scottk/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-03-22 08:41:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
aa14be028058d913c7c521d71de5449a59616632
firezone/.github/workflows/ci.yml
Andrew Dryga aa14be0280 Release major.minor container versions
2023-11-07 18:09:54 -06:00

196 lines
6.9 KiB
YAML
Raw Blame History

name: Continuous Integration
on:
pull_request:
merge_group:
types: [checks_requested]
workflow_call:
# Cancel old workflow runs if new code is pushed
concurrency:
group: "ci-${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
jobs:
elixir:
uses: ./.github/workflows/_elixir.yml
rust:
uses: ./.github/workflows/_rust.yml
kotlin:
uses: ./.github/workflows/_kotlin.yml
secrets: inherit
swift:
uses: ./.github/workflows/_swift.yml
secrets: inherit
static-analysis:
uses: ./.github/workflows/_static-analysis.yml
terraform:
uses: ./.github/workflows/_terraform.yml
secrets: inherit
codeql:
uses: ./.github/workflows/_codeql.yml
secrets: inherit
# We could build these in GCP with Cloud Build, but for now it's
# less overhead to keep things in GH actions. See work on building these
# in GCP with Cloud Build: https://github.com/firezone/firezone/pull/2234
build-images:
runs-on: ubuntu-22.04
strategy:
matrix:
include:
- image_name: api
target: runtime
context: elixir
build-args: |
APPLICATION_NAME=api
- image_name: web
target: runtime
context: elixir
build-args: |
APPLICATION_NAME=web
- image_name: gateway
target: debug
context: rust
build-args: |
PACKAGE=firezone-gateway
- image_name: relay
target: debug
context: rust
build-args: |
PACKAGE=firezone-relay
- image_name: client
target: debug
context: rust
build-args: |
PACKAGE=firezone-linux-client
- image_name: elixir
target: compiler
context: elixir
build-args: |
APPLICATION_NAME=api
permissions:
contents: read
id-token: write
env:
# mark:automatic-version
VERSION: "1.20231001.0"
APPLICATION_NAME: ${{ matrix.image_name }}
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# We are overriding the default buildkit version being used by Buildx. We need buildkit >= 12.0 and currently BuildX
# supports v0.11.6 https://github.com/docker/buildx/blob/b8739d74417f86aa8fc9aafb830a8ba656bdef0e/Dockerfile#L9.
# We should for any updates on buildx and on the setup-buildx-action itself.
driver-opts: |
image=moby/buildkit:v0.12.0
- uses: actions/checkout@v4
- name: Sanitize github.ref_name
run: |
REF="${{ github.ref_name }}" # `ref_name` contains `/` which is not a valid docker image tag.
CACHE_TAG="${REF//\//-}"
echo "CACHE_TAG=$CACHE_TAG" >> "$GITHUB_ENV"
echo "BRANCH_TAG=$CACHE_TAG" >> "$GITHUB_ENV"
- uses: ./.github/actions/gcp-docker-login
id: login
with:
project: firezone-staging
- name: Build Version Tags
run: |
set -xe
MAJOR_VERSION="${VERSION%%.*}"
MAJOR_MINOR_VERSION="${VERSION%.*}"
echo "MAJOR_VERSION=${MAJOR_VERSION}" >> $GITHUB_ENV
echo "MAJOR_MINOR_VERSION=${MAJOR_MINOR_VERSION}" >> $GITHUB_ENV
- name: Build Docker images
uses: docker/build-push-action@v5
with:
platforms: linux/amd64
build-args: ${{ matrix.build-args }}
context: ${{ matrix.context }}/
cache-from: |
type=registry,ref=${{ steps.login.outputs.registry }}/cache/${{ matrix.image_name }}:${{ env.CACHE_TAG }}
type=registry,ref=${{ steps.login.outputs.registry }}/cache/${{ matrix.image_name }}:main
# This will write the cache on main even if integration tests fail,
# but it'll just be corrected on the next successful build.
cache-to: |
type=registry,ref=${{steps.login.outputs.registry}}/cache/${{ matrix.image_name}}:${{ env.CACHE_TAG }},mode=max
file: ${{ matrix.context }}/Dockerfile
push: true
target: ${{ matrix.target }}
tags: |
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ env.MAJOR_VERSION }}
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ env.MAJOR_MINOR_VERSION }}
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ env.VERSION }}-${{ github.sha }}
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ env.BRANCH_TAG }}
${{ steps.login.outputs.registry }}/firezone/${{ matrix.image_name }}:${{ github.sha }}
integration-tests:
needs: build-images
runs-on: ubuntu-22.04
permissions:
contents: read
id-token: write
env:
VERSION: ${{ github.sha }}
strategy:
fail-fast: false
matrix:
include:
# TODO
# - Run control plane components as services
# - Test clients
# - Test with different NAT types
# - Test IPv6
# - Test end-to-end critical paths
- test_name: Relayed flow
setup: |
# Disallow traffic between gateway and client container
sudo iptables -I FORWARD 1 -s 172.28.0.100 -d 172.28.0.105 -j DROP
sudo iptables -I FORWARD 1 -s 172.28.0.105 -d 172.28.0.100 -j DROP
execute: |
docker compose exec -it client timeout 60 \
sh -c 'until ping -W 1 -c 1 172.20.0.100 &>/dev/null; do true; done'
- test_name: Basic flow
setup: echo 'Noop'
execute: |
docker compose exec -it client timeout 60 \
sh -c 'until ping -W 1 -c 1 172.20.0.100 &>/dev/null; do true; done'
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/gcp-docker-login
id: login
with:
project: firezone-staging
- name: Seed database
run:
docker compose run elixir /bin/sh -c 'cd apps/domain && mix ecto.seed'
- name: Start docker compose in the background
run: |
docker compose up -d \
api \
web \
client \
relay \
gateway
- name: Setup ${{ matrix.test_name }} test
run: ${{ matrix.setup }}
- name: Execute ${{ matrix.test_name }} test
run: ${{ matrix.execute }}
- name: Show Client logs
if: "!cancelled()"
run: docker compose logs client
- name: Show Relay logs
if: "!cancelled()"
run: docker compose logs relay
- name: Show Gateway logs
if: "!cancelled()"
run: docker compose logs gateway
- name: Show API logs
if: "!cancelled()"
run: docker compose logs api
- name: Show httpbin logs
if: "!cancelled()"
run: docker compose logs httpbin
Reference in New Issue View Git Blame Copy Permalink