chore: add upgrade testing and task cleanups (#73)

* chore: add upgrade testing and task cleanups

* add upgrade to test action

* increase timeout

* update the flow for testing upgrades

* update the flow for testing upgrades

* update the flow for testing upgrades

* fix actions refs

* fix package create ref

* add matrix to test

* update to latest uds-common release

.github/workflows/ci-docs-shim.yaml

@@ -22,13 +22,14 @@ on:
 
 jobs:
   run-test:
-    name: Create and Deploy Flavor ${{ matrix.flavor }}
+    name: ${{ matrix.type }} ${{ matrix.flavor }}
     runs-on: "ubuntu-latest"
     timeout-minutes: 20
     strategy:
       matrix:
         flavor: [upstream, registry1]
+        type: [install, upgrade]
     steps:
-      - name: Shim for Deploy ${{ matrix.flavor }}
+      - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
         run: |
-          echo "Documentation-only change detected; marking Deploy ${{ matrix.flavor }} as successful."
+          echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful."

.github/workflows/commitlint.yaml

@@ -12,4 +12,4 @@ on:
 jobs:
   validate:
     name: Validate
-    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@442bae718050ea9a47254851a45632aabeb13b17
+    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@275e839e80667938baf1c1dda0f543261ba57618 # v0.3.1

.github/workflows/lint.yaml

@@ -0,0 +1,35 @@
+name: Scan
+
+on:
+  # This workflow is triggered on pull requests to the main branch.
+  pull_request:
+
+  # This allows other repositories to call this workflow in a reusable way
+  workflow_call:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    name: Lint
+    permissions:
+      contents: read # Allows reading the repo contents
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Environment setup
+        uses: defenseunicorns/uds-common/.github/actions/setup@275e839e80667938baf1c1dda0f543261ba57618 # v0.3.1
+        with:
+          username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+
+      - name: Install lint deps
+        run: |
+          uds run lint:deps
+
+      - name: Lint the repository
+        run: |
+          uds run lint:yaml

.github/workflows/tag-and-release.yaml

@@ -36,7 +36,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/setup@275e839e80667938baf1c1dda0f543261ba57618 # v0.3.1
         with:
           username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
           password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}
@@ -53,6 +53,6 @@ jobs:
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@275e839e80667938baf1c1dda0f543261ba57618 # v0.3.1
         with:
           suffix: '${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}'

.github/workflows/test.yaml

@@ -4,7 +4,7 @@ name: Test
 on:
   pull_request:
     branches: [main]
-    types: [milestoned, opened, edited, synchronize]  
+    types: [milestoned, opened, edited, synchronize]
     paths-ignore:
       - "**.md"
       - "**.jpg"
@@ -21,7 +21,7 @@ on:
       - "CODEOWNERS"
       - "LICENSE"
       - "CONTRIBUTING.md"
-      - "SECURITY.md"  
+      - "SECURITY.md"
 
 # Abort prior jobs in the same workflow / PR
 concurrency:
@@ -33,30 +33,32 @@ permissions:
 
 jobs:
   run-test:
-    name: Create and Deploy Flavor ${{ matrix.flavor }}
+    name: ${{ matrix.type }} ${{ matrix.flavor }}
     runs-on: uds-ubuntu-big-boy-8-core
-    timeout-minutes: 20
+    timeout-minutes: 25
     strategy:
       matrix:
         flavor: [upstream, registry1]
+        type: [install, upgrade]
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/setup@275e839e80667938baf1c1dda0f543261ba57618 # v0.3.1
         with:
           username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
           password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}
 
       - name: Test
-        uses: defenseunicorns/uds-common/.github/actions/test@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/test@275e839e80667938baf1c1dda0f543261ba57618 # v0.3.1
         with:
           flavor: ${{ matrix.flavor }}
+          type: ${{ matrix.type }}
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@275e839e80667938baf1c1dda0f543261ba57618 # v0.3.1
         with:
-          suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
+          suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}

README.md

@@ -75,15 +75,7 @@ The released packages can be found in [ghcr](https://github.com/defenseunicorns/
 
 *For local dev, this requires you install [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)
 
-| Task | Description | Example |
-| ---- | ----------- | ------- |
-| setup-cluster | Uses the `k3d-core-istio` bundle to create a cluster for testing against | `uds run setup-cluster` |
-| create-package | Creates just the GitLab package | `uds run create-package --set FLAVOR=<flavor>` |
-| create-test-bundle | Creates GitLab and GitLab dependency packages and then bundles them | `uds run create-test-bundle` |
-| deploy-test-bundle | Deploy GitLab and GitLab dependency bundle | `uds run deploy-test-bundle` |
-| test-package | Run checks against a deployed package | `uds run test-package` |
-| cleanup | Teardown the cluster | `uds run cleanup` |
-| cleanup-bundle | Remove the GitLab Bundle | `uds run cleanup-bundle` |
+> :white_check_mark: **Tip:** To get a list of tasks to run you can use `uds run --list`!
 
 ## Contributing
 

tasks.yaml

@@ -1,63 +1,67 @@
 includes:
   - cleanup: ./tasks/cleanup.yaml
-  - create: ./tasks/create.yaml
-  - lint: ./tasks/lint.yaml
-  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.2/tasks/deploy.yaml
-  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.2/tasks/setup.yaml
+  - dependencies: ./tasks/dependencies.yaml
   - test: ./tasks/test.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.1/tasks/create.yaml
+  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.1/tasks/lint.yaml
+  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.1/tasks/pull.yaml
+  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.1/tasks/deploy.yaml
+  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.1/tasks/setup.yaml
 
 tasks:
   - name: default
     description: Create K3D Cluster with UDS-Core + Gitlab
     actions:
-      - task: create-test-bundle
-      - task: setup-cluster
-      - task: deploy-test-bundle
+      - task: create-gl-test-bundle
+      - task: setup:k3d-test-cluster
+      - task: deploy:test-bundle
 
-  - name: create-package
+  - name: create-gl-package
     description: Create UDS Gitlab Package, No dependencies included
     actions:
-      - task: create:gitlab-package
+      - task: create:package
+        with:
+          options: "--skip-sbom"
 
-  - name: cleanup
-    description: Destroy k3d Cluster
+  - name: create-gl-test-bundle
+    description: Create a local UDS Gitlab bundle with dependencies
     actions:
-      - task: cleanup:cluster
+      - task: create-gl-package
+      - task: dependencies:create
+      - task: create:test-bundle
 
-  - name: cleanup-bundle
-    description: Remove the Deployed UDS Gitlab Bundle
+  - name: create-gl-latest-release-bundle
+    description: Create UDS Gitlab bundle with dependencies based on the latest release
     actions:
-      - task: cleanup:bundle
-
-  - name: lint-check
-    description: "Run linting checks"
-    actions:
-      - task: lint:check
-
-  - name: lint-fix
-    description: "Fix linting issues"
-    actions:
-      - task: lint:fix
+      - task: pull:latest-package-release
+      # TODO (@WSTARR): This is currently needed to get around the chicken+egg condition when release please updates the version in GH
+      - description: Get the current Zarf package name
+        cmd: cat zarf.yaml | yq .metadata.version
+        setVariables:
+          - name: CURRENT_VERSION
+      - description: Move the latest to the current (needed to make this work on release-please PRs)
+        cmd: test -f zarf-package-gitlab-${UDS_ARCH}-${CURRENT_VERSION}.tar.zst || mv zarf-package-gitlab-${UDS_ARCH}-*.tar.zst zarf-package-gitlab-${UDS_ARCH}-${CURRENT_VERSION}.tar.zst
+      - task: dependencies:create
+      - task: create:test-bundle
 
 # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
 
-  - name: create-test-bundle
-    description: Create UDS Gitlab bundle with dependencies
-    actions:
-      - task: create:gitlab-test-bundle
-
-  - name: setup-cluster
-    description: Deploy k3d cluster using uds-common-tasks
+  - name: test-package
+    description: Test the GitLab package from the current branch
     actions:
+      - task: create-gl-test-bundle
       - task: setup:k3d-test-cluster
-
-  - name: deploy-test-bundle
-    description: Deploy UDS Gitlab bundle with dependencies using uds-common-tasks
-    actions:
       - task: deploy:test-bundle
+      - task: test:health-check
+      - task: test:ingress
 
-  - name: test-package
-    description: Run health checks and ingress tests
+  - name: test-upgrade
+    description: Test an upgrade from the latest released package to the current branch
     actions:
+      - task: create-gl-latest-release-bundle
+      - task: setup:k3d-test-cluster
+      - task: deploy:test-bundle
+      - task: create-gl-test-bundle
+      - task: deploy:test-bundle
       - task: test:health-check
       - task: test:ingress

tasks/dependencies.yaml

@@ -0,0 +1,5 @@
+tasks:
+  - name: create
+    description: Create the Dev-Secrets Dependency Zarf Package
+    actions:
+      - cmd: uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${UDS_ARCH} --skip-sbom

tasks/publish.yaml

@@ -1,5 +1,6 @@
 includes:
-  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.2/tasks/publish.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.1/tasks/create.yaml
+  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.1/tasks/publish.yaml
 
 variables:
   - name: TARGET_REPO
@@ -18,11 +19,15 @@ tasks:
   - name: package
     description: Build and publish the packages
     actions:
-      - description: Create the packages
-        cmd: |
-          set -e
-          ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml gitlab-package --set FLAVOR=${FLAVOR}
-          ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml gitlab-package --set FLAVOR=${FLAVOR}
+      - description: Create the AMD64 package
+        task: create:package
+        with:
+          options: -a amd64
+
+      - description: Create the ARM64 package
+        task: create:package
+        with:
+          options: -a arm64
 
       - description: Publish the packages
         task: publish:package

tasks/test.yaml

@@ -7,55 +7,64 @@ tasks:
             kind: Deployment
             name: gitlab-gitlab-exporter
             namespace: gitlab
+            condition: Available
 
       - description: Gitlab Registry Health Check
         wait:
           cluster:
             kind: Deployment
             name: gitlab-registry
             namespace: gitlab
+            condition: Available
 
       - description: Gitlab Shell Health Check
         wait:
           cluster:
             kind: Deployment
             name: gitlab-gitlab-shell
             namespace: gitlab
+            condition: Available
 
       - description: Gitlab Toolbox Health Check
         wait:
           cluster:
             kind: Deployment
             name: gitlab-toolbox
             namespace: gitlab
+            condition: Available
 
       - description: Gitlab Sidekiq Health Check
         wait:
           cluster:
             kind: Deployment
             name: gitlab-sidekiq-all-in-1-v2
             namespace: gitlab
+            condition: Available
 
       - description: Gitlab Webservice Health Check
         wait:
           cluster:
             kind: Deployment
             name: gitlab-webservice-default
             namespace: gitlab
+            condition: Available
 
+      # StatefulSets don't show conditions themselves so we look for an underlying Pod
       - description: Gitlab Gitaly Health Check
         wait:
           cluster:
-            kind: StatefulSet
-            name: gitlab-gitaly
+            kind: Pod
+            name: app=gitaly
             namespace: gitlab
+            condition: Ready
 
       - description: Gitlab Migrations Health Check
         wait:
           cluster:
             kind: Job
-            name: gitlab-migrations-1
+            name: app=migrations
             namespace: gitlab
+            condition: Complete
 
   - name: ingress
     actions: