Skip to content

ci: use kind built with containerd v1.7.23 #14312

ci: use kind built with containerd v1.7.23

ci: use kind built with containerd v1.7.23 #14312

name: Build x86 Image
on:
pull_request:
branches:
- master
- release-*
paths-ignore:
- 'docs/**'
- '**.md'
push:
branches:
- master
- release-*
paths-ignore:
- 'docs/**'
- '**.md'
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
env:
KIND_VERSION: v0.25.0
GOLANGCI_LINT_VERSION: 'v1.62.0'
HELM_VERSION: v3.16.2
SUBMARINER_VERSION: '0.18.2'
jobs:
build-kube-ovn-base:
name: Build kube-ovn-base
runs-on: ubuntu-24.04
outputs:
build-base: ${{ steps.check.outputs.build-base }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- id: check
run: |
if [ ${{ github.event_name }} != 'pull_request' ]; then
exit
fi
tmp_dir=`mktemp -d`
cat > "$tmp_dir/on_changes.txt" <<EOF
dist/images/Dockerfile.base
dist/images/OpenBFDD-compile.patch
dist/images/go-deps/download-go-deps.sh
dist/images/go-deps/rebuild-go-deps.sh
EOF
if git diff --name-only HEAD^ HEAD | grep -Ff "$tmp_dir/on_changes.txt"; then
echo build-base=1 >> "$GITHUB_OUTPUT"
fi
rm -frv "$tmp_dir"
- uses: jlumbroso/[email protected]
if: steps.check.outputs.build-base == 1
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: docker/setup-buildx-action@v3
if: steps.check.outputs.build-base == 1
- uses: actions/setup-go@v5
if: steps.check.outputs.build-base == 1
id: setup-go
with:
go-version-file: go.mod
check-latest: true
cache: false
- name: Build kube-ovn-base image
id: build
if: steps.check.outputs.build-base == 1
env:
GO_VERSION: ${{ steps.setup-go.outputs.go-version }}
run: |
make base-amd64
make base-tar-amd64
- name: Upload base images to artifact
if: steps.check.outputs.build-base == 1
uses: actions/upload-artifact@v4
with:
name: kube-ovn-base
path: image-amd64.tar
build-kube-ovn-dpdk-base:
name: Build kube-ovn-dpdk-base
runs-on: ubuntu-24.04
outputs:
build-dpdk-base: ${{ steps.check.outputs.build-dpdk-base }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- id: check
run: |
if [ ${{ github.event_name }} != 'pull_request' ]; then
exit
fi
if ! git diff --exit-code HEAD^...HEAD -- dist/images/Dockerfile.base-dpdk; then
echo build-dpdk-base=1 >> "$GITHUB_OUTPUT"
fi
- uses: jlumbroso/[email protected]
if: steps.check.outputs.build-dpdk-base == 1
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: docker/setup-buildx-action@v3
if: steps.check.outputs.build-dpdk-base == 1
- name: Build kube-ovn-dpdk-base image
id: build
if: steps.check.outputs.build-dpdk-base == 1
run: |
make base-amd64-dpdk
make base-tar-amd64-dpdk
- name: Upload dpdk base images to artifact
if: steps.check.outputs.build-dpdk-base == 1
uses: actions/upload-artifact@v4
with:
name: kube-ovn-dpdk-base
path: image-amd64-dpdk.tar
build-kube-ovn:
name: Build kube-ovn
runs-on: ubuntu-24.04
needs:
- build-kube-ovn-base
- build-kube-ovn-dpdk-base
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: actions/setup-go@v5
id: setup-go
with:
go-version-file: go.mod
check-latest: true
cache: false
- name: Setup environment variables
run: |
echo "TAG=$(cat VERSION)" >> "$GITHUB_ENV"
echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-x86-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-${{ env.GO_VERSION }}-x86-
- name: Unit test
run: |
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo
make ut
- name: Install golangci-lint
run: |
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $GOLANGCI_LINT_VERSION
- name: Download base images
if: needs.build-kube-ovn-base.outputs.build-base == 1
uses: actions/download-artifact@v4
with:
name: kube-ovn-base
- name: Load base images
if: needs.build-kube-ovn-base.outputs.build-base == 1
run: |
docker load --input image-amd64.tar
docker tag kubeovn/kube-ovn-base:$TAG-amd64 kubeovn/kube-ovn-base:$TAG
docker tag kubeovn/kube-ovn-base:$TAG-debug-amd64 kubeovn/kube-ovn-base:$TAG-debug
- name: Download dpdk base images
if: needs.build-kube-ovn-dpdk-base.outputs.build-dpdk-base == 1
uses: actions/download-artifact@v4
with:
name: kube-ovn-dpdk-base
- name: Load dpdk base images
if: needs.build-kube-ovn-dpdk-base.outputs.build-dpdk-base == 1
run: |
docker load --input image-amd64-dpdk.tar
docker tag kubeovn/kube-ovn-base:$TAG-amd64-dpdk kubeovn/kube-ovn-base:$TAG-dpdk
- name: Scan base image
uses: aquasecurity/[email protected]
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
with:
scan-type: image
scanners: vuln
image-ref: docker.io/kubeovn/kube-ovn-base:${{ env.TAG }}
format: json
output: trivy-result.json
ignore-unfixed: true
trivyignores: .trivyignore
vuln-type: library
- name: Build kubectl and CNI plugins from source
env:
CGO_ENABLED: "0"
GO_INSTALL: "go install -v -mod=mod -trimpath"
run: |
cat trivy-result.json
dockerfile=${{ github.workspace }}/dist/images/Dockerfile
export GOBIN=`dirname "$dockerfile"`
cni_plugins_version=`go list -m -f '{{.Version}}' github.com/containernetworking/plugins`
cni_plugins_build_flags="-ldflags '-extldflags -static -X github.com/containernetworking/plugins/pkg/utils/buildversion.BuildVersion=$cni_plugins_version'"
jq -r '.Results[] | select((.Type=="gobinary") and (.Vulnerabilities!=null)) | .Target' trivy-result.json | while read f; do
bin=`basename $f`
case $bin in
loopback|macvlan)
echo "Building $bin@$cni_plugins_version from source..."
sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/main/$bin@$cni_plugins_version"
echo "COPY $bin /$f" >> "$dockerfile"
;;
portmap)
echo "Building $bin@$cni_plugins_version from source..."
sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/meta/$bin@$cni_plugins_version"
echo "COPY $bin /$f" >> "$dockerfile"
;;
kubectl)
go mod tidy
version=`go list -m -f '{{.Version}}' k8s.io/kubernetes`
mod_dir=`go list -m -f '{{.Dir}}' k8s.io/kubernetes`
source "$mod_dir/hack/lib/util.sh"
source "$mod_dir/hack/lib/logging.sh"
source "$mod_dir/hack/lib/version.sh"
repo=kubernetes/kubernetes
commit=unknown
read type tag_sha < <(echo $(curl -s "https://api.github.com/repos/$repo/git/ref/tags/$version" |
jq -r '.object.type,.object.sha'))
if [ $type = "commit" ]; then
commit=$tag_sha
else
commit=$(curl -s "https://api.github.com/repos/$repo/git/tags/$tag_sha" | jq -r '.object.sha')
fi
export KUBE_GIT_COMMIT="${commit}"
export KUBE_GIT_TREE_STATE='clean'
export KUBE_GIT_VERSION="${version}"
export KUBE_GIT_MAJOR=`echo $KUBE_GIT_VERSION | cut -d. -f1 | sed 's/$v//'`
export KUBE_GIT_MINOR=`echo $KUBE_GIT_VERSION | cut -d. -f2`
goldflags="all=$(kube::version::ldflags) -s -w"
echo "Building $bin@$version from source..."
$GO_INSTALL -ldflags="${goldflags}" k8s.io/kubernetes/cmd/kubectl
echo "COPY $bin /$f" >> "$dockerfile"
;;
*)
;;
esac
done
- name: Build
run: |
go mod tidy
git diff --exit-code -- go.mod go.sum
make lint
if [ ${{ needs.build-kube-ovn-base.outputs.build-base || 0 }} = 1 ]; then
make build-kube-ovn
else
make image-kube-ovn
fi
make tar-kube-ovn
- name: Build dpdk
run: |
if [ ${{ needs.build-kube-ovn-dpdk-base.outputs.build-dpdk-base || 0 }} = 1 ]; then
make build-kube-ovn-dpdk
else
make image-kube-ovn-dpdk
fi
make tar-kube-ovn-dpdk
- name: Upload images to artifact
uses: actions/upload-artifact@v4
with:
name: kube-ovn
path: kube-ovn.tar
- name: Upload dpdk images to artifact
uses: actions/upload-artifact@v4
if: github.event_name != 'pull_request'
with:
name: kube-ovn-dpdk
path: kube-ovn-dpdk.tar
build-e2e-binaries:
name: Build E2E Binaries
runs-on: ubuntu-24.04
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
id: setup-go
with:
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV"
- name: Lookup Go cache
id: lookup-go-cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-
lookup-only: true
- uses: jlumbroso/[email protected]
if: steps.lookup-go-cache.outputs.cache-hit != 'true'
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- name: Go cache
if: steps.lookup-go-cache.outputs.cache-hit != 'true'
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-
- name: Install ginkgo
if: steps.lookup-go-cache.outputs.cache-hit != 'true'
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- run: make e2e-build
if: steps.lookup-go-cache.outputs.cache-hit != 'true'
working-directory: ${{ env.E2E_DIR }}
kube-ovn-ha-e2e:
name: Kube-OVN HA E2E
needs:
- build-kube-ovn
- build-e2e-binaries
runs-on: ubuntu-24.04
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
index:
- 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
ssl:
- "true"
- "false"
bind-local:
- "true"
- "false"
ip-family:
- ipv4
- ipv6
- dual
steps:
- uses: jlumbroso/[email protected]
with:
android: true
dotnet: true
haskell: true
docker-images: false
large-packages: false
tool-cache: false
swap-storage: false
- uses: actions/checkout@v4
- name: Create the default branch directory
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
run: mkdir -p test/e2e/source
- name: Check out the default branch
if: (github.base_ref || github.ref_name) != github.event.repository.default_branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 1
path: test/e2e/source
- name: Export E2E directory
run: |
if [ '${{ github.base_ref || github.ref_name }}' = '${{ github.event.repository.default_branch }}' ]; then
echo "E2E_DIR=." >> "$GITHUB_ENV"
else
echo "E2E_DIR=test/e2e/source" >> "$GITHUB_ENV"
fi
- uses: actions/setup-go@v5
id: setup-go
with:
go-version-file: ${{ env.E2E_DIR }}/go.mod
check-latest: true
cache: false
- name: Export Go full version
run: echo "GO_VERSION=${{ steps.setup-go.outputs.go-version }}" >> "$GITHUB_ENV"
- name: Go cache
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }}
restore-keys: ${{ runner.os }}-e2e-go-${{ env.GO_VERSION }}-x86-
- name: Install kind
uses: helm/[email protected]
with:
version: ${{ env.KIND_VERSION }}
install_only: true
- name: Install ginkgo
working-directory: ${{ env.E2E_DIR }}
run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo
- name: Download image
uses: actions/download-artifact@v4
with:
name: kube-ovn
- name: Load image
run: docker load --input kube-ovn.tar
- name: Create kind cluster
run: |
pipx install jinjanator
make kind-init-ha-${{ matrix.ip-family }}
- name: Install Kube-OVN
id: install
env:
NET_STACK: "${{ matrix.ip-family }}"
ENABLE_SSL: "${{ matrix.ssl }}"
ENABLE_BIND_LOCAL_IP: "${{ matrix.bind-local }}"
run: make kind-install-chart
- name: Run E2E
id: e2e
working-directory: ${{ env.E2E_DIR }}
env:
E2E_BRANCH: ${{ github.base_ref || github.ref_name }}
E2E_IP_FAMILY: ${{ matrix.ip-family }}
run: |
make kube-ovn-security-e2e
make kube-ovn-ha-e2e
- name: kubectl ko log
if: failure() && steps.e2e.conclusion == 'failure'
run: |
make kubectl-ko-log
mv kubectl-ko-log.tar.gz kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log.tar.gz
- name: upload kubectl ko log
uses: actions/upload-artifact@v4
if: failure() && steps.e2e.conclusion == 'failure'
with:
name: kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log
path: kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log.tar.gz
- name: Check kube ovn pod restarts
if: ${{ success() || (failure() && (steps.install.conclusion == 'failure' || steps.e2e.conclusion == 'failure')) }}
run: make check-kube-ovn-pod-restarts
- name: Cleanup
run: timeout -k 10 180 sh -x dist/images/cleanup.sh