Skip to content

Merge tag '1.22.5' into tetratefips-release-1.22 #1202

Merge tag '1.22.5' into tetratefips-release-1.22

Merge tag '1.22.5' into tetratefips-release-1.22 #1202

Workflow file for this run

name: e2e-tests
on:
push:
tags:
- "test-*"
env:
HUB: ${{ secrets.TEST_HUB }}
jobs:
# copied from make_release.yml
build_fips_proxy:
# Only run this job when the release type equals "fips".
if: contains(github.event.ref, 'fips')
name: build fips proxy binary
timeout-minutes: 840
runs-on: ['self-hosted','Linux','x64','c5.4xlarge']
env:
RELEASE_GCS_PATH: gs://getistio-build/proxy-fips
steps:
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF#refs/tags/}
- name: Get normalized tag
id: get_normalized_ver
run: echo ::set-output name=NORMALIZED_TAG::$(echo $TAG | sed 's/test-//g' | sed 's/-.*//g')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- name: Checkout
uses: actions/checkout@v2
with:
repository: "istio/proxy"
ref: ${{ steps.get_normalized_ver.outputs.NORMALIZED_TAG }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v0
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- name: Check if already built
id: check_already_built
env:
REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
TAG: ${{ steps.get_tag.outputs.TAG }}
run: |
SHA=$(echo $TAG | sed 's/test-//g' | sed 's/[0-9].[0-9][0-9].[0-9]-[A-Za-z]*-//g' | sed 's/-.*//g')
SHOULD_BUILD=1
SHOULD_COPY=1
if gsutil ls ${RELEASE_GCS_PATH} | grep "${SHA}[^-]" ; then
SHOULD_BUILD=0
fi
if [ $(bc <<< "$REL_BRANCH_VER > 1.17") -eq 1 ];then
SHOULD_COPY=0
fi
echo ::set-output name=should_build::${SHOULD_BUILD}
echo ::set-output name=should_copy::${SHOULD_COPY}
- name: Tweak make recipe
if: ${{ steps.check_already_built.outputs.should_build == '1' }}
# 1) remove unnecessary dependency on naive "build" target
# 2) remove "-p" flag to not push and build container,
# 3) replace RELEASE_GCS_PATH var with the literal due to docker build.
# from push_release.
run: |
ESCAPED_RELEASE_GCS_PATH=$(printf '%s\n' "$RELEASE_GCS_PATH" | sed -e 's/[\/&]/\\&/g')
sed -i "s/\-p//g; s/push_release: build/push_release:/g; s/\"\$(RELEASE_GCS_PATH)\"/${ESCAPED_RELEASE_GCS_PATH}/g" Makefile.core.mk
- name: Tweak release-binary script
if: ${{ steps.check_already_built.outputs.should_build == '1' }}
# 1) Setup in-docker auth against gcloud
# 2) Remove unnecessary debug build
# 3) Remove unnecessary Wasm build and publish
# Note that /work is the mount destination of the current home of make command with BUILD_WITH_CONTAINER=1.
run: |
CREDENTIAL_FILE_NAME=$(echo ${GOOGLE_APPLICATION_CREDENTIALS} | awk -F/ '{print $NF}')
cp scripts/release-binary.sh scripts/release-binary.sh.tmp
echo gcloud auth activate-service-account --key-file="/work/${CREDENTIAL_FILE_NAME}" > scripts/release-binary.sh
cat scripts/release-binary.sh.tmp >> scripts/release-binary.sh
sed -i 's/for config in release release-symbol asan debug/for config in release/g' scripts/release-binary.sh
sed -i -n '/Build and publish Wasm plugins/q;p' scripts/release-binary.sh
cat scripts/release-binary.sh
- name: Add FIPS flag
if: ${{ steps.check_already_built.outputs.should_build == '1' }}
run: echo "build --define boringssl=fips" >> .bazelrc
- name: Build and push
if: ${{ steps.check_already_built.outputs.should_build == '1' }}
env:
BUILD_WITH_CONTAINER: 1
run: make push_release
- name: Put CentOS binary
env:
REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
TAG: ${{ steps.get_tag.outputs.TAG }}
# Copy the binary built on Ubuntu to CentOS path - this binar cannot run on CentOS/RHEL 7, but fine with CentOS 8.
# The point is that we cannot build FIPS binary directly on CentOS 7 due to the constraints described in the BoringCrypto certification.
run: |
SHA=$(echo $TAG | sed 's/test-//g' | sed 's/[0-9].[0-9][0-9].[0-9]-[A-Za-z]*-//g' | sed 's/-.*//g')
gsutil cp ${RELEASE_GCS_PATH}/envoy-alpha-${SHA}.tar.gz ${RELEASE_GCS_PATH}/envoy-centos-alpha-${SHA}.tar.gz
- name: Put Wasm binary
if: ${{ steps.check_already_built.outputs.should_build == '1' && steps.check_already_built.outputs.should_copy == '1' }}
# Copy the built Wasm binary in the upstream to the bucket - Wasm is nothing to do with FIPS stuff.
env:
UPSTREAM_GCSP_PATH: gs://istio-build/proxy
REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
TAG: ${{ steps.get_tag.outputs.TAG }}
run: |
SHA1=$(git rev-parse --verify HEAD)
SHA=$(echo $TAG | sed 's/test-//g' | sed 's/[0-9].[0-9][0-9].[0-9]-[A-Za-z]*-//g' | sed 's/-.*//g')
gsutil cp "${UPSTREAM_GCSP_PATH}/metadata_exchange-${SHA1}.compiled.wasm" "${RELEASE_GCS_PATH}/metadata_exchange-${SHA}.compiled.wasm"
gsutil cp "${UPSTREAM_GCSP_PATH}/metadata_exchange-${SHA1}.compiled.wasm.sha256" "${RELEASE_GCS_PATH}/metadata_exchange-${SHA}.compiled.wasm.sha256"
gsutil cp "${UPSTREAM_GCSP_PATH}/metadata_exchange-${SHA1}.wasm" "${RELEASE_GCS_PATH}/metadata_exchange-${SHA}.wasm"
gsutil cp "${UPSTREAM_GCSP_PATH}/metadata_exchange-${SHA1}.wasm.sha256" "${RELEASE_GCS_PATH}/metadata_exchange-${SHA}.wasm.sha256"
gsutil cp "${UPSTREAM_GCSP_PATH}/stats-${SHA1}.compiled.wasm" "${RELEASE_GCS_PATH}/stats-${SHA}.compiled.wasm"
gsutil cp "${UPSTREAM_GCSP_PATH}/stats-${SHA1}.compiled.wasm.sha256" "${RELEASE_GCS_PATH}/stats-${SHA}.compiled.wasm.sha256"
gsutil cp "${UPSTREAM_GCSP_PATH}/stats-${SHA1}.wasm" "${RELEASE_GCS_PATH}/stats-${SHA}.wasm"
gsutil cp "${UPSTREAM_GCSP_PATH}/stats-${SHA1}.wasm.sha256" "${RELEASE_GCS_PATH}/stats-${SHA}.wasm.sha256"
build_fips_arm_proxy:
# Do not run this job when the release type equals "fips"as we do not support fips compliant ARM build yet.
# if: contains(github.event.ref, 'fips')
if: false
name: build ARM proxy binary
timeout-minutes: 1440 # 12 hours
runs-on: ['self-hosted','Linux','ARM64','arm64-32']
env:
RELEASE_GCS_PATH: gs://getistio-build/proxy-fips
ARCH_SUFFIX: arm64
steps:
- name: Get normalized tag
id: get_normalized_ver
run: echo ::set-output name=NORMALIZED_TAG::$(echo $TAG | sed 's/test-//g' | sed 's/-.*//g')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- name: Checkout
uses: actions/checkout@v2
with:
repository: "istio/proxy"
ref: ${{ steps.get_normalized_ver.outputs.NORMALIZED_TAG }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v0
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- name: Check if already built
id: check_already_built
env:
REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
TAG: ${{ steps.get_tag.outputs.TAG }}
run: |
SHA=$(echo $TAG | sed 's/test-//g' | sed 's/[0-9].[0-9][0-9].[0-9]-[A-Za-z]*-//g' | sed 's/-.*//g')
SHOULD_BUILD=1
if gsutil ls ${RELEASE_GCS_PATH} | grep "${SHA}[^-]" ; then
SHOULD_BUILD=0
fi
echo ::set-output name=should_build::${SHOULD_BUILD}
- name: Tweak make recipe
if: ${{ steps.check_already_built.outputs.should_build == '1' }}
# 1) remove unnecessary dependency on naive "build" target
# 2) remove "-p" flag to not push and build container,
# 3) replace RELEASE_GCS_PATH var with the literal due to docker build.
# from push_release.
run: |
ESCAPED_RELEASE_GCS_PATH=$(printf '%s\n' "$RELEASE_GCS_PATH" | sed -e 's/[\/&]/\\&/g')
sed -i "s/\-p//g; s/push_release: build/push_release:/g; s/\"\$(RELEASE_GCS_PATH)\"/${ESCAPED_RELEASE_GCS_PATH}/g" Makefile.core.mk
- name: Tweak release-binary script
if: ${{ steps.check_already_built.outputs.should_build == '1' }}
# 1) Setup in-docker auth against gcloud
# 2) Remove unnecessary debug build
# 3) Remove unnecessary Wasm build and publish
# Note that /work is the mount destination of the current home of make command with BUILD_WITH_CONTAINER=1.
run: |
CREDENTIAL_FILE_NAME=$(echo ${GOOGLE_APPLICATION_CREDENTIALS} | awk -F/ '{print $NF}')
cp scripts/release-binary.sh scripts/release-binary.sh.tmp
echo gcloud auth activate-service-account --key-file="/work/${CREDENTIAL_FILE_NAME}" > scripts/release-binary.sh
cat scripts/release-binary.sh.tmp >> scripts/release-binary.sh
sed -i 's/release release\-symbol debug/release release\-symbol/' scripts/release-binary.sh
sed -i '/if \[\[ "${BUILD_ENVOY_BINARY_ONLY}" !/, +6d' scripts/release-binary.sh
sed -i -n '/Build and publish Wasm plugins/q;p' scripts/release-binary.sh
cat scripts/release-binary.sh
- name: Add FIPS flag
if: ${{ steps.check_already_built.outputs.should_build == '1' }}
run: echo "build --define boringssl=fips" >> .bazelrc
- name: Build and push
if: ${{ steps.check_already_built.outputs.should_build == '1' }}
env:
BUILD_ENVOY_BINARY_ONLY: 1
BUILD_WITH_CONTAINER: 1
run: make push_release
create-test-images-arm64:
name: create-test-images-arm64
runs-on: ["self-hosted", "arm64"]
env:
TARGETARCH: arm64
DOCKER_ARCHITECTURES: linux/arm64
needs: [build_fips_arm_proxy]
# 'if' condition causes this job to run even if some of the dependent jobs
# have been skipped, e.g. `build_fips_proxy`.
# see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-not-requiring-dependent-jobs-to-be-successful
if: "contains(github.event.ref, 'multiarch')"
steps:
- name: checkout
uses: actions/checkout@v2
- name: Get Registry
id: get_registry
run: |
[[ ${HUB} == *.* ]] && REGISTRY=$(echo ${HUB} | cut -d/ -f1)
echo REGISTRY=${REGISTRY}
echo REGISTRY=${REGISTRY} >> $GITHUB_ENV
- name: docker-login-non-docker
uses: docker/login-action@v1
if: ${{ env.REGISTRY != null }}
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.TEST_HUB_USER }}
password: ${{ secrets.TEST_HUB_PASS }}
- name: docker-login-docker
uses: docker/login-action@v1
if: ${{ env.REGISTRY == null }}
with:
username: ${{ secrets.TEST_HUB_USER }}
password: ${{ secrets.TEST_HUB_PASS }}
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/}
shell: bash
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- name: build and push images
run: bash ./tetrateci/create_istio_release.sh
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
TEST: "true"
# if the tag contains fips we are doing a fips build
BUILD: ${{ contains(github.event.ref, 'fips') && 'fips' }}
REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
create-test-images-amd64:
name: create-test-images-amd64
#runs-on: ['self-hosted','Linux','x64','m5']
runs-on: ['self-hosted','Linux','x64','c5.4xlarge']
needs: [build_fips_proxy]
# 'if' condition causes this job to run even if some of the dependent jobs
# have been skipped, e.g. `build_fips_proxy`.
# see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-not-requiring-dependent-jobs-to-be-successful
if: ${{ !cancelled() && !failure() }}
steps:
- name: checkout
uses: actions/checkout@v2
- name: Get Registry
id: get_registry
run: |
[[ ${HUB} == *.* ]] && REGISTRY=$(echo ${HUB} | cut -d/ -f1)
echo REGISTRY=${REGISTRY}
echo REGISTRY=${REGISTRY} >> $GITHUB_ENV
- name: docker-login-non-docker
uses: docker/login-action@v1
if: ${{ env.REGISTRY != null }}
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.TEST_HUB_USER }}
password: ${{ secrets.TEST_HUB_PASS }}
- name: docker-login-docker
uses: docker/login-action@v1
if: ${{ env.REGISTRY == null }}
with:
username: ${{ secrets.TEST_HUB_USER }}
password: ${{ secrets.TEST_HUB_PASS }}
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/}
shell: bash
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- name: build and push images
run: bash ./tetrateci/create_istio_release.sh
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
TEST: "true"
# if the tag contains fips we are doing a fips build
BUILD: ${{ contains(github.event.ref, 'fips') && 'fips' }}
REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
create-multiarch-images:
name: create-multiarch-images
runs-on: ubuntu-latest
needs: [create-test-images-amd64, create-test-images-arm64]
# 'if' condition causes this job to run even if some of the dependent jobs
# have been skipped, e.g. `build_fips_proxy`.
# see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-not-requiring-dependent-jobs-to-be-successful
if: "contains(github.event.ref, 'multiarch')"
steps:
- name: checkout
uses: actions/checkout@v2
- name: Get Registry
id: get_registry
run: |
[[ ${HUB} == *.* ]] && REGISTRY=$(echo ${HUB} | cut -d/ -f1)
echo REGISTRY=${REGISTRY}
echo REGISTRY=${REGISTRY} >> $GITHUB_ENV
- name: docker-login-non-docker
uses: docker/login-action@v1
if: ${{ env.REGISTRY != null }}
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.TEST_HUB_USER }}
password: ${{ secrets.TEST_HUB_PASS }}
- name: docker-login-docker
uses: docker/login-action@v1
if: ${{ env.REGISTRY == null }}
with:
username: ${{ secrets.TEST_HUB_USER }}
password: ${{ secrets.TEST_HUB_PASS }}
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/}
shell: bash
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- name: build and push images
run: bash ./tetrateci/create_multiarch_images.sh
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
TEST: "true"
# if the tag contains fips we are doing a fips build
BUILD: ${{ contains(github.event.ref, 'fips') && 'fips' }}
REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
eks-e2e-arm64-test:
name: eks-e2e-arm64-test
runs-on: ubuntu-latest
needs: [create-multiarch-images]
# 'if' condition causes this job to run even if some of the dependent jobs
# have been skipped, e.g. `build_fips_proxy`.
# see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-not-requiring-dependent-jobs-to-be-successful
# if: false
if: ${{ !cancelled() && !failure() }}
strategy:
fail-fast: false
matrix:
version: ["1.25", "1.26", "1.24"] # available versions according to https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html
steps:
- name: checkout
uses: actions/checkout@v2
- name: aws-config
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/}
shell: bash
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-
- name: eks-cluster-create
run: bash ./tetrateci/create_eks_cluster.sh
env:
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
TEST_ARCH: arm64
- name: integration-tests
run: bash ./tetrateci/test_${ISTIO_MINOR_VER}_arm.sh
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
CLUSTER: eks-arm64
K8S_VERSION: ${{ matrix.version }}
- name: eks-cluster-delete
if: always()
run: bash ./tetrateci/cleanup_eks_cluster.sh
env:
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
TEST_ARCH: arm64
eks-e2e-test:
name: eks-e2e-test
runs-on: ubuntu-latest
needs: [create-multiarch-images]
# 'if' condition causes this job to run even if some of the dependent jobs
# have been skipped, e.g. `build_fips_proxy`.
# see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-not-requiring-dependent-jobs-to-be-successful
if: ${{ !cancelled() && !failure() }}
strategy:
fail-fast: false
matrix:
version: ["1.26", "1.25", "1.24"] # available versions according to https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html
steps:
- name: checkout
uses: actions/checkout@v2
- name: aws-config
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/}
shell: bash
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-
- name: eks-cluster-create
run: bash ./tetrateci/create_eks_cluster.sh
env:
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
- name: integration-tests
run: bash ./tetrateci/test_${ISTIO_MINOR_VER}.sh
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
CLUSTER: eks
K8S_VERSION: ${{ matrix.version }}
- name: eks-cluster-delete
if: always()
run: bash ./tetrateci/cleanup_eks_cluster.sh
env:
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
gke-e2e-test:
name: gke-e2e-test
runs-on: ubuntu-latest
needs: [create-multiarch-images]
# 'if' condition causes this job to run even if some of the dependent jobs
# have been skipped, e.g. `build_fips_proxy`.
# see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-not-requiring-dependent-jobs-to-be-successful
if: ${{ !cancelled() && !failure() }}
strategy:
fail-fast: false
# available versions according to https://cloud.google.com/kubernetes-engine/versioning
matrix:
include:
- version: "1.24"
channel: "rapid"
- version: "1.25"
channel: "regular"
steps:
- name: checkout
uses: actions/checkout@v2
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v0
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/}
shell: bash
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-
- name: gke-cluster-create
run: bash ./tetrateci/create_gke_cluster.sh
env:
K8S_VERSION: ${{ matrix.version }}
CHAN: ${{ matrix.channel }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
- name: integration-tests
run: bash ./tetrateci/test_${ISTIO_MINOR_VER}.sh
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
CLUSTER: gke
K8S_VERSION: ${{ matrix.version }}
- name: gke-cluster-delete
if: always()
run: bash ./tetrateci/cleanup_gke_cluster.sh
env:
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
aks-e2e-test:
## TODO: temporarily disabling it till credentials are set
if: false
name: aks-e2e-test
runs-on: ubuntu-latest
needs: [create-multiarch-images]
strategy:
fail-fast: false
matrix:
version: [1.20, 1.19, 1.18, 1.17]
steps:
- name: checkout
uses: actions/checkout@v2
- name: Set up Cloud SDK
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/}
shell: bash
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-
- name: aks-cluster-create
run: bash ./tetrateci/create_aks_cluster.sh
env:
RESOURCE: ${{ secrets.AZURE_RESOURCE }}
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
- name: integration-tests
run: bash ./tetrateci/test_${ISTIO_MINOR_VER}.sh
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
CLUSTER: aks
K8S_VERSION: ${{ matrix.version }}
- name: aks-cluster-delete
if: always()
run: bash ./tetrateci/cleanup_aks_cluster.sh
env:
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
RESOURCE: ${{ secrets.AZURE_RESOURCE }}
eksd-e2e-test:
name: eksd-e2e-test
runs-on: ubuntu-latest
needs: [create-multiarch-images, eks-e2e-test]
strategy:
fail-fast: false
matrix:
version: ["1.19", "1.18"]
steps:
- name: checkout
uses: actions/checkout@v2
- name: aws-config
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/}
shell: bash
- name: Get minor version
id: get_minor_ver
run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+')
shell: bash
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
- uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}-go-
- name: eksd-cluster-create
run: bash ./tetrateci/create_eksd_cluster.sh
env:
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
S3_BUCKET: ${{ secrets.S3_BUCKET }}
AWS_REGION: ${{ secrets.AWS_REGION }}
- name: integration-tests
run: bash ./tetrateci/test_${ISTIO_MINOR_VER}.sh
env:
TAG: ${{ steps.get_tag.outputs.TAG }}
CLUSTER: eks # patches for eks and eksd should be same
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
- name: eksd-cluster-delete
if: always()
run: bash ./tetrateci/cleanup_eksd_cluster.sh
env:
K8S_VERSION: ${{ matrix.version }}
ISTIO_MINOR_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }}
S3_BUCKET: ${{ secrets.S3_BUCKET }}
AWS_REGION: ${{ secrets.AWS_REGION }}
create-new-tag:
name: create-new-tag
runs-on: ubuntu-latest
# since aks tests are disabled
# needs: [eks-e2e-test, gke-e2e-test, aks-e2e-test]
needs: [eks-e2e-arm64-test, eksd-e2e-test, gke-e2e-test]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Get the tag
id: get_tag
run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/}
shell: bash
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.get_tag.outputs.TAG }}
release_name: Tetrate Istio
draft: false
prerelease: false