test: proof of concept malicious node #371
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: System Tests K8s | |
| # Run specific system test: | |
| # gh workflow run system-tests-k8s.yml \ | |
| # --ref marko-system-tests-k8s \ | |
| # --field targets="//rs/tests/testing_verification:basic_health_test" \ | |
| # --field jobs="32" | |
| on: | |
| schedule: | |
| - cron: "0 3 * * *" | |
| pull_request: | |
| paths: | |
| - '.github/workflows/system-tests-k8s.yml' | |
| workflow_dispatch: | |
| inputs: | |
| targets: | |
| description: 'System Tests / Bazel Targets' | |
| required: false | |
| default: '//rs/tests/testing_verification:basic_health_test' | |
| jobs: | |
| description: 'Concurrent Bazel Jobs' | |
| required: false | |
| default: '32' | |
| env: | |
| TARGETS: | | |
| ${{ github.event_name == 'schedule' && '//...' || | |
| github.event_name == 'workflow_dispatch' && github.event.inputs.targets || | |
| '//rs/tests/testing_verification:basic_health_test' }} | |
| JOBS: | | |
| ${{ github.event_name == 'schedule' && '7' || | |
| github.event_name == 'workflow_dispatch' && github.event.inputs.jobs || | |
| '32' }} | |
| BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
| CI_COMMIT_SHA: ${{ github.sha }} | |
| CI_JOB_NAME: ${{ github.job }} | |
| CI_JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| CI_PIPELINE_SOURCE: ${{ github.event_name }} | |
| CI_PROJECT_DIR: ${{ github.workspace }} | |
| CI_RUN_ID: ${{ github.run_id }} | |
| BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }} | |
| BUILDEVENT_DATASET: "github-ci-dfinity" | |
| jobs: | |
| bazel-system-tests-k8s: | |
| name: Bazel System Tests K8s | |
| runs-on: | |
| group: ln1 | |
| labels: dind-large | |
| container: | |
| image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
| options: >- | |
| -e NODE_NAME -e KUBECONFIG | |
| --privileged --cgroupns host | |
| -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp | |
| timeout-minutes: 360 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Before script | |
| id: before-script | |
| shell: bash | |
| run: | | |
| [ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME" | |
| - name: Login to Dockerhub | |
| shell: bash | |
| run: ./ci/scripts/docker-login.sh | |
| env: | |
| DOCKER_HUB_USER: ${{ vars.DOCKER_HUB_USER }} | |
| DOCKER_HUB_PASSWORD_RO: ${{ secrets.DOCKER_HUB_PASSWORD_RO }} | |
| - name: Set KUBECONFIG | |
| shell: bash | |
| run: | | |
| echo "$TNET_KUBECONFIG" > /tmp/kubeconfig | |
| echo "KUBECONFIG=/tmp/kubeconfig" >> $GITHUB_ENV | |
| env: | |
| TNET_KUBECONFIG: ${{ secrets.TNET_KUBECONFIG }} | |
| - name: Run System Tests on K8s | |
| id: bazel-test-all | |
| uses: ./.github/actions/bazel-test-all/ | |
| env: | |
| AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }} | |
| with: | |
| BAZEL_COMMAND: "test" | |
| BAZEL_TARGETS: "${{ env.TARGETS }}" | |
| BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel" | |
| BAZEL_EXTRA_ARGS: "--jobs=${{ env.JOBS }} --test_tag_filters=k8s,-manual,-colocated,-system_test_nightly --k8s" | |
| BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }} | |
| - name: Upload bazel-bep | |
| uses: actions/upload-artifact@v4 | |
| if: success() || failure() | |
| with: | |
| name: ${{ github.job }}-bep | |
| retention-days: 14 | |
| if-no-files-found: ignore | |
| compression-level: 9 | |
| path: | | |
| bazel-bep.pb | |
| profile.json |