Skip to content

fix: container-toolkit patched image with fixed CVE #1507

fix: container-toolkit patched image with fixed CVE

fix: container-toolkit patched image with fixed CVE #1507

name: Application Specific Test Suite
on:
workflow_dispatch:
inputs:
scenario:
description: 'The scenario to run, e.g., install or upgrade'
required: true
default: 'install'
type: string
version_ref:
description: 'The NKP version(git branch or tag) to run install/upgrade test. Using latest version by default e.g., v2.8.0-dev'
default: 'main'
type: string
pull_request:
types: [synchronize, labeled, opened, reopened]
push:
branches:
- main
jobs:
setup-pr:
name: Extract app names from PR Labels
runs-on:
- ubuntu-latest
if: github.event_name == 'pull_request' && contains(join(github.event.pull_request.labels.*.name, ' '), 'services/')
outputs:
apps: ${{ steps.pr-labels.outputs.apps }}
steps:
- name: Collect apps to run tests from PR labels
id: pr-labels
run: |
# Extract labels from the pull request event payload
PR_LABELS=$(echo "${{ join(github.event.pull_request.labels.*.name, ' ') }}")
KAPP_NAMES=()
for label in $PR_LABELS; do
echo $label
if [[ "$label" == "services/"* ]]; then
KAPP_NAMES+=("$(echo "$label" | cut -d '/' -f 2)")
fi
done
json_array=$(printf '%s\n' "${KAPP_NAMES[@]}" | jq -R . | jq -c -s .)
echo "apps=${json_array}" >> $GITHUB_OUTPUT
setup-all-apps:
name: Extract app names from local repo
runs-on:
- ubuntu-latest
if: contains(fromJSON('["workflow_dispatch", "push"]'), github.event_name)
outputs:
apps: ${{ steps.local-apps.outputs.apps }}
steps:
# manually trigger ALL scenarios for ALL apps
- name: Checkout code
uses: actions/checkout@v4
- name: Collect apps from local directory
id: local-apps
working-directory: services
run: |
json_array=$(find . -type d -maxdepth 1 -mindepth 1 -exec basename {} \; | jq -R . | jq -c -s .)
echo "apps=${json_array}" >> $GITHUB_OUTPUT
generate-upgrade-versions:
name: Generate upgrade versions
runs-on:
- ubuntu-latest
if: ${{ !(github.event_name == 'workflow_dispatch' && inputs.scenario == 'install') }}
outputs:
upgrade-versions: ${{ steps.get-matrix.outputs.result }}
to_version: ${{ steps.prepare-upgrade-versions.outputs.to_version }}
from_versions: ${{ steps.prepare-upgrade-versions.outputs.from_versions }}
steps:
- name: checkout upgrade matrix
uses: actions/checkout@v4
with:
sparse-checkout: |
upgrade-matrix.yaml
sparse-checkout-cone-mode: false
- uses: chrisdickinson/setup-yq@latest
with:
yq-version: v4.25.3
- name: Set output
id: prepare-upgrade-versions
run: |
upgrade_matrix=$(yq '.upgrades' -I0 -o json upgrade-matrix.yaml)
latest=$(echo $upgrade_matrix | jq -r 'map(.to) | max')
from_versions=''
to_version=''
to_version_gh_dkp=''
if [[ "${{ github.event_name }}" == "push" ]]; then
to_version_gh_dkp=$latest
to_version="main"
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
if [[ "${{ github.base_ref }}" == 'main' ]]; then
to_version_gh_dkp=$latest
to_version="main"
else
if [[ "${{ github.base_ref }}" == "release-*" ]]; then
dkp_ver_majorminor=$(echo ${{ github.base_ref }} | cut -d '-' -f 2)
to_version_gh_dkp="v$dkp_ver_majorminor"
else
# TODO: handle stacked PRs
echo "triggering app test in stacked PRs are not supported yet"
exit 1
fi
fi
to_version=${{ github.head_ref }}
else
# workflow_dispatch event
if [[ "${{ inputs.version_ref }}" == "main" ]]; then
to_version_gh_dkp=$latest
to_version="main"
else
if [[ "${{ inputs.version_ref }}" == release-* ]]; then
dkp_ver_majorminor=$(echo ${{ inputs.version_ref }} | cut -d '-' -f 2)
to_version_gh_dkp="v$dkp_ver_majorminor"
else
to_version_gh_dkp=${{ inputs.version_ref }}
fi
to_version=${{ inputs.version_ref }}
fi
fi
from_versions=$(echo $upgrade_matrix | jq -c --arg to "$to_version_gh_dkp" 'map(select(.to | startswith($to))) | map(. | .from)')
echo "from_versions=${from_versions}"
echo "to_version=${to_version}"
echo "from_versions=${from_versions}" >> $GITHUB_OUTPUT
echo "to_version=${to_version}" >> $GITHUB_OUTPUT
trigger-install-tests-pr:
needs: setup-pr
uses: ./.github/workflows/application-test-scenario-install.yaml
strategy:
fail-fast: false
matrix:
apps: ${{ fromJson(needs.setup-pr.outputs.apps) }}
with:
version_ref: ${{ github.head_ref }}
apps: ${{ matrix.apps }}
secrets: inherit
trigger-tests-all-apps-install-ondemand:
needs: setup-all-apps
if: ${{ github.event_name == 'workflow_dispatch' && inputs.scenario == 'install' || github.event_name == 'push' }}
uses: ./.github/workflows/application-test-scenario-install.yaml
strategy:
fail-fast: false
matrix:
apps: ${{ fromJson(needs.setup-all-apps.outputs.apps) }}
with:
version_ref: ${{ github.event.inputs.version_ref }}
apps: ${{ matrix.apps }}
trigger-tests-all-apps-install-push:
needs: setup-all-apps
if: ${{ github.event_name == 'push' }}
uses: ./.github/workflows/application-test-scenario-install.yaml
strategy:
fail-fast: false
matrix:
apps: ${{ fromJson(needs.setup-all-apps.outputs.apps) }}
with:
version_ref: "main"
apps: ${{ matrix.apps }}
trigger-upgrade-tests-pr:
needs:
- generate-upgrade-versions
- setup-pr
uses: ./.github/workflows/application-test-scenario-upgrade.yaml
strategy:
fail-fast: false
matrix:
from: ${{ fromJson(needs.generate-upgrade-versions.outputs.from_versions) }}
apps: ${{ fromJson(needs.setup-pr.outputs.apps) }}
with:
apps: ${{ matrix.apps }}
from_version_ref: ${{ matrix.from }}
to_version_ref: ${{ needs.generate-upgrade-versions.outputs.to_version }}
secrets: inherit
trigger-tests-all-apps-upgrade:
needs:
- generate-upgrade-versions
- setup-all-apps
if: ${{ github.event_name == 'workflow_dispatch' && inputs.scenario == 'upgrade' || github.event_name == 'push' }}
uses: ./.github/workflows/application-test-scenario-upgrade.yaml
strategy:
fail-fast: false
matrix:
from: ${{ fromJson(needs.generate-upgrade-versions.outputs.from_versions) }}
apps: ${{ fromJson(needs.setup-all-apps.outputs.apps) }}
with:
apps: ${{ matrix.apps }}
from_version_ref: ${{ matrix.from }}
to_version_ref: ${{ needs.generate-upgrade-versions.outputs.to_version }}
secrets: inherit