Bump component versions #5291

Workflow file for this run

.github/workflows/build-snap.yml at 2ed3601

	name: Build and test MicroK8s snap

	on:
	pull_request:
	branches:
	- master

	jobs:
	build:
	name: Create snap package
	runs-on: ubuntu-22.04

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install lxd
	run: \|
	sudo lxd init --auto
	sudo usermod --append --groups lxd $USER
	sg lxd -c 'lxc version'
	# Docker sets iptables rules that interfere with LXD.
	# https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
	- name: Apply Docker iptables workaround
	shell: bash
	run: \|
	set -x
	ip a
	ip r

	bridges=('lxdbr0' 'dualstack-br0' 'ipv6-br0')
	for i in ${bridges[@]}; do
	set +e
	sudo iptables -I DOCKER-USER -i $i -j ACCEPT
	sudo ip6tables -I DOCKER-USER -i $i -j ACCEPT
	sudo iptables -I DOCKER-USER -o $i -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	sudo ip6tables -I DOCKER-USER -o $i -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	set -e
	done
	- name: Install snapcraft
	run: \|
	sudo snap install snapcraft --classic
	- name: Install snapd from candidate
	run: \|
	# TODO(neoaggelos): revert this after latest/beta is working again
	sudo snap refresh snapd --channel=latest/stable
	- name: Build snap
	run: \|
	sg lxd -c 'snapcraft --use-lxd'
	sudo mv microk8s*.snap microk8s.snap
	- name: Uploading snap
	uses: actions/upload-artifact@v4
	with:
	name: microk8s.snap
	path: microk8s.snap

	test-upgrade:
	name: Upgrade path test
	runs-on: ubuntu-22.04
	needs: build
	timeout-minutes: 30

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest sh psutil
	sudo apt-get -y install open-iscsi
	sudo systemctl enable iscsid
	- name: Fetch snap
	uses: actions/download-artifact@v4
	with:
	name: microk8s.snap
	path: build
	- name: Running upgrade path test
	run: \|
	sudo -E UPGRADE_MICROK8S_FROM=latest/edge \
	UPGRADE_MICROK8S_TO=$PWD/build/microk8s.snap \
	pytest --log-cli-level debug -s ./tests/test-upgrade-path.py

	test-addons-core:
	name: Test core addons
	runs-on: ubuntu-22.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest==8.3.4 sh psutil
	sudo apt-get -y install open-iscsi
	sudo systemctl enable iscsid
	- name: Fetch snap
	uses: actions/download-artifact@v4
	with:
	name: microk8s.snap
	path: build
	- name: Running addons tests
	env:
	UNDER_TIME_PRESSURE: ${{ !contains(github.event.pull_request.labels.*.name, 'run-all-tests') }}
	run: \|
	set -x
	sudo snap install build/microk8s.snap --classic --dangerous
	./tests/smoke-test.sh
	export SKIP_PROMETHEUS="False"
	sudo -E bash -c "cd /var/snap/microk8s/common/addons/core/tests; pytest -s -ra test-addons.py"

	test-addons-community:
	name: Test community addons
	runs-on: ubuntu-22.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest sh
	sudo apt-get -y install open-iscsi
	sudo systemctl enable iscsid
	- name: Fetch snap
	uses: actions/download-artifact@v4
	with:
	name: microk8s.snap
	path: build
	# - name: Setup tmate session
	# uses: mxschmitt/action-tmate@v3
	- name: Running addons tests
	env:
	UNDER_TIME_PRESSURE: ${{ !contains(github.event.pull_request.labels.*.name, 'run-all-tests') }}
	run: \|
	set -x
	sudo snap install build/microk8s.snap --classic --dangerous
	sudo microk8s enable community
	sudo -E bash -c "cd /var/snap/microk8s/common/addons/community/; pytest -s -ra ./tests/"

	test-addons-core-upgrade:
	name: Test core addons upgrade
	runs-on: ubuntu-22.04
	needs: build
	timeout-minutes: 30

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Setup tmate session
	uses: mxschmitt/action-tmate@v3
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest sh psutil
	sudo apt-get -y install open-iscsi
	sudo systemctl enable iscsid
	- name: Fetch snap
	uses: actions/download-artifact@v4
	with:
	name: microk8s.snap
	path: build
	- name: Running upgrade tests
	env:
	UNDER_TIME_PRESSURE: ${{ !contains(github.event.pull_request.labels.*.name, 'run-all-tests') }}
	run: \|
	set -x
	sudo -E bash -c "UPGRADE_MICROK8S_FROM=latest/edge UPGRADE_MICROK8S_TO=$PWD/build/microk8s.snap pytest --log-cli-level debug -s ./tests/test-upgrade.py"

	test-cluster-agent:
	name: Cluster agent health check
	runs-on: ubuntu-22.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest sh requests
	- name: Fetch snap
	uses: actions/download-artifact@v4
	with:
	name: microk8s.snap
	path: build
	- name: Running cluster agent health check
	run: \|
	set -x
	sudo snap install build/microk8s.snap --classic --dangerous
	sudo -E bash -c "pytest -s ./tests/test-cluster-agent.py"

	test-airgap:
	name: Test airgap installation
	runs-on: ubuntu-22.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Fetch snap
	uses: actions/download-artifact@v4
	with:
	name: microk8s.snap
	path: build
	- name: Initialize LXD
	run: \|
	sudo lxd init --auto
	sudo lxc network set lxdbr0 ipv6.address=none
	sudo usermod --append --groups lxd $USER
	sg lxd -c 'lxc version'
	# Docker sets iptables rules that interfere with LXD.
	# https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
	- name: Apply Docker iptables workaround
	shell: bash
	run: \|
	set -x
	ip a
	ip r

	bridges=('lxdbr0' 'dualstack-br0' 'ipv6-br0')
	for i in ${bridges[@]}; do
	set +e
	sudo iptables -I DOCKER-USER -i $i -j ACCEPT
	sudo ip6tables -I DOCKER-USER -i $i -j ACCEPT
	sudo iptables -I DOCKER-USER -o $i -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	sudo ip6tables -I DOCKER-USER -o $i -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	set -e
	done
	- name: Run airgap tests
	run: \|
	sudo -E bash -x -c "./tests/libs/airgap.sh --distro ubuntu:22.04 --channel $PWD/build/microk8s.snap"

	security-scan:
	name: Security scan
	runs-on: ubuntu-22.04
	needs: build
	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Fetch snap
	uses: actions/download-artifact@v4
	with:
	name: microk8s.snap
	path: build
	- name: Create sarifs directory
	run: \|
	mkdir -p sarifs
	- name: Install Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	- name: Run Trivy vulnerability scanner on codebase
	run: \|
	trivy fs . --format sarif --severity CRITICAL > sarifs/trivy-microk8s-repo-scan--results.sarif
	- name: Run Trivy vulnerability scanner on images
	run: \|
	for i in $(cat ./build-scripts/images.txt) ; do
	name=$(echo $i \| awk -F ':\|/' '{print $(NF-1)}')
	trivy image $i --format sarif > sarifs/$name.sarif
	done
	- name: Run Trivy vulnerability scanner on the snap
	run: \|
	cp build/microk8s.snap .
	unsquashfs microk8s.snap
	trivy rootfs ./squashfs-root/ --format sarif > sarifs/snap.sarif
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: "sarifs"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump component versions #5291

Workflow file

Bump component versions #5291

Jobs

Run details

Workflow file for this run