KUBEDR-6292: Fix CVE-2024-45337 #100
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Run the E2E test on kind" | |
on: | |
push: | |
pull_request: | |
# Do not run when the change only includes these directories. | |
paths-ignore: | |
- "site/**" | |
- "design/**" | |
jobs: | |
# Build the Velero CLI and image once for all Kubernetes versions, and cache it so the fan-out workers can get it. | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.22.2' | |
id: go | |
# Look for a CLI that's made for this PR | |
- name: Fetch built CLI | |
id: cli-cache | |
uses: actions/cache@v4 | |
with: | |
path: ./_output/bin/linux/amd64/velero | |
# The cache key a combination of the current PR number and the commit SHA | |
key: velero-cli-${{ github.event.pull_request.number }}-${{ github.sha }} | |
- name: Fetch built image | |
id: image-cache | |
uses: actions/cache@v4 | |
with: | |
path: ./velero.tar | |
# The cache key a combination of the current PR number and the commit SHA | |
key: velero-image-${{ github.event.pull_request.number }}-${{ github.sha }} | |
- name: Fetch cached go modules | |
uses: actions/cache@v4 | |
if: steps.cli-cache.outputs.cache-hit != 'true' | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
if: steps.cli-cache.outputs.cache-hit != 'true' || steps.image-cache.outputs.cache-hit != 'true' | |
# If no binaries were built for this PR, build it now. | |
- name: Build Velero CLI | |
if: steps.cli-cache.outputs.cache-hit != 'true' | |
run: | | |
make local | |
# If no image were built for this PR, build it now. | |
- name: Build Velero Image | |
if: steps.image-cache.outputs.cache-hit != 'true' | |
run: | | |
IMAGE=velero VERSION=pr-test make container | |
docker save velero:pr-test -o ./velero.tar | |
# Run E2E test against all Kubernetes versions on kind | |
run-e2e-test: | |
needs: build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
k8s: | |
- 1.23.17 | |
- 1.24.17 | |
- 1.25.16 | |
- 1.26.13 | |
- 1.27.10 | |
- 1.28.6 | |
- 1.29.1 | |
focus: | |
# tests to focus on, use `|` to concatenate multiple regexes to run on the same job | |
# ordered according to e2e_suite_test.go order | |
- Basic\]\[ClusterResource | |
- ResourceFiltering | |
- ResourceModifier|Backups|PrivilegesMgmt\]\[SSR | |
- Schedule\]\[OrderedResources | |
- NamespaceMapping\]\[Single\]\[Restic|NamespaceMapping\]\[Multiple\]\[Restic | |
- Basic\]\[Nodeport | |
- Basic\]\[StorageClass | |
fail-fast: false | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.22.2' | |
id: go | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
- name: Install MinIO | |
run: | |
docker run -d --rm -p 9000:9000 -e "MINIO_ACCESS_KEY=minio" -e "MINIO_SECRET_KEY=minio123" -e "MINIO_DEFAULT_BUCKETS=bucket,additional-bucket" bitnami/minio:2021.6.17-debian-10-r7 | |
- uses: engineerd/[email protected] | |
with: | |
version: "v0.21.0" | |
image: "kindest/node:v${{ matrix.k8s }}" | |
- name: Fetch built CLI | |
id: cli-cache | |
uses: actions/cache@v4 | |
with: | |
path: ./_output/bin/linux/amd64/velero | |
key: velero-cli-${{ github.event.pull_request.number }}-${{ github.sha }} | |
- name: Fetch built Image | |
id: image-cache | |
uses: actions/cache@v4 | |
with: | |
path: ./velero.tar | |
key: velero-image-${{ github.event.pull_request.number }}-${{ github.sha }} | |
- name: Load Velero Image | |
run: | |
kind load image-archive velero.tar | |
# always try to fetch the cached go modules as the e2e test needs it either | |
- name: Fetch cached go modules | |
uses: actions/cache@v4 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Run E2E test | |
run: | | |
cat << EOF > /tmp/credential | |
[default] | |
aws_access_key_id=minio | |
aws_secret_access_key=minio123 | |
EOF | |
# Match kubectl version to k8s server version | |
curl -LO https://dl.k8s.io/release/v${{ matrix.k8s }}/bin/linux/amd64/kubectl | |
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl | |
GOPATH=~/go CLOUD_PROVIDER=kind \ | |
OBJECT_STORE_PROVIDER=aws BSL_CONFIG=region=minio,s3ForcePathStyle="true",s3Url=http://$(hostname -i):9000 \ | |
CREDS_FILE=/tmp/credential BSL_BUCKET=bucket \ | |
ADDITIONAL_OBJECT_STORE_PROVIDER=aws ADDITIONAL_BSL_CONFIG=region=minio,s3ForcePathStyle="true",s3Url=http://$(hostname -i):9000 \ | |
ADDITIONAL_CREDS_FILE=/tmp/credential ADDITIONAL_BSL_BUCKET=additional-bucket \ | |
GINKGO_FOCUS='${{ matrix.focus }}' VELERO_IMAGE=velero:pr-test \ | |
GINKGO_SKIP='SKIP_KIND|pv-backup|Restic|Snapshot|LongTime' \ | |
make -C test/ run-e2e | |
timeout-minutes: 30 | |
- name: Upload debug bundle | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: DebugBundle | |
path: /home/runner/work/velero/velero/test/e2e/debug-bundle* |