Update security scanner config #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow is responsible for all kinds of integration tests that are run after push to main. | |
# Those tests depend on a container image so in the first job we wait for the image build to succeed. | |
name: main integration tests | |
on: | |
push: | |
branches: | |
- main | |
- 'release-**' | |
jobs: | |
filter-changes: | |
outputs: | |
check: ${{ steps.changed-files.outputs.any_modified }} | |
name: List relevant VCS changes | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: tj-actions/changed-files@6b2903bdce6310cfbddd87c418f253cf29b2dec9 | |
id: changed-files | |
with: | |
files_ignore: | | |
docs/** | |
**/*.md | |
tests/performance/** | |
OWNERS | |
CODEOWNERS | |
sec-scanners-config.yaml | |
.github/** | |
.** | |
- name: List all changed files | |
run: echo '${{ steps.changed-files.outputs.all_changed_files }}' | |
wait-for-image-build: | |
name: Wait for image build | |
needs: [filter-changes] | |
if: ${{ github.event.pull_request.draft == false && needs.filter-changes.outputs.check == 'true' }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/wait-for-job-succeed-or-fail | |
with: | |
job-name: 'post-istio-operator-build' | |
github-auth-token: ${{ secrets.GITHUB_TOKEN }} | |
istio-upgrade-integration-test: | |
name: Istio upgrade integration test | |
runs-on: ubuntu-latest | |
needs: [wait-for-image-build] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: ./.github/actions/upgrade-integration-test | |
with: | |
operator-image-name: "europe-docker.pkg.dev/kyma-project/prod/istio-manager:${{github.sha}}" | |
target_branch: ${{github.ref_name}} | |
istio-integration-test: | |
name: Istio integration test | |
runs-on: ubuntu-latest | |
needs: [wait-for-image-build] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: ./.github/actions/integration-test | |
with: | |
operator-image-name: "europe-docker.pkg.dev/kyma-project/prod/istio-manager:${{github.sha}}" | |
servers-memory: "16" | |
agents: 2 | |
istio-integration-gcp: | |
name: Istio integration test GCP | |
runs-on: ubuntu-latest | |
needs: [wait-for-image-build] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: ./tests/integration/scripts/gardener-kubeconfig.sh | |
shell: bash | |
env: | |
GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- run: make IMG="europe-docker.pkg.dev/kyma-project/prod/istio-manager:${{github.sha}}" gardener-istio-integration-test | |
shell: bash | |
env: | |
GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml" | |
GARDENER_PROJECT_NAME: "goats" | |
GARDENER_PROVIDER_SECRET_NAME: "goat" | |
GARDENER_PROVIDER: "gcp" | |
GARDENER_REGION: "europe-west3" | |
GARDENER_CLUSTER_VERSION: "1.29.7" | |
MACHINE_TYPE: "n2-standard-4" | |
DISK_SIZE: 50 | |
DISK_TYPE: "pd-standard" | |
SCALER_MAX: 20 | |
SCALER_MIN: 3 | |
istio-integration-aws-specific: | |
name: Istio integration test AWS specific | |
runs-on: ubuntu-latest | |
needs: [wait-for-image-build] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: ./tests/integration/scripts/gardener-kubeconfig.sh | |
shell: bash | |
env: | |
GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- run: make IMG="europe-docker.pkg.dev/kyma-project/prod/istio-manager:${{github.sha}}" gardener-aws-integration-test | |
shell: bash | |
env: | |
GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml" | |
GARDENER_PROJECT_NAME: "goats" | |
GARDENER_PROVIDER_SECRET_NAME: "aws-gardener-access" | |
GARDENER_PROVIDER: "aws" | |
GARDENER_CLUSTER_VERSION: "1.29.7" | |
GARDENER_REGION: "eu-west-1" | |
MACHINE_TYPE: "m5.xlarge" | |
DISK_SIZE: 50 | |
DISK_TYPE: "gp2" | |
SCALER_MAX: 3 | |
SCALER_MIN: 1 | |
istio-integration-gcp-specific: | |
name: Istio integration test GCP specific | |
runs-on: ubuntu-latest | |
needs: [wait-for-image-build] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: ./tests/integration/scripts/gardener-kubeconfig.sh | |
shell: bash | |
env: | |
GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- run: make IMG="europe-docker.pkg.dev/kyma-project/prod/istio-manager:${{github.sha}}" gardener-gcp-integration-test | |
shell: bash | |
env: | |
GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml" | |
GARDENER_PROJECT_NAME: "goats" | |
GARDENER_PROVIDER_SECRET_NAME: "goat" | |
GARDENER_PROVIDER: "gcp" | |
GARDENER_REGION: "europe-west3" | |
GARDENER_CLUSTER_VERSION: "1.29.7" | |
MACHINE_TYPE: "n2-standard-4" | |
DISK_SIZE: 50 | |
DISK_TYPE: "pd-standard" | |
SCALER_MAX: 20 | |
SCALER_MIN: 3 | |
istio-integration-aws: | |
name: Istio integration test AWS | |
runs-on: ubuntu-latest | |
needs: [wait-for-image-build] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: ./tests/integration/scripts/gardener-kubeconfig.sh | |
shell: bash | |
env: | |
GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- run: make IMG="europe-docker.pkg.dev/kyma-project/prod/istio-manager:${{github.sha}}" gardener-istio-integration-test | |
shell: bash | |
env: | |
GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml" | |
GARDENER_PROJECT_NAME: "goats" | |
GARDENER_PROVIDER_SECRET_NAME: "aws-gardener-access" | |
GARDENER_PROVIDER: "aws" | |
GARDENER_CLUSTER_VERSION: "1.29.7" | |
GARDENER_REGION: "eu-west-1" | |
MACHINE_TYPE: "m5.xlarge" | |
DISK_SIZE: 50 | |
DISK_TYPE: "gp2" | |
SCALER_MAX: 3 | |
SCALER_MIN: 1 | |
slack_failed_notification: | |
name: Slack Notification | |
runs-on: ubuntu-latest | |
if: ${{ failure() }} | |
needs: [istio-upgrade-integration-test, istio-integration-test, istio-integration-gcp, istio-integration-aws, istio-integration-aws-specific, istio-integration-gcp-specific] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Notify | |
uses: ./.github/actions/slack-notification-failed-workflow | |
with: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |