| - TestSingleNodeInstallation | |
| - TestSingleNodeUpgradePreviousStable | |
| - TestUpgradeFromReplicatedAppPreviousK0s | |
| - TestMultiNodeInstallation | |
| - TestSingleNodeDisasterRecovery | |
| - TestSingleNodeLegacyDisasterRecovery | |
| - TestSingleNodeResumeDisasterRecovery | |
| - TestMultiNodeHADisasterRecovery | |
| - TestSingleNodeInstallationNoopUpgrade | |
| - TestCollectSupportBundle | |
| - TestHostCollectSupportBundleInCluster | |
| - TestInstallWithConfigValues | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Download binary | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: current-release | |
| path: output/bin | |
| - name: Setup go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: "**/*.sum" | |
| - name: Login to DockerHub to avoid rate limiting | |
| uses: docker/login-action@v4 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Free up runner disk space | |
| uses: ./.github/actions/free-disk-space | |
| - name: Enable required kernel modules | |
| run: | | |
| sudo modprobe overlay | |
| sudo modprobe ip_tables | |
| sudo modprobe br_netfilter | |
| sudo modprobe nf_conntrack | |
| - name: Run test | |
| env: | |
| SHORT_SHA: dev-${{ needs.output-vars.outputs.git_sha }} | |
| DR_S3_ENDPOINT: https://s3.amazonaws.com | |
| DR_S3_REGION: us-east-1 | |
| DR_S3_BUCKET: embedded-cluster-e2e-snapshots | |
| DR_S3_PREFIX: ${{ matrix.test }}-${{ github.run_id }}-${{ github.run_attempt }} | |
| DR_S3_PREFIX_AIRGAP: ${{ matrix.test }}-${{ github.run_id }}-${{ github.run_attempt }}-airgap | |
| DR_ACCESS_KEY_ID: ${{ secrets.TESTIM_AWS_ACCESS_KEY_ID }} | |
| DR_SECRET_ACCESS_KEY: ${{ secrets.TESTIM_AWS_SECRET_ACCESS_KEY }} | |
| EXPECT_K0S_VERSION: ${{ needs.build-install.outputs.k0s_version }} | |
| EXPECT_K0S_VERSION_PREVIOUS_1: ${{ needs.build-install.outputs.k0s_version_1 }} | |
| EXPECT_K0S_VERSION_PREVIOUS_2: ${{ needs.build-install.outputs.k0s_version_2 }} | |
| EXPECT_K0S_VERSION_PREVIOUS_3: ${{ needs.build-install.outputs.k0s_version_3 }} | |
| EXPECT_K0S_VERSION_PREVIOUS_STABLE: ${{ needs.find-previous-stable.outputs.k0s_version }} | |
| run: | | |
| make e2e-test TEST_NAME=${{ matrix.test }} | |
| - name: Troubleshoot | |
| if: ${{ !cancelled() }} | |
| uses: ./.github/actions/e2e-troubleshoot | |
| with: | |
| test-name: "${{ matrix.test }}" | |
| e2e: | |
| name: E2E # this name is used by .github/workflows/automated-prs-manager.yaml | |
| runs-on: ${{ matrix.runner || 'ubuntu-22.04' }} | |
| continue-on-error: ${{ matrix.continue-on-error || false }} | |
| needs: | |
| - build-install | |
| - build-upgrade | |
| - find-previous-stable | |
| - release-app | |
| - export-version-specifier | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test: | |
| - TestSingleNodeAirgapAppOnlyUpgrade | |
| - TestSingleNodeAirgapUpgradeSelinux | |
| - TestMultiNodeAirgapUpgradePreviousStable | |
| - TestSingleNodeAirgapDisasterRecovery | |
| - TestMultiNodeAirgapHADisasterRecovery | |
| include: | |
| - test: TestVersion | |
| is-lxd: true | |
| - test: TestCommandsRequireSudo | |
| is-lxd: true | |
| - test: TestProxiedEnvironment | |
| is-lxd: true | |
| - test: TestInstallWithMITMProxy | |
| is-lxd: true | |
| - test: TestSingleNodeNetworkReport | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Download current binary | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: current-release | |
| path: output/bin | |
| - uses: ./.github/actions/e2e | |
| with: | |
| test-name: "${{ matrix.test }}" | |
| is-lxd: "${{ matrix.is-lxd || false }}" | |
| dr-aws-access-key-id: ${{ secrets.TESTIM_AWS_ACCESS_KEY_ID }} | |
| dr-aws-secret-access-key: ${{ secrets.TESTIM_AWS_SECRET_ACCESS_KEY }} | |
| k0s-version: ${{ needs.build-install.outputs.k0s_version }} | |
| k0s-version-previous-1: ${{ needs.build-install.outputs.k0s_version_1 }} | |
| k0s-version-previous-2: ${{ needs.build-install.outputs.k0s_version_2 }} | |
| k0s-version-previous-3: ${{ needs.build-install.outputs.k0s_version_3 }} | |
| k0s-version-previous-stable: ${{ needs.find-previous-stable.outputs.k0s_version }} | |
| version-specifier: ${{ needs.export-version-specifier.outputs.version_specifier }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| cmx-api-token: ${{ secrets.CMX_REPLICATED_API_TOKEN }} | |
| e2e-main: | |
| name: E2E (on merge) | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - build-install | |
| - build-upgrade | |
| - find-previous-stable | |
| - release-app | |
| - export-version-specifier | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test: | |
| - TestFiveNodesAirgapUpgrade | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| - name: Download current binary | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: current-release | |
| path: output/bin | |
| - uses: ./.github/actions/e2e | |
| with: | |
| test-name: "${{ matrix.test }}" | |
| dr-aws-access-key-id: ${{ secrets.TESTIM_AWS_ACCESS_KEY_ID }} | |
| dr-aws-secret-access-key: ${{ secrets.TESTIM_AWS_SECRET_ACCESS_KEY }} | |
| k0s-version: ${{ needs.build-install.outputs.k0s_version }} | |
| k0s-version-previous-1: ${{ needs.build-install.outputs.k0s_version_1 }} | |
| k0s-version-previous-stable: ${{ needs.find-previous-stable.outputs.k0s_version }} | |
| version-specifier: ${{ needs.export-version-specifier.outputs.version_specifier }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| cmx-api-token: ${{ secrets.CMX_REPLICATED_API_TOKEN }} | |
| # this job will validate that all the tests passed | |
| # it is used for the github branch protection rule | |
| validate-success: | |
| name: Validate success # this name is used by .github/workflows/automated-prs-manager.yaml | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-install | |
| - build-upgrade | |
| - e2e | |
| - e2e-main | |
| - e2e-docker | |
| - sanitize | |
| - unit-tests | |
| - int-tests | |
| - dryrun-tests | |
| - check-images | |
| - check-operator-crds | |
| if: ${{ !cancelled() }} | |
| steps: | |
| # https://docs.github.com/en/actions/learn-github-actions/contexts#needs-context | |
| - name: fail if e2e job was not successful | |
| if: needs.e2e.result != 'success' && needs.e2e.result != 'skipped' | |
| run: exit 1 | |
| - name: fail if e2e-main job was not successful | |
| if: needs.e2e-main.result != 'success' && needs.e2e-main.result != 'skipped' | |
| run: exit 1 | |
| - name: fail if e2e-docker job was not successful | |
| if: needs.e2e-docker.result != 'success' && needs.e2e-docker.result != 'skipped' | |
| run: exit 1 | |
| - name: fail if build-install job was not successful | |
| if: needs.build-install.result != 'success' && needs.build-install.result != 'skipped' | |
| run: exit 1 | |
| - name: fail if build-upgrade job was not successful | |
| if: needs.build-upgrade.result != 'success' && needs.build-upgrade.result != 'skipped' | |
| run: exit 1 | |
| - name: fail if sanitize job was not successful | |
| if: needs.sanitize.result != 'success' | |
| run: exit 1 | |
| - name: fail if unit-tests job was not successful | |
| if: needs.unit-tests.result != 'success' | |
| run: exit 1 | |
| - name: fail if int-tests job was not successful | |
| if: needs.int-tests.result != 'success' | |
| run: exit 1 | |
| - name: fail if dryrun-tests job was not successful | |
| if: needs.dryrun-tests.result != 'success' | |
| run: exit 1 | |
| - name: fail if check-images job was not successful | |
| if: needs.check-images.result != 'success' && needs.check-images.result != 'skipped' | |
| run: exit 1 | |
| - name: fail if check-operator-crds job was not successful | |
| if: needs.check-operator-crds.result != 'success' | |
| run: exit 1 | |
| - name: succeed if everything else passed | |
| run: echo "Validation succeeded" |