chore(deps): update aquasec/trivy docker tag to v0.59.1 #1922

Workflow file for this run

name: Lagoon tests
on: pull_request
# runs for lagoon-core, lagoon-remote, lagoon-test
runs-on: ubuntu-latest
fail-fast: false
- active-standby-kubernetes
- api
- deploytarget
- features-kubernetes
- features-kubernetes-2
- features-variables
- services
- tasks
## Re-enable any of these tests in your branch for specific testing
## - bitbucket
## - bulk-deployment
## - drush
## - generic
## - github
## - gitlab
## - image-cache
## - nginx
## - node
## - python
## - ssh-legacy
## - workflows
# Continue after getting a shell via: `touch continue`
- name: Setup tmate session
uses: mxschmitt/action-tmate@e5c7151931ca95bad1c6f4190c730ecf8c7dde48 # v3
timeout-minutes: 1
continue-on-error: true
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
fetch-depth: "0"
- name: Set up chart-testing dependencies
run: sudo apt-get -y install python3-wheel
- name: Set up chart-testing
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --config ./test-suite-lint.ct.yaml)
if [[ "$changed" ]]; then
echo "changed=true" >> $GITHUB_OUTPUT
echo "$changed"
- name: Configure node IP in kind-config.yaml
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
docker network create kind
LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"')
export KIND_NODE_IP=$(echo ${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $1,$2,$3,240}' OFS='.')
envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml
- name: Create kind cluster
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
version: v0.24.0
node_image: kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114
kubectl_version: v1.30.4
config: test-suite.kind-config.yaml
- name: Check node IP matches kind configuration
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
LAGOON_KIND_CIDR_BLOCK=$(docker network inspect kind | jq '. [0].IPAM.Config[0].Subnet' | tr -d '"')
NODE_IP=$(echo ${LAGOON_KIND_CIDR_BLOCK%???} | awk -F'.' '{print $1,$2,$3,240}' OFS='.')
echo Checking for NODE_IP "$NODE_IP"
grep $NODE_IP test-suite.kind-config.yaml
- name: Add dependency chart repos
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
helm repo add harbor
helm repo add ingress-nginx
helm repo add stable
helm repo add bitnami
helm repo add amazeeio
helm repo add lagoon
helm repo add nats
helm repo add metallb
helm repo add jetstack
helm repo add jouve
- name: Install gojq
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
cd /tmp
curl -sSLO
tar -xf ./gojq_v0.12.16_linux_amd64.tar.gz
sudo cp /tmp/gojq_v0.12.16_linux_amd64/gojq /usr/local/bin/jq
- name: Install kubens and kubectl alias
run: |
cd /tmp
curl -sSLO
tar -xf ./kubens_v0.9.5_linux_x86_64.tar.gz
sudo cp /tmp/kubens /usr/local/bin/kubens
sudo ln -s $(which kubectl) /usr/local/bin/kc
- name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml (needs-testing)
if: |
(steps.list-changed.outputs.changed == 'true' && !contains(github.event.pull_request.labels.*.name, 'next-release')) ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing'))
run: |
make install-lagoon
make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}]
- name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml (next-release)
if: |
(steps.list-changed.outputs.changed == 'true') &&
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' ./charts/lagoon-core/ci/linter-values.yaml ./charts/lagoon-core/ci/testlagoon-main-override.yaml
make install-lagoon IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main
make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main
- name: Free up some disk space
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: docker system prune -f -a --volumes
- name: Run chart-testing (install) on lagoon-test
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
(contains(github.event.pull_request.labels.*.name, 'next-release'))
run: |
ct lint --config ./test-suite-run.ct.yaml
ct install --config ./test-suite-run.ct.yaml --helm-extra-args "--timeout 60m"
# the following steps gather various debug information on test failure
- name: Inspect lagoon-test pods
if: failure()
run: |
kubectl get pods -A
kubectl describe pods --namespace=lagoon-core
kubectl logs --namespace=lagoon-core --prefix --timestamps --tail=-1 --all-containers
- name: Inspect lagoon-remote and lagoon-build-deploy pods
if: failure()
run: |
kubectl get pods -A -l ' in (lagoon-remote, lagoon-build-deploy)'
kubectl describe pods --namespace=lagoon -l ' in (lagoon-remote, lagoon-build-deploy)'
kubectl logs --namespace=lagoon --prefix --timestamps --tail=-1 --all-containers -l ' in (lagoon-remote, lagoon-build-deploy)'
- name: Inspect lagoon-core pods
if: failure()
run: |
kubectl get pods -A
kubectl describe pods --namespace=lagoon-core
kubectl logs --namespace=lagoon-core --prefix --timestamps --tail=-1 --all-containers
- name: Inspect any remaining CI namespaces
if: failure()
run: |
for ns in $(kubectl get ns -o json | jq -r '.items[] | select(match("^ci"))'); do
kubectl get events --sort-by=metadata.creationTimestamp --namespace=$ns
kubectl get pods --output=wide --namespace=$ns
kubectl describe pods --namespace=$ns
- name: Gather build logs of any remaining CI namespaces
if: failure()
run: |
for ns in $(kubectl get ns -o json | jq -r '.items[] | select(match("^ci"))'); do
kubectl logs --tail=80 --namespace=$ns --prefix --timestamps --all-containers
- name: Gather workload logs of any remaining CI namespaces
if: failure()
run: |
for ns in $(kubectl get ns -o json | jq -r '.items[] | select(match("^ci"))'); do
kubectl logs --tail=80 --namespace=$ns --prefix --timestamps --all-containers