feat: add e2e tests for deployment policy (#112) #309
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| # Build when operator code changes | |
| name: Operator CI | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - operator/** | |
| - containers/operator.Dockerfile | |
| - .github/workflows/operator-ci.yaml | |
| - k8s-tests/** | |
| - chart/** | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - operator/* | |
| paths: | |
| - operator/**/*.go | |
| - containers/operator.Dockerfile | |
| - .github/workflows/operator-ci.yaml | |
| - k8s-tests/** | |
| - chart/** | |
| ## these envs control the build and test process below | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| GO_VERSION: 1.24.6 | |
| PLATFORMS: linux/amd64,linux/arm64 | |
| jobs: | |
| # Test operator across supported Kubernetes versions and test suites | |
| tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| # Standard E2E tests on all supported K8s versions | |
| k8s-version: ["1.31.12", "1.32.8", "1.33.4", "1.34.0"] | |
| test-suite: ["e2e"] | |
| include: | |
| # Deployment policy tests on 15-node cluster (K8s 1.34 only) | |
| - k8s-version: "1.34.0" | |
| test-suite: deployment-policy | |
| kind-config: k8s-tests/chainsaw/deployment-policy/kind-config.yaml | |
| make-target: deployment-policy-tests | |
| fail-fast: false # Continue testing other versions if one fails | |
| name: ${{ matrix.test-suite }}-tests (k8s-${{ matrix.k8s-version }}) | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-tags: true | |
| fetch-depth: 0 | |
| - name: Setup Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache-dependency-path: operator/go.sum | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Kubernetes KinD Cluster v${{ matrix.k8s-version }} | |
| id: kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| version: v0.30.0 | |
| node_image: kindest/node:v${{ matrix.k8s-version }} | |
| config: ${{ matrix.kind-config || 'operator/config/local-dev/kind-config.yaml' }} | |
| cluster_name: kind | |
| # Cache build tools and dependencies for faster builds | |
| - name: Restore cached Binaries | |
| id: cached-binaries | |
| uses: actions/cache/restore@v4 | |
| with: | |
| key: ${{ env.GO_VERSION }}-${{ runner.os }}-${{ runner.arch }}-bin-${{ hashFiles('operator/deps.mk') }} | |
| restore-keys: ${{ env.GO_VERSION }}-${{ runner.os }}-${{ runner.arch }}-bin- | |
| path: | | |
| ${{ github.workspace }}/operator/bin | |
| ~/.cache/go-build | |
| - name: Install dependencies | |
| if: steps.cached-binaries.outputs.cache-hit != 'true' | |
| run: | | |
| cd operator | |
| make install-deps | |
| - name: Save cached Binaries | |
| id: save-cached-binaries | |
| if: steps.cached-binaries.outputs.cache-hit != 'true' | |
| uses: actions/cache/save@v4 | |
| with: | |
| key: ${{ env.GO_VERSION }}-${{ runner.os }}-${{ runner.arch }}-bin-${{ hashFiles('operator/deps.mk') }} | |
| path: | | |
| ${{ github.workspace }}/operator/bin | |
| ~/.cache/go-build | |
| # Run test suite | |
| - name: Run ${{ matrix.test-suite }} tests | |
| run: | | |
| cd operator | |
| if [ "${{ matrix.test-suite }}" = "e2e" ]; then | |
| make setup-kind-cluster | |
| make test | |
| else | |
| make ${{ matrix.make-target }} | |
| fi | |
| # Build multi-platform container image and push to registry | |
| build-and-push-operator: | |
| runs-on: ubuntu-latest | |
| needs: [tests] # Don't run the build and push if tests fail | |
| # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| # | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Fetch all tags | |
| run: git fetch --tags --force | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Setup for multi-platform builds (linux/amd64, linux/arm64) | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Build and tag container image based on git ref type | |
| - name: Build the operator container image | |
| id: build | |
| env: | |
| platforms: ${{ env.PLATFORMS }} | |
| run: | | |
| apt-get update && apt-get install -y make git jq | |
| cd operator | |
| # if this is a tag build, use the tag as the version, otherwise use the sha | |
| git fetch --all | |
| export GIT_SHA=$(git rev-parse --short ${{ github.sha }}) | |
| TAGS="-t ${REGISTRY@L}/${{env.IMAGE_NAME}}/operator:${GIT_SHA}" | |
| case ${{ github.ref_type }} in | |
| branch) | |
| # The last tag + current git sha | |
| export OPERATOR_VERSION=$(git tag --list 'operator*' --sort=-v:refname | head -n 1 | cut -d/ -f2)+${GIT_SHA} | |
| TAGS="$TAGS -t ${REGISTRY@L}/${{env.IMAGE_NAME}}/operator:$(echo "${OPERATOR_VERSION}" | tr + -)" | |
| ;; | |
| tag) | |
| # The version part of the tag | |
| export OPERATOR_VERSION=$(echo "${{ github.ref_name }}" | cut -f 2 -d /) | |
| TAGS="$TAGS -t ${REGISTRY@L}/${{env.IMAGE_NAME}}/operator:${OPERATOR_VERSION} -t ${REGISTRY@L}/${{env.IMAGE_NAME}}/operator:latest" | |
| ;; | |
| *) | |
| echo "Unkown type ${{ github.ref_type }}" | |
| exit 1 | |
| ;; | |
| esac | |
| set -x | |
| docker buildx build \ | |
| --build-arg GIT_SHA=${GIT_SHA} \ | |
| --build-arg VERSION=${OPERATOR_VERSION} \ | |
| --build-arg GO_VERSION=${GO_VERSION} \ | |
| --push \ | |
| --platform ${{ env.PLATFORMS }} \ | |
| ${TAGS@L} \ | |
| --metadata-file=metadata.json \ | |
| -f ../containers/operator.Dockerfile . | |
| cat metadata.json | |
| echo "digest=$(cat metadata.json | jq -r .\"containerimage.digest\")" >> $GITHUB_OUTPUT | |
| cat $GITHUB_OUTPUT | |
| # Generate supply chain security attestation | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{env.IMAGE_NAME}}/operator | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true |