Update .dmtlint.yaml #583
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# THIS FILE IS GENERATED, PLEASE DO NOT EDIT. | |
# | |
# Copyright 2022 Flant JSC | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License.# on every push to dev branches | |
name: Build and test for dev branches | |
on: | |
pull_request_target: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
env: | |
# <template: werf_envs> | |
WERF_CHANNEL: "ea" | |
WERF_ENV: "FE" | |
TEST_TIMEOUT: "15m" | |
# Use fixed string 'sys/deckhouse-oss' for repo name. ${CI_PROJECT_PATH} is not available here in GitHub. | |
DEV_REGISTRY_PATH: "${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/sys/deckhouse-oss" | |
# Registry for additional repositories used for testing Github Actions workflows. | |
GHA_TEST_REGISTRY_PATH: "ghcr.io/${{ github.repository }}" | |
# Need for ssh: default. | |
DOCKER_BUILDKIT: "1" | |
WERF_LOG_TERMINAL_WIDTH: "200" | |
# </template: werf_envs> | |
# <template: git_source_envs> | |
# source repo [email protected]:group | |
SOURCE_REPO: "${{secrets.SOURCE_REPO_GIT}}" | |
# cloud providers source repo should contain creds for repo for ex https://user:[email protected]/group | |
CLOUD_PROVIDERS_SOURCE_REPO: "${{secrets.CLOUD_PROVIDERS_SOURCE_REPO}}" | |
GOPROXY: "${{secrets.GOPROXY}}" | |
# observability source repo should contain creds for repo for ex https://user:[email protected]/group | |
OBSERVABILITY_SOURCE_REPO: "${{secrets.OBSERVABILITY_SOURCE_REPO}}" | |
# Next two are required for accessing the stronghold repo during d8 cli builds. | |
# Stronghold pull token should contain CI token with read access to stronghold repos. | |
STRONGHOLD_PULL_TOKEN: "${{secrets.STRONGHOLD_PULL_TOKEN}}" | |
# deckhouse private repo should contain the host address of proprietary parts of deckhouse ecosystem. Ex repo.my-repo.com | |
DECKHOUSE_PRIVATE_REPO: "${{secrets.DECKHOUSE_PRIVATE_REPO}}" | |
# </template: git_source_envs> | |
# Cancel in-progress jobs for the same PR (pull_request_target event) or for the same branch (push event). | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
# <template: pull_request_info> | |
pull_request_info: | |
name: Get pull request reference | |
runs-on: ubuntu-latest | |
outputs: | |
ref: ${{ steps.pr_props.outputs.ref }} | |
ref_slug: ${{ steps.pr_props.outputs.ref_slug }} | |
edition: ${{ steps.pr_props.outputs.edition }} | |
pr_title: ${{ steps.pr_props.outputs.pr_title }} | |
pr_description: ${{ steps.pr_props.outputs.pr_description }} | |
diff_url: ${{ steps.pr_props.outputs.diff_url }} | |
labels: ${{ steps.pr_props.outputs.labels }} | |
changes_docs: ${{ steps.changes.outputs.docs }} | |
changes_not_markdown: ${{ steps.changes.outputs.not_markdown }} | |
# Skip pull_request and pull_request_target triggers for PRs authored by deckhouse-BOaTswain, e.g. changelog PRs. | |
if: ${{ ! (startsWith(github.event_name, 'pull_request') && github.event.pull_request.user.login == 'deckhouse-BOaTswain') }} | |
steps: | |
- name: Get PR info for push trigger | |
id: push_info | |
if: ${{ github.event_name == 'push' }} | |
uses: actions/[email protected] | |
with: | |
script: | | |
// Support for 'push' trigger: find PR by commit SHA and pass response to pr_props step. | |
const { GITHUB_REF_NAME } = process.env | |
core.startGroup(`Fetching PR info for commit ${context.sha} in ${context.repo.name}:${GITHUB_REF_NAME} ...`) | |
try { | |
const response = await github.rest.repos.listPullRequestsAssociatedWithCommit({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
commit_sha: context.sha | |
}); | |
if (response.status !== 200 || !response.data || response.data.length === 0) { | |
return core.setFailed(`Bad response on listing PRs for commit ${context.sha}: ${JSON.stringify(response)}`); | |
} | |
// Get first associated pr. | |
let pr = response.data[0]; | |
core.info(`Current labels: ${JSON.stringify(pr.labels)}`); | |
// Reduce size to fit output limits. | |
pr = { | |
url: pr.url, | |
diff_url: pr.diff_url, | |
number: pr.number, | |
labels: pr.labels, | |
head: pr.head, | |
title: pr.title, | |
body: pr.body, | |
} | |
core.notice(`Found PR#{pr.number} for commit ${context.sha}`); | |
core.setOutput('pr_info', JSON.stringify(pr)); | |
} catch (error) { | |
return core.setFailed(`Error listing pull requests for commit ${context.sha}: ${error}`) | |
} finally { | |
core.endGroup() | |
} | |
- name: Get PR info for pull_request trigger | |
id: pr_info | |
if: ${{ startsWith(github.event_name, 'pull_request') }} | |
uses: actions/[email protected] | |
with: | |
script: | | |
// Support for 'pull_request' and 'pull_request_target' triggers: | |
// find PR by its number to get current labels. | |
// Why? Workflow rerun of 'opened' pull request contains outdated labels. | |
const prNumber = context.payload.pull_request.number; | |
const owner = context.repo.owner; | |
const repo = context.repo.repo; | |
core.startGroup(`Fetching info for PR#${prNumber} ...`); | |
try { | |
const response = await github.rest.pulls.get({owner, repo, pull_number: prNumber}) | |
if (response.status != 200 || !response.data) { | |
return core.setFailed(`Bad response on getting PR#${prNumber} : ${JSON.stringify(response)}`); | |
} | |
// Only labels are needed. | |
let pr = response.data; | |
core.info(`Labels from context: ${JSON.stringify(context.payload.pull_request.labels)}`); | |
core.info(`Current labels: ${JSON.stringify(pr.labels)}`); | |
// Reduce size to fit output limits. | |
pr = { | |
url: pr.url, | |
diff_url: pr.diff_url, | |
number: pr.number, | |
labels: pr.labels, | |
head: pr.head, | |
title: pr.title, | |
body: pr.body, | |
} | |
core.setOutput('pr_info', JSON.stringify(pr)); | |
} catch (error) { | |
return core.setFailed(`Fetch PR#${prNumber} error: ${error}`) | |
} finally { | |
core.endGroup() | |
} | |
- name: Check PR properties | |
id: pr_props | |
uses: actions/[email protected] | |
env: | |
PR_INFO: ${{ steps.push_info.outputs.pr_info || steps.pr_info.outputs.pr_info }} | |
with: | |
script: | | |
if (process.env.PR_INFO == '') { | |
return core.setFailed(`No pull request info: event_name=${context.eventName} action=${context.action} ref=${context.ref}`); | |
} | |
// Parse Pr info from environment variable. | |
const pr = JSON.parse(process.env.PR_INFO); | |
core.startGroup(`Detect PR properties`) | |
const pr_repo = pr.head.repo.full_name; | |
const target_repo = context.payload.repository.full_name; | |
const isInternal = pr_repo === target_repo; | |
const isDependabot = (context.actor === 'dependabot[bot]'); | |
const isChangelog = pr.head.ref.startsWith('changelog/v'); | |
const okToTest = pr.labels.some((l) => l.name === 'status/ok-to-test'); | |
core.info(`PR head repo ${pr_repo}`) | |
core.info(`PR commit SHA ${pr.head.sha}`) | |
core.info(`PR head label ${pr.head.label}`) | |
core.info(`Target repo ${target_repo}`) | |
core.info(`PR internal? ${isInternal}`) | |
core.info(`PR from dependabot? ${isDependabot}`) | |
core.info(`PR changelog? ${isChangelog}`) | |
core.info(`PR has 'ok-to-test'? ${okToTest}`) | |
core.endGroup() | |
// Detect if PR can be ignored or should be checked for dangerous changes. | |
let shouldCheckFiles = false; | |
if (isInternal && !isDependabot) { | |
// Ignore changelog pull requests. | |
if (isChangelog) { | |
return core.setFailed(`PR#${pr.number} for changelog is ignored.`); | |
} | |
} else { | |
// External and dependabot pull requests should be labeled with 'status/ok-to-test'. | |
if (!okToTest) { | |
core.notice(`PR#${pr.number} requires label 'status/ok-to-test' to run tests and validations`) | |
return core.setFailed(`PR#${pr.number} without label 'status/ok-to-test' is ignored.`); | |
} | |
shouldCheckFiles = true; | |
} | |
if (shouldCheckFiles) { | |
core.notice(`PR#{pr.number} may be dangerous, will check file changes.`) | |
} | |
// Set edition from current labels. | |
const defaultEdition = process.env.WERF_ENV ? process.env.WERF_ENV : 'FE'; | |
const hasEE = pr.labels.some((l) => l.name === 'edition/ee'); | |
const hasCE = pr.labels.some((l) => l.name === 'edition/ce'); | |
const hasBE = pr.labels.some((l) => l.name === 'edition/be'); | |
const hasSE = pr.labels.some((l) => l.name === 'edition/se'); | |
const hasSE_plus = pr.labels.some((l) => l.name === 'edition/se+'); | |
let edition = defaultEdition; | |
if (hasCE) { | |
edition = 'CE'; | |
} else if (hasEE) { | |
edition = 'EE'; | |
} else if (hasBE) { | |
edition = 'BE'; | |
} else if (hasSE) { | |
edition = 'SE'; | |
} else if (hasSE_plus) { | |
edition = 'SE-plus'; | |
} | |
core.info(`Edition labels: 'edition/ce':${hasCE}, 'edition/ee':${hasEE}, 'edition/be':${hasBE}, 'edition/se':${hasSE}, 'edition/se+':${hasSE_plus}`); | |
core.notice(`Enable '${edition}' edition for '${context.eventName}' trigger.`); | |
// Construct head commit ref using pr number. | |
const ref = `refs/pull/${ pr.number }/head`; | |
core.notice(`Use ref: '${ref}'`) | |
// Pass pr.diff_url to download diff via regular request. | |
// Pass pr.url to get diff via API request. | |
let diff_url = pr.diff_url; | |
if (!!context.payload.repository.private) { | |
core.notice(`Detect private repo. Pass PR url to download diff via Github API.`); | |
diff_url = pr.url; | |
} | |
// Set outputs. | |
core.setCommandEcho(true) | |
core.setOutput('should_check', shouldCheckFiles.toString()); | |
core.setOutput('ref', ref); | |
core.setOutput('ref_slug', `pr${pr.number}`); | |
core.setOutput('edition', edition); | |
core.setOutput('pr_title', pr.title); | |
core.setOutput('pr_description', pr.body); | |
core.setOutput('diff_url', diff_url); | |
core.setOutput('labels', JSON.stringify(pr.labels)); | |
core.setCommandEcho(false); | |
# Checkhout the head commit of the PR branch. | |
- name: Checkout PR head commit | |
if: steps.pr_props.outputs.should_check == 'true' | |
uses: actions/[email protected] | |
with: | |
ref: ${{ steps.pr_props.outputs.ref }} | |
# Get info about other changes. | |
- name: Get info about PR changes | |
uses: dorny/paths-filter@v2 | |
id: changes | |
with: | |
token: ${{ secrets.BOATSWAIN_GITHUB_TOKEN }} | |
# dangerous - detect if changes not allowed to test for external PRs | |
# docs - detect changes in files that belong to the documentation scope | |
# not_markdown - detect changes not in markdown files | |
filters: | | |
dangerous: | |
- './.github/**' | |
- './tools/**' | |
- './testing/**' | |
- './docs/**/js/**' | |
- './docs/**/css/**' | |
- './docs/**/images/**' | |
- './docs/**/assets/**' | |
docs: | |
- './**/*.md' | |
- './docs/**' | |
- './**/crds/*' | |
- './**/openapi/*config-values.yaml' | |
- './candi/**/openapi/*' | |
- './ee/candi/**/openapi/*' | |
not_markdown: | |
- '!./**/*.md' | |
# Stop workflow if external PR contains dangerous changes. | |
- name: Fail workflow on dangerous changes | |
if: ${{ steps.pr_props.outputs.should_check == 'true' && steps.changes.outputs.dangerous == 'true' }} | |
uses: actions/[email protected] | |
with: | |
script: | | |
core.setFailed('External PR contains dangerous changes.') | |
# </template: pull_request_info> | |
# <template: git_info_job> | |
git_info: | |
name: Get git info | |
runs-on: ubuntu-latest | |
outputs: | |
ci_commit_tag: ${{ steps.git_info.outputs.ci_commit_tag }} | |
ci_commit_branch: ${{ steps.git_info.outputs.ci_commit_branch }} | |
ci_commit_ref_name: ${{ steps.git_info.outputs.ci_commit_ref_name }} | |
ci_commit_ref_slug: ${{ steps.git_info.outputs.ci_commit_ref_slug }} | |
ref_full: ${{ steps.git_info.outputs.ref_full }} | |
github_sha: ${{ steps.git_info.outputs.github_sha }} | |
pr_number: ${{ steps.git_info.outputs.pr_number }} | |
# Skip the CI for automation PRs, e.g. changelog | |
if: ${{ github.event.pull_request.user.login != 'deckhouse-BOaTswain' }} | |
steps: | |
- id: git_info | |
name: Get tag name and SHA | |
uses: actions/[email protected] | |
with: | |
script: | | |
const { GITHUB_REF_TYPE, GITHUB_REF_NAME, GITHUB_REF } = process.env | |
let refSlug = '' | |
let refName = '' | |
let refFull = '' | |
let githubBranch = '' | |
let githubTag = '' | |
let githubSHA = '' | |
let prNumber = '' | |
if (context.eventName === "workflow_dispatch" && context.payload.inputs && context.payload.inputs.pull_request_ref) { | |
// Trigger: workflow_dispatch with pull_request_ref. | |
// Extract pull request number from 'refs/pull/<NUM>/merge' | |
prNumber = context.payload.inputs.pull_request_ref.replace('refs/pull/', '').replace('/merge', '').replace('/head', '') | |
refSlug = `pr${prNumber}` | |
refName = context.payload.inputs.ci_commit_ref_name | |
refFull = context.payload.inputs.pull_request_ref | |
githubBranch = refName | |
githubSHA = context.payload.inputs.pull_request_sha | |
core.info(`workflow_dispatch event: set git info from inputs. inputs: ${JSON.stringify(context.payload.inputs)}`) | |
} else if (context.eventName === "pull_request" || context.eventName === "pull_request_target" ) { | |
// For PRs from forks, tag images with `prXXX` to avoid clashes between branches. | |
const targetRepo = context.payload.repository.full_name; | |
const prRepo = context.payload.pull_request.head.repo.full_name | |
const prRef = context.payload.pull_request.head.ref | |
refSlug = `pr${context.issue.number}`; | |
refName = (prRepo === targetRepo) ? prRef : refSlug; | |
refFull = `refs/pull/${context.issue.number}/head` | |
githubBranch = refName | |
githubSHA = context.payload.pull_request.head.sha | |
core.info(`pull request event: set git info from pull_request.head. pr:${prRepo}:${prRef} target:${targetRepo}:${context.ref}`) | |
prNumber = context.issue.number | |
} else { | |
// Other triggers: workflow_dispatch without pull_request_ref, schedule, push... | |
// refName is 'main' or tag name, so slugification is not necessary. | |
refSlug = GITHUB_REF_NAME | |
refName = GITHUB_REF_NAME | |
refFull = GITHUB_REF | |
githubTag = GITHUB_REF_TYPE == "tag" ? refName : "" | |
githubBranch = GITHUB_REF_TYPE == "branch" ? refName : "" | |
githubSHA = context.sha | |
core.info(`${context.eventName} event: set git info from context: ${JSON.stringify({GITHUB_REF_NAME, GITHUB_REF_TYPE, sha: context.sha })}`) | |
} | |
core.setCommandEcho(true) | |
core.setOutput('ci_commit_ref_slug', refSlug) | |
core.setOutput('ci_commit_ref_name', refName) | |
core.setOutput(`ci_commit_tag`, githubTag) | |
core.setOutput(`ci_commit_branch`, githubBranch) | |
core.setOutput(`ref_full`, refFull) | |
core.setOutput('github_sha', githubSHA) | |
core.setOutput('pr_number', prNumber) | |
core.setCommandEcho(false) | |
# </template: git_info_job> | |
enable_fe: | |
if: ${{ needs.pull_request_info.outputs.edition == 'FE' }} | |
name: Enable FE | |
needs: | |
- pull_request_info | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
echo Enable ${{ needs.pull_request_info.outputs.edition }} | |
enable_ee: | |
if: ${{ needs.pull_request_info.outputs.edition == 'EE' }} | |
name: Enable EE | |
needs: | |
- pull_request_info | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
echo Enable ${{ needs.pull_request_info.outputs.edition }} | |
enable_ce: | |
if: ${{ needs.pull_request_info.outputs.edition == 'CE' }} | |
name: Enable CE | |
needs: | |
- pull_request_info | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
echo Enable ${{ needs.pull_request_info.outputs.edition }} | |
enable_be: | |
if: ${{ needs.pull_request_info.outputs.edition == 'BE' }} | |
name: Enable BE | |
needs: | |
- pull_request_info | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
echo Enable ${{ needs.pull_request_info.outputs.edition }} | |
enable_se: | |
if: ${{ needs.pull_request_info.outputs.edition == 'SE' }} | |
name: Enable SE | |
needs: | |
- pull_request_info | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
echo Enable ${{ needs.pull_request_info.outputs.edition }} | |
enable_se_plus: | |
if: ${{ needs.pull_request_info.outputs.edition == 'SE-plus' }} | |
name: Enable SE-plus | |
needs: | |
- pull_request_info | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
echo Enable ${{ needs.pull_request_info.outputs.edition }} | |
go_generate: | |
name: Go Generate | |
needs: | |
- git_info | |
- pull_request_info | |
# <template: go_generate_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_step> | |
# <template: login_readonly_registry_step> | |
- name: Check readonly registry credentials | |
id: check_readonly_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to readonly registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }} | |
logout: false | |
# </template: login_readonly_registry_step> | |
# <template: werf_install_step> | |
- name: Install werf CLI | |
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
# </template: werf_install_step> | |
- name: Set up Go 1.23 | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.23' | |
- name: Run go generate | |
run: | | |
(cd tools && go generate) | |
(cd modules/500-upmeter/hooks/smokemini/internal/snapshot && go generate) | |
- name: Check generated code | |
run: | | |
git diff --exit-code | |
# </template: go_generate_template> | |
workflow_render: | |
name: Render workflow | |
needs: | |
- git_info | |
- pull_request_info | |
# <template: workflow_render_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_step> | |
# <template: login_readonly_registry_step> | |
- name: Check readonly registry credentials | |
id: check_readonly_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to readonly registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }} | |
logout: false | |
# </template: login_readonly_registry_step> | |
- name: Render GitHub workflow | |
run: | | |
cd .github | |
./render-workflows.sh | |
- name: Check rendered files | |
run: | | |
git diff --exit-code | |
# </template: workflow_render_template> | |
build_deckhouse: | |
name: Build Deckhouse | |
needs: | |
- git_info | |
- pull_request_info | |
- go_generate | |
- workflow_render | |
env: | |
WERF_ENV: ${{ needs.pull_request_info.outputs.edition }} | |
# <template: build_template> | |
runs-on: [self-hosted, regular, selectel] | |
outputs: | |
tests_image_name: ${{ steps.build.outputs.tests_image_name }} | |
steps: | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_readonly_registry_step> | |
- name: Check readonly registry credentials | |
id: check_readonly_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_READ_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_READ_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to readonly registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_readonly_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_READ_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_READ_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_READ_PASSWORD }} | |
logout: false | |
# </template: login_readonly_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
# <template: werf_install_step> | |
- name: Install werf CLI | |
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
# </template: werf_install_step> | |
# <template: login_git_step> | |
- name: Start ssh-agent | |
uses: webfactory/[email protected] | |
with: | |
ssh-private-key: | | |
${{secrets.SOURCE_REPO_SSH_KEY}} | |
- name: Add ssh_known_hosts | |
run: | | |
HOST=$(grep -oP '(?<=@)[^/:]+' <<< ${{secrets.SOURCE_REPO_GIT}}) | |
echo "::add-mask::$HOST" | |
IPS=$(nslookup "$HOST" | awk '/^Address: / { print $2 }') | |
for IP in $IPS; do | |
echo "::add-mask::$IP" | |
done | |
mkdir -p ~/.ssh | |
touch ~/.ssh/known_hosts | |
HOST_KEYS=$(ssh-keyscan -H "$HOST" 2>/dev/null) | |
while IFS= read -r KEY_LINE; do | |
CONSTANT_PART=$(awk '{print $2, $3}' <<< "$KEY_LINE") | |
if ! grep -q "$CONSTANT_PART" ~/.ssh/known_hosts; then | |
echo "$KEY_LINE" >> ~/.ssh/known_hosts | |
fi | |
done <<< "$HOST_KEYS" | |
# </template: login_git_step> | |
- name: Build and push deckhouse images | |
id: build | |
env: | |
DECKHOUSE_REGISTRY_HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
CI_COMMIT_TAG: ${{needs.git_info.outputs.ci_commit_tag}} | |
CI_COMMIT_BRANCH: ${{needs.git_info.outputs.ci_commit_branch}} | |
CI_COMMIT_REF_NAME: ${{needs.git_info.outputs.ci_commit_ref_name}} | |
CI_COMMIT_REF_SLUG: ${{needs.pull_request_info.outputs.ref_slug}} | |
run: | | |
# Extract REPO_SUFFIX from repository name: trim prefix 'deckhouse/deckhouse-'. | |
REPO_SUFFIX=${GITHUB_REPOSITORY#deckhouse/deckhouse-} | |
if [[ $REPO_SUFFIX == $GITHUB_REPOSITORY ]] ; then | |
# REPO_SUFFIX should be empty for main repo 'deckhouse/deckhouse'. | |
REPO_SUFFIX= | |
fi | |
# Put tags on produced images and push to dev and release repositories. | |
# | |
# There are 2 modes: "dev" and "release". | |
# The "dev" mode builds branches only: | |
# - Build using dev-registry as primary and deckhouse registry as secondary. | |
# - Push dev and dev/install images with prNUM tags and push to dev-registry. | |
# The "release" mode builds branches and tags: | |
# - Build using dev-registry as primary and deckhouse registry as secondary. | |
# - Push dev and dev/install images to dev-registry with tag equal to a branch name (main or release-X.Y). | |
# - Build using deckhouse registry as primary and dev-registry as secondary. | |
# - Push dev, dev/install and release-channel-version images to deckhouse registry with tag equels to a Git tag. | |
# SRC_NAME is a name of image from werf.yaml. | |
# SRC is a source image name (stage name from werf build report). | |
# DST is an image name for docker push. | |
function pull_push_rmi() { | |
SRC_NAME=$1 | |
SRC=$2 | |
DST=$3 | |
echo "⚓️ 📥 [$(date -u)] Pull '${SRC_NAME}' image as ${SRC}." | |
docker pull ${SRC} | |
echo "⚓️ 🏷 [$(date -u)] Tag '${SRC_NAME}' image as ${DST}." | |
docker image tag ${SRC} ${DST} | |
echo "⚓️ 📤 [$(date -u)] Push '${SRC_NAME}' image as ${DST}." | |
docker image push ${DST} | |
echo "⚓️ 🧹 [$(date -u)] Remove local tag for '${SRC_NAME}'." | |
docker image rmi ${DST} || true; | |
} | |
if [[ -n "${DEV_REGISTRY_PATH}" ]]; then export WERF_REPO="${DEV_REGISTRY_PATH}"; fi | |
type werf && source $(werf ci-env github --verbose --as-file) | |
# CE/EE/FE -> ce/ee/fe | |
REGISTRY_SUFFIX=$(echo ${WERF_ENV} | tr '[:upper:]' '[:lower:]') | |
#temporary: move temp dir | |
TEMP_WORKDIR="$(dirname "${{github.workspace}}")/${{github.run_id}}-$REGISTRY_SUFFIX" | |
mkdir -p "$TEMP_WORKDIR" | |
# Registry path to publish images for Git branches. | |
BRANCH_REGISTRY_PATH= | |
# Registry path to publish images for Git tags. | |
SEMVER_REGISTRY_PATH= | |
if [[ -n ${DECKHOUSE_REGISTRY_HOST:-} ]] ; then | |
# Build using dev-registry as primary repo and prod registry as secondary (ro) repo. | |
# This build will put stages to "dev" registry. If "dev" registry is empty, existing stages are copied from prod registry. | |
SECONDARY_REPO="--cache-repo ${DECKHOUSE_REGISTRY_HOST}/deckhouse/${REGISTRY_SUFFIX}" | |
if [[ -n "${CI_COMMIT_BRANCH}" && ! "${CI_COMMIT_BRANCH}" =~ ^(main|release-.+)$ ]]; then | |
SECONDARY_REPO= | |
fi | |
werf build \ | |
${SECONDARY_REPO} \ | |
--parallel=true --parallel-tasks-limit=5 \ | |
--save-build-report=true \ | |
--tmp-dir="$TEMP_WORKDIR" \ | |
--build-report-path images_tags_werf.json | |
BRANCH_REGISTRY_PATH="${DEV_REGISTRY_PATH}" | |
SEMVER_REGISTRY_PATH="${DECKHOUSE_REGISTRY_HOST}/deckhouse" | |
else | |
# DECKHOUSE_REGISTRY_HOST is empty, so this repo is not the main repo. | |
# Build using dev-registry as a single primary repo and push: | |
# - branches to Dev registry to run e2e tests. | |
# - semver tags to Github Container Registry for testing release process. | |
werf build \ | |
--parallel=true --parallel-tasks-limit=5 \ | |
--save-build-report=true \ | |
--tmp-dir="$TEMP_WORKDIR" \ | |
--build-report-path images_tags_werf.json | |
BRANCH_REGISTRY_PATH="${DEV_REGISTRY_PATH}" | |
SEMVER_REGISTRY_PATH="${GHA_TEST_REGISTRY_PATH}" | |
echo "⚓️ 🧪 [$(date -u)] DECKHOUSE_REGISTRY_HOST is empty. Publish to Github Container Registry '${PROD_REGISTRY_PATH}'" | |
fi | |
cp images_tags_werf.json "$TEMP_WORKDIR" | |
# Publish images for Git branch. | |
if [[ -n "${CI_COMMIT_BRANCH}" ]]; then | |
# Add edition name for non-FE builds | |
if [[ -n ${WERF_ENV} && ${WERF_ENV,,} != "fe" ]]; then | |
IMAGE_EDITION=${WERF_ENV,,} | |
fi | |
# CI_COMMIT_REF_SLUG is a 'prNUM' for dev branches or 'main' for default branch. | |
# Use it as image tag. Add suffix to not overlap with PRs in main repo. | |
IMAGE_TAG=${CI_COMMIT_REF_SLUG}${IMAGE_EDITION:+-${IMAGE_EDITION}}${REPO_SUFFIX:+-${REPO_SUFFIX}} | |
echo "⚓️ 💫 [$(date -u)] Publish images to dev-registry for branch '${CI_COMMIT_BRANCH}' and edition '${WERF_ENV}' using tag '${IMAGE_TAG}' ..." | |
echo "⚓️ 💫 [$(date -u)] Publish 'dev' image to dev-registry using tag ${IMAGE_TAG}". | |
DECKHOUSE_IMAGE_SRC="$(jq -r '.Images."dev".DockerImageName' images_tags_werf.json)" | |
DECKHOUSE_IMAGE=${BRANCH_REGISTRY_PATH}:${IMAGE_TAG} | |
pull_push_rmi 'dev' ${DECKHOUSE_IMAGE_SRC} ${DECKHOUSE_IMAGE} | |
echo "⚓️ 💫 [$(date -u)] Publish 'dev/install' image to dev-registry using tag ${IMAGE_TAG}". | |
INSTALL_IMAGE_SRC="$(jq -r '.Images."dev/install".DockerImageName' images_tags_werf.json)" | |
INSTALL_IMAGE=${BRANCH_REGISTRY_PATH}/install:${IMAGE_TAG} | |
pull_push_rmi 'dev/install' ${INSTALL_IMAGE_SRC} ${INSTALL_IMAGE} | |
echo "⚓️ 💫 [$(date -u)] Publish 'dev/install-standalone' image to dev-registry using tag ${IMAGE_TAG}". | |
INSTALL_IMAGE_SRC="$(jq -r '.Images."dev/install-standalone".DockerImageName' images_tags_werf.json)" | |
INSTALL_IMAGE=${BRANCH_REGISTRY_PATH}/install-standalone:${IMAGE_TAG} | |
pull_push_rmi 'dev/install-standalone' ${INSTALL_IMAGE_SRC} ${INSTALL_IMAGE} | |
echo "⚓️ 💫 [$(date -u)] Publish 'e2e-terraform' image to dev-registry using tag ${IMAGE_TAG}". | |
INSTALL_IMAGE_SRC="$(jq -r '.Images."e2e-terraform".DockerImageName' images_tags_werf.json)" | |
INSTALL_IMAGE=${BRANCH_REGISTRY_PATH}/e2e-terraform:${IMAGE_TAG} | |
pull_push_rmi 'e2e-terraform' ${INSTALL_IMAGE_SRC} ${INSTALL_IMAGE} | |
fi | |
# Save 'tests' image name to pass it as output for 'tests' jobs. | |
TESTS_IMAGE_NAME="$(jq -r '.Images."tests".DockerImageName' images_tags_werf.json)" | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
# Encode as gzip+base64 to evade github's SecretMasker error: "Skip output since it may contain secret". | |
echo "tests_image_name=$(echo ${TESTS_IMAGE_NAME} | gzip | base64 -w0)" >> $GITHUB_OUTPUT | |
- name: Cleanup | |
if: ${{ always() }} | |
run: | | |
rm -f images_tags_werf.json | |
# </template: build_template> | |
doc_web_build: | |
name: Doc web build | |
if: ${{ github.repository == 'deckhouse/deckhouse' }} | |
# Wait for success build of modules. | |
needs: | |
- git_info | |
- pull_request_info | |
# <template: web_build_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
- name: Run doc web build | |
uses: werf/actions/build@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
env: | |
WERF_DIR: "docs/documentation" | |
WERF_LOG_VERBOSE: "on" | |
WERF_ENV: "EE" | |
WERF_REPO: "${{ steps.check_dev_registry.outputs.web_registry_path }}" | |
# </template: web_build_template> | |
main_web_build: | |
name: Main web build | |
if: ${{ github.repository == 'deckhouse/deckhouse' }} | |
# Wait for success build of modules. | |
needs: | |
- git_info | |
- pull_request_info | |
# <template: web_build_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
- name: Run main web build | |
uses: werf/actions/build@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
env: | |
WERF_DIR: "docs/site" | |
WERF_LOG_VERBOSE: "on" | |
WERF_ENV: "EE" | |
DOC_API_KEY: "${{secrets.DOC_API_KEY}}" | |
DOC_API_URL: "${{vars.DOC_API_URL}}" | |
WERF_REPO: "${{ steps.check_dev_registry.outputs.web_registry_path }}" | |
# </template: web_build_template> | |
tests: | |
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }} | |
name: Tests | |
needs: | |
- git_info | |
- pull_request_info | |
# <template: tests_before_build_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: "registry.deckhouse.io/base_images/golang:1.23.1-bullseye@sha256:a24507d1a36fce86431198a979435dadb187e8d0ce0b5c181f46d6788d84a40f" | |
run: | | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make tests-controller tests-modules | |
# </template: tests_before_build_template> | |
tests_python_webhooks: | |
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }} | |
name: Tests python webhooks | |
needs: | |
- git_info | |
- pull_request_info | |
# <template: tests_webhooks_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
- name: Run python webhook tests | |
run: | | |
make tests-webhooks | |
# </template: tests_webhooks_template> | |
matrix_tests: | |
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }} | |
name: Matrix tests | |
needs: | |
- git_info | |
- pull_request_info | |
# <template: tests_before_build_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: "registry.deckhouse.io/base_images/golang:1.23.1-bullseye@sha256:a24507d1a36fce86431198a979435dadb187e8d0ce0b5c181f46d6788d84a40f" | |
run: | | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg -v ~/deckhouse-bin-cache:/deckhouse/bin ${TESTS_IMAGE_NAME} make tests-matrix | |
# </template: tests_before_build_template> | |
dmt_lint: | |
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }} | |
name: DMT Lint | |
needs: | |
- git_info | |
- pull_request_info | |
# <template: tests_before_build_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: "registry.deckhouse.io/base_images/golang:1.23.1-bullseye@sha256:a24507d1a36fce86431198a979435dadb187e8d0ce0b5c181f46d6788d84a40f" | |
run: | | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg --user $(id -u):$(id -g) ${TESTS_IMAGE_NAME} make dmt-lint | |
# </template: tests_before_build_template> | |
dhctl_tests: | |
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }} | |
name: Dhctl Tests | |
needs: | |
- git_info | |
- pull_request_info | |
- build_deckhouse | |
# <template: tests_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}} | |
run: | | |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then | |
echo "TESTS_IMAGE_NAME is empty" | |
exit 1 | |
fi | |
# Decode image name from gzip+base64. | |
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip) | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse/dhctl -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make ci | |
# </template: tests_template> | |
golangci_lint: | |
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }} | |
name: GolangCI Lint | |
needs: | |
- git_info | |
- pull_request_info | |
- build_deckhouse | |
# <template: tests_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}} | |
run: | | |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then | |
echo "TESTS_IMAGE_NAME is empty" | |
exit 1 | |
fi | |
# Decode image name from gzip+base64. | |
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip) | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} sh -c "go generate tools/register.go && GOGC=50 GOFLAGS=\"-buildvcs=false\" golangci-lint run" | |
# </template: tests_template> | |
openapi_test_cases: | |
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }} | |
name: OpenAPI Test Cases | |
needs: | |
- git_info | |
- pull_request_info | |
- build_deckhouse | |
# <template: tests_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}} | |
run: | | |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then | |
echo "TESTS_IMAGE_NAME is empty" | |
exit 1 | |
fi | |
# Decode image name from gzip+base64. | |
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip) | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -v ${{github.workspace}}:/deckhouse -w /deckhouse -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} ginkgo -vet=off ./testing/openapi_cases/ | |
# </template: tests_template> | |
web_links_test: | |
if: ${{ needs.pull_request_info.outputs.changes_docs == 'true' && github.repository == 'deckhouse/deckhouse' }} | |
name: Web links test | |
needs: | |
- git_info | |
- pull_request_info | |
- doc_web_build | |
- main_web_build | |
continue-on-error: true | |
# <template: web_links_test_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: werf_install_step> | |
- name: Install werf CLI | |
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
# </template: werf_install_step> | |
- name: Prepare site structure | |
env: | |
DOC_API_KEY: "${{secrets.DOC_API_KEY}}" | |
DOC_API_URL: "${{vars.DOC_API_URL}}" | |
WERF_ENV: "EE" | |
WEB_REGISTRY_PATH: ${{steps.check_dev_registry.outputs.web_registry_path}} | |
run: | | |
type werf | |
werf version | |
BASEDIR=$(pwd)/docs | |
_TMPDIR=$(mktemp -d -t -p ${BASEDIR}) | |
# Save TMPDIR to clean it later. | |
echo "_TMPDIR=$_TMPDIR" >> ${GITHUB_ENV} | |
echo "_TMPDIR=$_TMPDIR" | |
export WERF_REPO="${WEB_REGISTRY_PATH}" | |
echo -n 'use werf_repo ' | |
echo $WERF_REPO | tr 'a-z' 'A-Z' | |
# Extract site content to the tmp directory. | |
export WERF_DIR=$BASEDIR/site | |
echo "Use werf_dir $WERF_DIR" | |
type werf && source $(werf ci-env github --verbose --as-file) | |
echo "werf stage image web-backend:" | |
werf stage image web-backend | tr 'a-z' 'A-Z' | |
echo "Run 'docker pull' from werf stage image web-backend" | |
docker pull $(werf stage image web-backend) || true | |
echo "werf stage image web-frontend:" | |
werf stage image web-frontend | tr 'a-z' 'A-Z' | |
echo "Run 'docker pull' from werf stage image web-frontend" | |
docker pull $(werf stage image web-frontend) || true | |
echo "Run 'docker cp' from werf stage image web-backend" | |
docker cp $(docker create --rm $(werf stage image web-backend)):/app/root ${_TMPDIR}/backend | |
echo "Run 'docker cp' from werf stage image web-frontend" | |
docker cp $(docker create --rm $(werf stage image web-frontend)):/app ${_TMPDIR}/frontend | |
# Extract documentation content to the tmp directory. | |
export WERF_DIR=$BASEDIR/documentation | |
type werf && source $(werf ci-env github --verbose --as-file) | |
echo "werf stage image docs/web:" | |
werf stage image web | tr 'a-z' 'A-Z' | |
echo "Run 'docker pull' from werf stage image docs/web" | |
docker pull $(werf stage image docs/web) | |
echo "Run 'docker cp' from werf stage image docs/web" | |
docker cp $(docker create --rm $(werf stage image docs/web)):/app ${_TMPDIR}/documentation | |
# Create EN site structure. | |
echo "Create site structure in '${_TMPDIR}/site_en/'" | |
mkdir -p ${_TMPDIR}/site_en/ ${_TMPDIR}/site_ru/ | |
touch ${_TMPDIR}/site_en/index.html ${_TMPDIR}/site_ru/index.html | |
rsync -a --exclude='ru' --exclude='en' --exclude='compare' --exclude='includes/header.html' ${_TMPDIR}/frontend/ ${_TMPDIR}/site_en/ | |
rsync -a --exclude='ru' --exclude='en' --exclude='compare' --exclude='includes/header.html' ${_TMPDIR}/frontend/ ${_TMPDIR}/site_ru/ | |
# | |
rsync -a ${_TMPDIR}/frontend/en/ ${_TMPDIR}/site_en/ | |
rsync -a ${_TMPDIR}/frontend/ru/ ${_TMPDIR}/site_ru/ | |
# | |
rsync -a --exclude='includes/header.html' ${_TMPDIR}/backend/en/ ${_TMPDIR}/site_en/ | |
rsync -a --exclude='includes/header.html' ${_TMPDIR}/backend/ru/ ${_TMPDIR}/site_ru/ | |
# | |
rsync -a --exclude='ru' --exclude='en' --exclude='compare' ${_TMPDIR}/documentation/ ${_TMPDIR}/site_en/documentation/ | |
rsync -a --exclude='ru' --exclude='en' --exclude='compare' ${_TMPDIR}/documentation/ ${_TMPDIR}/site_ru/documentation/ | |
rsync -a ${_TMPDIR}/documentation/en/ ${_TMPDIR}/site_en/documentation/ | |
rsync -a ${_TMPDIR}/documentation/ru/ ${_TMPDIR}/site_ru/documentation/ | |
# | |
rsync -a ${_TMPDIR}/documentation/{assets,css,images,js} ${_TMPDIR}/site_en/documentation | |
rsync -a ${_TMPDIR}/documentation/{assets,css,images,js} ${_TMPDIR}/site_ru/documentation | |
- name: Check links with html-proofer (EN) | |
run: | | |
# Do not exit on html-proofer error. | |
set +e | |
# Checking EN site | |
docker run --rm -v "${_TMPDIR}/site_en:/src:ro" klakegg/html-proofer:3.19.2 \ | |
--allow-hash-href --check-html --empty-alt-ignore \ | |
--url-ignore "/alerts.html/,/^\/(?!(gs\/|documentation\/|guides\/))/,/localhost/,/https\:\/\/t.me/,/docs-prv\.pcisecuritystandards\.org/,/gitlab.com\/profile/,/dash.cloudflare.com\/profile/,/example.com/,/vmware.com/,/.slack.com/,/habr.com/,/flant.ru/,/bcrypt-generator.com/,/candi\/bashible\/bashbooster/,/..\/..\/compare\//,/compare\/ru\//,/compare\/en\//,/\.yml$/,/\.yaml$/,/\.tmpl$/,/\.tpl$/" \ | |
--url-swap "https\:\/\/deckhouse.io\/:/,\/products\/kubernetes-platform\/documentation\/v1\/:/documentation/,\/products\/kubernetes-platform\/documentation\/latest\/:/documentation/,\/documentation\/v1\/:/documentation/" \ | |
--file_ignore "404.html,./documentation/alerts.html" \ | |
--http-status-ignore "0,429" ${1} | |
# Emulate 'allow_failure: true' from Gitlab. Github has only two state: success and failure. | |
exit 0 | |
- name: Check links with html-proofer (RU) | |
run: | | |
# Do not exit on html-proofer error. | |
set +e | |
# Checking RU site | |
docker run --rm -v "${_TMPDIR}/site_ru:/src:ro" klakegg/html-proofer:3.19.2 \ | |
--allow-hash-href --check-html --empty-alt-ignore \ | |
--url-ignore "/alerts.html/,/^\/(?!(gs\/|documentation\/|guides\/))/,/localhost/,/https\:\/\/t.me/,/docs-prv\.pcisecuritystandards\.org/,/gitlab.com\/profile/,/dash.cloudflare.com\/profile/,/example.com/,/vmware.com/,/.slack.com/,/habr.com/,/flant.ru/,/bcrypt-generator.com/,/candi\/bashible\/bashbooster/,/..\/..\/compare\//,/compare\/ru\//,/compare\/en\//,/\.yml$/,/\.yaml$/,/\.tmpl$/,/\.tpl$/" \ | |
--url-swap "https\:\/\/deckhouse.io\/:/,\/products\/kubernetes-platform\/documentation\/v1\/:/documentation/,\/products\/kubernetes-platform\/documentation\/latest\/:/documentation/,\/documentation\/v1\/:/documentation/" \ | |
--file_ignore "404.html,./documentation/alerts.html" \ | |
--http-status-ignore "0,429" ${1} | |
# Emulate 'allow_failure: true' from Gitlab. Github has only two state: success and failure. | |
exit 0 | |
- name: Clean TMPDIR | |
if: always() | |
run: | | |
if [[ -n $_TMPDIR ]] ; then | |
rm -rf $_TMPDIR | |
fi | |
# </template: web_links_test_template> | |
validators: | |
if: ${{ needs.pull_request_info.outputs.changes_not_markdown == 'true' }} | |
name: Validators | |
needs: | |
- git_info | |
- pull_request_info | |
- build_deckhouse | |
# <template: tests_template> | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: started_at_output> | |
- name: Job started timestamp | |
id: started_at | |
run: | | |
unixTimestamp=$(date +%s) | |
echo "started_at=${unixTimestamp}" >> $GITHUB_OUTPUT | |
# </template: started_at_output> | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
ref: ${{ needs.pull_request_info.outputs.ref }} | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: login_rw_registry_step> | |
- name: Check rw registry credentials | |
id: check_rw_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to rw registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }} | |
logout: false | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
if: ${{ steps.check_rw_registry.outputs.has_credentials != 'true' }} | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_IO_REGISTRY_USER }} | |
password: ${{ secrets.GHCR_IO_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_rw_registry_step> | |
- name: Run tests | |
env: | |
TESTS_IMAGE_NAME: ${{needs.build_deckhouse.outputs.tests_image_name}} | |
run: | | |
if [[ -z ${TESTS_IMAGE_NAME} ]] ; then | |
echo "TESTS_IMAGE_NAME is empty" | |
exit 1 | |
fi | |
# Decode image name from gzip+base64. | |
TESTS_IMAGE_NAME=$(echo ${TESTS_IMAGE_NAME} | base64 -d | gunzip) | |
# Print image name in uppercase to prevent hiding non-secret registry host stored in secret. | |
echo "Tests image name: '${TESTS_IMAGE_NAME}'" | tr '[:lower:]' '[:upper:]' | |
echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..." | |
docker pull ${TESTS_IMAGE_NAME} | |
echo "⚓️ 🏎 [$(date -u)] Run tests..." | |
docker run -w /deckhouse -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} go test -tags=validation -run Validation -timeout=${{env.TEST_TIMEOUT}} ./testing/... | |
# </template: tests_template> | |
set_e2e_requirement_status: | |
# if previous jobs were failed we do not need set status, because checks will be failed | |
if: ${{ success() && needs.pull_request_info.outputs.changes_not_markdown == 'true' }} | |
name: Set 'waiting for e2e' commit status | |
needs: | |
- git_info | |
- pull_request_info | |
- build_deckhouse | |
- validators | |
- openapi_test_cases | |
- golangci_lint | |
- dhctl_tests | |
- matrix_tests | |
- tests | |
runs-on: [ self-hosted, regular ] | |
steps: | |
- name: Set commit status after e2e run | |
id: set_e2e_requirement_status | |
uses: actions/[email protected] | |
env: | |
STATUS_TARGET_COMMIT: ${{needs.git_info.outputs.github_sha}} | |
PR_LABELS: ${{ needs.pull_request_info.outputs.labels }} | |
with: | |
github-token: ${{secrets.BOATSWAIN_GITHUB_TOKEN}} | |
script: | | |
const e2eStatus = require('./.github/scripts/js/e2e-commit-status'); | |
await e2eStatus.setInitialStatus({github, context, core}); |