chore: network policies for v2 secrets mounting #12334
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy and Test PR | |
on: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- closed | |
- edited | |
merge_group: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
test-docs: | |
if: github.event.action != 'closed' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/[email protected] | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: "17" | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: install dependencies | |
run: | | |
sudo apt-get update -y && sudo apt-get install graphviz | |
git submodule sync | |
git submodule update --init --force docs/renku-python | |
pip install --upgrade pip | |
pip install -r docs/requirements.txt | |
- name: test the docs build | |
env: | |
SIDEBAR: 1 | |
run: | | |
cd docs | |
sphinx-build -nNW -b spelling -d _build/doctrees . _build/spelling | |
sphinx-build -qnNW . _build/html | |
- name: Upload docs | |
uses: actions/upload-artifact@v4 | |
if: success() | |
with: | |
name: docs | |
path: docs/_build/html/ | |
check-deploy: | |
runs-on: ubuntu-22.04 | |
outputs: | |
pr-contains-string: ${{ steps.deploy-comment.outputs.pr-contains-string }} | |
renku-core: ${{ steps.deploy-comment.outputs.renku-core}} | |
renku-gateway: ${{ steps.deploy-comment.outputs.renku-gateway}} | |
renku-graph: ${{ steps.deploy-comment.outputs.renku-graph}} | |
renku-notebooks: ${{ steps.deploy-comment.outputs.renku-notebooks}} | |
renku-ui: ${{ steps.deploy-comment.outputs.renku-ui}} | |
renku-data-services: ${{ steps.deploy-comment.outputs.renku-data-services}} | |
amalthea: ${{ steps.deploy-comment.outputs.amalthea}} | |
amalthea-sessions: ${{ steps.deploy-comment.outputs.amalthea-sessions}} | |
test-enabled: ${{ steps.deploy-comment.outputs.test-enabled}} | |
extra-values: ${{ steps.deploy-comment.outputs.extra-values}} | |
steps: | |
- uses: actions/[email protected] | |
- id: deploy-comment | |
uses: SwissDataScienceCenter/renku-actions/[email protected] | |
with: | |
string: /deploy | |
pr_ref: ${{ github.event.number }} | |
deploy-pr: | |
if: github.event.action != 'closed' | |
needs: [check-deploy] | |
runs-on: ubuntu-22.04 | |
environment: | |
name: ci-renku-${{ github.event.number }} | |
url: https://ci-renku-${{ github.event.number }}.dev.renku.ch | |
steps: | |
- uses: actions/[email protected] | |
- name: renku build and deploy | |
if: needs.check-deploy.outputs.pr-contains-string == 'true' | |
uses: SwissDataScienceCenter/renku-actions/[email protected] | |
env: | |
DOCKER_PASSWORD: ${{ secrets.RENKU_DOCKER_PASSWORD }} | |
DOCKER_USERNAME: ${{ secrets.RENKU_DOCKER_USERNAME }} | |
GITLAB_TOKEN: ${{ secrets.DEV_GITLAB_TOKEN }} | |
KUBECONFIG: "${{ github.workspace }}/renkubot-kube.config" | |
RENKU_ANONYMOUS_SESSIONS: true | |
RENKU_RELEASE: ci-renku-${{ github.event.number }} | |
RENKU_VALUES_FILE: "${{ github.workspace }}/values.yaml" | |
RENKU_VALUES: ${{ secrets.COMBINED_CHARTS_CI_RENKU_VALUES }} | |
RENKUBOT_KUBECONFIG: ${{ secrets.RENKUBOT_DEV_KUBECONFIG }} | |
TEST_ARTIFACTS_PATH: "tests-artifacts-${{ github.sha }}" | |
renku: "@${{ github.head_ref }}" | |
renku_core: "${{ needs.check-deploy.outputs.renku-core }}" | |
renku_gateway: "${{ needs.check-deploy.outputs.renku-gateway }}" | |
renku_graph: "${{ needs.check-deploy.outputs.renku-graph }}" | |
renku_notebooks: "${{ needs.check-deploy.outputs.renku-notebooks }}" | |
renku_ui: "${{ needs.check-deploy.outputs.renku-ui }}" | |
renku_data_services: "${{ needs.check-deploy.outputs.renku-data-services }}" | |
amalthea: "${{ needs.check-deploy.outputs.amalthea }}" | |
amalthea_sessions: "${{ needs.check-deploy.outputs.amalthea-sessions }}" | |
extra_values: "${{ needs.check-deploy.outputs.extra-values }}" | |
- name: Check existing renkubot comment | |
if: needs.check-deploy.outputs.pr-contains-string == 'true' | |
uses: peter-evans/find-comment@v3 | |
id: findcomment | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-author: "RenkuBot" | |
- name: Create comment pre deploy | |
if: ${{ steps.findcomment.outputs.comment-id == 0 && | |
needs.check-deploy.outputs.pr-contains-string == 'true' }} | |
uses: peter-evans/create-or-update-comment@v4 | |
with: | |
token: ${{ secrets.RENKUBOT_GITHUB_TOKEN }} | |
issue-number: ${{ github.event.pull_request.number }} | |
body: | | |
You can access the deployment of this PR at https://ci-renku-${{ github.event.number }}.dev.renku.ch | |
test-pr: | |
if: github.event.action != 'closed' && needs.check-deploy.outputs.pr-contains-string == 'true' && needs.check-deploy.outputs.test-enabled == 'true' | |
needs: [check-deploy, deploy-pr] | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: SwissDataScienceCenter/renku-actions/[email protected] | |
with: | |
kubeconfig: ${{ secrets.RENKUBOT_DEV_KUBECONFIG }} | |
renku-release: ci-renku-${{ github.event.number }} | |
gitlab-token: ${{ secrets.DEV_GITLAB_TOKEN }} | |
s3-results-access-key: ${{ secrets.ACCEPTANCE_TESTS_BUCKET_ACCESS_KEY }} | |
s3-results-secret-key: ${{ secrets.ACCEPTANCE_TESTS_BUCKET_SECRET_KEY }} | |
test-timeout-mins: "120" | |
test-pr-cypress: | |
needs: [check-deploy, deploy-pr] | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
tests: | |
[ | |
publicProject, | |
privateProject, | |
updateProjects, | |
testDatasets, | |
useSession, | |
checkWorkflows, | |
rstudioSession, | |
dashboardV2, | |
] | |
steps: | |
- uses: SwissDataScienceCenter/renku-actions/[email protected] | |
if: github.event.action != 'closed' && needs.check-deploy.outputs.pr-contains-string == 'true' && needs.check-deploy.outputs.test-enabled == 'true' | |
with: | |
e2e-target: ${{ matrix.tests }} | |
renku-reference: ${{ github.ref }} | |
renku-release: ci-renku-${{ github.event.number }} | |
test-user-password: ${{ secrets.RENKU_BOT_DEV_PASSWORD }} | |
deploy-string-no-custom-version: | |
name: Check that deploy string doesn't specify a custom component version | |
needs: [check-deploy] | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check deploy string | |
if: ${{ | |
needs.check-deploy.outputs.pr-contains-string == 'true' | |
&& startsWith(github.base_ref, 'release-') | |
&& ( | |
needs.check-deploy.outputs.renku-core != null | |
|| needs.check-deploy.outputs.renku-gateway != null | |
|| needs.check-deploy.outputs.renku-graph != null | |
|| needs.check-deploy.outputs.renku-notebooks != null | |
|| needs.check-deploy.outputs.renku-ui != null | |
|| needs.check-deploy.outputs.renku-data-services != null | |
) | |
}} | |
uses: actions/github-script@v7 | |
with: | |
script: core.setFailed('Cannot merge release PR if it still has custom versions in deploy string.') | |
cleanup: | |
if: github.event.action == 'closed' | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: renku teardown | |
uses: SwissDataScienceCenter/renku-actions/[email protected] | |
env: | |
HELM_RELEASE_REGEX: "^ci-renku-${{ github.event.number }}$" | |
GITLAB_TOKEN: ${{ secrets.DEV_GITLAB_TOKEN }} | |
RENKUBOT_KUBECONFIG: ${{ secrets.RENKUBOT_DEV_KUBECONFIG }} | |
MAX_AGE_SECONDS: 0 | |
DELETE_NAMESPACE: "true" |