From 885c733212812ae06da09534f07c9164fe817ab5 Mon Sep 17 00:00:00 2001 From: David Donchez Date: Thu, 26 Oct 2023 11:33:34 +0200 Subject: [PATCH 1/5] ci(tests): use Harbor to host test images --- .github/workflows/tests.yaml | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 9c9683b7..43e8e5e9 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -13,7 +13,9 @@ jobs: runs-on: ubuntu-22.04 env: VERSION: ${{ github.run_id }} - GHCR_REGISTRY: "ghcr.io" + HARBOR_URL: "harbor.enix.io" + HARBOR_REPO: "kube-image-keeper/kube-image-keeper" + GHCR_IMAGE: "ghcr.io/enix/kube-image-keeper" QUAY_IMAGE: "quay.io/enix/kube-image-keeper" steps: - name: Checkout Repository @@ -31,16 +33,16 @@ jobs: - name: Log in to the Container registry uses: docker/login-action@v3 with: - registry: ${{ env.GHCR_REGISTRY }} - username: ${{ env.COMMIT_NAME }} - password: ${{ secrets.RELEASE_GITHUB_TOKEN }} + registry: ${{ env.HARBOR_URL }} + username: ${{ secrets.HARBOR_USERNAME }} + password: ${{ secrets.HARBOR_PASSWORD }} - name: Generate image metadata id: meta uses: docker/metadata-action@v5 with: images: | - ${{ env.GHCR_REGISTRY }}/${{ github.repository }} + ${{ env.GHCR_IMAGE }} ${{ github.repository }} ${{ env.QUAY_IMAGE }} @@ -55,7 +57,7 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} tags: | - ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ env.VERSION }} + ${{ env.HARBOR_URL }}/${{ env.HARBOR_REPO }}:${{ env.VERSION }} - name: Build alpine container images uses: docker/build-push-action@v5 @@ -69,7 +71,7 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} tags: | - ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ env.VERSION }}-alpine + ${{ env.HARBOR_URL }}/${{ env.HARBOR_REPO }}:${{ env.VERSION }}-alpine e2e: name: Tests End-to-End on K8s @@ -78,8 +80,8 @@ jobs: runs-on: ubuntu-22.04 env: VERSION: ${{ github.run_id }} - GHCR_IMAGE_NAME: "ghcr.io/enix/kube-image-keeper" - GHCR_REGISTRY: "ghcr.io" + HARBOR_IMAGE: "harbor.enix.io/kube-image-keeper/kube-image-keeper" + HARBOR_REGISTRY: "harbor.enix.io" strategy: max-parallel: 6 matrix: @@ -126,13 +128,12 @@ jobs: run : | set -euo pipefail kubectl create namespace kuik-system - kubectl create secret docker-registry ghcr-secret -n kuik-system --docker-server=https://ghcr.io \ - --docker-username=monkeynator --docker-password=${{ secrets.RELEASE_GITHUB_TOKEN }} \ - --docker-email=${{ env.COMMIT_EMAIL }} + kubectl create secret docker-registry harbor-secret -n kuik-system --docker-server=${{ env.HARBOR_REGISTRY }} \ + --docker-username=${{ secrets.HARBOR_USERNAME }} --docker-password=${{ secrets.HARBOR_PASSWORD }} helm upgrade --install kube-image-keeper -n kuik-system --create-namespace ./helm/kube-image-keeper \ --set controllers.image.tag=${{ env.VERSION }} --set proxy.image.tag=${{ env.VERSION }} \ - --set controllers.image.repository=${{ env.GHCR_IMAGE_NAME }} --set proxy.image.repository=${{ env.GHCR_IMAGE_NAME }} \ - --set controllers.imagePullSecrets[0].name=ghcr-secret --set proxy.image.imagePullSecrets[0].name=ghcr-secret --debug + --set controllers.image.repository=${{ env.HARBOR_IMAGE }} --set proxy.image.repository=${{ env.HARBOR_IMAGE }} \ + --set controllers.imagePullSecrets[0].name=harbor-secret --set proxy.image.imagePullSecrets[0].name=harbor-secret --debug kubectl wait pods -n kuik-system -l app.kubernetes.io/instance=kube-image-keeper --for condition=Ready --timeout=30s - name: Run end-to-end tests From 0ea0f5085fcc9e3cafc06ba80c9fe30eb412fc8f Mon Sep 17 00:00:00 2001 From: David Donchez Date: Thu, 26 Oct 2023 13:29:54 +0200 Subject: [PATCH 2/5] ci(tests): escape some variables --- .github/workflows/tests.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 43e8e5e9..6dff859b 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -82,6 +82,8 @@ jobs: VERSION: ${{ github.run_id }} HARBOR_IMAGE: "harbor.enix.io/kube-image-keeper/kube-image-keeper" HARBOR_REGISTRY: "harbor.enix.io" + HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }} + HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }} strategy: max-parallel: 6 matrix: @@ -129,10 +131,10 @@ jobs: set -euo pipefail kubectl create namespace kuik-system kubectl create secret docker-registry harbor-secret -n kuik-system --docker-server=${{ env.HARBOR_REGISTRY }} \ - --docker-username=${{ secrets.HARBOR_USERNAME }} --docker-password=${{ secrets.HARBOR_PASSWORD }} + --docker-username="$HARBOR_USERNAME" --docker-password="$HARBOR_PASSWORD" helm upgrade --install kube-image-keeper -n kuik-system --create-namespace ./helm/kube-image-keeper \ - --set controllers.image.tag=${{ env.VERSION }} --set proxy.image.tag=${{ env.VERSION }} \ - --set controllers.image.repository=${{ env.HARBOR_IMAGE }} --set proxy.image.repository=${{ env.HARBOR_IMAGE }} \ + --set controllers.image.tag=$VERSION --set proxy.image.tag=$VERSION \ + --set controllers.image.repository=$HARBOR_IMAGE --set proxy.image.repository=${HARBOR_IMAGE \ --set controllers.imagePullSecrets[0].name=harbor-secret --set proxy.image.imagePullSecrets[0].name=harbor-secret --debug kubectl wait pods -n kuik-system -l app.kubernetes.io/instance=kube-image-keeper --for condition=Ready --timeout=30s From b9b0656a43e35d01daa92d39ccd1d715cf0c3308 Mon Sep 17 00:00:00 2001 From: David Donchez Date: Thu, 26 Oct 2023 13:46:47 +0200 Subject: [PATCH 3/5] ci(tests): typo --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 6dff859b..89d89494 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -134,7 +134,7 @@ jobs: --docker-username="$HARBOR_USERNAME" --docker-password="$HARBOR_PASSWORD" helm upgrade --install kube-image-keeper -n kuik-system --create-namespace ./helm/kube-image-keeper \ --set controllers.image.tag=$VERSION --set proxy.image.tag=$VERSION \ - --set controllers.image.repository=$HARBOR_IMAGE --set proxy.image.repository=${HARBOR_IMAGE \ + --set controllers.image.repository=$HARBOR_IMAGE --set proxy.image.repository=$HARBOR_IMAGE \ --set controllers.imagePullSecrets[0].name=harbor-secret --set proxy.image.imagePullSecrets[0].name=harbor-secret --debug kubectl wait pods -n kuik-system -l app.kubernetes.io/instance=kube-image-keeper --for condition=Ready --timeout=30s From 42feb1cce1af4544965d876d59935e2fee157e9b Mon Sep 17 00:00:00 2001 From: David Donchez Date: Thu, 26 Oct 2023 14:51:13 +0200 Subject: [PATCH 4/5] ci(tests): better handling of errors --- .github/workflows/tests.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 89d89494..7adfaa7c 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -168,18 +168,20 @@ jobs: while [[ $attempts -lt 3 && $success == false ]] do response=$(kubectl run curl-pod --image=curlimages/curl --rm -ti --quiet --restart=Never -- curl -s -o /dev/null -w "%{http_code}\n" http://$ip:8080/metrics) - if [[ $response -ge 200 && $response -lt 300 ]]; then + if [[ -z "$response" ]]; then + echo "No HTTP response received from $ip" + elif [[ $response -ge 200 && $response -lt 300 ]]; then echo "HTTP status code $response is valid for $ip" success=true else echo "HTTP status code $response is not valid for $ip" - ((attempts++)) - sleep 5 fi + attempts=$(( $attempts + 1 )) + sleep 3 done if [[ $success == false ]]; then - echo "Failed after 3 attempts for $ip" - exit 1 + echo "Failed after 3 attempts for $ip" + exit 1 fi done done From 2dca4ec567a2b6ef1e227e56ccc1d52f077c41cb Mon Sep 17 00:00:00 2001 From: David Donchez Date: Thu, 26 Oct 2023 15:26:56 +0200 Subject: [PATCH 5/5] ci(release): use Harbor to host test images --- .github/workflows/release.yml | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 03e0b3f8..e35a2e8a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -118,7 +118,9 @@ jobs: runs-on: ubuntu-22.04 env: VERSION: ${{ github.run_id }} - GHCR_REGISTRY: "ghcr.io" + HARBOR_URL: "harbor.enix.io" + HARBOR_REPO: "kube-image-keeper/kube-image-keeper" + GHCR_IMAGE: "ghcr.io/enix/kube-image-keeper" QUAY_IMAGE: "quay.io/enix/kube-image-keeper" steps: - name: Checkout Repository @@ -132,9 +134,9 @@ jobs: - name: Log in to the Container registry uses: docker/login-action@v3 with: - registry: ${{ env.GHCR_REGISTRY }} - username: ${{ env.COMMIT_NAME }} - password: ${{ secrets.RELEASE_GITHUB_TOKEN }} + registry: ${{ env.HARBOR_URL }} + username: ${{ secrets.HARBOR_USERNAME }} + password: ${{ secrets.HARBOR_PASSWORD }} - name: Generate image metadata id: meta @@ -156,7 +158,7 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} tags: | - ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ env.VERSION }} + ${{ env.HARBOR_URL }}/${{ env.HARBOR_REPO }}:${{ env.VERSION }} - name: Build alpine container images uses: docker/build-push-action@v5 @@ -170,7 +172,7 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} tags: | - ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ env.VERSION }}-alpine + ${{ env.HARBOR_URL }}/${{ env.HARBOR_REPO }}:${{ env.VERSION }}-alpine e2e: name: Tests End-to-End on K8s needs: @@ -178,8 +180,10 @@ jobs: runs-on: ubuntu-22.04 env: VERSION: ${{ github.run_id }} - GHCR_IMAGE_NAME: "ghcr.io/enix/kube-image-keeper" - GHCR_REGISTRY: "ghcr.io" + HARBOR_IMAGE: "harbor.enix.io/kube-image-keeper/kube-image-keeper" + HARBOR_REGISTRY: "harbor.enix.io" + HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }} + HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }} strategy: max-parallel: 6 matrix: @@ -226,13 +230,12 @@ jobs: run : | set -euo pipefail kubectl create namespace kuik-system - kubectl create secret docker-registry ghcr-secret -n kuik-system --docker-server=https://ghcr.io \ - --docker-username=monkeynator --docker-password=${{ secrets.RELEASE_GITHUB_TOKEN }} \ - --docker-email=${{ env.COMMIT_EMAIL }} + kubectl create secret docker-registry harbor-secret -n kuik-system --docker-server=${{ env.HARBOR_REGISTRY }} \ + --docker-username="$HARBOR_USERNAME" --docker-password="$HARBOR_PASSWORD" helm upgrade --install kube-image-keeper -n kuik-system --create-namespace ./helm/kube-image-keeper \ - --set controllers.image.tag=${{ env.VERSION }} --set proxy.image.tag=${{ env.VERSION }} \ - --set controllers.image.repository=${{ env.GHCR_IMAGE_NAME }} --set proxy.image.repository=${{ env.GHCR_IMAGE_NAME }} \ - --set controllers.imagePullSecrets[0].name=ghcr-secret --set proxy.image.imagePullSecrets[0].name=ghcr-secret --debug + --set controllers.image.tag=$VERSION --set proxy.image.tag=$VERSION \ + --set controllers.image.repository=$HARBOR_IMAGE --set proxy.image.repository=$HARBOR_IMAGE \ + --set controllers.imagePullSecrets[0].name=harbor-secret --set proxy.image.imagePullSecrets[0].name=harbor-secret --debug kubectl wait pods -n kuik-system -l app.kubernetes.io/instance=kube-image-keeper --for condition=Ready --timeout=30s - name: Run end-to-end tests @@ -416,7 +419,6 @@ jobs: username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_ROBOT_TOKEN }} - - name: Generate image metadata id: meta uses: docker/metadata-action@v5