contrast/.github/workflows/k3s_compatibility.yml at 9af0248dfc70759d5893a2d95bb08ba90158f7dd · edgelesssys/contrast · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: test nodeinstaller k3s compatibility

on:
  workflow_dispatch:
  schedule:
    - cron: "16 6 * * 6" # 6:16 on Saturdays
  pull_request:
    paths:
      - .github/workflows/k3s_compatibility.yml

env:
  container_registry: ghcr.io/edgelesssys

jobs:
  nix-build:
    uses: ./.github/workflows/nix_build.yml
    secrets:
      GITHUB_TOKEN_IN: ${{ secrets.GITHUB_TOKEN_IN }}
      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}

  test:
    runs-on: ubuntu-24.04
    needs: nix-build
    permissions:
      contents: read
      packages: write
    steps:
      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          persist-credentials: false
      - uses: ./.github/actions/setup_nix
        with:
          githubToken: ${{ secrets.GITHUB_TOKEN_IN || secrets.GITHUB_TOKEN }}
          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
      - uses: nicknovitski/nix-develop@9be7cfb4b10451d3390a75dc18ad0465bed4932a # v1.2.1
      - name: Log in to ghcr.io Container registry
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN_IN || secrets.GITHUB_TOKEN }}
      - name: Create justfile.env
        run: |
          cat <<EOF > justfile.env
          container_registry=${{ env.container_registry }}
          # TDX does not require an ID Block, so we don't check the hardware.
          # This allows us to run the test on a GitHub runner.
          default_platform="Metal-QEMU-TDX"
          node_installer_target_conf_type="k3s"
          EOF
      - name: Build and push container images
        run: |
          just node-installer
      - name: Install K3s
        run: |
          curl -sfL https://get.k3s.io | K3S_KUBECONFIG_OUTPUT=~/.kube/config K3S_KUBECONFIG_MODE="644" sh -
      - name: Deploy Contrast Node Installer
        run: |
          just runtime default
          kubectl wait --for=condition=Ready nodes --all --timeout=300s
          just apply runtime
          nodeinstaller=$(yq 'select(.kind=="DaemonSet") | .metadata.name' < workspace/runtime/runtime.yml)
          kubectl rollout status --timeout=300s daemonset/"$nodeinstaller"
      - name: Check configured runtimes
        run: |
          runtimehandler=$(yq 'select(.kind=="RuntimeClass") | .handler' < workspace/runtime/runtime.yml)
          sudo crictl info | jq -e --arg rh "$runtimehandler" '.config.containerd.runtimes[$rh]'
      - name: Notify teams channel of failure
        if: failure() && github.event_name == 'schedule' && github.run_attempt == 1
        uses: ./.github/actions/post_to_teams
        with:
          webhook: ${{ secrets.TEAMS_CI_WEBHOOK }}
          title: "${{ github.workflow }} failed"
          message: "${{ github.workflow }} failed"
          additionalFields: '[{"title": "Job ID", "value": "${{ github.job }}"}]'