summaryrefslogtreecommitdiffstats
path: root/src/fluent-bit/.github/workflows/call-test-images.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'src/fluent-bit/.github/workflows/call-test-images.yaml')
-rw-r--r--src/fluent-bit/.github/workflows/call-test-images.yaml205
1 files changed, 205 insertions, 0 deletions
diff --git a/src/fluent-bit/.github/workflows/call-test-images.yaml b/src/fluent-bit/.github/workflows/call-test-images.yaml
new file mode 100644
index 000000000..29bc0cd3d
--- /dev/null
+++ b/src/fluent-bit/.github/workflows/call-test-images.yaml
@@ -0,0 +1,205 @@
+---
+name: Reusable workflow to test container images
+on:
+ workflow_call:
+ inputs:
+ registry:
+ description: The registry to pull the images to test from.
+ type: string
+ required: true
+ username:
+ description: The username for authentication with the registry.
+ type: string
+ required: true
+ image:
+ description: The name of the image to pull from the registry for testing.
+ type: string
+ required: true
+ image-tag:
+ description: The tag of the image to pull from the registry for testing.
+ type: string
+ required: true
+ environment:
+ description: The Github environment to run this workflow on.
+ type: string
+ required: false
+ ref:
+ description: The commit, tag or branch to checkout for testing scripts.
+ type: string
+ default: master
+ required: false
+ secrets:
+ token:
+ description: The Github token or similar to authenticate with for the registry.
+ required: true
+ cosign_key:
+ description: The optional Cosign key to use for verifying the images.
+ required: false
+jobs:
+ call-test-images-cosign-verify:
+ name: Cosign verification of container image
+ environment: ${{ inputs.environment }}
+ runs-on: ubuntu-latest
+ steps:
+ - name: Install cosign
+ uses: sigstore/cosign-installer@v2
+
+ - name: Log in to the Container registry
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ inputs.registry }}
+ username: ${{ inputs.username }}
+ password: ${{ secrets.token }}
+
+ # There is currently no way to verify a local image, e.g. for a particular architecture
+ # https://github.com/sigstore/cosign/issues/60
+ - name: Verify image with a key
+ # Only key-based verification currently
+ if: ${{ env.COSIGN_PUBLIC_KEY }}
+ run: |
+ echo -e "${COSIGN_PUBLIC_KEY}" > /tmp/my_cosign.pub
+ cosign verify --key /tmp/my_cosign.pub "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
+ rm -f /tmp/my_cosign.key
+ shell: bash
+ env:
+ COSIGN_PUBLIC_KEY: ${{ secrets.cosign_key }}
+ REGISTRY: ${{ inputs.registry }}
+ IMAGE_NAME: ${{ inputs.image }}
+ IMAGE_TAG: ${{ inputs.image-tag }}
+
+ call-test-images-container-architecture:
+ name: ${{ matrix.arch }} image architecture verification
+ runs-on: ubuntu-latest
+ environment: ${{ inputs.environment }}
+ # Test as much as we can
+ continue-on-error: true
+ strategy:
+ fail-fast: false
+ matrix:
+ arch: [ linux/amd64, linux/arm64, linux/arm/v7 ]
+ include:
+ # Rather than extract the specific central arch we just provide it
+ - arch: linux/amd64
+ expected: amd64
+ - arch: linux/arm64
+ expected: arm64
+ - arch: linux/arm/v7
+ expected: arm
+ steps:
+ - name: Log in to the Container registry
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ inputs.registry }}
+ username: ${{ inputs.username }}
+ password: ${{ secrets.token }}
+
+ - name: Pull and extract architecture of image
+ id: extract_arch
+ run: |
+ docker pull --platform=${{ matrix.arch }} "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
+ ACTUAL_ARCH=$(docker image inspect --format '{{.Architecture}}' "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG")
+ echo "ACTUAL_ARCH=$ACTUAL_ARCH" >> $GITHUB_OUTPUT
+ docker image inspect "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
+ shell: bash
+ env:
+ REGISTRY: ${{ inputs.registry }}
+ IMAGE_NAME: ${{ inputs.image }}
+ IMAGE_TAG: ${{ inputs.image-tag }}
+
+ - name: Validate architecture of image
+ run: |
+ if [[ "$ACTUAL_ARCH" != "$EXPECTED_ARCH" ]]; then
+ echo "Invalid architecture for $REGISTRY/$IMAGE_NAME: $ACTUAL_ARCH != $EXPECTED_ARCH"
+ exit 1
+ fi
+ env:
+ EXPECTED_ARCH: ${{ matrix.expected }}
+ ACTUAL_ARCH: ${{ steps.extract_arch.outputs.ACTUAL_ARCH }}
+ shell: bash
+
+ call-test-images-container-smoke:
+ # Ensure each architecture container runs up correctly with default configuration.
+ name: ${{ matrix.arch }} smoke test for local container images
+ runs-on: ubuntu-latest
+ environment: ${{ inputs.environment }}
+ # No point running if the architecture is incorrect
+ needs: [ call-test-images-container-architecture ]
+ continue-on-error: true
+ strategy:
+ fail-fast: false # verify all
+ matrix:
+ arch: [ linux/amd64, linux/arm64, linux/arm/v7 ]
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.ref }}
+
+ - name: Log in to the Container registry
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ inputs.registry }}
+ username: ${{ inputs.username }}
+ password: ${{ secrets.token }}
+
+ - name: Set up QEMU using standard action
+ if: ${{ matrix.arch != 'linux/arm64' }}
+ uses: docker/setup-qemu-action@v3
+
+ # Without this QEMU fails for ARM64
+ - name: Set up binary emulation for QEMU
+ if: ${{ matrix.arch == 'linux/arm64' }}
+ run: |
+ docker run --privileged --rm tonistiigi/binfmt --install all
+
+ - name: Verify platform is supported with Alpine container
+ # We make sure there is not an inherent issue with this architecture on this runner
+ run: |
+ docker run --rm --platform=${{ matrix.arch }} alpine uname -a
+
+ - name: Test the HTTP server is responding
+ timeout-minutes: 10
+ run: |
+ packaging/testing/smoke/container/container-smoke-test.sh
+ shell: bash
+ env:
+ CONTAINER_NAME: local-smoke-${{ matrix.arch }}
+ CONTAINER_ARCH: ${{ matrix.arch }}
+ REGISTRY: ${{ inputs.registry }}
+ IMAGE_NAME: ${{ inputs.image }}
+ IMAGE_TAG: ${{ inputs.image-tag }}
+
+ call-test-images-k8s-smoke:
+ # No need to test every architecture here, that is covered by local container tests.
+ # Testing helm chart deployment on KIND here.
+ name: Helm chart test on KIND
+ environment: ${{ inputs.environment }}
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.ref }}
+
+ - name: Create k8s Kind Cluster
+ uses: helm/kind-action@v1.8.0
+
+ - name: Set up Helm
+ uses: azure/setup-helm@v3.5
+ with:
+ version: v3.6.3
+
+ - name: Set up Kubectl
+ uses: azure/setup-kubectl@v3.2
+
+ - name: Test the HTTP server is responding
+ timeout-minutes: 5
+ run: |
+ packaging/testing/smoke/k8s/k8s-smoke-test.sh
+ shell: bash
+ env:
+ NAMESPACE: default
+ REGISTRY: ${{ inputs.registry }}
+ IMAGE_NAME: ${{ inputs.image }}
+ IMAGE_TAG: ${{ inputs.image-tag }}
+