[Backport 1.29] watch query timeout backport k8s-dqlite #5008

Workflow file for this run

.github/workflows/build-snap.yml at 86bc4bf

	name: Build and test MicroK8s snap

	on:
	- pull_request

	jobs:
	build:
	name: Create snap package
	runs-on: ubuntu-20.04

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install lxd
	run: \|
	sudo lxd init --auto
	sudo usermod --append --groups lxd $USER
	sg lxd -c 'lxc version'
	- name: Install snapcraft
	run: \|
	sudo snap install snapcraft --classic
	- name: Install snapd from candidate
	run: \|
	# TODO(neoaggelos): revert this after latest/beta is working again
	sudo snap refresh snapd --channel=latest/stable
	- name: Build snap
	run: \|
	sg lxd -c 'snapcraft --use-lxd'
	sudo mv microk8s*.snap microk8s.snap
	- name: Uploading snap
	uses: actions/upload-artifact@v3
	with:
	name: microk8s.snap
	path: microk8s.snap

	test-upgrade:
	name: Upgrade path test
	runs-on: ubuntu-20.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest sh
	sudo apt-get -y install open-iscsi
	sudo systemctl enable iscsid
	- name: Fetch snap
	uses: actions/[email protected]
	with:
	name: microk8s.snap
	path: build
	- name: Running upgrade path test
	run: \|
	sudo -E UPGRADE_MICROK8S_FROM=1.29/edge UPGRADE_MICROK8S_TO=$PWD/build/microk8s.snap pytest -s ./tests/test-upgrade-path.py

	test-addons-core:
	name: Test core addons
	runs-on: ubuntu-20.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest sh
	sudo apt-get -y install open-iscsi
	sudo systemctl enable iscsid
	- name: Fetch snap
	uses: actions/[email protected]
	with:
	name: microk8s.snap
	path: build
	- name: Running addons tests
	run: \|
	set -x
	sudo snap install build/microk8s.snap --classic --dangerous
	./tests/smoke-test.sh
	export UNDER_TIME_PRESSURE="True"
	export SKIP_PROMETHEUS="False"
	sudo -E bash -c "cd /var/snap/microk8s/common/addons/core/tests; pytest -s -ra test-addons.py"

	test-addons-community:
	name: Test community addons
	runs-on: ubuntu-20.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest sh
	sudo apt-get -y install open-iscsi
	sudo systemctl enable iscsid
	- name: Fetch snap
	uses: actions/[email protected]
	with:
	name: microk8s.snap
	path: build
	# - name: Setup tmate session
	# uses: mxschmitt/action-tmate@v3
	- name: Running addons tests
	run: \|
	set -x
	sudo snap install build/microk8s.snap --classic --dangerous
	sudo microk8s enable community
	export UNDER_TIME_PRESSURE="True"
	sudo -E bash -c "cd /var/snap/microk8s/common/addons/community/; pytest -s -ra ./tests/"

	test-addons-core-upgrade:
	name: Test core addons upgrade
	runs-on: ubuntu-20.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	# - name: Setup tmate session
	# uses: mxschmitt/action-tmate@v3
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest sh
	sudo apt-get -y install open-iscsi
	sudo systemctl enable iscsid
	- name: Fetch snap
	uses: actions/[email protected]
	with:
	name: microk8s.snap
	path: build
	- name: Running upgrade tests
	run: \|
	set -x
	export UNDER_TIME_PRESSURE="True"
	sudo -E bash -c "UPGRADE_MICROK8S_FROM=1.29/edge UPGRADE_MICROK8S_TO=$PWD/build/microk8s.snap pytest -s ./tests/test-upgrade.py"

	test-cluster-agent:
	name: Cluster agent health check
	runs-on: ubuntu-20.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Install test dependencies
	run: \|
	set -x
	sudo apt-get install python3-setuptools
	sudo pip3 install --upgrade pip
	sudo pip3 install -U pytest sh requests
	- name: Fetch snap
	uses: actions/[email protected]
	with:
	name: microk8s.snap
	path: build
	- name: Running cluster agent health check
	run: \|
	set -x
	sudo snap install build/microk8s.snap --classic --dangerous
	sudo -E bash -c "pytest -s ./tests/test-cluster-agent.py"

	test-airgap:
	name: Test airgap installation
	runs-on: ubuntu-20.04
	needs: build

	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Fetch snap
	uses: actions/[email protected]
	with:
	name: microk8s.snap
	path: build
	- name: Initialize LXD
	run: \|
	sudo lxd init --auto
	sudo lxc network set lxdbr0 ipv6.address=none
	sudo usermod --append --groups lxd $USER
	sg lxd -c 'lxc version'
	- name: Run airgap tests
	run: \|
	sudo -E bash -x -c "./tests/libs/airgap.sh --distro ubuntu:20.04 --channel $PWD/build/microk8s.snap"

	test-spread:
	name: Test microk8s on debian
	runs-on: ubuntu-20.04
	needs: build
	strategy:
	fail-fast: false
	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Fetch snap
	uses: actions/[email protected]
	with:
	name: microk8s.snap
	path: build
	- name: Initialize LXD
	run: \|
	sudo apt install apparmor apparmor-utils -y
	sudo lxd init --auto
	sudo lxc network set lxdbr0 ipv6.address=none
	sudo usermod --append --groups lxd $USER
	sg lxd -c 'lxc version'
	- name: Run spread tests
	run: \|
	sudo -E bash -x -c "./tests/libs/spread.sh --distro images:debian/12 --channel $PWD/build/microk8s.snap"

	security-scan:
	name: Security scan
	runs-on: ubuntu-20.04
	needs: build
	steps:
	- name: Checking out repo
	uses: actions/checkout@v4
	- name: Fetch snap
	uses: actions/[email protected]
	with:
	name: microk8s.snap
	path: build
	- name: Setup Trivy vulnerability scanner
	run: \|
	mkdir -p sarifs
	VER=$(curl --silent -qI https://github.com/aquasecurity/trivy/releases/latest \| awk -F '/' '/^location/ {print substr($NF, 1, length($NF)-1)}');
	wget https://github.com/aquasecurity/trivy/releases/download/${VER}/trivy_${VER#v}_Linux-64bit.tar.gz
	tar -zxvf ./trivy_${VER#v}_Linux-64bit.tar.gz
	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: "fs"
	ignore-unfixed: true
	format: "sarif"
	output: "trivy-microk8s-repo-scan--results.sarif"
	severity: "CRITICAL"
	- name: Gather Trivy repo scan results
	run: \|
	cp trivy-microk8s-repo-scan--results.sarif ./sarifs/
	- name: Run Trivy vulnerability scanner on images
	run: \|
	for i in $(cat ./build-scripts/images.txt) ; do
	name=$(echo $i \| awk -F ':\|/' '{print $(NF-1)}')
	./trivy image $i --format sarif > sarifs/$name.sarif
	done
	- name: Run Trivy vulnerability scanner on the snap
	run: \|
	cp build/microk8s.snap .
	unsquashfs microk8s.snap
	./trivy rootfs ./squashfs-root/ --format sarif > sarifs/snap.sarif
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: "sarifs"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Backport 1.29] watch query timeout backport k8s-dqlite #5008

Workflow file

[Backport 1.29] watch query timeout backport k8s-dqlite #5008

Jobs

Run details

Workflow file for this run