[Snyk] Security upgrade ubuntu from 16.04 to xenial-20210114 #2521
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ConformanceKind1.19 | |
| # Any change in triggers needs to be reflected in the concurrency group. | |
| on: | |
| pull_request: | |
| paths-ignore: | |
| - 'Documentation/**' | |
| - 'test/**' | |
| push: | |
| branches: | |
| - master | |
| - ft/master/** | |
| paths-ignore: | |
| - 'Documentation/**' | |
| - 'test/**' | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }} | |
| cancel-in-progress: true | |
| env: | |
| kind_version: v0.11.1 | |
| kind_config: .github/kind-config.yaml | |
| cilium_cli_version: v0.10.4 | |
| jobs: | |
| installation-and-connectivity: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Set up job variables | |
| id: vars | |
| run: | | |
| if [ ${{ github.event.pull_request }} ]; then | |
| SHA=${{ github.event.pull_request.head.sha }} | |
| else | |
| SHA=${{ github.sha }} | |
| fi | |
| CILIUM_INSTALL_DEFAULTS="--agent-image=quay.io/${{ github.repository_owner }}/cilium-ci \ | |
| --operator-image=quay.io/${{ github.repository_owner }}/operator-generic-ci \ | |
| --version=${SHA} \ | |
| --wait=false \ | |
| --rollback=false \ | |
| --config monitor-aggregation=none" | |
| HUBBLE_ENABLE_DEFAULTS="--relay-image=quay.io/${{ github.repository_owner }}/hubble-relay-ci \ | |
| --relay-version=${SHA}" | |
| echo ::set-output name=cilium_install_defaults::${CILIUM_INSTALL_DEFAULTS} | |
| echo ::set-output name=hubble_enable_defaults::${HUBBLE_ENABLE_DEFAULTS} | |
| echo ::set-output name=sha::${SHA} | |
| - name: Install Cilium CLI | |
| run: | | |
| curl -sSL --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${{ env.cilium_cli_version }}/cilium-linux-amd64.tar.gz{,.sha256sum} | |
| sha256sum --check cilium-linux-amd64.tar.gz.sha256sum | |
| sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin | |
| rm cilium-linux-amd64.tar.gz{,.sha256sum} | |
| cilium version | |
| - name: Checkout kind config | |
| uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
| with: | |
| persist-credentials: false | |
| - name: Create kind cluster | |
| uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478 | |
| with: | |
| version: ${{ env.kind_version }} | |
| config: ${{ env.kind_config }} | |
| - name: Wait for images to be available | |
| timeout-minutes: 30 | |
| shell: bash | |
| run: | | |
| for image in cilium-ci operator-generic-ci hubble-relay-ci ; do | |
| until curl --silent -f -lSL "https://quay.io/api/v1/repository/${{ github.repository_owner }}/$image/tag/${{ steps.vars.outputs.sha }}/images" &> /dev/null; do sleep 45s; done | |
| done | |
| - name: Install Cilium | |
| run: | | |
| cilium install ${{ steps.vars.outputs.cilium_install_defaults }} | |
| - name: Enable Relay | |
| run: | | |
| cilium hubble enable ${{ steps.vars.outputs.hubble_enable_defaults }} | |
| - name: Port forward Relay | |
| run: | | |
| cilium hubble port-forward& | |
| sleep 10s | |
| [[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]] | |
| - name: Run connectivity test | |
| run: | | |
| cilium connectivity test --flow-validation=disabled | |
| - name: Clean up Cilium | |
| run: | | |
| cilium uninstall --wait | |
| pkill -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | |
| - name: Install Cilium with encryption | |
| run: | | |
| cilium install ${{ steps.vars.outputs.cilium_install_defaults }} \ | |
| --encryption=ipsec | |
| - name: Enable Relay | |
| run: | | |
| cilium hubble enable ${{ steps.vars.outputs.hubble_enable_defaults }} | |
| - name: Port forward Relay | |
| run: | | |
| cilium hubble port-forward& | |
| sleep 10s | |
| [[ $(pgrep -f "cilium.*hubble.*port-forward|kubectl.*port-forward.*hubble-relay" | wc -l) == 2 ]] | |
| - name: Run connectivity test | |
| run: | | |
| cilium connectivity test --force-deploy --flow-validation=disabled | |
| - name: Post-test information gathering | |
| if: ${{ !success() }} | |
| run: | | |
| kubectl get pods --all-namespaces -o wide | |
| cilium status | |
| cilium sysdump --output-filename cilium-sysdump-out | |
| shell: bash {0} # Disable default fail-fast behaviour so that all commands run independently | |
| - name: Upload artifacts | |
| if: ${{ !success() }} | |
| uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 | |
| with: | |
| name: cilium-sysdump-out.zip | |
| path: cilium-sysdump-out.zip | |
| retention-days: 5 | |
| - name: Send slack notification | |
| if: ${{ !success() && (github.event_name == 'schedule' || github.event_name == 'push') }} | |
| uses: 8398a7/action-slack@a74b761b4089b5d730d813fbedcd2ec5d394f3af | |
| with: | |
| status: ${{ job.status }} | |
| fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message) | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |