Skip to content
CI (Remote Clusters)

Website: Bump the docusaurus group in /docs/website with 4 updates #60

Sign in to view logs

Website: Bump the docusaurus group in /docs/website with 4 updates

Website: Bump the docusaurus group in /docs/website with 4 updates #60

Workflow file for this run

.github/workflows/ci-remote-clusters.yaml at 676a8fc
name: CI (Remote Clusters)
on:
# /!\ Warning: using the pull_request_target event to be able to read secrets. But using this event without the cautionary measures described below
# may allow unauthorized GitHub users to open a “pwn request” and exfiltrate secrets.
# As recommended in https://iterative.ai/blog/testing-external-contributions-using-github-actions-secrets,
# we are adding an 'authorize' job that checks if the workflow was triggered from a fork PR. In that case, the "external" environment
# will prevent the job from running until it's approved manually by human intervention.
pull_request_target:
branches: [ main ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.number }}
cancel-in-progress: true
env:
IBM_CLOUD_API_KEY: ${{ secrets.IBM_CLOUD_API_KEY }}
IBM_CLOUD_REGION: 'eu-de'
CLUSTER_NAME: "odo-tests-openshift-cluster-tmp-pr-${{ github.event.number }}"
PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
PR_NUMBER: ${{ github.event.number }}
jobs:
authorize:
# The 'external' environment is configured with the odo-maintainers team as required reviewers.
# All the subsequent jobs in this workflow 'need' this job, which will require manual approval for PRs coming from external forks.
# TODO(rm3l): list of authorized users that do not require manual review comes from the maintainers team and various robot accounts that handle automation in the repo => find a better way not to hardcode this list!
environment:
${{ (github.event.pull_request.head.repo.full_name == github.repository ||
contains(fromJSON('["odo-robot[bot]", "openshift-ci[bot]", "openshift-merge-robot", "openshift-ci-robot", "kadel", "rm3l"]'), github.actor)) &&
'internal' || 'external' }}
runs-on: ubuntu-latest
steps:
- run: echo ✓
build_odo:
runs-on: ubuntu-latest
needs: authorize
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Build odo
run: make bin
- run: |
chmod +x ./odo
./odo version
- name: 'Upload odo'
uses: actions/upload-artifact@v4
with:
name: odo_bin
path: odo
retention-days: 1
if-no-files-found: error
openshift_tests:
# TODO(rm3l): Test on Windows and test unauth as well?
runs-on: ubuntu-latest
needs: [authorize, build_odo]
env:
KUBERNETES: "false"
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Install IBM Cloud CLI
run: |
curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
ibmcloud --version
ibmcloud config --check-version=false
ibmcloud plugin install -f kubernetes-service
- name: Authenticate with IBM Cloud CLI
run: ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region --quiet
- name: Download odo from previous job
uses: actions/download-artifact@v4
with:
name: odo_bin
- name: Set odo in system path
run: |
chmod a+x ./odo
sudo mv ./odo /usr/local/bin/odo
- run: ibmcloud ks infra-permissions get --region "$IBM_CLOUD_REGION"
- name: Create OpenShift Cluster
run: |
ibmcloud oc cluster create classic --name "${CLUSTER_NAME}" \
--location wdc04 \
--version "4.13_openshift" \
--flavor b3c.4x16 \
--workers 1 \
--public-service-endpoint
- name: Generate Kubeconfig
run: |
ibmcloud ks cluster config --cluster "${CLUSTER_NAME}"
kubectl config current-context
- name: Cluster Integration Tests
run: make test-integration-cluster
- name: End-to-end Tests
run: test-e2e
- name: Teardown cluster
if: ${{ always() }}
run: |
ibmcloud oc cluster rm --cluster "${CLUSTER_NAME}" -f --force-delete-storage