ci: use kind built with containerd v1.7.23 #14312
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build x86 Image | |
on: | |
pull_request: | |
branches: | |
- master | |
- release-* | |
paths-ignore: | |
- 'docs/**' | |
- '**.md' | |
push: | |
branches: | |
- master | |
- release-* | |
paths-ignore: | |
- 'docs/**' | |
- '**.md' | |
concurrency: | |
group: "${{ github.workflow }}-${{ github.ref }}" | |
cancel-in-progress: true | |
env: | |
KIND_VERSION: v0.25.0 | |
GOLANGCI_LINT_VERSION: 'v1.62.0' | |
HELM_VERSION: v3.16.2 | |
SUBMARINER_VERSION: '0.18.2' | |
jobs: | |
build-kube-ovn-base: | |
name: Build kube-ovn-base | |
runs-on: ubuntu-24.04 | |
outputs: | |
build-base: ${{ steps.check.outputs.build-base }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- id: check | |
run: | | |
if [ ${{ github.event_name }} != 'pull_request' ]; then | |
exit | |
fi | |
tmp_dir=`mktemp -d` | |
cat > "$tmp_dir/on_changes.txt" <<EOF | |
dist/images/Dockerfile.base | |
dist/images/OpenBFDD-compile.patch | |
dist/images/go-deps/download-go-deps.sh | |
dist/images/go-deps/rebuild-go-deps.sh | |
EOF | |
if git diff --name-only HEAD^ HEAD | grep -Ff "$tmp_dir/on_changes.txt"; then | |
echo build-base=1 >> "$GITHUB_OUTPUT" | |
fi | |
rm -frv "$tmp_dir" | |
- uses: jlumbroso/[email protected] | |
if: steps.check.outputs.build-base == 1 | |
with: | |
android: true | |
dotnet: true | |
haskell: true | |
docker-images: false | |
large-packages: false | |
tool-cache: false | |
swap-storage: false | |
- uses: docker/setup-buildx-action@v3 | |
if: steps.check.outputs.build-base == 1 | |
- uses: actions/setup-go@v5 | |
if: steps.check.outputs.build-base == 1 | |
id: setup-go | |
with: | |
go-version-file: go.mod | |
check-latest: true | |
cache: false | |
- name: Build kube-ovn-base image | |
id: build | |
if: steps.check.outputs.build-base == 1 | |
env: | |
GO_VERSION: ${{ steps.setup-go.outputs.go-version }} | |
run: | | |
make base-amd64 | |
make base-tar-amd64 | |
- name: Upload base images to artifact | |
if: steps.check.outputs.build-base == 1 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: kube-ovn-base | |
path: image-amd64.tar | |
build-kube-ovn-dpdk-base: | |
name: Build kube-ovn-dpdk-base | |
runs-on: ubuntu-24.04 | |
outputs: | |
build-dpdk-base: ${{ steps.check.outputs.build-dpdk-base }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- id: check | |
run: | | |
if [ ${{ github.event_name }} != 'pull_request' ]; then | |
exit | |
fi | |
if ! git diff --exit-code HEAD^...HEAD -- dist/images/Dockerfile.base-dpdk; then | |
echo build-dpdk-base=1 >> "$GITHUB_OUTPUT" | |
fi | |
- uses: jlumbroso/[email protected] | |
if: steps.check.outputs.build-dpdk-base == 1 | |
with: | |
android: true | |
dotnet: true | |
haskell: true | |
docker-images: false | |
large-packages: false | |
tool-cache: false | |
swap-storage: false | |
- uses: docker/setup-buildx-action@v3 | |
if: steps.check.outputs.build-dpdk-base == 1 | |
- name: Build kube-ovn-dpdk-base image | |
id: build | |
if: steps.check.outputs.build-dpdk-base == 1 | |
run: | | |
make base-amd64-dpdk | |
make base-tar-amd64-dpdk | |
- name: Upload dpdk base images to artifact | |
if: steps.check.outputs.build-dpdk-base == 1 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: kube-ovn-dpdk-base | |
path: image-amd64-dpdk.tar | |
build-kube-ovn: | |
name: Build kube-ovn | |
runs-on: ubuntu-24.04 | |
needs: | |
- build-kube-ovn-base | |
- build-kube-ovn-dpdk-base | |
steps: | |
- uses: jlumbroso/[email protected] | |
with: | |
android: true | |
dotnet: true | |
haskell: true | |
docker-images: false | |
large-packages: false | |
tool-cache: false | |
swap-storage: false | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-buildx-action@v3 | |
- uses: actions/setup-go@v5 | |
id: setup-go | |
with: | |
go-version-file: go.mod | |
check-latest: true | |
cache: false | |
- name: Setup environment variables | |
run: | | |
echo "TAG=$(cat VERSION)" >> "$GITHUB_ENV" | |
echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
- name: Go cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-x86-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-go-${{ env.GO_VERSION }}-x86- | |
- name: Unit test | |
run: | | |
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
make ut | |
- name: Install golangci-lint | |
run: | | |
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $GOLANGCI_LINT_VERSION | |
- name: Download base images | |
if: needs.build-kube-ovn-base.outputs.build-base == 1 | |
uses: actions/download-artifact@v4 | |
with: | |
name: kube-ovn-base | |
- name: Load base images | |
if: needs.build-kube-ovn-base.outputs.build-base == 1 | |
run: | | |
docker load --input image-amd64.tar | |
docker tag kubeovn/kube-ovn-base:$TAG-amd64 kubeovn/kube-ovn-base:$TAG | |
docker tag kubeovn/kube-ovn-base:$TAG-debug-amd64 kubeovn/kube-ovn-base:$TAG-debug | |
- name: Download dpdk base images | |
if: needs.build-kube-ovn-dpdk-base.outputs.build-dpdk-base == 1 | |
uses: actions/download-artifact@v4 | |
with: | |
name: kube-ovn-dpdk-base | |
- name: Load dpdk base images | |
if: needs.build-kube-ovn-dpdk-base.outputs.build-dpdk-base == 1 | |
run: | | |
docker load --input image-amd64-dpdk.tar | |
docker tag kubeovn/kube-ovn-base:$TAG-amd64-dpdk kubeovn/kube-ovn-base:$TAG-dpdk | |
- name: Scan base image | |
uses: aquasecurity/[email protected] | |
env: | |
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 | |
with: | |
scan-type: image | |
scanners: vuln | |
image-ref: docker.io/kubeovn/kube-ovn-base:${{ env.TAG }} | |
format: json | |
output: trivy-result.json | |
ignore-unfixed: true | |
trivyignores: .trivyignore | |
vuln-type: library | |
- name: Build kubectl and CNI plugins from source | |
env: | |
CGO_ENABLED: "0" | |
GO_INSTALL: "go install -v -mod=mod -trimpath" | |
run: | | |
cat trivy-result.json | |
dockerfile=${{ github.workspace }}/dist/images/Dockerfile | |
export GOBIN=`dirname "$dockerfile"` | |
cni_plugins_version=`go list -m -f '{{.Version}}' github.com/containernetworking/plugins` | |
cni_plugins_build_flags="-ldflags '-extldflags -static -X github.com/containernetworking/plugins/pkg/utils/buildversion.BuildVersion=$cni_plugins_version'" | |
jq -r '.Results[] | select((.Type=="gobinary") and (.Vulnerabilities!=null)) | .Target' trivy-result.json | while read f; do | |
bin=`basename $f` | |
case $bin in | |
loopback|macvlan) | |
echo "Building $bin@$cni_plugins_version from source..." | |
sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/main/$bin@$cni_plugins_version" | |
echo "COPY $bin /$f" >> "$dockerfile" | |
;; | |
portmap) | |
echo "Building $bin@$cni_plugins_version from source..." | |
sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/meta/$bin@$cni_plugins_version" | |
echo "COPY $bin /$f" >> "$dockerfile" | |
;; | |
kubectl) | |
go mod tidy | |
version=`go list -m -f '{{.Version}}' k8s.io/kubernetes` | |
mod_dir=`go list -m -f '{{.Dir}}' k8s.io/kubernetes` | |
source "$mod_dir/hack/lib/util.sh" | |
source "$mod_dir/hack/lib/logging.sh" | |
source "$mod_dir/hack/lib/version.sh" | |
repo=kubernetes/kubernetes | |
commit=unknown | |
read type tag_sha < <(echo $(curl -s "https://api.github.com/repos/$repo/git/ref/tags/$version" | | |
jq -r '.object.type,.object.sha')) | |
if [ $type = "commit" ]; then | |
commit=$tag_sha | |
else | |
commit=$(curl -s "https://api.github.com/repos/$repo/git/tags/$tag_sha" | jq -r '.object.sha') | |
fi | |
export KUBE_GIT_COMMIT="${commit}" | |
export KUBE_GIT_TREE_STATE='clean' | |
export KUBE_GIT_VERSION="${version}" | |
export KUBE_GIT_MAJOR=`echo $KUBE_GIT_VERSION | cut -d. -f1 | sed 's/$v//'` | |
export KUBE_GIT_MINOR=`echo $KUBE_GIT_VERSION | cut -d. -f2` | |
goldflags="all=$(kube::version::ldflags) -s -w" | |
echo "Building $bin@$version from source..." | |
$GO_INSTALL -ldflags="${goldflags}" k8s.io/kubernetes/cmd/kubectl | |
echo "COPY $bin /$f" >> "$dockerfile" | |
;; | |
*) | |
;; | |
esac | |
done | |
- name: Build | |
run: | | |
go mod tidy | |
git diff --exit-code -- go.mod go.sum | |
make lint | |
if [ ${{ needs.build-kube-ovn-base.outputs.build-base || 0 }} = 1 ]; then | |
make build-kube-ovn | |
else | |
make image-kube-ovn | |
fi | |
make tar-kube-ovn | |
- name: Build dpdk | |
run: | | |
if [ ${{ needs.build-kube-ovn-dpdk-base.outputs.build-dpdk-base || 0 }} = 1 ]; then | |
make build-kube-ovn-dpdk | |
else | |
make image-kube-ovn-dpdk | |
fi | |
make tar-kube-ovn-dpdk | |
- name: Upload images to artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: kube-ovn | |
path: kube-ovn.tar | |
- name: Upload dpdk images to artifact | |
uses: actions/upload-artifact@v4 | |
if: github.event_name != 'pull_request' | |
with: | |
name: kube-ovn-dpdk | |
path: kube-ovn-dpdk.tar | |
build-e2e-binaries: | |
name: Build E2E Binaries | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Create the default branch directory | |
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
run: mkdir -p test/e2e/source | |
- name: Check out the default branch | |
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.repository.default_branch }} | |
fetch-depth: 1 | |
path: test/e2e/source | |
- name: Export E2E directory | |
run: | | |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
echo "E2E_DIR=." >> "$GITHUB_ENV" | |
else | |
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
fi | |
- uses: actions/setup-go@v5 | |
id: setup-go | |
with: | |
go-version-file: ${{ env.E2E_DIR }}/go.mod | |
check-latest: true | |
cache: false | |
- name: Export Go full version | |
run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
- name: Lookup Go cache | |
id: lookup-go-cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
lookup-only: true | |
- uses: jlumbroso/[email protected] | |
if: steps.lookup-go-cache.outputs.cache-hit != 'true' | |
with: | |
android: true | |
dotnet: true | |
haskell: true | |
docker-images: false | |
large-packages: false | |
tool-cache: false | |
swap-storage: false | |
- name: Go cache | |
if: steps.lookup-go-cache.outputs.cache-hit != 'true' | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
- name: Install ginkgo | |
if: steps.lookup-go-cache.outputs.cache-hit != 'true' | |
working-directory: ${{ env.E2E_DIR }} | |
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
- run: make e2e-build | |
if: steps.lookup-go-cache.outputs.cache-hit != 'true' | |
working-directory: ${{ env.E2E_DIR }} | |
kube-ovn-ha-e2e: | |
name: Kube-OVN HA E2E | |
needs: | |
- build-kube-ovn | |
- build-e2e-binaries | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
index: | |
- 0 | |
- 1 | |
- 2 | |
- 3 | |
- 4 | |
- 5 | |
- 6 | |
- 7 | |
- 8 | |
- 9 | |
ssl: | |
- "true" | |
- "false" | |
bind-local: | |
- "true" | |
- "false" | |
ip-family: | |
- ipv4 | |
- ipv6 | |
- dual | |
steps: | |
- uses: jlumbroso/[email protected] | |
with: | |
android: true | |
dotnet: true | |
haskell: true | |
docker-images: false | |
large-packages: false | |
tool-cache: false | |
swap-storage: false | |
- uses: actions/checkout@v4 | |
- name: Create the default branch directory | |
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
run: mkdir -p test/e2e/source | |
- name: Check out the default branch | |
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.repository.default_branch }} | |
fetch-depth: 1 | |
path: test/e2e/source | |
- name: Export E2E directory | |
run: | | |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then | |
echo "E2E_DIR=." >> "$GITHUB_ENV" | |
else | |
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV" | |
fi | |
- uses: actions/setup-go@v5 | |
id: setup-go | |
with: | |
go-version-file: ${{ env.E2E_DIR }}/go.mod | |
check-latest: true | |
cache: false | |
- name: Export Go full version | |
run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV" | |
- name: Go cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} | |
restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86- | |
- name: Install kind | |
uses: helm/[email protected] | |
with: | |
version: ${{ env.KIND_VERSION }} | |
install_only: true | |
- name: Install ginkgo | |
working-directory: ${{ env.E2E_DIR }} | |
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo | |
- name: Download image | |
uses: actions/download-artifact@v4 | |
with: | |
name: kube-ovn | |
- name: Load image | |
run: docker load --input kube-ovn.tar | |
- name: Create kind cluster | |
run: | | |
pipx install jinjanator | |
make kind-init-ha-${{ matrix.ip-family }} | |
- name: Install Kube-OVN | |
id: install | |
env: | |
NET_STACK: "${{ matrix.ip-family }}" | |
ENABLE_SSL: "${{ matrix.ssl }}" | |
ENABLE_BIND_LOCAL_IP: "${{ matrix.bind-local }}" | |
run: make kind-install-chart | |
- name: Run E2E | |
id: e2e | |
working-directory: ${{ env.E2E_DIR }} | |
env: | |
E2E_BRANCH: ${{ github.base_ref || github.ref_name }} | |
E2E_IP_FAMILY: ${{ matrix.ip-family }} | |
run: | | |
make kube-ovn-security-e2e | |
make kube-ovn-ha-e2e | |
- name: kubectl ko log | |
if: failure() && steps.e2e.conclusion == 'failure' | |
run: | | |
make kubectl-ko-log | |
mv kubectl-ko-log.tar.gz kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log.tar.gz | |
- name: upload kubectl ko log | |
uses: actions/upload-artifact@v4 | |
if: failure() && steps.e2e.conclusion == 'failure' | |
with: | |
name: kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log | |
path: kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log.tar.gz | |
- name: Check kube ovn pod restarts | |
if: ${{ success() || (failure() && (steps.install.conclusion == 'failure' || steps.e2e.conclusion == 'failure')) }} | |
run: make check-kube-ovn-pod-restarts | |
- name: Cleanup | |
run: timeout -k 10 180 sh -x dist/images/cleanup.sh |