Skip to content

tasso: fix secrets #12486

tasso: fix secrets

tasso: fix secrets #12486

Workflow file for this run

name: CI
env:
# Current supported Python version. For applications, there is generally no
# reason to support multiple Python versions, so all actions are run with
# this version. Quote the version to avoid interpretation as a floating
# point number.
PYTHON_VERSION: "3.13"
"on":
merge_group: {}
pull_request: {}
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up go
uses: actions/setup-go@v5
with:
go-version: '>=1.22'
- name: Install helm-docs
run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.13.1
env:
GOBIN: /usr/local/bin/
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Run pre-commit
uses: pre-commit/action@v3.0.1
test:
runs-on: ubuntu-latest
timeout-minutes: 10
strategy:
matrix:
python:
- "3.11"
- "3.12"
- "3.13"
steps:
- uses: actions/checkout@v4
- uses: lsst-sqre/run-tox@v1
with:
python-version: ${{ matrix.python }}
tox-envs: "typing,py,coverage-report"
tox-requirements: requirements/tox.txt
cache-key-prefix: test
helm:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: azure/setup-helm@v4
with:
# Used to query GitHub for the latest Helm release.
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install helm-unittest plugin
run: helm plugin install https://github.com/helm-unittest/helm-unittest
- name: Run helm unittest
run: helm unittest {applications,charts}/*/tests/..
- uses: lsst-sqre/run-tox@v1
with:
python-version: ${{ env.PYTHON_VERSION }}
tox-envs: phalanx-lint-change
tox-requirements: requirements/tox.txt
cache-key-prefix: helm
# The minikube job always runs, but it quickly does nothing if no files that
# would affect minikube were changed. This unfortunately requires a lot of
# if conditionals on all the steps of the job, but we need the job to run so
# that we can make it mandatory before merging, which in turn allows us to
# use merge queues.
minikube:
name: Test deploy
runs-on: ubuntu-latest
timeout-minutes: 30
needs: [helm]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Filter paths
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
minikube:
- ".github/workflows/ci.yaml"
- "applications/{argocd,gafaelfawr,ingress-nginx,mobu,postgres,vault-secrets-operator}/Chart.yaml"
- "applications/{argocd,gafaelfawr,ingress-nginx,mobu,postgres,vault-secrets-operator}/templates/**"
- "applications/{argocd,gafaelfawr,ingress-nginx,mobu,postgres,vault-secrets-operator}/values.yaml"
- "applications/{argocd,gafaelfawr,ingress-nginx,mobu,postgres,vault-secrets-operator}/values-minikube.yaml"
- "environments/Chart.yaml"
- "environments/templates/applications/infrastructure/*"
- "environments/values-minikube.yaml"
- "src/phalanx/**"
- name: Download installer dependencies
if: steps.filter.outputs.minikube == 'true'
run: |
curl -sSL -o /tmp/vault.zip https://releases.hashicorp.com/vault/1.18.3/vault_1.18.3_linux_amd64.zip
unzip /tmp/vault.zip
sudo mv vault /usr/local/bin/vault
sudo chmod +x /usr/local/bin/vault
sudo curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.13.3/argocd-linux-amd64
sudo chmod +x /usr/local/bin/argocd
sudo apt-get install socat
- name: Setup Minikube
if: steps.filter.outputs.minikube == 'true'
uses: medyagh/setup-minikube@latest
with:
cpus: max
memory: 5500m # Linux virtual machines have 7GB of RAM
- name: Test interaction with the cluster
if: steps.filter.outputs.minikube == 'true'
run: kubectl get nodes
- uses: lsst-sqre/run-tox@v1
if: steps.filter.outputs.minikube == 'true'
timeout-minutes: 15
with:
python-version: ${{ env.PYTHON_VERSION }}
tox-envs: install
tox-requirements: requirements/tox.txt
tox-posargs: >-
--force-noninteractive
--vault-role-id=${{ secrets.MINIKUBE_VAULT_ROLE_ID }}
--vault-secret-id=${{ secrets.MINIKUBE_VAULT_SECRET_ID }}
minikube
cache-key-prefix: test
- name: Get final list of resources
if: steps.filter.outputs.minikube == 'true'
run: |
kubectl get all -A
kubectl get ingress -A
- name: Wait for all applications to be healthy
timeout-minutes: 15
if: steps.filter.outputs.minikube == 'true'
run: |
argocd app wait -l "argocd.argoproj.io/instance=science-platform" \
--port-forward \
--port-forward-namespace argocd \
--timeout 300