E2E next framework init #3337
E2E next framework init #3337
Conversation
adriankabala
changed the title
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
lizardruss
left a comment
lizardruss
left a comment
There was a problem hiding this comment.
lgtm. The setup function for vclusters will get refactored after some changes to the e2e-framework are merged, but OK to merge now.
FabianKramm
left a comment
FabianKramm
left a comment
There was a problem hiding this comment.
We should add a pipeline here that executes these
e2e-next/constants/image.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| DefaultVclusterImage = "ghcr.io/loft-sh/vcluster:0.30.0" |
There was a problem hiding this comment.
Don't think we should hardcode this
Adds a new pipeline to run Ginkgo E2E tests
sydorovdmytro
dismissed stale reviews from lizardruss and sowmyav27
via
87a7f67
sydorovdmytro
requested review from
Piotr1215 and
sydorovdmytro
as code owners
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Parse label filter and check if tests should run | ||
| if: github.repository_owner == 'loft-sh' # do not run on forks | ||
| runs-on: ubuntu-22.04 | ||
|
|
||
| outputs: | ||
| label-filter: ${{ steps.sanitize.outputs.parsed-label-filter || steps.sanitize.outputs.input-label-filter || 'pr' }} | ||
|
|
||
| steps: | ||
| - name: Parse label-filter from PR description | ||
| id: parse | ||
| if: github.event_name == 'pull_request' | ||
| uses: actions-ecosystem/action-regex-match@v2 | ||
| with: | ||
| text: ${{ github.event.pull_request.body || '' }} | ||
| regex: '```\s*label-filter\s*\n(.*?)\n```' | ||
| flags: "gms" | ||
|
|
||
| - name: Parse previous label-filter (for edited PRs) | ||
| id: parse-previous | ||
| if: github.event_name == 'pull_request' && github.event.action == 'edited' | ||
| uses: actions-ecosystem/action-regex-match@v2 | ||
| with: | ||
| text: ${{ github.event.changes.body.from || '' }} | ||
| regex: '```\s*label-filter\s*\n(.*?)\n```' | ||
| flags: "gms" | ||
|
|
||
| - name: Sanitize values | ||
| id: sanitize | ||
| run: | | ||
| # Trim whitespaces and newlines from label filter | ||
| INPUT_LABEL_FILTER=$(echo "${{ inputs.ginkgo-label }}" | awk '{$1=$1; print}' | tr -d '\r\n') | ||
| PARSED_LABEL_FILTER=$(echo "${{ steps.parse.outputs.group1 }}" | awk '{$1=$1; print}' | tr -d '\r\n') | ||
| echo "input-label-filter=${INPUT_LABEL_FILTER}" >> "$GITHUB_OUTPUT" | ||
| echo "parsed-label-filter=${PARSED_LABEL_FILTER}" >> "$GITHUB_OUTPUT" | ||
| detect_changes: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
| needs: [parse_label-filter] | ||
| uses: loft-sh/github-actions/.github/workflows/detect-changes.yaml@v1 | ||
| with: | ||
| paths: | | ||
| - "go.mod" | ||
| - "go.sum" | ||
| - "**.go" | ||
| - "!**_test.go" # exclude test files to ignore unit test changes | ||
| - "test/**" # include test files in e2e again | ||
| - "!**.md" | ||
| - "Dockerfile.release" | ||
| - ".github/workflows/e2e.yaml" | ||
| - "chart/**" | ||
| - "manifests/**" | ||
| build: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
.github/workflows/e2e-ginkgo.yaml
Outdated
| runs-on: ubuntu-latest | ||
| if: github.repository_owner == 'loft-sh' && needs.detect_changes.outputs.has_changed == 'true' | ||
| needs: detect_changes | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v5 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - run: git fetch --force --tags | ||
|
|
||
| - name: Set up Go | ||
| uses: actions/setup-go@v6 | ||
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - name: Setup GoReleaser | ||
| uses: goreleaser/goreleaser-action@v6 | ||
| with: | ||
| install-only: true | ||
| version: latest | ||
|
|
||
| - name: Build and save syncer image | ||
| run: | | ||
| set -x | ||
| # Build syncer | ||
| TELEMETRY_PRIVATE_KEY="" goreleaser build --single-target --snapshot --id vcluster --clean --output ./vcluster | ||
| docker build -t "${{ env.REPOSITORY_NAME }}:${{ env.TAG_NAME }}" -f Dockerfile.release --build-arg TARGETARCH=amd64 --build-arg TARGETOS=linux . | ||
| docker save -o vcluster_syncer "${{ env.REPOSITORY_NAME }}:${{ env.TAG_NAME }}" | ||
| # Build cli | ||
| TELEMETRY_PRIVATE_KEY="" goreleaser build --single-target --snapshot --id vcluster-cli --clean --output ./vcluster | ||
| - name: Upload syncer image to artifact | ||
| uses: actions/upload-artifact@v5 | ||
| with: | ||
| name: vcluster_syncer | ||
| path: ./vcluster_syncer | ||
| retention-days: 1 | ||
|
|
||
| - name: Upload vcluster cli to artifact | ||
| uses: actions/upload-artifact@v5 | ||
| with: | ||
| name: vcluster | ||
| path: ./vcluster | ||
| retention-days: 1 | ||
|
|
||
| vcluster-install-delete: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 days ago
To address the problem, add a permissions block setting the minimum required privileges. If the jobs only need to read contents (which is typically what's required for most build/test workflows), set permissions: contents: read at the workflow root (directly under the name: or alongside on:), so it applies to all jobs that do not specifically override it. If any jobs need additional permissions, you can add per-job permissions blocks with elevated scopes.
To directly fix the detected problem, add
permissions:
contents: readafter the name: line or before on:, which will apply to all jobs in the workflow. No changes are needed elsewhere if contents: read suffices.
| @@ -1,4 +1,6 @@ | ||
| name: vCluster E2E CI (Ginkgo) | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| release: |
.github/workflows/e2e-ginkgo.yaml
Outdated
| needs: detect_changes | ||
| if: needs.detect_changes.outputs.has_changed == 'true' | ||
| name: Download the latest vCluster cli | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: download current cli | ||
| run: | | ||
| curl -L -o vcluster-current "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-linux-amd64" | ||
| - name: Upload vcluster cli to artifact | ||
| uses: actions/upload-artifact@v5 | ||
| with: | ||
| name: vcluster-current | ||
| path: ./vcluster-current | ||
| retention-days: 7 | ||
|
|
||
| upgrade-test: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 days ago
To fix this problem, introduce an explicit permissions block at the top level of the workflow file (.github/workflows/e2e-ginkgo.yaml). This applies to all jobs that do not already declare their own permissions (like ginkgo-e2e-tests). For most CI workflows, the minimum required is contents: read, which covers checking out code and uploading artifacts. If any job needs extra privileges (as in ginkgo-e2e-tests, which needs id-token: write for OIDC), those jobs should retain/add a more permissive block.
Steps:
- Insert a top-level
permissionsblock near the start (aftername:and before or afteron:). - Set the minimal set, typically
contents: read. - Confirm that jobs with enhanced permissions (e.g.,
ginkgo-e2e-tests) retain their job-level block. - No new imports, methods, or package installations are needed.
| @@ -1,5 +1,8 @@ | ||
| name: vCluster E2E CI (Ginkgo) | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| release: | ||
| types: [created] |
What issue type does this pull request address? (keep at least one, remove the others)
/kind test
What does this pull request do? Which issues does it resolve? (use
resolves #<issue_number>if possible)resolves #
ENG-9269
ENG-9939
ENG-9940
ENG-9941
Please provide a short message that should be published in the vcluster release notes
What else do we need to know?
Github workflow pipeline will be added in other PR
Note
Introduce a new Ginkgo-based E2E test suite (vcluster/kind) with workflows, configs, and vendored deps.
e2e-next/with suite setup, vcluster/kind integration, constants (image.go,timeouts.go,cluster.go,vcluster.go), labels, and configs (kind/vcluster YAML).test_core/sync) and deploy flows (test_deploy/*) with supporting manifests./.github/actions/run-ginkgo-e2eand workflows/.github/workflows/e2e-ginkgo.yaml,e2e.yamlto run the E2E suite.Justfile,hack/test.sh, andgolangci.yml; includee2e-next/e2e-kind.config.yaml.go.mod/go.sum; vendor required modules (Ginkgo v2.27, Gomega v1.38, sigs.k8s.io/e2e-framework, golang.org/x/tools, etc.).Written by Cursor Bugbot for commit 2b8e2c3. This will update automatically on new commits. Configure here.