Skip to content

chore: network policies for v2 secrets mounting #12334

chore: network policies for v2 secrets mounting

chore: network policies for v2 secrets mounting #12334

name: Deploy and Test PR
on:
pull_request:
types:
- opened
- synchronize
- reopened
- closed
- edited
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
test-docs:
if: github.event.action != 'closed'
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "17"
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: install dependencies
run: |
sudo apt-get update -y && sudo apt-get install graphviz
git submodule sync
git submodule update --init --force docs/renku-python
pip install --upgrade pip
pip install -r docs/requirements.txt
- name: test the docs build
env:
SIDEBAR: 1
run: |
cd docs
sphinx-build -nNW -b spelling -d _build/doctrees . _build/spelling
sphinx-build -qnNW . _build/html
- name: Upload docs
uses: actions/upload-artifact@v4
if: success()
with:
name: docs
path: docs/_build/html/
check-deploy:
runs-on: ubuntu-22.04
outputs:
pr-contains-string: ${{ steps.deploy-comment.outputs.pr-contains-string }}
renku-core: ${{ steps.deploy-comment.outputs.renku-core}}
renku-gateway: ${{ steps.deploy-comment.outputs.renku-gateway}}
renku-graph: ${{ steps.deploy-comment.outputs.renku-graph}}
renku-notebooks: ${{ steps.deploy-comment.outputs.renku-notebooks}}
renku-ui: ${{ steps.deploy-comment.outputs.renku-ui}}
renku-data-services: ${{ steps.deploy-comment.outputs.renku-data-services}}
amalthea: ${{ steps.deploy-comment.outputs.amalthea}}
amalthea-sessions: ${{ steps.deploy-comment.outputs.amalthea-sessions}}
test-enabled: ${{ steps.deploy-comment.outputs.test-enabled}}
extra-values: ${{ steps.deploy-comment.outputs.extra-values}}
steps:
- uses: actions/[email protected]
- id: deploy-comment
uses: SwissDataScienceCenter/renku-actions/[email protected]
with:
string: /deploy
pr_ref: ${{ github.event.number }}
deploy-pr:
if: github.event.action != 'closed'
needs: [check-deploy]
runs-on: ubuntu-22.04
environment:
name: ci-renku-${{ github.event.number }}
url: https://ci-renku-${{ github.event.number }}.dev.renku.ch
steps:
- uses: actions/[email protected]
- name: renku build and deploy
if: needs.check-deploy.outputs.pr-contains-string == 'true'
uses: SwissDataScienceCenter/renku-actions/[email protected]
env:
DOCKER_PASSWORD: ${{ secrets.RENKU_DOCKER_PASSWORD }}
DOCKER_USERNAME: ${{ secrets.RENKU_DOCKER_USERNAME }}
GITLAB_TOKEN: ${{ secrets.DEV_GITLAB_TOKEN }}
KUBECONFIG: "${{ github.workspace }}/renkubot-kube.config"
RENKU_ANONYMOUS_SESSIONS: true
RENKU_RELEASE: ci-renku-${{ github.event.number }}
RENKU_VALUES_FILE: "${{ github.workspace }}/values.yaml"
RENKU_VALUES: ${{ secrets.COMBINED_CHARTS_CI_RENKU_VALUES }}
RENKUBOT_KUBECONFIG: ${{ secrets.RENKUBOT_DEV_KUBECONFIG }}
TEST_ARTIFACTS_PATH: "tests-artifacts-${{ github.sha }}"
renku: "@${{ github.head_ref }}"
renku_core: "${{ needs.check-deploy.outputs.renku-core }}"
renku_gateway: "${{ needs.check-deploy.outputs.renku-gateway }}"
renku_graph: "${{ needs.check-deploy.outputs.renku-graph }}"
renku_notebooks: "${{ needs.check-deploy.outputs.renku-notebooks }}"
renku_ui: "${{ needs.check-deploy.outputs.renku-ui }}"
renku_data_services: "${{ needs.check-deploy.outputs.renku-data-services }}"
amalthea: "${{ needs.check-deploy.outputs.amalthea }}"
amalthea_sessions: "${{ needs.check-deploy.outputs.amalthea-sessions }}"
extra_values: "${{ needs.check-deploy.outputs.extra-values }}"
- name: Check existing renkubot comment
if: needs.check-deploy.outputs.pr-contains-string == 'true'
uses: peter-evans/find-comment@v3
id: findcomment
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: "RenkuBot"
- name: Create comment pre deploy
if: ${{ steps.findcomment.outputs.comment-id == 0 &&
needs.check-deploy.outputs.pr-contains-string == 'true' }}
uses: peter-evans/create-or-update-comment@v4
with:
token: ${{ secrets.RENKUBOT_GITHUB_TOKEN }}
issue-number: ${{ github.event.pull_request.number }}
body: |
You can access the deployment of this PR at https://ci-renku-${{ github.event.number }}.dev.renku.ch
test-pr:
if: github.event.action != 'closed' && needs.check-deploy.outputs.pr-contains-string == 'true' && needs.check-deploy.outputs.test-enabled == 'true'
needs: [check-deploy, deploy-pr]
runs-on: ubuntu-22.04
steps:
- uses: SwissDataScienceCenter/renku-actions/[email protected]
with:
kubeconfig: ${{ secrets.RENKUBOT_DEV_KUBECONFIG }}
renku-release: ci-renku-${{ github.event.number }}
gitlab-token: ${{ secrets.DEV_GITLAB_TOKEN }}
s3-results-access-key: ${{ secrets.ACCEPTANCE_TESTS_BUCKET_ACCESS_KEY }}
s3-results-secret-key: ${{ secrets.ACCEPTANCE_TESTS_BUCKET_SECRET_KEY }}
test-timeout-mins: "120"
test-pr-cypress:
needs: [check-deploy, deploy-pr]
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
tests:
[
publicProject,
privateProject,
updateProjects,
testDatasets,
useSession,
checkWorkflows,
rstudioSession,
dashboardV2,
]
steps:
- uses: SwissDataScienceCenter/renku-actions/[email protected]
if: github.event.action != 'closed' && needs.check-deploy.outputs.pr-contains-string == 'true' && needs.check-deploy.outputs.test-enabled == 'true'
with:
e2e-target: ${{ matrix.tests }}
renku-reference: ${{ github.ref }}
renku-release: ci-renku-${{ github.event.number }}
test-user-password: ${{ secrets.RENKU_BOT_DEV_PASSWORD }}
deploy-string-no-custom-version:
name: Check that deploy string doesn't specify a custom component version
needs: [check-deploy]
runs-on: ubuntu-22.04
steps:
- name: Check deploy string
if: ${{
needs.check-deploy.outputs.pr-contains-string == 'true'
&& startsWith(github.base_ref, 'release-')
&& (
needs.check-deploy.outputs.renku-core != null
|| needs.check-deploy.outputs.renku-gateway != null
|| needs.check-deploy.outputs.renku-graph != null
|| needs.check-deploy.outputs.renku-notebooks != null
|| needs.check-deploy.outputs.renku-ui != null
|| needs.check-deploy.outputs.renku-data-services != null
)
}}
uses: actions/github-script@v7
with:
script: core.setFailed('Cannot merge release PR if it still has custom versions in deploy string.')
cleanup:
if: github.event.action == 'closed'
runs-on: ubuntu-22.04
steps:
- name: renku teardown
uses: SwissDataScienceCenter/renku-actions/[email protected]
env:
HELM_RELEASE_REGEX: "^ci-renku-${{ github.event.number }}$"
GITLAB_TOKEN: ${{ secrets.DEV_GITLAB_TOKEN }}
RENKUBOT_KUBECONFIG: ${{ secrets.RENKUBOT_DEV_KUBECONFIG }}
MAX_AGE_SECONDS: 0
DELETE_NAMESPACE: "true"