Skip to content
Managed

PMM-13132 Encryption rotation. #13708

Sign in to view logs

PMM-13132 Encryption rotation.

PMM-13132 Encryption rotation. #13708

Workflow file for this run

.github/workflows/managed.yml at 6539cbf
name: Managed
on:
push:
branches:
- main
- v3
- pmm-*
tags:
- v[0-9]+.[0-9]+.[0-9]+*
pull_request:
paths-ignore:
- 'admin/**'
- 'agent/**'
- 'api-tests/**'
- 'cli-tests/**'
- 'docs/**'
- 'qan-api2/**'
- 'update/**'
- 'vmproxy/**'
- "ui/**"
jobs:
test:
name: Managed tests
runs-on: ubuntu-22.04
timeout-minutes: 30
permissions:
packages: write
env:
PMM_SERVER_IMAGE: perconalab/pmm-server:3-dev-latest
PMM_CACHE_IMAGE: ghcr.io/percona/pmm:dev-cache
AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
PMM_DEV_OAUTH_CLIENT_ID: ${{ secrets.OAUTH_PMM_CLIENT_ID }}
PMM_DEV_OAUTH_CLIENT_SECRET: ${{ secrets.OAUTH_PMM_CLIENT_SECRET }}
BUILD_CACHE: ${{ github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'v3' }} # change to `main` once v3 goes GA
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Launch PMM Server (see docker-compose.yml)
run: |
make env-compose-up # the container workdir is /root/go/src/github.com/percona/pmm
docker exec -t pmm-server id -Z || :
docker logs pmm-server
- name: Mark the root directory of pmm as safe
run: docker exec -i pmm-server git config --global --add safe.directory /root/go/src/github.com/percona/pmm
- name: Pull the cache image and inject cache to PMM Server
continue-on-error: true
run: |
if docker pull --platform linux/amd64 ${{ env.PMM_CACHE_IMAGE }}; then
docker run --rm --volumes-from pmm-server ${{ env.PMM_CACHE_IMAGE }} sh -c "cp -rf /mod-cache/* /root/go/pkg/mod; cp -rf /build-cache/* /root/.cache/go-build"
docker exec -t pmm-server du -sh /root/.cache/go-build
docker exec -t pmm-server du -sh /root/go/pkg/mod
fi
- name: Remove the cache image
continue-on-error: true
run: docker image rm ${{ env.PMM_CACHE_IMAGE }}
- name: Rebuild the binaries
run: docker exec -i pmm-server make run-managed-ci run-agent run-vmproxy run-qan
- name: Check the status of components
continue-on-error: true
run: docker exec -t pmm-server supervisorctl status
- name: Refresh yum cache for tests
run: docker exec -i pmm-server yum --verbose info updates pmm-managed || echo '1'
- name: Run tests
run: docker exec -i pmm-server make -C managed test-cover
- name: Upload coverage results
uses: codecov/codecov-action@v4
with:
file: managed/cover.out
flags: managed
env_vars: PMM_SERVER_IMAGE
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }}
- name: Run PMM Server update test
run: |
echo "PMM Server update test will be refactored once we have a new update mechanism."
# docker exec -i pmm-server make -C managed test-update
- name: Save PMM Go module and build cache as an image
if: ${{ fromJSON(env.BUILD_CACHE) }}
run: |
df -h | grep -A 1 Filesystem
# We need to free up some space, see more https://github.com/actions/runner-images/issues/2840
sudo rm -rf /usr/share/dotnet
sudo rm -rf /opt/ghc
sudo rm -rf /usr/local/share/boost
df -h | grep -A 1 Filesystem
docker run --name pmm-cache --volumes-from pmm-server busybox sh -c "mkdir /mod-cache /build-cache; cp -r /root/go/pkg/mod/* /mod-cache; cp -r /root/.cache/go-build/* /build-cache"
docker commit pmm-cache ${{ env.PMM_CACHE_IMAGE }}
docker rm -v pmm-cache
- name: Login to ghcr.io registry
if: ${{ fromJSON(env.BUILD_CACHE) }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push the image to ghcr.io
if: ${{ fromJSON(env.BUILD_CACHE) }}
run: docker push ${{ env.PMM_CACHE_IMAGE }}
- name: Run debug commands
if: ${{ always() }}
run: |
env | sort
go env | sort
git status
docker exec pmm-server env | sort
docker exec pmm-server go env | sort
docker exec pmm-server supervisorctl status || true
services=$(docker exec pmm-server supervisorctl status | awk '{print $1}')
services=(`echo ${services}`)
for service in "${services[@]}"; do
echo "Logs for $service:"
docker exec pmm-server supervisorctl tail $service
done