Add rancher config #3643
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2025 Intel Corporation | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Virtual Integration | |
| on: | |
| # Allow manually triggering the workflow | |
| workflow_dispatch: {} | |
| # Run on all commits that are pushed to all branches | |
| push: | |
| branches: | |
| - main | |
| - main-pass-validation | |
| # Trigger workflow on PRs to all branches | |
| pull_request: | |
| branches: | |
| - "*" | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| # Trigger workflow when enqueued to a merge group | |
| merge_group: | |
| # Only run at most 1 workflow concurrently per PR, unlimited for branches | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| permissions: {} | |
| jobs: | |
| pre-merge: | |
| if: github.event_name == 'pull_request' | |
| permissions: | |
| contents: read | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@e6058fe60cbb803e7d7935571ccd50753bc31ec8 # 0.1.28 | |
| with: | |
| run_version_check: false | |
| run_build: false | |
| run_lint: false | |
| run_test: false | |
| bootstrap_tools: "" | |
| trivy_config_path: trivy.yaml | |
| check-changed-files: | |
| permissions: | |
| contents: read | |
| name: Filter list of changed files | |
| runs-on: ubuntu-latest | |
| outputs: | |
| ci: ${{ contains(steps.check-files.outputs.changed_files, '.github/workflows') || contains(steps.check-files.outputs.changed_files, '.github/actions') }} | |
| go: ${{ contains(steps.check-files.outputs.changed_files, '.go') || contains(steps.check-files.outputs.changed_files, '.mod') || contains(steps.check-files.outputs.changed_files, '.sum') }} | |
| markdown: ${{ contains(steps.check-files.outputs.changed_files, '.md') || contains(steps.check-files.outputs.changed_files, '.markdown') || contains(steps.check-files.outputs.changed_files, '.mdx') }} | |
| orch: ${{ contains(steps.check-files.outputs.changed_files, 'argocd') || contains(steps.check-files.outputs.changed_files, 'bootstrap') || contains(steps.check-files.outputs.changed_files, 'installer') || contains(steps.check-files.outputs.changed_files, 'internal') || contains(steps.check-files.outputs.changed_files, 'mage') || contains(steps.check-files.outputs.changed_files, 'node') || contains(steps.check-files.outputs.changed_files, 'router') || contains(steps.check-files.outputs.changed_files, 'tools') || contains(steps.check-files.outputs.changed_files, 'e2e-tests') || contains(steps.check-files.outputs.changed_files, 'VERSION') }} | |
| on-prem: ${{ contains(steps.check-files.outputs.changed_files, 'on-prem-installers') || contains(steps.check-files.outputs.changed_files, 'terraform') }} | |
| onboarding: ${{ contains(steps.check-files.outputs.changed_files, 'argocd/applications/templates/infra-') || contains(steps.check-files.outputs.changed_files, 'argocd/applications/values.yaml') }} | |
| shell: ${{ contains(steps.check-files.outputs.changed_files, '.sh') || contains(steps.check-files.outputs.changed_files, '.bash') }} | |
| terraform: ${{ contains(steps.check-files.outputs.changed_files, '.hcl') || contains(steps.check-files.outputs.changed_files, '.tf') || contains(steps.check-files.outputs.changed_files, '.tfvars') }} | |
| yaml: ${{ contains(steps.check-files.outputs.changed_files, '.yaml') || contains(steps.check-files.outputs.changed_files, '.yml') }} | |
| helm: ${{ contains(steps.check-files.outputs.changed_files, 'argocd/') || contains(steps.check-files.outputs.changed_files, 'argocd-internal/') }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Discover Changed Files | |
| id: check-files | |
| uses: open-edge-platform/orch-ci/discover-changed-files@main # zizmor: ignore[unpinned-uses] | |
| with: | |
| project_folder: "." | |
| scan-viruses: | |
| permissions: | |
| contents: read | |
| name: Scan for viruses | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| env: | |
| OUTPUT_FILE: antivirus-report.txt | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: ClamAV | |
| run: | | |
| docker run --rm \ | |
| --mount type=bind,source=./,target=/scandir \ | |
| clamav/clamav:stable \ | |
| clamscan --recursive --log=/scandir/${{ env.OUTPUT_FILE }} \ | |
| /scandir | |
| if [ $? -ne 0 ]; then | |
| sudo chown $USER:$USER ${{ env.OUTPUT_FILE }} | |
| exit 1 | |
| fi | |
| sudo chown $USER:$USER ${{ env.OUTPUT_FILE }} | |
| - name: Upload evidence | |
| if: always() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: antivirus-report | |
| path: ${{ env.OUTPUT_FILE }} | |
| lint-markdown: | |
| permissions: | |
| contents: read | |
| name: Lint Markdown | |
| needs: | |
| - check-changed-files | |
| if: needs.check-changed-files.outputs.markdown == 'true' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Set up git credentials | |
| shell: bash | |
| run: | | |
| echo "GOPRIVATE=github.com/open-edge-platform" >> $GITHUB_ENV | |
| git config --global url."https://${{ secrets.SYS_ORCH_GITHUB }}:[email protected]/".insteadOf "https://github.com/" | |
| - name: Setup asdf and install dependencies | |
| uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] | |
| - name: Run lint | |
| run: mage -v lint:markdown | |
| lint-shell: | |
| permissions: | |
| contents: read | |
| name: Lint shell scripts | |
| needs: | |
| - check-changed-files | |
| if: needs.check-changed-files.outputs.shell == 'true' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup asdf and install dependencies | |
| uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] | |
| - name: Run lint | |
| working-directory: on-prem-installers | |
| run: shellcheck ***/*.sh | |
| lint-terraform: | |
| permissions: | |
| contents: read | |
| name: Lint Terraform | |
| needs: | |
| - check-changed-files | |
| if: needs.check-changed-files.outputs.terraform == 'true' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup asdf and install dependencies | |
| uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] | |
| - name: Run lint | |
| run: mage lint:terraform | |
| lint-yaml: | |
| permissions: | |
| contents: read | |
| name: Lint YAML | |
| needs: | |
| - check-changed-files | |
| if: needs.check-changed-files.outputs.yaml == 'true' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup asdf and install dependencies | |
| uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] | |
| - name: Run lint | |
| run: mage lint:yaml | |
| lint-helm: | |
| permissions: | |
| contents: read | |
| name: Lint Helm | |
| needs: | |
| - check-changed-files | |
| if: needs.check-changed-files.outputs.helm == 'true' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup asdf and install dependencies | |
| uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] | |
| - name: Run lint | |
| run: mage lint:helm | |
| lint-go: | |
| permissions: | |
| contents: read | |
| name: Lint Go | |
| needs: | |
| - check-changed-files | |
| if: needs.check-changed-files.outputs.go == 'true' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set up git credentials | |
| shell: bash | |
| run: | | |
| echo "GOPRIVATE=github.com/open-edge-platform" >> $GITHUB_ENV | |
| git config --global url."https://${{ secrets.SYS_ORCH_GITHUB }}:[email protected]/".insteadOf "https://github.com/" | |
| - name: Setup asdf and install dependencies | |
| uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] | |
| - name: Run lint | |
| run: mage lint:golang | |
| lint-version: | |
| permissions: | |
| contents: read | |
| name: Lint version | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| # Fetch all history for all tags and branches | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Prepare ci tools | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| repository: open-edge-platform/orch-ci | |
| path: orch-ci | |
| persist-credentials: false | |
| - name: Set up git credentials | |
| shell: bash | |
| run: | | |
| echo "GOPRIVATE=github.com/open-edge-platform" >> $GITHUB_ENV | |
| git config --global url."https://${{ secrets.SYS_ORCH_GITHUB }}:[email protected]/".insteadOf "https://github.com/" | |
| - name: Setup asdf and install dependencies | |
| uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] | |
| - name: Run lint | |
| run: | | |
| orch-ci/scripts/version-check.sh | |
| mage version:checkVersion | |
| build-publish: | |
| permissions: | |
| contents: read | |
| name: Build and publish artifacts | |
| needs: | |
| - lint-go | |
| - lint-markdown | |
| - lint-shell | |
| - lint-terraform | |
| - lint-helm | |
| - lint-yaml | |
| - lint-version | |
| - scan-viruses | |
| - check-changed-files | |
| if: | | |
| always() && | |
| needs.lint-version.result == 'success' && ( | |
| needs.check-changed-files.outputs.orch == 'true' || | |
| needs.check-changed-files.outputs.on-prem == 'true' || | |
| needs.check-changed-files.outputs.ci == 'true' || | |
| github.ref == 'refs/heads/main' || | |
| github.ref == 'refs/heads/main-pass-validation' | |
| ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| outputs: | |
| deb-version: ${{ steps.set-version.outputs.DEB_VERSION }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Set up git credentials | |
| shell: bash | |
| run: | | |
| echo "GOPRIVATE=github.com/open-edge-platform" >> $GITHUB_ENV | |
| git config --global url."https://${{ secrets.SYS_ORCH_GITHUB }}:[email protected]/".insteadOf "https://github.com/" | |
| - name: Setup asdf and install dependencies | |
| uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] | |
| - name: Get version tag | |
| id: get_version_tag | |
| run: | | |
| output=$(mage version:getVersionTag) | |
| echo "versionTag=$output" >> $GITHUB_ENV | |
| - name: Build DEB packages | |
| working-directory: on-prem-installers | |
| run: mage build:all | |
| - name: Set DEB_VERSION | |
| id: set-version | |
| working-directory: on-prem-installers | |
| run: | | |
| mage build:debVersion | |
| echo "DEB_VERSION=$(mage build:debVersion)" >> "$GITHUB_OUTPUT" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.0.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: Login to ECR | |
| run: aws ecr get-login-password --region us-west-2 | oras login -u AWS --password-stdin 080137407410.dkr.ecr.us-west-2.amazonaws.com | |
| - name: Publish on-prem installer artifacts | |
| env: | |
| BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
| working-directory: on-prem-installers | |
| run: mage publish:all | |
| - name: Publish Orchestrator source code artifacts | |
| env: | |
| BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
| run: mage publish:sourceTarballs | |
| - name: Login to ECR | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: 080137407410.dkr.ecr.us-west-2.amazonaws.com | |
| - name: Build Cloud Installer and release bundle artifacts | |
| run: | | |
| mage installer:build | |
| mage installer:bundle | |
| - name: Scan Cloud Installer Image | |
| uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0 | |
| with: | |
| image-ref: 080137407410.dkr.ecr.us-west-2.amazonaws.com/edge-orch/common/orchestrator-installer-cloudfull:${{ env.versionTag }} | |
| format: table | |
| output: "trivy-orchestrator-installer-cloudfull.txt" | |
| ignore-unfixed: true | |
| - name: Calculate MD5 Checksum | |
| id: checksum | |
| run: | | |
| md5sum_value=$(md5sum "trivy-orchestrator-installer-cloudfull.txt" | cut -d " " -f 1) | |
| echo "md5sum is $md5sum_value" | |
| echo "md5sum_value=$md5sum_value" >> "$GITHUB_ENV" | |
| - name: Upload Trivy Image Scan Report | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: trivy-scan-report-orchestrator-installer-cloudfull-${{ env.md5sum_value }} | |
| path: trivy-orchestrator-installer-cloudfull.txt | |
| - name: Publish Cloud Installer artifact | |
| if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' ) | |
| run: mage publish:cloudInstaller | |
| - name: Build release manifest artifact | |
| if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' ) | |
| run: | | |
| mkdir -p release-manifest | |
| mage -v gen:releaseManifest release-manifest/chart-manifest.yaml | |
| mage -v gen:releaseImageManifest release-manifest/image-manifest.yaml | |
| - name: Publish release manifest artifact | |
| if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' ) | |
| run: | | |
| mage publish:releaseManifest | |
| deploy-kind: | |
| permissions: | |
| contents: read | |
| name: Deploy Kind Orchestrator and run tests | |
| needs: | |
| - lint-go | |
| - lint-markdown | |
| - lint-shell | |
| - lint-terraform | |
| - lint-version | |
| - lint-helm | |
| - lint-yaml | |
| - check-changed-files | |
| if: | | |
| always() && | |
| needs.lint-version.result == 'success' && ( | |
| needs.check-changed-files.outputs.orch == 'true' || | |
| needs.check-changed-files.outputs.ci == 'true' || | |
| github.ref == 'refs/heads/main' || | |
| github.ref == 'refs/heads/main-pass-validation' | |
| ) | |
| runs-on: ubuntu-24.04-16core-64GB | |
| timeout-minutes: 90 | |
| env: | |
| ORCH_DEFAULT_PASSWORD: ${{ secrets.ORCH_DEFAULT_PASSWORD }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Deploy Kind Orchestrator | |
| id: deploy-kind-orchestrator | |
| uses: ./.github/actions/deploy_kind | |
| timeout-minutes: 30 | |
| with: | |
| orch_version: ${{ github.event.pull_request.head.sha || github.sha }} | |
| orch_password: ${{ secrets.ORCH_DEFAULT_PASSWORD }} | |
| docker_username: ${{ secrets.SYS_DOCKERHUB_USERNAME }} | |
| docker_password: ${{ secrets.SYS_DOCKERHUB_RO }} | |
| token: ${{ secrets.SYS_ORCH_GITHUB }} | |
| deployment_type: all | |
| - name: Run policy compliance tests | |
| run: mage test:policyCompliance | |
| - name: Run image pull policy compliance tests | |
| run: mage test:imagePullPolicyCompliance | |
| - name: Setup Sample Org and Project with default users | |
| id: default-mt-setup | |
| run: mage tenantUtils:createDefaultMtSetup | |
| - name: Deploy Victoria Metrics instance | |
| env: | |
| ORCH_DEFAULT_PASSWORD: ${{ secrets.ORCH_DEFAULT_PASSWORD }} | |
| run: mage deploy:victoriaMetrics apply | |
| - name: Run e2e tenancy tests | |
| run: mage test:e2etenancy | |
| - name: Run e2e tenancy API gateway tests | |
| run: mage test:e2etenancyapigw | |
| - name: Create default user and run e2e tests | |
| run: mage devUtils:createDefaultUser test:e2e | |
| - name: "Test Observability SRE Exporter w/o ENiC" | |
| env: | |
| ORCH_DEFAULT_PASSWORD: ${{ secrets.ORCH_DEFAULT_PASSWORD }} | |
| run: | | |
| mage test:e2eSreObservabilityNoEnic | |
| - name: Deploy ENiC | |
| if: ${{ always() && steps.deploy-kind-orchestrator.conclusion == 'success' && steps.default-mt-setup.conclusion == 'success' }} | |
| shell: bash | |
| timeout-minutes: 5 | |
| env: | |
| ORCH_ORG: sample-org | |
| ORCH_PROJECT: sample-project | |
| ORCH_USER: sample-project-onboarding-user | |
| ORCH_USER_API: sample-project-api-user | |
| EDGE_MANAGEABILITY_FRAMEWORK_REV: ${{ env.GIT_HASH }} | |
| run: | | |
| mage devUtils:deployEnic 1 dev | |
| # wait until SN and UUID are available | |
| mage devUtils:getEnicSerialNumber | |
| mage devUtils:getEnicUUID | |
| # then get then and store them in the env | |
| UUID=$(kubectl exec -it -n enic enic-0 -c edge-node -- bash -c "dmidecode -s system-uuid") | |
| SN=$(kubectl exec -it -n enic enic-0 -c edge-node -- bash -c "dmidecode -s system-serial-number") | |
| echo "EN_UUID=$UUID" >> "$GITHUB_ENV" | |
| echo "EN_SN=$SN" >> "$GITHUB_ENV" | |
| - name: Print current EN UUID and SN | |
| if: ${{ always() && steps.deploy-kind-orchestrator.conclusion == 'success' && steps.default-mt-setup.conclusion == 'success' }} | |
| run: echo "Current ENiC has UUID ${{ env.EN_UUID }} and SN ${{ env.EN_SN }}" | |
| - name: UI E2E Tests | |
| if: ${{ always() && steps.deploy-kind-orchestrator.conclusion == 'success' && steps.default-mt-setup.conclusion == 'success' }} | |
| uses: ./.github/actions/cypress | |
| with: | |
| token: ${{ secrets.SYS_ORCH_GITHUB }} | |
| en_serial_number: ${{ env.EN_SN }} | |
| en_uuid: ${{ env.EN_UUID }} | |
| infra: "cypress/e2e/infra/locations.cy.ts,cypress/e2e/infra/provision-hosts.cy.ts,cypress/e2e/infra/verify-host.cy.ts" | |
| - name: "Test Observability Public Endpoints" | |
| env: | |
| ORCH_DEFAULT_PASSWORD: ${{ secrets.ORCH_DEFAULT_PASSWORD }} | |
| run: | | |
| mage test:e2eObservability | |
| - name: "Test Observability Orchestrator Stack" | |
| env: | |
| ORCH_DEFAULT_PASSWORD: ${{ secrets.ORCH_DEFAULT_PASSWORD }} | |
| run: | | |
| mage test:e2eOrchObservability | |
| - name: "Test Observability EdgeNode Stack" | |
| env: | |
| ORCH_DEFAULT_PASSWORD: ${{ secrets.ORCH_DEFAULT_PASSWORD }} | |
| run: | | |
| mage test:e2eENObservability | |
| - name: "Test Observability Alerts" | |
| env: | |
| ORCH_DEFAULT_PASSWORD: ${{ secrets.ORCH_DEFAULT_PASSWORD }} | |
| run: | | |
| mage test:e2eAlertsObservability | |
| - name: "Test Observability SRE Exporter" | |
| env: | |
| ORCH_DEFAULT_PASSWORD: ${{ secrets.ORCH_DEFAULT_PASSWORD }} | |
| run: | | |
| mage test:e2eSreObservability | |
| - name: Wait for cluster agent to be ready | |
| if: ${{ always() && steps.deploy-kind-orchestrator.conclusion == 'success' }} | |
| run: | | |
| mkdir -p smoke-test/logs | |
| kubectl exec -n enic enic-0 -c edge-node -- bash -c "journalctl -x" > smoke-test/logs/enic-journalctl-pre.log | |
| kubectl exec -n enic enic-0 -c edge-node -- bash -c "journalctl -xeu cluster-agent" > smoke-test/logs/enic-cluster-agent-pre.log | |
| timeout 5m kubectl exec -n enic enic-0 -c edge-node -- bash -c "journalctl -f" | grep -m 1 "Cluster Agent state update" | |
| - name: Run AO / CO smoke test | |
| if: ${{ always() && steps.deploy-kind-orchestrator.conclusion == 'success' && steps.default-mt-setup.conclusion == 'success' }} | |
| env: | |
| PROJECT: sample-project | |
| NODE_UUID: ${{ env.EN_UUID }} | |
| EDGE_MGR_USER: sample-project-edge-mgr | |
| EDGE_INFRA_USER: sample-project-api-user | |
| run: | | |
| echo "Running AO / CO smoke test..." | |
| mage test:clusterOrchSmokeTest | |
| - name: Collect smoke test logs | |
| if: always() | |
| run: | | |
| mkdir -p smoke-test/logs | |
| kubectl logs -n orch-app -l app=app-deployment-api -c app-deployment-api --tail=-1 > smoke-test/logs/app-deployment-api.log | |
| kubectl logs -n orch-app -l app=app-deployment-manager --tail=-1 > smoke-test/logs/app-deployment-manager.log | |
| kubectl logs -n orch-app -l app=app-resource-manager -c app-resource-manager --tail=-1 > smoke-test/logs/app-resource-manager.log | |
| kubectl logs -n orch-app -l app.kubernetes.io/name=app-orch-catalog --tail=-1 > smoke-test/logs/application-catalog.log | |
| kubectl exec -n enic enic-0 -c edge-node -- bash -c "journalctl -xeu cluster-agent" > smoke-test/logs/enic-cluster-agent-post.log | |
| - name: Upload smoke test logs | |
| if: always() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: smoke-test | |
| path: | | |
| smoke-test/logs/* | |
| deploy-on-prem: | |
| permissions: | |
| contents: read | |
| name: Deploy On-Prem Orchestrator | |
| needs: | |
| - lint-go | |
| - lint-markdown | |
| - lint-shell | |
| - lint-terraform | |
| - lint-version | |
| - lint-helm | |
| - lint-yaml | |
| - build-publish | |
| - check-changed-files | |
| if: | | |
| always() && | |
| needs.build-publish.result == 'success' && ( | |
| needs.check-changed-files.outputs.orch == 'true' || | |
| needs.check-changed-files.outputs.on-prem == 'true' || | |
| needs.check-changed-files.outputs.ci == 'true' || | |
| github.ref == 'refs/heads/main' || | |
| github.ref == 'refs/heads/main-pass-validation' | |
| ) | |
| runs-on: ubuntu-22.04-16core-64GB | |
| timeout-minutes: 120 | |
| env: | |
| KUBECONFIG: ${{ github.workspace }}/terraform/orchestrator/files/kubeconfig | |
| steps: | |
| - name: Checkout Orchestrator repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Deploy On-Prem Orchestrator | |
| id: deploy-on-prem | |
| uses: ./.github/actions/deploy_on_prem | |
| with: | |
| orch_version: ${{ github.event.pull_request.head.sha }} | |
| docker_username: ${{ secrets.SYS_DOCKERHUB_USERNAME }} | |
| docker_password: ${{ secrets.SYS_DOCKERHUB_RO }} | |
| - name: Run E2E tests | |
| env: | |
| E2E_SVC_DOMAIN: cluster.onprem | |
| EDGE_CLUSTER_NAME: test-cluster | |
| run: mage -v test:e2eOnPrem | |
| - name: Create MT Sample Org and Project with default users | |
| run: mage tenantUtils:createDefaultMtSetup | |
| - name: Test Edge Node onboarding | |
| timeout-minutes: 20 | |
| if: | | |
| needs.check-changed-files.outputs.onboarding == 'true' || | |
| needs.check-changed-files.outputs.on-prem == 'true' || | |
| needs.check-changed-files.outputs.orch == 'true' || | |
| needs.check-changed-files.outputs.ci == 'true' | |
| run: mage test:onboarding | |
| tag-repo: | |
| permissions: | |
| contents: read | |
| name: Tag repo | |
| needs: | |
| - lint-version | |
| - build-publish | |
| - deploy-kind | |
| - deploy-on-prem | |
| if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| # Fetch all history for all tags and branches | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Prepare ci tools | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| repository: open-edge-platform/orch-ci | |
| token: ${{ secrets.SYS_ORCH_GITHUB }} | |
| path: orch-ci | |
| persist-credentials: false | |
| - name: Tag repo | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.SYS_ORCH_GITHUB }} | |
| run: orch-ci/scripts/version-tag.sh | |
| post-merge: | |
| permissions: | |
| contents: read | |
| security-events: write | |
| id-token: write | |
| if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' ) | |
| uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@e6058fe60cbb803e7d7935571ccd50753bc31ec8 # 0.1.28 | |
| with: | |
| run_build: false | |
| run_version_tag: false | |
| secrets: | |
| SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| MSTEAMS_WEBHOOK: ${{ secrets.TEAMS_WEBHOOK }} |