CI #2682
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - release/* | |
| tags: | |
| - "v*" | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - labeled | |
| - unlabeled | |
| schedule: | |
| - cron: "0 10 * * *" # ~2am PST | |
| workflow_dispatch: | |
| inputs: | |
| debug_enabled: | |
| type: boolean | |
| description: "Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)" | |
| required: false | |
| default: false | |
| permissions: | |
| contents: read | |
| jobs: | |
| test-api: | |
| runs-on: lab | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Create k8s Kind Cluster | |
| uses: helm/[email protected] | |
| with: | |
| version: v0.24.0 | |
| cluster_name: kind | |
| - name: Install CRDs | |
| run: | | |
| just --timestamp test-api | |
| - name: Setup tmate session for debug | |
| if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| uses: mxschmitt/action-tmate@v3 | |
| timeout-minutes: 30 | |
| with: | |
| limit-access-to-actor: true | |
| test-build: | |
| runs-on: lab | |
| permissions: | |
| contents: read | |
| packages: write | |
| pull-requests: write | |
| outputs: | |
| version: "${{ steps.version-gen.outputs.version }}" | |
| ref: "${{ steps.version-gen.outputs.ref }}" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Setup Just | |
| uses: extractions/setup-just@v3 | |
| - name: Lint and generate code | |
| run: | | |
| just --timestamp lint-gha gen _lint | |
| - name: More Go lint | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| # keep in sync with hack/tools.just | |
| version: v1.64.8 | |
| install-mode: goinstall | |
| - name: Build all | |
| run: | | |
| just --timestamp build kube-build build-multi | |
| - name: Run tests | |
| run: | | |
| just --timestamp test | |
| - name: Go mod tidy | |
| run: | | |
| go mod tidy | |
| go mod vendor | |
| # Don't remove it! We shouldn't allow CI to pass if there are any changes not committed after running gen/lint/test | |
| - name: Fail on dirty | |
| run: | | |
| if ! git status --short || [ -n "$(git status --porcelain)" ]; then | |
| git --no-pager diff -- . :^vendor | |
| echo "::error::Working directory is dirty. Please run 'just gen lint && go mod tidy && go mod vendor' and commit the changes." | |
| exit 1 | |
| fi | |
| - name: Login to ghcr.io | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate temp artifacts version | |
| id: version-gen | |
| env: | |
| commit_sha: ${{ github.event.pull_request.head.sha || github.sha }} | |
| run: | | |
| echo "version=v0-${commit_sha::9}" >> "$GITHUB_OUTPUT" | |
| echo "ref=${commit_sha}" >> "$GITHUB_OUTPUT" | |
| - name: Build all and push temp artifacts | |
| run: | | |
| just --timestamp oci_repo=ghcr.io version="${{ steps.version-gen.outputs.version }}" push push-multi | |
| - name: Comment on PR with temp artifacts version | |
| if: ${{ github.event_name == 'pull_request' }} | |
| uses: actions/github-script@v8 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: '🚀 Temp artifacts published: `${{ steps.version-gen.outputs.version }}` 🚀' | |
| }) | |
| - name: Setup tmate session for debug | |
| if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| uses: mxschmitt/action-tmate@v3 | |
| timeout-minutes: 30 | |
| with: | |
| limit-access-to-actor: true | |
| vlab: | |
| name: "${{ matrix.hybrid && 'h' || 'v' }}-${{ matrix.upgradefrom && 'up' || '' }}${{ matrix.upgradefrom }}${{ matrix.upgradefrom && '-' || '' }}${{ matrix.mesh && 'mesh-' || '' }}${{ matrix.gateway && 'gw-' || '' }}${{ matrix.includeonie && 'onie-' || '' }}${{ matrix.buildmode }}-${{ matrix.vpcmode }}" | |
| needs: | |
| - test-api | |
| - test-build | |
| uses: githedgehog/fabricator/.github/workflows/run-vlab.yaml@master | |
| with: | |
| skip: >- | |
| ${{ | |
| github.event_name == 'pull_request' | |
| && ( | |
| matrix.hybrid && !contains(github.event.pull_request.labels.*.name, 'ci:+hlab') | |
| || !matrix.hybrid && contains(github.event.pull_request.labels.*.name, 'ci:-vlab') | |
| ) && ( | |
| matrix.upgradefrom == '' || contains(github.event.pull_request.labels.*.name, 'ci:-upgrade') | |
| ) | |
| }} | |
| fabricatorref: master | |
| prebuild: "just bump fabric ${{ needs.test-build.outputs.version }} ${{ needs.test-build.outputs.ref }}" | |
| fabricmode: spine-leaf | |
| mesh: ${{ matrix.mesh }} | |
| gateway: ${{ matrix.gateway }} | |
| includeonie: ${{ matrix.includeonie }} | |
| buildmode: ${{ matrix.buildmode }} | |
| vpcmode: ${{ matrix.vpcmode }} | |
| releasetest: ${{ contains(github.event.pull_request.labels.*.name, 'ci:+release') }} | |
| hybrid: ${{ matrix.hybrid }} | |
| upgradefrom: ${{ matrix.upgradefrom }} | |
| strategy: | |
| fail-fast: false | |
| # l2vni and l3vni as a base (with defaults) including upgrade from supported versions | |
| matrix: | |
| mesh: | |
| - false | |
| gateway: | |
| - false | |
| includeonie: | |
| - false | |
| buildmode: | |
| - iso | |
| vpcmode: | |
| - l2vni | |
| - l3vni | |
| hybrid: | |
| - false | |
| upgradefrom: | |
| - "" | |
| - "25.04" | |
| - "25.05" | |
| include: | |
| # mesh l2vni | |
| - mesh: true | |
| includeonie: false | |
| gateway: false | |
| buildmode: iso | |
| vpcmode: l2vni | |
| hybrid: false | |
| upgradefrom: "" | |
| # hlab gateway l2vni | |
| - mesh: false | |
| includeonie: false | |
| gateway: true | |
| buildmode: iso | |
| vpcmode: l2vni | |
| hybrid: true | |
| upgradefrom: "" | |
| # mesh l2vni from 25.04 | |
| - mesh: true | |
| includeonie: false | |
| gateway: false | |
| buildmode: iso | |
| vpcmode: l2vni | |
| hybrid: false | |
| upgradefrom: "25.04" | |
| # mesh l2vni from 25.05 | |
| - mesh: true | |
| includeonie: false | |
| gateway: false | |
| buildmode: iso | |
| vpcmode: l2vni | |
| hybrid: false | |
| upgradefrom: "25.05" | |
| # gateway l2vni | |
| - mesh: false | |
| gateway: true | |
| includeonie: false | |
| buildmode: iso | |
| vpcmode: l2vni | |
| hybrid: false | |
| vlabs: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - vlab | |
| if: ${{ always() }} | |
| steps: | |
| - run: | | |
| result="${{ needs.vlab.result }}" | |
| if [[ $result == "success" || $result == "skipped" ]]; then | |
| exit 0 | |
| else | |
| exit 1 | |
| fi | |
| publish: | |
| runs-on: lab | |
| if: startsWith(github.event.ref, 'refs/tags/v') && github.event_name == 'push' | |
| needs: | |
| - test-api | |
| - test-build | |
| - vlabs | |
| permissions: | |
| contents: write # to be able to create a GH release | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Login to ghcr.io | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish Images, Helm charts and Bins on release | |
| run: | | |
| just --timestamp oci_repo=ghcr.io push push-multi | |
| - name: Create GH Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| make_latest: true # TODO do it for master only | |
| files: | | |
| bin/hhfctl-*.tar.gz | |
| # Bump fabric in the fabricator repository | |
| - name: Checkout fabricator repository | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: githedgehog/fabricator | |
| path: fab-repo | |
| persist-credentials: false | |
| - name: Bump fabric in fabricator | |
| working-directory: fab-repo | |
| run: | | |
| go get go.githedgehog.com/fabric@${{ github.ref_name }} | |
| go mod tidy && go mod vendor && git add vendor | |
| sed -i "s/^\tFabricVersion.*/\tFabricVersion=meta.Version(\"${{ github.ref_name }}\")/" pkg/fab/versions.go | |
| go fmt pkg/fab/versions.go | |
| - name: Generate token for the fabricator repository | |
| uses: actions/create-github-app-token@v2 | |
| id: fab-app-token | |
| with: | |
| app-id: ${{ secrets.FAB_APP_ID }} | |
| private-key: ${{ secrets.FAB_PRIVATE_KEY }} | |
| repositories: | | |
| fabricator | |
| - name: Create Pull Request for fabricator | |
| uses: peter-evans/create-pull-request@v7 | |
| id: fab-pr | |
| with: | |
| token: ${{ steps.fab-app-token.outputs.token }} | |
| path: fab-repo | |
| branch: pr/auto/fabric-bump | |
| commit-message: | | |
| bump: fabric to ${{ github.ref_name }} | |
| This is an automated commit created by GitHub Actions workflow, | |
| in the fabric repository. | |
| signoff: true | |
| title: "bump: fabric to ${{ github.ref_name }}" | |
| body: | | |
| This is an automated Pull Request created by GitHub Actions workflow, | |
| in the fabric repository. | |
| # Bump fabric docs in the docs repository | |
| - name: Checkout docs repository | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: githedgehog/docs | |
| path: docs-repo | |
| persist-credentials: false | |
| - name: Copy docs from fabric to docs | |
| run: | | |
| cp docs/api.md docs-repo/docs/reference/fabric-api.md.gen | |
| cp docs/profiles.md docs-repo/docs/reference/profiles.md | |
| cp docs/supported-devices.md docs-repo/docs/install-upgrade/supported-devices.md.gen | |
| - name: Generate token for the docs repository | |
| uses: actions/create-github-app-token@v2 | |
| id: docs-app-token | |
| with: | |
| app-id: ${{ secrets.DOCS_APP_ID }} | |
| private-key: ${{ secrets.DOCS_PRIVATE_KEY }} | |
| repositories: | | |
| docs | |
| - name: Create Pull Request for docs | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ steps.docs-app-token.outputs.token }} | |
| path: docs-repo | |
| branch: pr/auto/fabric-bump | |
| commit-message: | | |
| Update docs from fabric@${{ github.ref_name }} | |
| This is an automated commit created by GitHub Actions workflow, | |
| in the fabric repository. | |
| signoff: true | |
| title: "Update docs from fabric@${{ github.ref_name }}" | |
| body: | | |
| This is an automated Pull Request created by GitHub Actions workflow, | |
| in the fabric repository. | |
| It should be merged only after fabric in the fabricator repository | |
| master branch updated to the ${{ github.ref_name }}: ${{ steps.fab-pr.outputs.pull-request-url }}. | |
| - name: Setup tmate session for debug | |
| if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| uses: mxschmitt/action-tmate@v3 | |
| timeout-minutes: 30 | |
| with: | |
| limit-access-to-actor: true |