...

Text file src/github.com/linkerd/linkerd2/.github/workflows/integration.yml

Documentation: github.com/linkerd/linkerd2/.github/workflows

     1name: Integration tests
     2
     3on: pull_request
     4
     5permissions:
     6  contents: read
     7
     8env:
     9  CARGO_INCREMENTAL: 0
    10  CARGO_NET_RETRY: 10
    11  DOCKER_REGISTRY: ghcr.io/linkerd
    12  GH_ANNOTATION: true
    13  K3D_VERSION: v5.4.4
    14  RUST_BACKTRACE: short
    15  RUSTUP_MAX_RETRIES: 10
    16  YQ_VERSION: v4.25.1
    17  LINKERD2_PROXY_REPO: ${{ vars.LINKERD2_PROXY_REPO || 'linkerd/linkerd2-proxy' }}
    18  LINKERD2_PROXY_RELEASE_PREFIX: ${{ vars.LINKERD2_PROXY_RELEASE_PREFIX || 'release/' }}
    19
    20concurrency:
    21  group: ${{ github.workflow }}-${{ github.head_ref }}
    22  cancel-in-progress: true
    23
    24jobs:
    25  meta:
    26    runs-on: ubuntu-22.04
    27    steps:
    28      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
    29      - id: tag
    30        run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT"
    31      - uses: tj-actions/changed-files@d6babd6899969df1a11d14c368283ea4436bca78
    32        id: core
    33        with:
    34          files: |
    35            .github/workflows/integration.yml
    36            .proxy-version
    37            go.sum
    38            **/*.go
    39            **/Dockerfile*
    40            charts/**
    41            justfile
    42            bin/fetch-proxy
    43            bin/_test-helper.sh
    44          files_ignore: |
    45            .devcontainer/**
    46            **/Chart.yaml
    47            **/README*
    48    outputs:
    49      tag: ${{ steps.tag.outputs.tag }}
    50      changed: ${{ steps.core.outputs.any_changed }}
    51
    52  info:
    53    needs: meta
    54    runs-on: ubuntu-22.04
    55    timeout-minutes: 2
    56    steps:
    57      - name: Info
    58        run: |
    59          echo "tag=${{ needs.meta.outputs.tag }}"
    60          echo "changed=${{ needs.meta.outputs.changed }}"
    61
    62  build-cli:
    63    needs: meta
    64    if: needs.meta.outputs.changed == 'true'
    65    runs-on: ubuntu-22.04
    66    timeout-minutes: 15
    67    steps:
    68      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
    69      - uses: ./.github/actions/docker-build
    70        id: build
    71        with:
    72          docker-registry: ${{ env.DOCKER_REGISTRY }}
    73          docker-target: linux-amd64
    74          component: cli-bin
    75          tag: ${{ needs.meta.outputs.tag }}
    76      - name: Extract CLI binary
    77        run: |
    78          mkdir -p /home/runner/archives
    79          id=$(docker create '${{ steps.build.outputs.image }}')
    80          docker cp "$id:/out/linkerd-linux-amd64" /home/runner/archives/linkerd
    81          v=$(/home/runner/archives/linkerd version --short --client)
    82          [[ "$v" == '${{ needs.meta.outputs.tag }}' ]] || exit 1
    83      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
    84        with:
    85          name: image-archives-cli
    86          path: /home/runner/archives
    87
    88  ##
    89  ## Core: Test the core control plane
    90  ##
    91  ## TODO(ver) CNI configurations should be tested separately.
    92  ##
    93
    94  build-core:
    95    needs: meta
    96    if: needs.meta.outputs.changed == 'true'
    97    runs-on: ubuntu-22.04
    98    strategy:
    99      matrix:
   100        component:
   101          - controller
   102          - policy-controller
   103          - proxy
   104    timeout-minutes: 20
   105    steps:
   106      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   107      - uses: ./.github/actions/docker-build
   108        id: build
   109        env:
   110          LINKERD2_PROXY_GITHUB_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }}
   111        with:
   112          docker-registry: ${{ env.DOCKER_REGISTRY }}
   113          docker-target: linux-amd64
   114          component: ${{ matrix.component }}
   115          tag: ${{ needs.meta.outputs.tag }}
   116      - name: Run docker save
   117        run: |
   118          mkdir -p /home/runner/archives
   119          docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar'
   120      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
   121        with:
   122          name: image-archives-${{ matrix.component }}
   123          path: /home/runner/archives
   124
   125  test-core:
   126    needs: [meta, build-cli, build-core]
   127    if: needs.meta.outputs.changed == 'true'
   128    strategy:
   129      matrix:
   130        test:
   131          - cni-calico-deep
   132          - deep
   133          - deep-native-sidecar
   134    runs-on: ubuntu-22.04
   135    timeout-minutes: 15
   136    steps:
   137      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   138      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
   139        with:
   140          go-version: "1.22"
   141      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
   142        with:
   143          pattern: image-archives-*
   144          path: image-archives
   145          merge-multiple: true
   146      - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
   147      - run: find image-archives -ls
   148      - run: bin/tests --images archive --cleanup-docker --name ${{ matrix.test }} "$HOME/linkerd"
   149        env:
   150          LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
   151          TAG: ${{ needs.meta.outputs.tag }}
   152
   153  ##
   154  ## Policy: Only run policy tests when the policy controller or proxy changes
   155  ##
   156
   157  test-policy:
   158    needs: [meta, build-cli, build-core]
   159    if: needs.meta.outputs.changed == 'true'
   160    runs-on: ubuntu-22.04
   161    timeout-minutes: 20
   162    strategy:
   163      matrix:
   164        k8s:
   165          - v1.22
   166          - v1.29
   167    steps:
   168      - uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6
   169        env:
   170          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   171      - uses: olix0r/cargo-action-fmt/setup@9269f3aa1ff01775d95efc97037e2cbdb41d9684
   172      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   173      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
   174        with:
   175          pattern: image-archives-*
   176          path: image-archives
   177          merge-multiple: true
   178      - run: find image-archives -ls
   179      - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
   180      - name: Setup deps
   181        shell: bash
   182        run: |
   183          rm -rf "$HOME/.cargo"
   184          bin/scurl -v https://sh.rustup.rs | sh -s -- -y --default-toolchain "$(./bin/rust-toolchain-version)"
   185          # shellcheck disable=SC1090
   186          source ~/.cargo/env
   187          echo "PATH=$PATH" >> "$GITHUB_ENV"
   188          bin/scurl -v "https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh" | bash
   189          bin/scurl -vo /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && chmod +x /usr/local/bin/yq
   190      - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84
   191      - run: cargo install cargo-nextest
   192      - run: just policy-test-build
   193      - run: just k3d-k8s='${{ matrix.k8s }}' k3d-create
   194      - run: docker load <image-archives/controller.tar
   195      - run: docker load <image-archives/policy-controller.tar
   196      - run: docker load <image-archives/proxy.tar
   197      - run: docker image ls
   198      - run: just linkerd-tag='${{ needs.meta.outputs.tag }}' linkerd-exec="$HOME/linkerd" linkerd-install
   199      - name: Load images
   200        run: |
   201          # Image loading is flakey in CI, so retry!
   202          for _ in {1..6} ; do
   203            if just linkerd-tag='${{ needs.meta.outputs.tag }}' policy-test-deps-load ; then exit 0 ; fi
   204            sleep 10
   205            echo retrying...
   206          done
   207          exit 1
   208      - run: just policy-test-run --jobs=1
   209        env:
   210          # https://nexte.st/book/retries.html
   211          NEXTEST_RETRIES: 3
   212
   213  ##
   214  ## Ext: Run tests that require non-core components.
   215  ##
   216
   217  build-ext:
   218    needs: meta
   219    if: needs.meta.outputs.changed == 'true'
   220    runs-on: ubuntu-22.04
   221    strategy:
   222      matrix:
   223        component:
   224          - jaeger-webhook
   225          - metrics-api
   226          - tap
   227          - web
   228    timeout-minutes: 15
   229    steps:
   230      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   231      - uses: ./.github/actions/docker-build
   232        id: build
   233        with:
   234          docker-registry: ${{ env.DOCKER_REGISTRY }}
   235          docker-target: linux-amd64
   236          component: ${{ matrix.component }}
   237          tag: ${{ needs.meta.outputs.tag }}
   238      - name: Run docker save
   239        run: |
   240          mkdir -p /home/runner/archives
   241          docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar'
   242      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
   243        with:
   244          name: image-archives-${{ matrix.component }}
   245          path: /home/runner/archives
   246
   247  # These tests exercise core functionality, but need the viz extension.
   248  test-ext:
   249    needs: [meta, build-cli, build-core, build-ext]
   250    if: needs.meta.outputs.changed == 'true'
   251    strategy:
   252      matrix:
   253        integration_test:
   254          - cluster-domain
   255          - default-policy-deny
   256          - external
   257          - rsa-ca
   258          - helm-upgrade
   259          - uninstall
   260          - upgrade-edge
   261    runs-on: ubuntu-22.04
   262    timeout-minutes: 15
   263    steps:
   264      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   265      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
   266        with:
   267          go-version: "1.22"
   268      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
   269        with:
   270          pattern: image-archives-*
   271          path: image-archives
   272          merge-multiple: true
   273      - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
   274      - run: ls -l image-archives/linkerd
   275      - run: bin/tests --images archive --cleanup-docker --name '${{ matrix.integration_test }}' "$HOME/linkerd"
   276        env:
   277          LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
   278
   279  ##
   280  ## Viz: Run the (flakey) `viz` suite only when the `viz` extension is updated.
   281  ##
   282
   283  test-viz:
   284    needs: [meta, build-cli, build-core, build-ext]
   285    if: needs.meta.outputs.changed == 'true'
   286    runs-on: ubuntu-22.04
   287    timeout-minutes: 30
   288    steps:
   289      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   290      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
   291        with:
   292          go-version: "1.22"
   293      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
   294        with:
   295          pattern: image-archives-*
   296          path: image-archives
   297          merge-multiple: true
   298      - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
   299      - run: ls -l image-archives/linkerd
   300      - run: bin/tests --images archive --cleanup-docker --name viz "$HOME/linkerd"
   301        env:
   302          LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
   303
   304  ##
   305  ## Multicluster: Run 'multicluster' suite only when the 'multicluster' extension is updated.
   306  ##               Tests are run on min and max k8s versions
   307  ##
   308
   309  test-multicluster:
   310    needs: [meta, build-cli, build-core, build-ext]
   311    if: needs.meta.outputs.changed == 'true'
   312    runs-on: ubuntu-22.04
   313    timeout-minutes: 20
   314    strategy:
   315      matrix:
   316        k8s:
   317          - v1.22
   318          - v1.29
   319    steps:
   320      - uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6
   321        env:
   322          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   323      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   324      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
   325        with:
   326          go-version: "1.22"
   327      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
   328        with:
   329          pattern: image-archives-*
   330          path: image-archives
   331          merge-multiple: true
   332      - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
   333      - run: ls -l image-archives/linkerd
   334      - name: Setup deps
   335        shell: bash
   336        run: |
   337          echo "PATH=$PATH" >> "$GITHUB_ENV"
   338          bin/scurl -v "https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh" | bash
   339      - name: Load docker images
   340        run: |
   341          for img in controller policy-controller proxy; do
   342            docker load <"image-archives/${img}.tar"
   343          done
   344      - run: docker image ls
   345      - run: just mc-test-build
   346      - name: Run just mc-test-load
   347        run: |
   348          just linkerd-tag='${{ needs.meta.outputs.tag }}' \
   349              k3d-k8s='${{ matrix.k8s }}' \
   350              mc-test-load
   351      - name: Run just mc-test-run
   352        run: |
   353          just linkerd-tag='${{ needs.meta.outputs.tag }}' \
   354              k3d-k8s='${{ matrix.k8s }}' \
   355              mc-test-run
   356
   357  build-ok:
   358    needs: [build-cli, build-core, build-ext]
   359    if: always()
   360    runs-on: ubuntu-22.04
   361    steps:
   362      - name: Results
   363        run: |
   364          echo 'needs.build-cli.result: ${{ needs.build-cli.result }}'
   365          echo 'needs.build-core.result: ${{ needs.build-core.result }}'
   366          echo 'needs.build-ext.result: ${{ needs.build-ext.result }}'
   367      - name: Verify jobs
   368        # All jobs must succeed or be skipped.
   369        if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
   370        run: exit 1
   371
   372  # Try to re-run the integration tests if they fail, but only up to 3 times.
   373  integrations-retry:
   374    needs:
   375      [build-ok, test-core, test-policy, test-ext, test-viz, test-multicluster]
   376    if: failure() && fromJSON(github.run_attempt) < 3 && needs.build-ok.result == 'success'
   377    runs-on: ubuntu-22.04
   378    permissions:
   379      actions: write
   380    env:
   381      GH_REPO: ${{ github.repository }}
   382      GH_TOKEN: ${{ github.token }}
   383      GH_DEBUG: api
   384      REF: ${{ github.head_ref }}
   385    steps:
   386      - run: gh workflow run rerun.yml -F 'run_id=${{ github.run_id }}' --ref "$REF"
   387
   388  integrations-ok:
   389    needs:
   390      [build-ok, test-core, test-policy, test-ext, test-viz, test-multicluster]
   391    if: always()
   392    runs-on: ubuntu-22.04
   393    steps:
   394      - name: Results
   395        run: |
   396          echo 'needs.build-ok.result: ${{ needs.build-ok.result }}'
   397          echo 'needs.test-core.result: ${{ needs.test-core.result }}'
   398          echo 'needs.test-policy.result: ${{ needs.test-policy.result }}'
   399          echo 'needs.test-ext.result: ${{ needs.test-ext.result }}'
   400          echo 'needs.test-viz.result: ${{ needs.test-viz.result }}'
   401          echo 'needs.test-multicluster.result: ${{ needs.test-multicluster.result }}'
   402      - name: Verify jobs
   403        # All jobs must succeed or be skipped.
   404        if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
   405        run: exit 1

View as plain text