1name: Integration tests
2
3on: pull_request
4
5permissions:
6 contents: read
7
8env:
9 CARGO_INCREMENTAL: 0
10 CARGO_NET_RETRY: 10
11 DOCKER_REGISTRY: ghcr.io/linkerd
12 GH_ANNOTATION: true
13 K3D_VERSION: v5.4.4
14 RUST_BACKTRACE: short
15 RUSTUP_MAX_RETRIES: 10
16 YQ_VERSION: v4.25.1
17 LINKERD2_PROXY_REPO: ${{ vars.LINKERD2_PROXY_REPO || 'linkerd/linkerd2-proxy' }}
18 LINKERD2_PROXY_RELEASE_PREFIX: ${{ vars.LINKERD2_PROXY_RELEASE_PREFIX || 'release/' }}
19
20concurrency:
21 group: ${{ github.workflow }}-${{ github.head_ref }}
22 cancel-in-progress: true
23
24jobs:
25 meta:
26 runs-on: ubuntu-22.04
27 steps:
28 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
29 - id: tag
30 run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT"
31 - uses: tj-actions/changed-files@d6babd6899969df1a11d14c368283ea4436bca78
32 id: core
33 with:
34 files: |
35 .github/workflows/integration.yml
36 .proxy-version
37 go.sum
38 **/*.go
39 **/Dockerfile*
40 charts/**
41 justfile
42 bin/fetch-proxy
43 bin/_test-helper.sh
44 files_ignore: |
45 .devcontainer/**
46 **/Chart.yaml
47 **/README*
48 outputs:
49 tag: ${{ steps.tag.outputs.tag }}
50 changed: ${{ steps.core.outputs.any_changed }}
51
52 info:
53 needs: meta
54 runs-on: ubuntu-22.04
55 timeout-minutes: 2
56 steps:
57 - name: Info
58 run: |
59 echo "tag=${{ needs.meta.outputs.tag }}"
60 echo "changed=${{ needs.meta.outputs.changed }}"
61
62 build-cli:
63 needs: meta
64 if: needs.meta.outputs.changed == 'true'
65 runs-on: ubuntu-22.04
66 timeout-minutes: 15
67 steps:
68 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
69 - uses: ./.github/actions/docker-build
70 id: build
71 with:
72 docker-registry: ${{ env.DOCKER_REGISTRY }}
73 docker-target: linux-amd64
74 component: cli-bin
75 tag: ${{ needs.meta.outputs.tag }}
76 - name: Extract CLI binary
77 run: |
78 mkdir -p /home/runner/archives
79 id=$(docker create '${{ steps.build.outputs.image }}')
80 docker cp "$id:/out/linkerd-linux-amd64" /home/runner/archives/linkerd
81 v=$(/home/runner/archives/linkerd version --short --client)
82 [[ "$v" == '${{ needs.meta.outputs.tag }}' ]] || exit 1
83 - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
84 with:
85 name: image-archives-cli
86 path: /home/runner/archives
87
88 ##
89 ## Core: Test the core control plane
90 ##
91 ## TODO(ver) CNI configurations should be tested separately.
92 ##
93
94 build-core:
95 needs: meta
96 if: needs.meta.outputs.changed == 'true'
97 runs-on: ubuntu-22.04
98 strategy:
99 matrix:
100 component:
101 - controller
102 - policy-controller
103 - proxy
104 timeout-minutes: 20
105 steps:
106 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
107 - uses: ./.github/actions/docker-build
108 id: build
109 env:
110 LINKERD2_PROXY_GITHUB_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN || github.token }}
111 with:
112 docker-registry: ${{ env.DOCKER_REGISTRY }}
113 docker-target: linux-amd64
114 component: ${{ matrix.component }}
115 tag: ${{ needs.meta.outputs.tag }}
116 - name: Run docker save
117 run: |
118 mkdir -p /home/runner/archives
119 docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar'
120 - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
121 with:
122 name: image-archives-${{ matrix.component }}
123 path: /home/runner/archives
124
125 test-core:
126 needs: [meta, build-cli, build-core]
127 if: needs.meta.outputs.changed == 'true'
128 strategy:
129 matrix:
130 test:
131 - cni-calico-deep
132 - deep
133 - deep-native-sidecar
134 runs-on: ubuntu-22.04
135 timeout-minutes: 15
136 steps:
137 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
138 - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
139 with:
140 go-version: "1.22"
141 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
142 with:
143 pattern: image-archives-*
144 path: image-archives
145 merge-multiple: true
146 - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
147 - run: find image-archives -ls
148 - run: bin/tests --images archive --cleanup-docker --name ${{ matrix.test }} "$HOME/linkerd"
149 env:
150 LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
151 TAG: ${{ needs.meta.outputs.tag }}
152
153 ##
154 ## Policy: Only run policy tests when the policy controller or proxy changes
155 ##
156
157 test-policy:
158 needs: [meta, build-cli, build-core]
159 if: needs.meta.outputs.changed == 'true'
160 runs-on: ubuntu-22.04
161 timeout-minutes: 20
162 strategy:
163 matrix:
164 k8s:
165 - v1.22
166 - v1.29
167 steps:
168 - uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6
169 env:
170 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
171 - uses: olix0r/cargo-action-fmt/setup@9269f3aa1ff01775d95efc97037e2cbdb41d9684
172 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
173 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
174 with:
175 pattern: image-archives-*
176 path: image-archives
177 merge-multiple: true
178 - run: find image-archives -ls
179 - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
180 - name: Setup deps
181 shell: bash
182 run: |
183 rm -rf "$HOME/.cargo"
184 bin/scurl -v https://sh.rustup.rs | sh -s -- -y --default-toolchain "$(./bin/rust-toolchain-version)"
185 # shellcheck disable=SC1090
186 source ~/.cargo/env
187 echo "PATH=$PATH" >> "$GITHUB_ENV"
188 bin/scurl -v "https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh" | bash
189 bin/scurl -vo /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && chmod +x /usr/local/bin/yq
190 - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84
191 - run: cargo install cargo-nextest
192 - run: just policy-test-build
193 - run: just k3d-k8s='${{ matrix.k8s }}' k3d-create
194 - run: docker load <image-archives/controller.tar
195 - run: docker load <image-archives/policy-controller.tar
196 - run: docker load <image-archives/proxy.tar
197 - run: docker image ls
198 - run: just linkerd-tag='${{ needs.meta.outputs.tag }}' linkerd-exec="$HOME/linkerd" linkerd-install
199 - name: Load images
200 run: |
201 # Image loading is flakey in CI, so retry!
202 for _ in {1..6} ; do
203 if just linkerd-tag='${{ needs.meta.outputs.tag }}' policy-test-deps-load ; then exit 0 ; fi
204 sleep 10
205 echo retrying...
206 done
207 exit 1
208 - run: just policy-test-run --jobs=1
209 env:
210 # https://nexte.st/book/retries.html
211 NEXTEST_RETRIES: 3
212
213 ##
214 ## Ext: Run tests that require non-core components.
215 ##
216
217 build-ext:
218 needs: meta
219 if: needs.meta.outputs.changed == 'true'
220 runs-on: ubuntu-22.04
221 strategy:
222 matrix:
223 component:
224 - jaeger-webhook
225 - metrics-api
226 - tap
227 - web
228 timeout-minutes: 15
229 steps:
230 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
231 - uses: ./.github/actions/docker-build
232 id: build
233 with:
234 docker-registry: ${{ env.DOCKER_REGISTRY }}
235 docker-target: linux-amd64
236 component: ${{ matrix.component }}
237 tag: ${{ needs.meta.outputs.tag }}
238 - name: Run docker save
239 run: |
240 mkdir -p /home/runner/archives
241 docker save '${{ steps.build.outputs.image }}' >'/home/runner/archives/${{ matrix.component }}.tar'
242 - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
243 with:
244 name: image-archives-${{ matrix.component }}
245 path: /home/runner/archives
246
247 # These tests exercise core functionality, but need the viz extension.
248 test-ext:
249 needs: [meta, build-cli, build-core, build-ext]
250 if: needs.meta.outputs.changed == 'true'
251 strategy:
252 matrix:
253 integration_test:
254 - cluster-domain
255 - default-policy-deny
256 - external
257 - rsa-ca
258 - helm-upgrade
259 - uninstall
260 - upgrade-edge
261 runs-on: ubuntu-22.04
262 timeout-minutes: 15
263 steps:
264 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
265 - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
266 with:
267 go-version: "1.22"
268 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
269 with:
270 pattern: image-archives-*
271 path: image-archives
272 merge-multiple: true
273 - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
274 - run: ls -l image-archives/linkerd
275 - run: bin/tests --images archive --cleanup-docker --name '${{ matrix.integration_test }}' "$HOME/linkerd"
276 env:
277 LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
278
279 ##
280 ## Viz: Run the (flakey) `viz` suite only when the `viz` extension is updated.
281 ##
282
283 test-viz:
284 needs: [meta, build-cli, build-core, build-ext]
285 if: needs.meta.outputs.changed == 'true'
286 runs-on: ubuntu-22.04
287 timeout-minutes: 30
288 steps:
289 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
290 - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
291 with:
292 go-version: "1.22"
293 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
294 with:
295 pattern: image-archives-*
296 path: image-archives
297 merge-multiple: true
298 - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
299 - run: ls -l image-archives/linkerd
300 - run: bin/tests --images archive --cleanup-docker --name viz "$HOME/linkerd"
301 env:
302 LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
303
304 ##
305 ## Multicluster: Run 'multicluster' suite only when the 'multicluster' extension is updated.
306 ## Tests are run on min and max k8s versions
307 ##
308
309 test-multicluster:
310 needs: [meta, build-cli, build-core, build-ext]
311 if: needs.meta.outputs.changed == 'true'
312 runs-on: ubuntu-22.04
313 timeout-minutes: 20
314 strategy:
315 matrix:
316 k8s:
317 - v1.22
318 - v1.29
319 steps:
320 - uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6
321 env:
322 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
323 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
324 - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
325 with:
326 go-version: "1.22"
327 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
328 with:
329 pattern: image-archives-*
330 path: image-archives
331 merge-multiple: true
332 - run: cp image-archives/linkerd "$HOME" && chmod 755 "$HOME/linkerd"
333 - run: ls -l image-archives/linkerd
334 - name: Setup deps
335 shell: bash
336 run: |
337 echo "PATH=$PATH" >> "$GITHUB_ENV"
338 bin/scurl -v "https://raw.githubusercontent.com/k3d-io/k3d/${K3D_VERSION}/install.sh" | bash
339 - name: Load docker images
340 run: |
341 for img in controller policy-controller proxy; do
342 docker load <"image-archives/${img}.tar"
343 done
344 - run: docker image ls
345 - run: just mc-test-build
346 - name: Run just mc-test-load
347 run: |
348 just linkerd-tag='${{ needs.meta.outputs.tag }}' \
349 k3d-k8s='${{ matrix.k8s }}' \
350 mc-test-load
351 - name: Run just mc-test-run
352 run: |
353 just linkerd-tag='${{ needs.meta.outputs.tag }}' \
354 k3d-k8s='${{ matrix.k8s }}' \
355 mc-test-run
356
357 build-ok:
358 needs: [build-cli, build-core, build-ext]
359 if: always()
360 runs-on: ubuntu-22.04
361 steps:
362 - name: Results
363 run: |
364 echo 'needs.build-cli.result: ${{ needs.build-cli.result }}'
365 echo 'needs.build-core.result: ${{ needs.build-core.result }}'
366 echo 'needs.build-ext.result: ${{ needs.build-ext.result }}'
367 - name: Verify jobs
368 # All jobs must succeed or be skipped.
369 if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
370 run: exit 1
371
372 # Try to re-run the integration tests if they fail, but only up to 3 times.
373 integrations-retry:
374 needs:
375 [build-ok, test-core, test-policy, test-ext, test-viz, test-multicluster]
376 if: failure() && fromJSON(github.run_attempt) < 3 && needs.build-ok.result == 'success'
377 runs-on: ubuntu-22.04
378 permissions:
379 actions: write
380 env:
381 GH_REPO: ${{ github.repository }}
382 GH_TOKEN: ${{ github.token }}
383 GH_DEBUG: api
384 REF: ${{ github.head_ref }}
385 steps:
386 - run: gh workflow run rerun.yml -F 'run_id=${{ github.run_id }}' --ref "$REF"
387
388 integrations-ok:
389 needs:
390 [build-ok, test-core, test-policy, test-ext, test-viz, test-multicluster]
391 if: always()
392 runs-on: ubuntu-22.04
393 steps:
394 - name: Results
395 run: |
396 echo 'needs.build-ok.result: ${{ needs.build-ok.result }}'
397 echo 'needs.test-core.result: ${{ needs.test-core.result }}'
398 echo 'needs.test-policy.result: ${{ needs.test-policy.result }}'
399 echo 'needs.test-ext.result: ${{ needs.test-ext.result }}'
400 echo 'needs.test-viz.result: ${{ needs.test-viz.result }}'
401 echo 'needs.test-multicluster.result: ${{ needs.test-multicluster.result }}'
402 - name: Verify jobs
403 # All jobs must succeed or be skipped.
404 if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
405 run: exit 1
View as plain text