Skip to content

Commit

Permalink
Merge pull request #392 from anchore/dev-sync
Browse files Browse the repository at this point in the history
feeds: slo improvements
ecs-inventory: openshift testing, securityContext addition
k8s-inventory: openshift testing
  • Loading branch information
HN23 authored Jul 30, 2024
2 parents f3df106 + fc13630 commit 1f03899
Show file tree
Hide file tree
Showing 22 changed files with 346 additions and 71 deletions.
135 changes: 135 additions & 0 deletions .github/workflows/openshift-test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,135 @@
name: "Test using Replicated's Compatibilty Matrix and chart-testing tool"

on:
pull_request:
paths:
- 'stable/enterprise/Chart.yaml'
- 'stable/feeds/Chart.yaml'
- 'stable/ecs-inventory/Chart.yaml'
- 'stable/k8s-inventory/Chart.yaml'

permissions:
contents: read

jobs:
test:
strategy:
fail-fast: false
matrix:
cluster: [ {distribution: "openshift", version: "4.13.0-okd"}, {distribution: "openshift", version: "4.15.0-okd"}]
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0

- name: Fetch history
run: git fetch --prune --unshallow

- name: Shellcheck
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0

- uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4
with:
python-version: 3.7

- name: Set up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: v3.8.0

- name: Set up chart-testing
uses: helm/chart-testing-action@b43128a8b25298e1e7b043b78ea6613844e079b1 # v2.7.0

- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --config 'ct-config.yaml' --target-branch ${{ github.event.pull_request.base.ref }})
if [[ -n "$changed" ]]; then
echo "CHANGED=true" >> "$GITHUB_OUTPUT"
fi
- name: Run chart-testing (lint)
id: lint
run: ct lint --config 'ct-config.yaml'
if: steps.list-changed.outputs.CHANGED == 'true' && github.event.pull_request.base.ref == 'main'

- name: Run chart-testing but skip version check (lint)
id: lintskipversion
run: ct lint --config 'ct-config.yaml' --check-version-increment=false
if: steps.list-changed.outputs.CHANGED == 'true' && github.event.pull_request.base.ref != 'main'

- name: Set up oc client and kubectl
if: steps.list-changed.outputs.CHANGED == 'true'
run: |
wget https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz
sudo tar xzvf oc.tar.gz -C /usr/local/bin
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/
- name: Use Replicated Compatibilty Matrix for cluster creation
if: steps.list-changed.outputs.CHANGED == 'true'
id: create-cluster
uses: replicatedhq/compatibility-actions/create-cluster@v1
with:
api-token: ${{ secrets.ANCHORECI_REPLICATED_API_TOKEN }}
cluster-name: ${{ github.ref_name }}-${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }}
kubernetes-distribution: ${{ matrix.cluster.distribution }}
kubernetes-version: ${{ matrix.cluster.version }}
ttl: 20m
timeout-minutes: 20
kubeconfig-path: ./tmp/kubeconfig

- name: check the cluster
if: steps.list-changed.outputs.CHANGED == 'true'
id: check-cluster
run: |
kubectl get nodes
kubectl create namespace anchore
echo "${ANCHORE_LICENSE}" | base64 --decode > /tmp/anchore-license
kubectl --namespace anchore create secret generic anchore-enterprise-license --from-file=license.yaml=/tmp/anchore-license
kubectl --namespace anchore create secret docker-registry anchore-enterprise-pullcreds --docker-server=docker.io --docker-username="${DOCKER_USER}" --docker-password="${DOCKER_PASS}"
env:
ANCHORE_LICENSE: ${{ secrets.B64_ANCHORE_LICENSE }}
DOCKER_USER: ${{ secrets.ANCHOREREADONLY_DH_USERNAME }}
DOCKER_PASS: ${{ secrets.ANCHOREREADONLY_DH_PAT }}
KUBECONFIG: ./tmp/kubeconfig

- name: Check if anchore-engine endpoint is required for admission controller chart
id: engine_required
run: |
if [[ -n $(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep 'anchore-admission-controller') ]]; then
echo "File in the 'stable/anchore-admission-controller' directory was changed. We need an engine deployment"
echo "::set-output name=changed::true"
else
echo "No files in 'stable/anchore-admission-controller' directory were changed. Skipping engine deployment"
echo "::set-output name=changed::false"
fi
shell: bash

- name: Deploy Engine
if: steps.engine_required.outputs.changed == 'true'
run: |
helm install engine anchore/anchore-engine --namespace anchore -f stable/anchore-admission-controller/ci/openshift-test.yaml --wait
kubectl --namespace anchore get pods
env:
KUBECONFIG: ./tmp/kubeconfig

- name: Run chart-testing
if: steps.list-changed.outputs.CHANGED == 'true'
run: |
ls -al
echo ${PWD}
files_changed="$(git diff --name-only origin/${TARGET_BRANCH} | sort | uniq)"
charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "stable/[^/]*" | sort | uniq || true)"
for chart in ${charts_dirs_changed}; do
echo "creating openshift-test-values.yaml for ${chart}"
pushd "${chart}"
rm -rvf ci/*-values.yaml
mv ci/openshift-test.yaml ci/openshift-test-values.yaml
popd
done
ct install --config ct-config.yaml --helm-extra-args "--timeout 600s"
env:
KUBECONFIG: ./tmp/kubeconfig
TARGET_BRANCH: "${{ github.event.pull_request.base.ref }}"
2 changes: 1 addition & 1 deletion .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -99,4 +99,4 @@ jobs:
- name: Run chart-testing
if: steps.list-changed.outputs.CHANGED == 'true'
run: ct install --config ct-config.yaml --helm-extra-args "--timeout 600s"
run: ct install --config ct-config.yaml --helm-extra-args "--timeout 600s" --upgrade
2 changes: 1 addition & 1 deletion stable/ecs-inventory/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ maintainers:
email: hung.nguyen@anchore.com

type: application
version: 0.0.7
version: 0.0.8
appVersion: "1.3.1"

icon: https://anchore.com/wp-content/uploads/2016/08/anchore.png
8 changes: 8 additions & 0 deletions stable/ecs-inventory/ci/openshift-test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
securityContext:
fsGroup: null
runAsGroup: null
runAsUser: null

containerSecurityContext:
runAsGroup: null
runAsUser: null
2 changes: 2 additions & 0 deletions stable/ecs-inventory/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ spec:
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
image: {{ .Values.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
Expand Down
3 changes: 3 additions & 0 deletions stable/ecs-inventory/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ annotations: {}
##
deploymentAnnotations: {}

## @param containerSecurityContext The securityContext for all Anchore ECS Inventory containers
containerSecurityContext: {}

## @param securityContext.runAsUser The securityContext runAsUser for all Anchore ECS Inventory pods
## @param securityContext.runAsGroup The securityContext runAsGroup for all Anchore ECS Inventory pods
## @param securityContext.fsGroup The securityContext fsGroup for all Anchore ECS Inventory pods
Expand Down
2 changes: 1 addition & 1 deletion stable/feeds/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@ dependencies:
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.5.9
digest: sha256:d230e687fbd149048ecc6fa77be2bdc7b2c0afc53bbf71212fec001e36f69185
generated: "2024-05-31T14:22:59.354414-04:00"
generated: "2024-07-15T16:10:22.611467-04:00"
4 changes: 2 additions & 2 deletions stable/feeds/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
apiVersion: v2
name: feeds
type: application
version: "2.7.0"
appVersion: "5.7.0"
version: "2.8.0"
appVersion: "5.8.0"
kubeVersion: 1.23.x - 1.30.x || 1.23.x-x - 1.30.x-x
description: Anchore feeds service
keywords:
Expand Down
Loading

0 comments on commit 1f03899

Please sign in to comment.