cloudzero-agent/.github/workflows/test-chart.yml at develop · Cloudzero/cloudzero-agent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: Test Helm Chart
on: [push]

env:
  SKIP_VALIDATIONS: false

jobs:
  # This job lints the chart
  helm-chart-lint:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: SETUP - Checkout
        uses: actions/checkout@v5

      - name: SETUP - Set up Helm
        uses: azure/setup-helm@v5.0.0
        with:
          version: v3.14.4

      - name: SETUP - Set up chart-testing
        uses: helm/chart-testing-action@v2.8.0

      - name: TEST - Lint the chart
        env:
          # Agent Chart settings (prom repo is to work around issue with chart-testing tool)
          PROM_CHART_REPO: https://prometheus-community.github.io/helm-charts
          CZ_CHART_REPO: https://cloudzero.github.io/cloudzero-charts
          CZ_CHART_BETA_REPO: https://cloudzero.github.io/cloudzero-charts/beta
          CLUSTER_NAME: cz-node-agent-ci
          CLOUD_ACCOUNT_ID: "00000000"
          CZ_API_TOKEN: "fake-api-token"
          REGION: "us-east-1"
        run: |
          cd helm/
          helm dependency update
          ct lint --debug --charts . \
            --chart-repos=kube-state-metrics="$PROM_CHART_REPO" \
            --helm-lint-extra-args "--set=existingSecretName=api-token,clusterName=$CLUSTER_NAME,cloudAccountId=$CLOUD_ACCOUNT_ID,region=$REGION"

  # This job runs helm tests using the project's Makefile
  helm-test:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: SETUP - Checkout
        uses: actions/checkout@v5

      - name: SETUP - Set up Go
        uses: actions/setup-go@v6
        with:
          go-version-file: go.mod

      - name: SETUP - Install tools
        run: make install-tools V=1

      - name: Install Checkov
        run: |
          command -v pip3 || (sudo apt update && sudo apt install python3-pip -y)
          pip3 install checkov

      - name: TEST - Run helm tests
        env:
          CLOUDZERO_DEV_API_KEY: "fake-api-key"
        run: make -j helm-test V=1

  # This job tests the chart on a KinD cluster
  # and if we are in the develop or tag branch, it will
  # publish the image to the production registry
  helm-chart-install:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      # required to push the image to the registry
      packages: write
      # required for image signing
      id-token: write
    steps:
      # Checkout the repository code
      - name: SETUP - Checkout
        id: checkout_code
        uses: actions/checkout@v5

      # Install helm on the host
      - name: SETUP - Helm
        id: install_helm
        uses: azure/setup-helm@v5.0.0
        with:
          version: v3.14.4

      # Install chart-testing tool to make chart validation easier
      - name: SETUP - chart-testing
        id: install_ct
        uses: helm/chart-testing-action@v2.8.0

      # Create a KinD cluster with a registry pod for testing (kind-registry:5000)
      - name: SETUP - Kubernetes KinD Cluster
        id: install_kind
        uses: helm/kind-action@v1

      # Sanity Check: Validate the k8s and Registry is Running
      - name: SANITY CHECK - KinD
        id: validate_kind_install
        run: |
          kubectl version
          kubectl cluster-info
          kubectl describe nodes

      # PRs from a fork don't have access to the secrets
      # don't fail in this case, skip validate
      - name: INPUT PREP - Skip validation
        id: skip_validation
        run: |
          # Skip if secret is not defined
          if [[ -z "${{ secrets.CZ_DEV_API_TOKEN }}" ]]; then
            echo "SKIP_VALIDATIONS=true" >>"${GITHUB_ENV}"
          fi

      # Install the chart using our temporary image
      - name: TEST - Install the chart
        id: test_chart_installation
        if: ${{ env.SKIP_VALIDATIONS == 'false' }}
        env:
          NAMESPACE: monitoring
          # Agent Chart settings (prom repo is to work around issue with chart-testing tool)
          PROM_CHART_REPO: https://prometheus-community.github.io/helm-charts
          CZ_CHART_REPO: https://cloudzero.github.io/cloudzero-charts
          CZ_CHART_BETA_REPO: https://cloudzero.github.io/cloudzero-charts/beta
          CLUSTER_NAME: cz-node-agent-ci
          CLOUD_ACCOUNT_ID: "00000000"
          CZ_API_TOKEN: ${{ secrets.CZ_DEV_API_TOKEN || 'fake-api-token' }}
          REGION: "us-east-1"
        run: |
          kubectl create namespace "$NAMESPACE"
          kubectl create secret -n "$NAMESPACE" generic api-token --from-literal=value="$CZ_API_TOKEN"
          cd helm/
          helm dependency update
          ct install --charts . \
            --chart-repos=kube-state-metrics="$PROM_CHART_REPO" \
            --namespace "$NAMESPACE" \
            --helm-extra-set-args "\
              --set=existingSecretName=api-token \
              --set=host=dev-api.cloudzero.com \
              --set=clusterName=$CLUSTER_NAME \
              --set=cloudAccountId=$CLOUD_ACCOUNT_ID \
              --set=region=$REGION \
              "