From 61efda173839aff815a3beac20cd75e73a0cccf2 Mon Sep 17 00:00:00 2001 From: "alexey.ponomarev" Date: Thu, 22 Aug 2024 23:11:24 +0600 Subject: [PATCH] NODE-5655 add docker auth to tests --- .github/workflows/ci.yaml | 2 ++ .github/workflows/test.yaml | 24 +++++++++---------- .../ci/deployment-existing-secret-values.yaml | 4 +++- .../deployment-external-tarantool-values.yaml | 4 +++- helm/ci/deployment-values.yaml | 2 ++ test/smoke/run.sh | 3 ++- 6 files changed, 24 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index be9ce5a..e438595 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,6 +5,8 @@ on: branches: ['main'] types: ['opened', 'reopened', 'synchronize'] paths: + - '.github/workflows/ci.yaml' + - '.github/workflows/test.yaml' - 'helm/**' - 'files/**' - 'cmd/**' diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 543a2c0..86c7a60 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -154,9 +154,9 @@ jobs: method: kubernetes path: kubernetes-ci secrets: | - kv-gitlab-ci/data/github/sidecar api_token ; kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ; kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; + kv-gitlab-ci/data/github/sidecar api_token ; - name: Checkout uses: actions/checkout@v3 @@ -174,11 +174,6 @@ jobs: kubectl cluster-info kubectl wait --for=condition=Ready pods --all --timeout=180s -n kube-system echo "current-context:" $(kubectl config current-context) - echo "[test-env] creating secret docker-registry ..." - kubectl create secret docker-registry dockerhub-secret \ - --docker-username="${DOCKERHUB_USER}" \ - --docker-password="${DOCKERHUB_PASSWORD}" \ - --docker-email=docker-pull@unexists.unexists - name: Load cache if: ${{ inputs.load_artifact }} @@ -193,6 +188,11 @@ jobs: - name: Install Helm chart run: | unset KUBERNETES_SERVICE_HOST + echo "[test-env] creating secret docker-registry ..." + kubectl create secret docker-registry dockerhub-secret \ + --docker-username="${DOCKERHUB_USER}" \ + --docker-password="${DOCKERHUB_PASSWORD}" \ + --docker-email=docker-pull@unexists.unexists helm install wallarm-sidecar ./helm -f helm/values.test.yaml \ --set config.wallarm.api.token=${API_TOKEN} \ --debug \ @@ -209,6 +209,11 @@ jobs: - name: Deploy pytest run: | unset KUBERNETES_SERVICE_HOST + kubectl create namespace pytest + kubectl -n pytest create secret docker-registry dockerhub-secret \ + --docker-username="${DOCKERHUB_USER}" \ + --docker-password="${DOCKERHUB_PASSWORD}" \ + --docker-email=docker-pull@unexists.unexists kubectl apply -f kind/docker/manifests/init/pytest.yaml while [[ -z $(kubectl -n pytest get pods -o name) ]]; do sleep 1 @@ -237,9 +242,9 @@ jobs: method: kubernetes path: kubernetes-ci secrets: | - kv-gitlab-ci/data/github/sidecar api_token | WALLARM_API_TOKEN ; kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ; kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; + kv-gitlab-ci/data/github/sidecar api_token | WALLARM_API_TOKEN ; - name: Checkout uses: actions/checkout@v3 @@ -251,11 +256,6 @@ jobs: echo ${DOCKERHUB_PASSWORD} | docker login -u ${DOCKERHUB_USER} --password-stdin kind create cluster --image kindest/node:v1.28.7 kubectl wait --for=condition=Ready pods --all --timeout=180s -n kube-system - echo "[test-env] creating secret docker-registry ..." - kubectl create secret docker-registry dockerhub-secret \ - --docker-username="${DOCKERHUB_USER}" \ - --docker-password="${DOCKERHUB_PASSWORD}" \ - --docker-email=docker-pull@unexists.unexists - name: Load cache if: ${{ inputs.load_artifact }} diff --git a/helm/ci/deployment-existing-secret-values.yaml b/helm/ci/deployment-existing-secret-values.yaml index 4db69d5..92ffe6e 100644 --- a/helm/ci/deployment-existing-secret-values.yaml +++ b/helm/ci/deployment-existing-secret-values.yaml @@ -1,5 +1,7 @@ +imagePullSecrets: + - name: dockerhub-secret config: wallarm: api: existingSecret: - enabled: true \ No newline at end of file + enabled: true diff --git a/helm/ci/deployment-external-tarantool-values.yaml b/helm/ci/deployment-external-tarantool-values.yaml index 2ae1562..fad5b72 100644 --- a/helm/ci/deployment-external-tarantool-values.yaml +++ b/helm/ci/deployment-external-tarantool-values.yaml @@ -1,4 +1,6 @@ +imagePullSecrets: + - name: dockerhub-secret postanalytics: external: enabled: true - host: tarantool.domain.internal \ No newline at end of file + host: tarantool.domain.internal diff --git a/helm/ci/deployment-values.yaml b/helm/ci/deployment-values.yaml index e69de29..b44f879 100644 --- a/helm/ci/deployment-values.yaml +++ b/helm/ci/deployment-values.yaml @@ -0,0 +1,2 @@ +imagePullSecrets: + - name: dockerhub-secret diff --git a/test/smoke/run.sh b/test/smoke/run.sh index 91c35ce..fd0889f 100755 --- a/test/smoke/run.sh +++ b/test/smoke/run.sh @@ -27,9 +27,10 @@ export INJECTION_STRATEGY="${INJECTION_STRATEGY:-single}" K8S_VERSION=${K8S_VERSION:-1.28.7} -DOCKERHUB_REGISTRY_SERVER="https://index.docker.io/v1/" # This will prevent the secret for index.docker.io from being used if the DOCKERHUB_USER is not set. +DOCKERHUB_REGISTRY_SERVER="https://index.docker.io/v1/" + if [ "${DOCKERHUB_USER:-false}" = "false" ]; then DOCKERHUB_REGISTRY_SERVER="fake_docker_registry_server" fi