EKS support and testing #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate SecureSign on EKS | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["main", "release*"] | |
| tags: ["*"] | |
| pull_request: | |
| branches: ["main", "release*"] | |
| env: | |
| GO_VERSION: 1.21 | |
| IMAGE_TAG: latest | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| jobs: | |
| build-operator: | |
| name: Build-operator | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@v2 | |
| - name: Install Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install eksctl | |
| run: | | |
| ARCH=amd64 | |
| PLATFORM=$(uname -s)_$ARCH | |
| curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_$PLATFORM.tar.gz" | |
| tar -xzf eksctl_$PLATFORM.tar.gz -C /tmp && rm eksctl_$PLATFORM.tar.gz | |
| sudo mv /tmp/eksctl /usr/local/bin | |
| - name: Install kubectl | |
| run: | | |
| ARCH=amd64 | |
| PLATFORM=$(uname -s)_$ARCH | |
| curl -sLO "https://dl.k8s.io/release/v1.22.0/bin/linux/amd64/kubectl" | |
| chmod +x kubectl | |
| sudo mv kubectl /usr/local/bin | |
| - name: run eksctl create cluster | |
| run: | | |
| eksctl create cluster --alb-ingress-access --external-dns-access --name rhtas-eks --nodes 1 --node-type m5.xlarge --spot | |
| eksctl utils associate-iam-oidc-provider --region=us-east-2 --cluster=rhtas-eks --approve | |
| eksctl create iamserviceaccount --region us-east-2 --name ebs-csi-controller-sa --namespace kube-system --cluster rhtas-eks --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy --approve --role-only --role-name AmazonEKS_EBS_CSI_DriverRole | |
| eksctl create addon --name aws-ebs-csi-driver --cluster rhtas-eks --service-account-role-arn arn:aws:iam::${{ secrets.AWS }}:role/AmazonEKS_EBS_CSI_DriverRole --force | |
| kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/aws/deploy.yaml | |
| - name: Build and Deploy operator container | |
| run: make docker-build deploy | |
| - name: Wait for operator to be ready | |
| run: | | |
| kubectl wait --for=condition=available deployment/rhtas-operator-controller-manager --timeout=60s -n openshift-rhtas-operator | |
| - name: Install cosign | |
| run: go install github.com/sigstore/cosign/v2/cmd/[email protected] | |
| - name: Run tests | |
| run: make integration-test | |
| - name: dump the logs of the operator | |
| run: kubectl logs -n openshift-rhtas-operator deployment/rhtas-operator-controller-manager | |
| if: always() | |
| - name: delete the cluster | |
| run: eksctl delete cluster --name rhtas-eks --region us-east-2 --wait | |
| if: always() |