-
Notifications
You must be signed in to change notification settings - Fork 134
147 lines (124 loc) · 4.71 KB
/
kind-e2e.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Chains kind E2E Tests
on:
pull_request:
branches:
- main
- release-*
defaults:
run:
shell: bash
working-directory: ./
jobs:
chains-e2e-tests:
name: e2e tests
runs-on: ubuntu-latest
strategy:
fail-fast: false # Keep running if one leg fails.
matrix:
k8s-version:
- v1.23.x
- v1.24.x
- v1.25.x
env:
GOPATH: ${{ github.workspace }}
GO111MODULE: on
GOFLAGS: -ldflags=-s -ldflags=-w
KO_DOCKER_REPO: registry.local:5000/knative
KOCACHE: ~/ko
SIGSTORE_SCAFFOLDING_RELEASE_VERSION: "v0.4.13"
TEKTON_PIPELINES_RELEASE: "https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.0/release.yaml"
# Note that we do not include the v prefix here so we can use it in all
# the places this is used.
TEKTON_CLI_RELEASE: "0.26.1"
steps:
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
- uses: actions/cache@v2
with:
# In order:
# * Module download cache
# * Build cache (Linux)
path: |
~/go/pkg/mod
~/.cache/go-build
${{ env.KOCACHE }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.19.x
- uses: imjasonh/[email protected]
with:
version: tip
- name: Install tkn cli
run: |
curl -Lo ./tkn_${{ env.TEKTON_CLI_RELEASE }}_Linux_x86_64.tar.gz https://github.com/tektoncd/cli/releases/download/v${{ env.TEKTON_CLI_RELEASE }}/tkn_${{ env.TEKTON_CLI_RELEASE }}_Linux_x86_64.tar.gz
tar xvzf ./tkn_${{ env.TEKTON_CLI_RELEASE }}_Linux_x86_64.tar.gz tkn
chmod u+x ./tkn
- name: Check out our repo
uses: actions/checkout@v2
with:
path: ./src/github.com/tektoncd/chains
- name: Install mirror, kind, knative + sigstore
uses: sigstore/scaffolding/actions/setup@main
with:
k8s-version: ${{ matrix.k8s-version }}
version: ${{ env.SIGSTORE_SCAFFOLDING_RELEASE_VERSION }}
- name: Install Tekton pipelines
run: |
while ! kubectl apply --filename ${{ env.TEKTON_PIPELINES_RELEASE }}
do
echo "waiting for tekton pipelines to get installed"
sleep 2
done
# Restart so picks up the changes.
kubectl -n tekton-pipelines delete po -l app=tekton-pipelines-controller
- name: Install all the everythings
working-directory: ./src/github.com/tektoncd/chains
timeout-minutes: 10
run: |
ko apply -BRf ./config/
kubectl patch configmap/chains-config \
--namespace tekton-chains \
--type merge \
--patch '{"data":{"artifacts.oci.format": "simplesigning", "artifacts.oci.storage": "oci", "artifacts.taskrun.format": "in-toto", "signers.x509.fulcio.address": "http://fulcio.fulcio-system.svc", "signers.x509.fulcio.enabled": "true", "transparency.enabled": "true", "transparency.url": "http://rekor.rekor-system.svc"}}'
# Restart chains controller so picks up the changes.
kubectl -n tekton-chains delete po -l app=tekton-chains-controller
# TODO(vaikas): Better way to find when the chains has picked up
# the changes
sleep 10
- name: Run tutorial taskrun
run: |
kubectl create -f https://raw.githubusercontent.com/tektoncd/chains/main/examples/taskruns/task-output-image.yaml
# Sleep so the taskrun shows up.
sleep 2
echo "Waiting for the taskrun to complete..."
kubectl wait --timeout 3m --for=condition=Succeeded taskruns --all || kubectl get taskruns -o yaml
echo "Waiting for Chains to do it's thing"
for i in {1..10}
do
./tkn tr describe --last -o jsonpath="{.metadata.annotations.chains\.tekton\.dev/transparency}" > tektonentry
if [ -s ./tektonentry ]; then
if grep --quiet rekor.rekor-system.svc ./tektonentry ; then
echo "Found rekor transparency entry:"
cat ./tektonentry
kubectl get taskruns -oyaml
exit 0
else
echo "Did not find expected rekor transparency entry"
sleep 2
fi
else
echo "Did not find rekor transparency entry in the annotations"
sleep 2
fi
done
# Did not find entry, fail
exit 1
- name: Collect diagnostics
if: ${{ failure() }}
uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main
with:
cluster-resources: nodes
namespace-resources: pods,taskruns,jobs