Skip to content

Allow for configurable securityContext #587

Allow for configurable securityContext

Allow for configurable securityContext #587

Workflow file for this run

name: Conformance Testing
on:
push:
branches:
- main
- release-*
tags:
- "v[0-9]+.[0-9]+.[0-9]+*"
pull_request:
branches:
- main
- release-*
types:
- opened
- reopened
- synchronize
schedule:
- cron: '0 4 * * *'
concurrency:
group: ${{ github.ref_name }}-conformance
cancel-in-progress: true
permissions:
contents: read
jobs:
conformance-tests:
name: Gateway Conformance Tests
runs-on: ubuntu-22.04
strategy:
matrix:
k8s-version: ["1.23.17", "latest"]
permissions:
contents: write # needed for uploading release artifacts
steps:
- name: Checkout Repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Setup Golang Environment
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: go.mod
- name: Set GOPATH
run: echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
- name: Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: NKG Docker meta
id: nkg-meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: |
name=ghcr.io/nginxinc/nginx-kubernetes-gateway
tags: |
type=semver,pattern={{version}}
type=edge
type=ref,event=pr
type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
- name: NGINX Docker meta
id: nginx-meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: |
name=ghcr.io/nginxinc/nginx-kubernetes-gateway/nginx
tags: |
type=semver,pattern={{version}}
type=edge
type=ref,event=pr
type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
- name: Prepare NKG files
run: |
nkg_prefix=$(echo ${{ steps.nkg-meta.outputs.tags }} | cut -d ":" -f 1)
nkg_tag=$(echo ${{ steps.nkg-meta.outputs.tags }} | cut -d ":" -f 2)
make update-nkg-manifest NKG_PREFIX=${nkg_prefix} NKG_TAG=${nkg_tag}
working-directory: ./conformance
- name: Build binary
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
version: latest
args: build --snapshot --clean
- name: Build NKG Docker Image
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
file: build/Dockerfile
tags: ${{ steps.nkg-meta.outputs.tags }}
context: "."
target: goreleaser
load: true
cache-from: type=gha,scope=nkg
cache-to: type=gha,scope=nkg,mode=max
pull: true
- name: Build NGINX Docker Image
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
file: build/Dockerfile.nginx
tags: ${{ steps.nginx-meta.outputs.tags }}
context: "."
load: true
cache-from: type=gha,scope=nginx
cache-to: type=gha,scope=nginx,mode=max
pull: true
build-args: |
NJS_DIR=internal/mode/static/nginx/modules/src
NGINX_CONF_DIR=internal/mode/static/nginx/conf
- name: Update Go Modules
if: ${{ github.event_name == 'schedule' }}
run: make update-go-modules
working-directory: ./conformance
- name: Build Test Docker Image
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
file: conformance/tests/Dockerfile
tags: conformance-test-runner:${{ github.sha }}
context: "."
load: true
cache-from: type=gha
cache-to: type=gha,mode=max
pull: true
- name: Deploy Kubernetes
id: k8s
run: |
k8s_version=${{ matrix.k8s-version }}
make create-kind-cluster KIND_KUBE_CONFIG=${{ github.workspace }}/kube-${{ github.run_id }} ${{ ! contains(matrix.k8s-version, 'latest') && 'KIND_IMAGE=kindest/node:v${k8s_version}' || '' }}
echo "KUBECONFIG=${{ github.workspace }}/kube-${{ github.run_id }}" >> "$GITHUB_ENV"
working-directory: ./conformance
- name: Wait for release to exist
if: startsWith(github.ref, 'refs/tags/')
uses: lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812 # v1.3.1
with:
ref: ${{ github.ref }}
check-name: 'Build Image'
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Setup conformance tests
run: |
nkg_prefix=$(echo ${{ steps.nkg-meta.outputs.tags }} | cut -d ":" -f 1)
nkg_tag=$(echo ${{ steps.nkg-meta.outputs.tags }} | cut -d ":" -f 2)
if [ ${{ github.event_name }} == "schedule" ]; then
export GW_API_VERSION=main
fi
make install-nkg-local-no-build NKG_PREFIX=${nkg_prefix} NKG_TAG=${nkg_tag}
working-directory: ./conformance
- name: Run conformance tests
run: make run-conformance-tests TAG=${{ github.sha }} VERSION=${{ github.ref_name }}
working-directory: ./conformance
- name: Upload profile to release
if: ${{ matrix.k8s-version == 'latest' && startsWith(github.ref, 'refs/tags/') }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release upload ${{ github.ref_name }} conformance-profile.yaml
working-directory: ./conformance