Rework certificate handling. #66
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Dockerfile lint and build | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - next | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - uses: hadolint/[email protected] | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ghcr.io/${{ github.repository }}:pr-${{ github.event.pull_request.number }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| helm-docs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Run helm-docs | |
| uses: losisin/helm-docs-github-action@v1 | |
| - name: Run prettier over the re-generated docs | |
| uses: creyD/[email protected] | |
| with: | |
| prettier_options: --write kubernetes/chart/zulip/README.md | |
| no_commit: True | |
| - name: Check for any diff | |
| run: | | |
| if ! git diff --exit-code; then | |
| echo "Changes found!" | |
| git status | |
| git diff | |
| exit 1 | |
| fi | |
| helm-test: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - helm-docs | |
| - build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Helm | |
| uses: azure/[email protected] | |
| with: | |
| version: v3.17.0 | |
| - uses: actions/[email protected] | |
| with: | |
| python-version: "3.x" | |
| check-latest: true | |
| - name: Set up chart-testing | |
| uses: helm/[email protected] | |
| with: | |
| version: 3.14.0 | |
| yamllint_version: 1.37.1 | |
| yamale_version: 6.0.0 | |
| - name: Set up helm repos | |
| run: | | |
| helm repo add groundhog2k https://groundhog2k.github.io/helm-charts/ | |
| - name: Run chart-testing (list-changed) | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --chart-dirs kubernetes/chart \ | |
| --target-branch ${{ github.event.repository.default_branch }}) | |
| if [[ -n "$changed" ]]; then | |
| echo "changed=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Run chart-testing (lint) | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: | | |
| ct lint --github-groups \ | |
| --chart-dirs kubernetes/chart \ | |
| --target-branch ${{ github.event.repository.default_branch }} \ | |
| --lint-conf lintconf.yaml | |
| - name: Create kind cluster | |
| uses: helm/kind-action@v1 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Load image into kind | |
| run: | | |
| docker pull ghcr.io/${{ github.repository }}:pr-${{ github.event.pull_request.number }} | |
| kind load docker-image ghcr.io/${{ github.repository }}:pr-${{ github.event.pull_request.number }} --name chart-testing | |
| - name: Run chart-testing (install) | |
| id: chart-testing-install | |
| run: | | |
| ct install --github-groups \ | |
| --chart-dirs kubernetes/chart \ | |
| --all \ | |
| --helm-extra-set-args "--set image.tag=pr-${{ github.event.pull_request.number }}" \ | |
| --skip-clean-up | |
| - name: Fetch logs | |
| if: success() || failure() | |
| continue-on-error: true | |
| run: | | |
| namespace=$(helm list --all-namespaces --output json \ | |
| | jq -r '[.[] | select(.namespace | startswith("zulip-"))][0].namespace') | |
| kubectl get pods -n "$namespace" | |
| for pod in $(kubectl get pods -n "$namespace" -o name); do | |
| kubectl describe "$pod" -n "$namespace" | |
| done | |
| pod=$(kubectl get pods -n "$namespace" -l app.kubernetes.io/name=zulip --output name) | |
| kubectl -n "$namespace" logs "$pod" | |
| kubectl -n "$namespace" exec "$pod" -c zulip -- cat /var/log/zulip/errors.log | |
| docker-compose-collect: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| dirs: ${{ steps.dirs.outputs.dirs }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - id: dirs | |
| run: echo "dirs=$(ls -d ci/*/ | jq -Rnc '[inputs]')" >> ${GITHUB_OUTPUT} | |
| docker-compose-test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: | |
| - build | |
| - docker-compose-collect | |
| env: | |
| GITHUB_CI_IMAGE: ghcr.io/${{ github.repository }}:pr-${{ github.event.pull_request.number }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| dir: ${{ fromJson(needs.docker-compose-collect.outputs.dirs) }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Verify Docker Compose config | |
| run: | | |
| docker compose \ | |
| -f compose.yaml \ | |
| -f ci/base.yaml \ | |
| --env-file ci/base.env \ | |
| -f ${{ matrix.dir }}/compose.yaml \ | |
| --env-file ${{ matrix.dir }}/env \ | |
| config | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Start Docker Compose services | |
| run: | | |
| docker compose \ | |
| -f compose.yaml \ | |
| -f ci/base.yaml \ | |
| --env-file ci/base.env \ | |
| -f ${{ matrix.dir }}/compose.yaml \ | |
| --env-file ${{ matrix.dir }}/env \ | |
| up -d --no-build | |
| - name: Wait for services to be healthy | |
| run: | | |
| echo "Waiting for zulip service to be healthy..." | |
| timeout 300 bash -c \ | |
| 'until docker inspect --format "{{.State.Health.Status}}" $(docker compose ps -q zulip) | grep -q healthy; do sleep 5; done' | |
| - name: Verify all services are running | |
| run: | | |
| docker compose ps | |
| # Check that no services are in a failed state | |
| if docker compose ps | grep -E "(Exit|Restarting)"; then | |
| exit 1 | |
| fi | |
| - name: Run tests | |
| run: | | |
| docker=("docker" "compose" \ | |
| "-f" "compose.yaml" \ | |
| "-f" "ci/base.yaml" \ | |
| "--env-file" "ci/base.env" \ | |
| "-f" "${{ matrix.dir }}/compose.yaml" \ | |
| "--env-file" "${{ matrix.dir }}/env") | |
| manage=("${docker[@]}" "exec" "-u" "zulip" "zulip" | |
| "/home/zulip/deployments/current/manage.py") | |
| hostname="localhost" | |
| source "${{ matrix.dir }}/test.sh" | |
| - name: Check service logs for critical errors | |
| if: success() || failure() | |
| continue-on-error: true | |
| run: | | |
| docker compose ps | |
| docker compose logs zulip |