From 8818ce29ffdbc97202b37204294d17fe40b1363b Mon Sep 17 00:00:00 2001 From: Zachary Hu Date: Fri, 23 Feb 2024 10:51:56 +0800 Subject: [PATCH 1/6] chore(release): add tzdata to deb images The tzdata package supports standard timezone database info. So users can set or show accurate timezone info. --- build/dockerfiles/deb.Dockerfile | 1 + changelog/unreleased/kong/add_tzdata.yml | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 changelog/unreleased/kong/add_tzdata.yml diff --git a/build/dockerfiles/deb.Dockerfile b/build/dockerfiles/deb.Dockerfile index a55b3706fcf7..c25cbadd5d53 100644 --- a/build/dockerfiles/deb.Dockerfile +++ b/build/dockerfiles/deb.Dockerfile @@ -20,6 +20,7 @@ COPY ${KONG_ARTIFACT_PATH}${KONG_ARTIFACT} /tmp/kong.deb RUN apt-get update \ && apt-get -y upgrade \ && apt-get -y autoremove \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata \ && apt-get install -y --no-install-recommends /tmp/kong.deb \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/kong.deb \ diff --git a/changelog/unreleased/kong/add_tzdata.yml b/changelog/unreleased/kong/add_tzdata.yml new file mode 100644 index 000000000000..57bed8aa3faf --- /dev/null +++ b/changelog/unreleased/kong/add_tzdata.yml @@ -0,0 +1,3 @@ +message: | + Add package `tzdata` to DEB Docker image for accurate timezone setting. +type: dependency From 1fb7ccfb48064d3ea2719e353e98840d42b1d5fe Mon Sep 17 00:00:00 2001 From: Zachary Hu Date: Fri, 23 Feb 2024 11:14:44 +0800 Subject: [PATCH 2/6] revert me: run test for all matrices --- .github/matrix-commitly.yml | 116 +++++++- .github/workflows/build_and_test.yml | 416 --------------------------- 2 files changed, 101 insertions(+), 431 deletions(-) delete mode 100644 .github/workflows/build_and_test.yml diff --git a/.github/matrix-commitly.yml b/.github/matrix-commitly.yml index 7685340597c3..73731bb6e05d 100644 --- a/.github/matrix-commitly.yml +++ b/.github/matrix-commitly.yml @@ -1,24 +1,110 @@ # please see matrix-full.yml for meaning of each field build-packages: -- label: ubuntu-22.04 - os: ubuntu-22.04 - package: deb - check-manifest-suite: ubuntu-22.04-amd64 + # label: used to distinguish artifacts for later use + # image: docker image name if the build is running in side a container + # package: package type + # package-type: the nfpm packaging target, //:kong_{package} target; only used when package is rpm + # bazel-args: additional bazel build flags + # check-manifest-suite: the check manifest suite as defined in scripts/explain_manifest/config.py + # Ubuntu + - label: ubuntu-20.04 + image: ubuntu:20.04 + package: deb + check-manifest-suite: ubuntu-20.04-amd64 + - label: ubuntu-22.04 + package: deb + check-manifest-suite: ubuntu-22.04-amd64 + - label: ubuntu-22.04-arm64 + package: deb + bazel-args: --platforms=//:generic-crossbuild-aarch64 + check-manifest-suite: ubuntu-22.04-arm64 + # Debian + - label: debian-10 + image: debian:10 + package: deb + check-manifest-suite: debian-10-amd64 + - label: debian-11 + image: debian:11 + package: deb + check-manifest-suite: debian-11-amd64 + - label: debian-12 + image: debian:12 + package: deb + check-manifest-suite: debian-12-amd64 + # RHEL + - label: rhel-7 + image: centos:7 + package: rpm + package-type: el7 + bazel-args: --//:wasmx_el7_workaround=true --//:brotli=False + check-manifest-suite: el7-amd64 + - label: rhel-8 + image: rockylinux:8 + package: rpm + package-type: el8 + check-manifest-suite: el8-amd64 + - label: rhel-9 + image: rockylinux:9 + package: rpm + package-type: el9 + check-manifest-suite: el9-amd64 + - label: rhel-9-arm64 + package: rpm + package-type: el9 + bazel-args: --platforms=//:rhel9-crossbuild-aarch64 --//:brotli=False + check-manifest-suite: el9-arm64 + # Amazon Linux + - label: amazonlinux-2 + image: amazonlinux:2 + package: rpm + package-type: aws2 + check-manifest-suite: amazonlinux-2-amd64 + - label: amazonlinux-2023 + image: amazonlinux:2023 + package: rpm + package-type: aws2023 + check-manifest-suite: amazonlinux-2023-amd64 + - label: amazonlinux-2023-arm64 + package: rpm + package-type: aws2023 + bazel-args: --platforms=//:aws2023-crossbuild-aarch64 --//:brotli=False + check-manifest-suite: amazonlinux-2023-arm64 build-images: -- label: ubuntu - base-image: ubuntu:22.04 - package: deb - artifact-from: ubuntu-22.04 + # Only build images for the latest version of each major release. -smoke-tests: -- label: ubuntu + # label: used as compose docker image label ${github.sha}-${label} + # base-image: docker image to use as base + # package: package type + # artifact-from: label of build-packages to use + # artifact-from-alt: another label of build-packages to use for downloading package (to build multi-arch image) + # docker-platforms: comma separated list of docker buildx platforms to build for + # Ubuntu + - label: ubuntu + base-image: ubuntu:22.04 + package: deb + artifact-from: ubuntu-22.04 + artifact-from-alt: ubuntu-22.04-arm64 + docker-platforms: linux/amd64, linux/arm64 + # Debian + - label: debian + base-image: debian:12-slim + package: deb + artifact-from: debian-12 + # RHEL + - label: rhel + base-image: registry.access.redhat.com/ubi9 + package: rpm + rpm_platform: el9 + artifact-from: rhel-9 + artifact-from-alt: rhel-9-arm64 + docker-platforms: linux/amd64, linux/arm64 +smoke-tests: + - label: ubuntu scan-vulnerabilities: -- label: ubuntu - + - label: ubuntu release-packages: - release-images: -- label: ubuntu - package: deb + - label: ubuntu + package: deb diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml deleted file mode 100644 index 8cb47a16550b..000000000000 --- a/.github/workflows/build_and_test.yml +++ /dev/null @@ -1,416 +0,0 @@ -name: Build & Test -on: - pull_request: - paths-ignore: - # ignore markdown files (CHANGELOG.md, README.md, etc.) - - '**/*.md' - - '.github/workflows/release.yml' - - 'changelog/**' - - 'kong.conf.default' - push: - paths-ignore: - # ignore markdown files (CHANGELOG.md, README.md, etc.) - - '**/*.md' - # ignore PRs for the generated COPYRIGHT file - - 'COPYRIGHT' - branches: - - master - - release/* - - test-please/* - workflow_dispatch: - inputs: - coverage: - description: 'Coverage enabled' - required: false - type: boolean - default: false - -# cancel previous runs if new commits are pushed to the PR, but run for each commit on master -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -env: - BUILD_ROOT: ${{ github.workspace }}/bazel-bin/build - KONG_TEST_COVERAGE: ${{ inputs.coverage == true || github.event_name == 'schedule' }} - RUNNER_COUNT: 7 - -jobs: - build: - uses: ./.github/workflows/build.yml - with: - relative-build-root: bazel-bin/build - - lint-and-doc-tests: - name: Lint and Doc tests - runs-on: ubuntu-22.04 - needs: build - - steps: - - name: Bump max open files - run: | - sudo echo 'kong soft nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf - sudo echo 'kong hard nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf - sudo echo "$(whoami) soft nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf - sudo echo "$(whoami) hard nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf - - - name: Checkout Kong source code - uses: actions/checkout@v4 - - - name: Lookup build cache - id: cache-deps - uses: actions/cache@v3 - with: - path: ${{ env.BUILD_ROOT }} - key: ${{ needs.build.outputs.cache-key }} - - - name: Check test-helpers doc generation - run: | - source ${{ env.BUILD_ROOT }}/kong-dev-venv.sh - pushd ./spec && ldoc . - - - name: Check autodoc generation - run: | - source ${{ env.BUILD_ROOT }}/kong-dev-venv.sh - scripts/autodoc - - - name: Lint Lua code - run: | - make lint - - - name: Validate rockspec file - run: | - source ${{ env.BUILD_ROOT }}/kong-dev-venv.sh - scripts/validate-rockspec - - - name: Check spec file misspelling - run: | - scripts/check_spec_files_spelling.sh - - - name: Check labeler configuration - run: scripts/check-labeler.pl .github/labeler.yml - - schedule: - name: Schedule busted tests to run - runs-on: ubuntu-22.04 - needs: build - - env: - WORKFLOW_ID: ${{ github.run_id }} - - outputs: - runners: ${{ steps.generate-runner-array.outputs.RUNNERS }} - - steps: - - name: Checkout source code - uses: actions/checkout@v4 - - - name: Download runtimes file - uses: Kong/gh-storage/download@v1 - env: - GITHUB_TOKEN: ${{ secrets.PAT }} - with: - repo-path: Kong/gateway-action-storage/main/.ci/runtimes.json - - - name: Schedule tests - uses: Kong/gateway-test-scheduler/schedule@69f0c2a562ac44fc3650b8bfa62106b34094b5ce # v3 - with: - test-suites-file: .ci/test_suites.json - test-file-runtime-file: .ci/runtimes.json - output-prefix: test-chunk. - runner-count: ${{ env.RUNNER_COUNT }} - static-mode: ${{ github.run_attempt > 1 }} - - - name: Upload schedule files - uses: actions/upload-artifact@v3 - continue-on-error: true - with: - name: schedule-test-files - path: test-chunk.* - retention-days: 7 - - - name: Generate runner array - id: generate-runner-array - run: | - echo "RUNNERS=[$(seq -s "," 1 $(( "$RUNNER_COUNT" )))]" >> "$GITHUB_OUTPUT" - - busted-tests: - name: Busted test runner ${{ matrix.runner }} - runs-on: ubuntu-22.04 - needs: [build,schedule] - - strategy: - fail-fast: false - matrix: - runner: ${{ fromJSON(needs.schedule.outputs.runners) }} - - services: - postgres: - image: postgres:13 - env: - POSTGRES_USER: kong - POSTGRES_DB: kong - POSTGRES_HOST_AUTH_METHOD: trust - ports: - - 5432:5432 - options: --health-cmd pg_isready --health-interval 5s --health-timeout 5s --health-retries 8 - - grpcbin: - image: kong/grpcbin - ports: - - 15002:9000 - - 15003:9001 - - redis: - image: redis - ports: - - 6379:6379 - - 6380:6380 - options: >- - --name kong_redis - - zipkin: - image: openzipkin/zipkin:2 - ports: - - 9411:9411 - - steps: - - name: Bump max open files - run: | - sudo echo 'kong soft nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf - sudo echo 'kong hard nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf - sudo echo "$(whoami) soft nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf - sudo echo "$(whoami) hard nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf - - - name: Checkout Kong source code - uses: actions/checkout@v4 - - - name: Lookup build cache - id: cache-deps - uses: actions/cache@v3 - with: - path: ${{ env.BUILD_ROOT }} - key: ${{ needs.build.outputs.cache-key }} - - - name: Build WASM Test Filters - uses: ./.github/actions/build-wasm-test-filters - - - name: Add gRPC test host names - run: | - echo "127.0.0.1 grpcs_1.test" | sudo tee -a /etc/hosts - echo "127.0.0.1 grpcs_2.test" | sudo tee -a /etc/hosts - - - name: Enable SSL for Redis - run: | - docker cp ${{ github.workspace }} kong_redis:/workspace - docker cp ${{ github.workspace }}/spec/fixtures/redis/docker-entrypoint.sh kong_redis:/usr/local/bin/docker-entrypoint.sh - docker restart kong_redis - docker logs kong_redis - - - name: Run OpenTelemetry Collector - run: | - mkdir -p ${{ github.workspace }}/tmp/otel - touch ${{ github.workspace }}/tmp/otel/file_exporter.json - sudo chmod 777 -R ${{ github.workspace }}/tmp/otel - docker run -p 4317:4317 -p 4318:4318 -p 55679:55679 \ - -v ${{ github.workspace }}/spec/fixtures/opentelemetry/otelcol.yaml:/etc/otel-collector-config.yaml \ - -v ${{ github.workspace }}/tmp/otel:/etc/otel \ - --name opentelemetry-collector -d \ - otel/opentelemetry-collector-contrib:0.52.0 \ - --config=/etc/otel-collector-config.yaml - sleep 2 - docker logs opentelemetry-collector - - - name: Install AWS SAM cli tool - run: | - curl -L -s -o /tmp/aws-sam-cli.zip https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip - unzip -o /tmp/aws-sam-cli.zip -d /tmp/aws-sam-cli - sudo /tmp/aws-sam-cli/install --update - - - name: Update PATH - run: | - echo "$BUILD_ROOT/kong-dev/bin" >> $GITHUB_PATH - echo "$BUILD_ROOT/kong-dev/openresty/nginx/sbin" >> $GITHUB_PATH - echo "$BUILD_ROOT/kong-dev/openresty/bin" >> $GITHUB_PATH - - - name: Debug (nginx) - run: | - echo nginx: $(which nginx) - nginx -V 2>&1 | sed -re 's/ --/\n--/g' - ldd $(which nginx) - - - name: Debug (luarocks) - run: | - echo luarocks: $(which luarocks) - luarocks --version - luarocks config - - - name: Tune up postgres max_connections - run: | - # arm64 runners may use more connections due to more worker cores - psql -hlocalhost -Ukong kong -tAc 'alter system set max_connections = 5000;' - - - name: Download test schedule file - uses: actions/download-artifact@v3 - with: - name: schedule-test-files - - - name: Generate helper environment variables - run: | - echo FAILED_TEST_FILES_FILE=failed-tests.json >> $GITHUB_ENV - echo TEST_FILE_RUNTIME_FILE=test-runtime.json >> $GITHUB_ENV - - - name: Build & install dependencies - run: | - make dev - - - name: Download test rerun information - uses: actions/download-artifact@v3 - continue-on-error: true - with: - name: test-rerun-info-${{ matrix.runner }} - - - name: Download test runtime statistics from previous runs - uses: actions/download-artifact@v3 - continue-on-error: true - with: - name: test-runtime-statistics-${{ matrix.runner }} - - - name: Run Tests - env: - KONG_TEST_PG_DATABASE: kong - KONG_TEST_PG_USER: kong - KONG_TEST_DATABASE: postgres - KONG_SPEC_TEST_GRPCBIN_PORT: "15002" - KONG_SPEC_TEST_GRPCBIN_SSL_PORT: "15003" - KONG_SPEC_TEST_OTELCOL_FILE_EXPORTER_PATH: ${{ github.workspace }}/tmp/otel/file_exporter.json - DD_ENV: ci - DD_SERVICE: kong-ce-ci - DD_CIVISIBILITY_MANUAL_API_ENABLED: 1 - DD_CIVISIBILITY_AGENTLESS_ENABLED: true - DD_TRACE_GIT_METADATA_ENABLED: true - DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} - uses: Kong/gateway-test-scheduler/runner@69f0c2a562ac44fc3650b8bfa62106b34094b5ce # v3 - with: - tests-to-run-file: test-chunk.${{ matrix.runner }}.json - failed-test-files-file: ${{ env.FAILED_TEST_FILES_FILE }} - test-file-runtime-file: ${{ env.TEST_FILE_RUNTIME_FILE }} - setup-venv-path: ${{ env.BUILD_ROOT }} - - - name: Upload test rerun information - if: always() - uses: actions/upload-artifact@v3 - with: - name: test-rerun-info-${{ matrix.runner }} - path: ${{ env.FAILED_TEST_FILES_FILE }} - retention-days: 2 - - - name: Upload test runtime statistics for offline scheduling - if: always() - uses: actions/upload-artifact@v3 - with: - name: test-runtime-statistics-${{ matrix.runner }} - path: ${{ env.TEST_FILE_RUNTIME_FILE }} - retention-days: 7 - - - name: Archive coverage stats file - uses: actions/upload-artifact@v3 - if: ${{ always() && (inputs.coverage == true || github.event_name == 'schedule') }} - with: - name: luacov-stats-out-${{ github.job }}-${{ github.run_id }}-${{ matrix.runner }} - retention-days: 1 - path: | - luacov.stats.out - - - name: Get kernel message - if: failure() - run: | - sudo dmesg -T - - pdk-tests: - name: PDK tests - runs-on: ubuntu-22.04 - needs: build - - steps: - - name: Bump max open files - run: | - sudo echo 'kong soft nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf - sudo echo 'kong hard nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf - sudo echo "$(whoami) soft nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf - sudo echo "$(whoami) hard nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf - - - name: Checkout Kong source code - uses: actions/checkout@v4 - - - name: Lookup build cache - id: cache-deps - uses: actions/cache@v3 - with: - path: ${{ env.BUILD_ROOT }} - key: ${{ needs.build.outputs.cache-key }} - - - name: Install Test::Nginx - run: | - CPAN_DOWNLOAD=./cpanm - mkdir -p $CPAN_DOWNLOAD - curl -o $CPAN_DOWNLOAD/cpanm https://cpanmin.us - chmod +x $CPAN_DOWNLOAD/cpanm - - echo "Installing CPAN dependencies..." - $CPAN_DOWNLOAD/cpanm --notest --local-lib=$HOME/perl5 local::lib && eval $(perl -I $HOME/perl5/lib/perl5/ -Mlocal::lib) - $CPAN_DOWNLOAD/cpanm --notest Test::Nginx - - - name: Tests - env: - TEST_SUITE: pdk - run: | - source ${{ env.BUILD_ROOT }}/kong-dev-venv.sh - if [[ $KONG_TEST_COVERAGE = true ]]; then - export PDK_LUACOV=1 - fi - eval $(perl -I $HOME/perl5/lib/perl5/ -Mlocal::lib) - prove -I. -r t - - - name: Archive coverage stats file - uses: actions/upload-artifact@v3 - if: ${{ always() && (inputs.coverage == true || github.event_name == 'schedule') }} - with: - name: luacov-stats-out-${{ github.job }}-${{ github.run_id }} - retention-days: 1 - path: | - luacov.stats.out - - - name: Get kernel message - if: failure() - run: | - sudo dmesg -T - - cleanup-and-aggregate-stats: - needs: [lint-and-doc-tests,pdk-tests,busted-tests] - name: Cleanup and Luacov stats aggregator - if: ${{ always() && (inputs.coverage == true || github.event_name == 'schedule') }} - runs-on: ubuntu-22.04 - - steps: - - name: Checkout source code - uses: actions/checkout@v4 - - - name: Install requirements - run: | - sudo apt-get update && sudo apt-get install -y luarocks - sudo luarocks install luacov - sudo luarocks install luafilesystem - - # Download all archived coverage stats files - - uses: actions/download-artifact@v3 - - - name: Stats aggregation - shell: bash - run: | - lua .ci/luacov-stats-aggregator.lua "luacov-stats-out-" "luacov.stats.out" ${{ github.workspace }}/ - # The following prints a report with each file sorted by coverage percentage, and the total coverage - printf "\n\nCoverage File\n\n" - awk -v RS='Coverage\n-+\n' 'NR>1{print $0}' luacov.report.out | grep -vE "^-|^$" > summary.out - cat summary.out | grep -v "^Total" | awk '{printf "%7d%% %s\n", $4, $1}' | sort -n - cat summary.out | grep "^Total" | awk '{printf "%7d%% %s\n", $4, $1}' From 16625d68fb051f1388b0806fe9ae8294ebaadb85 Mon Sep 17 00:00:00 2001 From: Zachary Hu Date: Fri, 23 Feb 2024 11:35:09 +0800 Subject: [PATCH 3/6] Revert "chore(release): add tzdata to deb images" This reverts commit cbb1c9598a2d0ec15fc90f976a3076570de0d253. --- build/dockerfiles/deb.Dockerfile | 1 - changelog/unreleased/kong/add_tzdata.yml | 3 --- 2 files changed, 4 deletions(-) delete mode 100644 changelog/unreleased/kong/add_tzdata.yml diff --git a/build/dockerfiles/deb.Dockerfile b/build/dockerfiles/deb.Dockerfile index c25cbadd5d53..a55b3706fcf7 100644 --- a/build/dockerfiles/deb.Dockerfile +++ b/build/dockerfiles/deb.Dockerfile @@ -20,7 +20,6 @@ COPY ${KONG_ARTIFACT_PATH}${KONG_ARTIFACT} /tmp/kong.deb RUN apt-get update \ && apt-get -y upgrade \ && apt-get -y autoremove \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata \ && apt-get install -y --no-install-recommends /tmp/kong.deb \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/kong.deb \ diff --git a/changelog/unreleased/kong/add_tzdata.yml b/changelog/unreleased/kong/add_tzdata.yml deleted file mode 100644 index 57bed8aa3faf..000000000000 --- a/changelog/unreleased/kong/add_tzdata.yml +++ /dev/null @@ -1,3 +0,0 @@ -message: | - Add package `tzdata` to DEB Docker image for accurate timezone setting. -type: dependency From de2e261b5c10ff4b3e960cdc3bd48a6614cd0abf Mon Sep 17 00:00:00 2001 From: Zachary Hu Date: Fri, 23 Feb 2024 19:09:57 +0800 Subject: [PATCH 4/6] Revert "Revert "chore(release): add tzdata to deb images"" This reverts commit 39a9e01c85ce3e10b949920b291d65beca1b2147. --- build/dockerfiles/deb.Dockerfile | 1 + changelog/unreleased/kong/add_tzdata.yml | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 changelog/unreleased/kong/add_tzdata.yml diff --git a/build/dockerfiles/deb.Dockerfile b/build/dockerfiles/deb.Dockerfile index a55b3706fcf7..c25cbadd5d53 100644 --- a/build/dockerfiles/deb.Dockerfile +++ b/build/dockerfiles/deb.Dockerfile @@ -20,6 +20,7 @@ COPY ${KONG_ARTIFACT_PATH}${KONG_ARTIFACT} /tmp/kong.deb RUN apt-get update \ && apt-get -y upgrade \ && apt-get -y autoremove \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata \ && apt-get install -y --no-install-recommends /tmp/kong.deb \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/kong.deb \ diff --git a/changelog/unreleased/kong/add_tzdata.yml b/changelog/unreleased/kong/add_tzdata.yml new file mode 100644 index 000000000000..57bed8aa3faf --- /dev/null +++ b/changelog/unreleased/kong/add_tzdata.yml @@ -0,0 +1,3 @@ +message: | + Add package `tzdata` to DEB Docker image for accurate timezone setting. +type: dependency From b4f6ed3452aef6412f1a5eec2aa6b3a4f907888e Mon Sep 17 00:00:00 2001 From: Zachary Hu Date: Fri, 23 Feb 2024 19:27:52 +0800 Subject: [PATCH 5/6] Revert "revert me: run test for all matrices" This reverts commit 1fb7ccfb48064d3ea2719e353e98840d42b1d5fe. --- .github/matrix-commitly.yml | 116 +------- .github/workflows/build_and_test.yml | 416 +++++++++++++++++++++++++++ 2 files changed, 431 insertions(+), 101 deletions(-) create mode 100644 .github/workflows/build_and_test.yml diff --git a/.github/matrix-commitly.yml b/.github/matrix-commitly.yml index 73731bb6e05d..7685340597c3 100644 --- a/.github/matrix-commitly.yml +++ b/.github/matrix-commitly.yml @@ -1,110 +1,24 @@ # please see matrix-full.yml for meaning of each field build-packages: - # label: used to distinguish artifacts for later use - # image: docker image name if the build is running in side a container - # package: package type - # package-type: the nfpm packaging target, //:kong_{package} target; only used when package is rpm - # bazel-args: additional bazel build flags - # check-manifest-suite: the check manifest suite as defined in scripts/explain_manifest/config.py +- label: ubuntu-22.04 + os: ubuntu-22.04 + package: deb + check-manifest-suite: ubuntu-22.04-amd64 - # Ubuntu - - label: ubuntu-20.04 - image: ubuntu:20.04 - package: deb - check-manifest-suite: ubuntu-20.04-amd64 - - label: ubuntu-22.04 - package: deb - check-manifest-suite: ubuntu-22.04-amd64 - - label: ubuntu-22.04-arm64 - package: deb - bazel-args: --platforms=//:generic-crossbuild-aarch64 - check-manifest-suite: ubuntu-22.04-arm64 - # Debian - - label: debian-10 - image: debian:10 - package: deb - check-manifest-suite: debian-10-amd64 - - label: debian-11 - image: debian:11 - package: deb - check-manifest-suite: debian-11-amd64 - - label: debian-12 - image: debian:12 - package: deb - check-manifest-suite: debian-12-amd64 - # RHEL - - label: rhel-7 - image: centos:7 - package: rpm - package-type: el7 - bazel-args: --//:wasmx_el7_workaround=true --//:brotli=False - check-manifest-suite: el7-amd64 - - label: rhel-8 - image: rockylinux:8 - package: rpm - package-type: el8 - check-manifest-suite: el8-amd64 - - label: rhel-9 - image: rockylinux:9 - package: rpm - package-type: el9 - check-manifest-suite: el9-amd64 - - label: rhel-9-arm64 - package: rpm - package-type: el9 - bazel-args: --platforms=//:rhel9-crossbuild-aarch64 --//:brotli=False - check-manifest-suite: el9-arm64 - # Amazon Linux - - label: amazonlinux-2 - image: amazonlinux:2 - package: rpm - package-type: aws2 - check-manifest-suite: amazonlinux-2-amd64 - - label: amazonlinux-2023 - image: amazonlinux:2023 - package: rpm - package-type: aws2023 - check-manifest-suite: amazonlinux-2023-amd64 - - label: amazonlinux-2023-arm64 - package: rpm - package-type: aws2023 - bazel-args: --platforms=//:aws2023-crossbuild-aarch64 --//:brotli=False - check-manifest-suite: amazonlinux-2023-arm64 build-images: - # Only build images for the latest version of each major release. +- label: ubuntu + base-image: ubuntu:22.04 + package: deb + artifact-from: ubuntu-22.04 - # label: used as compose docker image label ${github.sha}-${label} - # base-image: docker image to use as base - # package: package type - # artifact-from: label of build-packages to use - # artifact-from-alt: another label of build-packages to use for downloading package (to build multi-arch image) - # docker-platforms: comma separated list of docker buildx platforms to build for - - # Ubuntu - - label: ubuntu - base-image: ubuntu:22.04 - package: deb - artifact-from: ubuntu-22.04 - artifact-from-alt: ubuntu-22.04-arm64 - docker-platforms: linux/amd64, linux/arm64 - # Debian - - label: debian - base-image: debian:12-slim - package: deb - artifact-from: debian-12 - # RHEL - - label: rhel - base-image: registry.access.redhat.com/ubi9 - package: rpm - rpm_platform: el9 - artifact-from: rhel-9 - artifact-from-alt: rhel-9-arm64 - docker-platforms: linux/amd64, linux/arm64 smoke-tests: - - label: ubuntu +- label: ubuntu + scan-vulnerabilities: - - label: ubuntu +- label: ubuntu + release-packages: + release-images: - - label: ubuntu - package: deb +- label: ubuntu + package: deb diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml new file mode 100644 index 000000000000..8cb47a16550b --- /dev/null +++ b/.github/workflows/build_and_test.yml @@ -0,0 +1,416 @@ +name: Build & Test +on: + pull_request: + paths-ignore: + # ignore markdown files (CHANGELOG.md, README.md, etc.) + - '**/*.md' + - '.github/workflows/release.yml' + - 'changelog/**' + - 'kong.conf.default' + push: + paths-ignore: + # ignore markdown files (CHANGELOG.md, README.md, etc.) + - '**/*.md' + # ignore PRs for the generated COPYRIGHT file + - 'COPYRIGHT' + branches: + - master + - release/* + - test-please/* + workflow_dispatch: + inputs: + coverage: + description: 'Coverage enabled' + required: false + type: boolean + default: false + +# cancel previous runs if new commits are pushed to the PR, but run for each commit on master +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +env: + BUILD_ROOT: ${{ github.workspace }}/bazel-bin/build + KONG_TEST_COVERAGE: ${{ inputs.coverage == true || github.event_name == 'schedule' }} + RUNNER_COUNT: 7 + +jobs: + build: + uses: ./.github/workflows/build.yml + with: + relative-build-root: bazel-bin/build + + lint-and-doc-tests: + name: Lint and Doc tests + runs-on: ubuntu-22.04 + needs: build + + steps: + - name: Bump max open files + run: | + sudo echo 'kong soft nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf + sudo echo 'kong hard nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf + sudo echo "$(whoami) soft nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf + sudo echo "$(whoami) hard nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf + + - name: Checkout Kong source code + uses: actions/checkout@v4 + + - name: Lookup build cache + id: cache-deps + uses: actions/cache@v3 + with: + path: ${{ env.BUILD_ROOT }} + key: ${{ needs.build.outputs.cache-key }} + + - name: Check test-helpers doc generation + run: | + source ${{ env.BUILD_ROOT }}/kong-dev-venv.sh + pushd ./spec && ldoc . + + - name: Check autodoc generation + run: | + source ${{ env.BUILD_ROOT }}/kong-dev-venv.sh + scripts/autodoc + + - name: Lint Lua code + run: | + make lint + + - name: Validate rockspec file + run: | + source ${{ env.BUILD_ROOT }}/kong-dev-venv.sh + scripts/validate-rockspec + + - name: Check spec file misspelling + run: | + scripts/check_spec_files_spelling.sh + + - name: Check labeler configuration + run: scripts/check-labeler.pl .github/labeler.yml + + schedule: + name: Schedule busted tests to run + runs-on: ubuntu-22.04 + needs: build + + env: + WORKFLOW_ID: ${{ github.run_id }} + + outputs: + runners: ${{ steps.generate-runner-array.outputs.RUNNERS }} + + steps: + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Download runtimes file + uses: Kong/gh-storage/download@v1 + env: + GITHUB_TOKEN: ${{ secrets.PAT }} + with: + repo-path: Kong/gateway-action-storage/main/.ci/runtimes.json + + - name: Schedule tests + uses: Kong/gateway-test-scheduler/schedule@69f0c2a562ac44fc3650b8bfa62106b34094b5ce # v3 + with: + test-suites-file: .ci/test_suites.json + test-file-runtime-file: .ci/runtimes.json + output-prefix: test-chunk. + runner-count: ${{ env.RUNNER_COUNT }} + static-mode: ${{ github.run_attempt > 1 }} + + - name: Upload schedule files + uses: actions/upload-artifact@v3 + continue-on-error: true + with: + name: schedule-test-files + path: test-chunk.* + retention-days: 7 + + - name: Generate runner array + id: generate-runner-array + run: | + echo "RUNNERS=[$(seq -s "," 1 $(( "$RUNNER_COUNT" )))]" >> "$GITHUB_OUTPUT" + + busted-tests: + name: Busted test runner ${{ matrix.runner }} + runs-on: ubuntu-22.04 + needs: [build,schedule] + + strategy: + fail-fast: false + matrix: + runner: ${{ fromJSON(needs.schedule.outputs.runners) }} + + services: + postgres: + image: postgres:13 + env: + POSTGRES_USER: kong + POSTGRES_DB: kong + POSTGRES_HOST_AUTH_METHOD: trust + ports: + - 5432:5432 + options: --health-cmd pg_isready --health-interval 5s --health-timeout 5s --health-retries 8 + + grpcbin: + image: kong/grpcbin + ports: + - 15002:9000 + - 15003:9001 + + redis: + image: redis + ports: + - 6379:6379 + - 6380:6380 + options: >- + --name kong_redis + + zipkin: + image: openzipkin/zipkin:2 + ports: + - 9411:9411 + + steps: + - name: Bump max open files + run: | + sudo echo 'kong soft nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf + sudo echo 'kong hard nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf + sudo echo "$(whoami) soft nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf + sudo echo "$(whoami) hard nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf + + - name: Checkout Kong source code + uses: actions/checkout@v4 + + - name: Lookup build cache + id: cache-deps + uses: actions/cache@v3 + with: + path: ${{ env.BUILD_ROOT }} + key: ${{ needs.build.outputs.cache-key }} + + - name: Build WASM Test Filters + uses: ./.github/actions/build-wasm-test-filters + + - name: Add gRPC test host names + run: | + echo "127.0.0.1 grpcs_1.test" | sudo tee -a /etc/hosts + echo "127.0.0.1 grpcs_2.test" | sudo tee -a /etc/hosts + + - name: Enable SSL for Redis + run: | + docker cp ${{ github.workspace }} kong_redis:/workspace + docker cp ${{ github.workspace }}/spec/fixtures/redis/docker-entrypoint.sh kong_redis:/usr/local/bin/docker-entrypoint.sh + docker restart kong_redis + docker logs kong_redis + + - name: Run OpenTelemetry Collector + run: | + mkdir -p ${{ github.workspace }}/tmp/otel + touch ${{ github.workspace }}/tmp/otel/file_exporter.json + sudo chmod 777 -R ${{ github.workspace }}/tmp/otel + docker run -p 4317:4317 -p 4318:4318 -p 55679:55679 \ + -v ${{ github.workspace }}/spec/fixtures/opentelemetry/otelcol.yaml:/etc/otel-collector-config.yaml \ + -v ${{ github.workspace }}/tmp/otel:/etc/otel \ + --name opentelemetry-collector -d \ + otel/opentelemetry-collector-contrib:0.52.0 \ + --config=/etc/otel-collector-config.yaml + sleep 2 + docker logs opentelemetry-collector + + - name: Install AWS SAM cli tool + run: | + curl -L -s -o /tmp/aws-sam-cli.zip https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip + unzip -o /tmp/aws-sam-cli.zip -d /tmp/aws-sam-cli + sudo /tmp/aws-sam-cli/install --update + + - name: Update PATH + run: | + echo "$BUILD_ROOT/kong-dev/bin" >> $GITHUB_PATH + echo "$BUILD_ROOT/kong-dev/openresty/nginx/sbin" >> $GITHUB_PATH + echo "$BUILD_ROOT/kong-dev/openresty/bin" >> $GITHUB_PATH + + - name: Debug (nginx) + run: | + echo nginx: $(which nginx) + nginx -V 2>&1 | sed -re 's/ --/\n--/g' + ldd $(which nginx) + + - name: Debug (luarocks) + run: | + echo luarocks: $(which luarocks) + luarocks --version + luarocks config + + - name: Tune up postgres max_connections + run: | + # arm64 runners may use more connections due to more worker cores + psql -hlocalhost -Ukong kong -tAc 'alter system set max_connections = 5000;' + + - name: Download test schedule file + uses: actions/download-artifact@v3 + with: + name: schedule-test-files + + - name: Generate helper environment variables + run: | + echo FAILED_TEST_FILES_FILE=failed-tests.json >> $GITHUB_ENV + echo TEST_FILE_RUNTIME_FILE=test-runtime.json >> $GITHUB_ENV + + - name: Build & install dependencies + run: | + make dev + + - name: Download test rerun information + uses: actions/download-artifact@v3 + continue-on-error: true + with: + name: test-rerun-info-${{ matrix.runner }} + + - name: Download test runtime statistics from previous runs + uses: actions/download-artifact@v3 + continue-on-error: true + with: + name: test-runtime-statistics-${{ matrix.runner }} + + - name: Run Tests + env: + KONG_TEST_PG_DATABASE: kong + KONG_TEST_PG_USER: kong + KONG_TEST_DATABASE: postgres + KONG_SPEC_TEST_GRPCBIN_PORT: "15002" + KONG_SPEC_TEST_GRPCBIN_SSL_PORT: "15003" + KONG_SPEC_TEST_OTELCOL_FILE_EXPORTER_PATH: ${{ github.workspace }}/tmp/otel/file_exporter.json + DD_ENV: ci + DD_SERVICE: kong-ce-ci + DD_CIVISIBILITY_MANUAL_API_ENABLED: 1 + DD_CIVISIBILITY_AGENTLESS_ENABLED: true + DD_TRACE_GIT_METADATA_ENABLED: true + DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} + uses: Kong/gateway-test-scheduler/runner@69f0c2a562ac44fc3650b8bfa62106b34094b5ce # v3 + with: + tests-to-run-file: test-chunk.${{ matrix.runner }}.json + failed-test-files-file: ${{ env.FAILED_TEST_FILES_FILE }} + test-file-runtime-file: ${{ env.TEST_FILE_RUNTIME_FILE }} + setup-venv-path: ${{ env.BUILD_ROOT }} + + - name: Upload test rerun information + if: always() + uses: actions/upload-artifact@v3 + with: + name: test-rerun-info-${{ matrix.runner }} + path: ${{ env.FAILED_TEST_FILES_FILE }} + retention-days: 2 + + - name: Upload test runtime statistics for offline scheduling + if: always() + uses: actions/upload-artifact@v3 + with: + name: test-runtime-statistics-${{ matrix.runner }} + path: ${{ env.TEST_FILE_RUNTIME_FILE }} + retention-days: 7 + + - name: Archive coverage stats file + uses: actions/upload-artifact@v3 + if: ${{ always() && (inputs.coverage == true || github.event_name == 'schedule') }} + with: + name: luacov-stats-out-${{ github.job }}-${{ github.run_id }}-${{ matrix.runner }} + retention-days: 1 + path: | + luacov.stats.out + + - name: Get kernel message + if: failure() + run: | + sudo dmesg -T + + pdk-tests: + name: PDK tests + runs-on: ubuntu-22.04 + needs: build + + steps: + - name: Bump max open files + run: | + sudo echo 'kong soft nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf + sudo echo 'kong hard nofile 65536' | sudo tee -a /etc/security/limits.d/kong-ci.conf + sudo echo "$(whoami) soft nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf + sudo echo "$(whoami) hard nofile 65536" | sudo tee -a /etc/security/limits.d/kong-ci.conf + + - name: Checkout Kong source code + uses: actions/checkout@v4 + + - name: Lookup build cache + id: cache-deps + uses: actions/cache@v3 + with: + path: ${{ env.BUILD_ROOT }} + key: ${{ needs.build.outputs.cache-key }} + + - name: Install Test::Nginx + run: | + CPAN_DOWNLOAD=./cpanm + mkdir -p $CPAN_DOWNLOAD + curl -o $CPAN_DOWNLOAD/cpanm https://cpanmin.us + chmod +x $CPAN_DOWNLOAD/cpanm + + echo "Installing CPAN dependencies..." + $CPAN_DOWNLOAD/cpanm --notest --local-lib=$HOME/perl5 local::lib && eval $(perl -I $HOME/perl5/lib/perl5/ -Mlocal::lib) + $CPAN_DOWNLOAD/cpanm --notest Test::Nginx + + - name: Tests + env: + TEST_SUITE: pdk + run: | + source ${{ env.BUILD_ROOT }}/kong-dev-venv.sh + if [[ $KONG_TEST_COVERAGE = true ]]; then + export PDK_LUACOV=1 + fi + eval $(perl -I $HOME/perl5/lib/perl5/ -Mlocal::lib) + prove -I. -r t + + - name: Archive coverage stats file + uses: actions/upload-artifact@v3 + if: ${{ always() && (inputs.coverage == true || github.event_name == 'schedule') }} + with: + name: luacov-stats-out-${{ github.job }}-${{ github.run_id }} + retention-days: 1 + path: | + luacov.stats.out + + - name: Get kernel message + if: failure() + run: | + sudo dmesg -T + + cleanup-and-aggregate-stats: + needs: [lint-and-doc-tests,pdk-tests,busted-tests] + name: Cleanup and Luacov stats aggregator + if: ${{ always() && (inputs.coverage == true || github.event_name == 'schedule') }} + runs-on: ubuntu-22.04 + + steps: + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Install requirements + run: | + sudo apt-get update && sudo apt-get install -y luarocks + sudo luarocks install luacov + sudo luarocks install luafilesystem + + # Download all archived coverage stats files + - uses: actions/download-artifact@v3 + + - name: Stats aggregation + shell: bash + run: | + lua .ci/luacov-stats-aggregator.lua "luacov-stats-out-" "luacov.stats.out" ${{ github.workspace }}/ + # The following prints a report with each file sorted by coverage percentage, and the total coverage + printf "\n\nCoverage File\n\n" + awk -v RS='Coverage\n-+\n' 'NR>1{print $0}' luacov.report.out | grep -vE "^-|^$" > summary.out + cat summary.out | grep -v "^Total" | awk '{printf "%7d%% %s\n", $4, $1}' | sort -n + cat summary.out | grep "^Total" | awk '{printf "%7d%% %s\n", $4, $1}' From fc4491d5ed913f7373b46bd9f770b59333ad8553 Mon Sep 17 00:00:00 2001 From: Zachary Hu <6426329+outsinre@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:47:52 +0800 Subject: [PATCH 6/6] Update changelog/unreleased/kong/add_tzdata.yml Co-authored-by: Wangchong Zhou --- changelog/unreleased/kong/add_tzdata.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/unreleased/kong/add_tzdata.yml b/changelog/unreleased/kong/add_tzdata.yml index 57bed8aa3faf..91c8df9c2ad0 100644 --- a/changelog/unreleased/kong/add_tzdata.yml +++ b/changelog/unreleased/kong/add_tzdata.yml @@ -1,3 +1,3 @@ message: | - Add package `tzdata` to DEB Docker image for accurate timezone setting. + Add package `tzdata` to DEB Docker image for convenient timezone setting. type: dependency