Github Actions workflow (#18617)

Signed-off-by: Roman Tkachenko <roman@goteleport.com> Co-authored-by: Victor Sokolov <gzigzigzeo@gmail.com>
2024-10-19 00:33:50 +00:00 · 2022-11-22 13:55:26 -08:00 · 2022-11-22 13:55:26 -08:00 · 3fd1cca5b2
parent b85de1a7ee
commit 3fd1cca5b2
18 changed files with 573 additions and 3 deletions
--- a/.github/actions/prepare-workspace/action.yml
+++ b/.github/actions/prepare-workspace/action.yml
@ -0,0 +1,47 @@
+name: Prepare Teleport workspace
+description: Prepares Teleport workspace folder
+inputs:
+  cache_key:
+    description: Cache infix used in cache actions
+    required: false
+    default: ${{ github.workflow }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Mark workspace as git safe.directory
+      shell: bash
+      run: |
+        git config --global --add safe.directory ${GITHUB_WORKSPACE}
+        git config --global --add safe.directory ${GITHUB_WORKSPACE}/webassets
+
+    - name: Fetch go cache paths
+      id: go-cache-paths
+      shell: bash
+      run: |
+        echo "go-build=$(go env GOCACHE)" >> $GITHUB_OUTPUT
+        echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT
+
+    - name: Go build cache
+      uses: actions/cache@v3
+      with:
+        path: ${{ steps.go-cache-paths.outputs.go-build }}
+        key: ${{ runner.os }}-go-build-${{ inputs.cache_key }}-${{ hashFiles('**/go.sum') }}
+        restore-keys: ${{ runner.os }}-go-build-${{ inputs.cache_key }}-
+
+    - name: Go mod cache
+      uses: actions/cache@v3
+      with:
+        path: ${{ steps.go-cache-paths.outputs.go-mod }}
+        key: ${{ runner.os }}-go-mod-${{ inputs.cache_key }}-${{ hashFiles('**/go.sum') }}
+        restore-keys: ${{ runner.os }}-go-mod-${{ inputs.cache_key }}-
+
+    - name: Rust cargo cache
+      uses: actions/cache@v3
+      with:
+        path: |
+          ${{ github.workspace }}/target
+          /usr/local/cargo/registry
+          /usr/local/cargo/git
+        key: ${{ runner.os }}-cargo-${{ inputs.cache_key }}-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: ${{ runner.os }}-cargo-${{ inputs.cache_key }}-
--- a/.github/services/Dockerfile.etcd
+++ b/.github/services/Dockerfile.etcd
@ -0,0 +1,20 @@
+ARG BUILDARCH
+ARG ETCD_VERSION
+
+FROM bitnami/etcd:${ETCD_VERSION}
+
+COPY examples/etcd/certs /certs
+
+HEALTHCHECK CMD etcdctl --insecure-discovery --endpoint=https://etcd0:2379 --key-file /certs/client-key.pem --cert-file /certs/client-cert.pem --ca-file /certs/ca-cert.pem cluster-health
+
+EXPOSE 2379 2380
+
+ENTRYPOINT /opt/bitnami/etcd/bin/etcd --name teleportstorage \
+    --initial-cluster-state new \
+    --cert-file /certs/server-cert.pem \
+    --key-file /certs/server-key.pem \
+    --trusted-ca-file /certs/ca-cert.pem \
+    --advertise-client-urls=https://127.0.0.1:2379 \
+    --listen-client-urls=https://0.0.0.0:2379 \
+    --client-cert-auth \
+    --debug
--- a/.github/workflows/build-ci-service-images.yaml
+++ b/.github/workflows/build-ci-service-images.yaml
@ -0,0 +1,64 @@
+name: Build CI Service Images
+run-name: Build CI Service Images
+on:
+  push:
+    paths:
+      - .github/services/Dockerfile.*
+      - examples/etcd/certs/*.pem
+    branches:
+      - master
+  pull_request:
+    paths:
+      - .github/services/Dockerfile.*
+      - examples/etcd/certs/*.pem
+    branches:
+      - master
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: gravitational/ci-etcd
+  ETCD_VERSION: 3.3.9
+
+jobs:
+  build:
+    name: Build CI Services Images
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout Teleport
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build etcd image
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: ${{ github.workspace }}
+          file: .github/services/Dockerfile.etcd
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.ETCD_VERSION }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            ETCD_VERSION=${{ env.ETCD_VERSION }}
+          push: true
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
--- a/.github/workflows/doc-tests.yaml
+++ b/.github/workflows/doc-tests.yaml
@ -0,0 +1,24 @@
+name: Lint (Docs)
+run-name: Lint (Docs)
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  doc-tests:
+    name: Lint (Docs)
+    runs-on: ubuntu-latest
+
+    container:
+      image: public.ecr.aws/gravitational/docs:latest
+      volumes:
+        - ${{ github.workspace }}:/src/content
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Run tests
+        run: cd /src/content && yarn markdown-lint
--- a/.github/workflows/integration-tests-non-root.yaml
+++ b/.github/workflows/integration-tests-non-root.yaml
@ -0,0 +1,60 @@
+name: Integration Tests (Non-root)
+run-name: Integration Tests (Non-root) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      - '**.go'
+      - 'go.mod'
+      - 'go.sum'
+
+jobs:
+  test:
+    name: Integration Tests (Non-root)
+    runs-on: ubuntu-22.04-16core
+
+    permissions:
+      contents: read
+      id-token: write
+      packages: read
+
+    container:
+      image: public.ecr.aws/gravitational/teleport-buildbox:teleport12
+      env:
+        TELEPORT_ETCD_TEST: yes
+        TELEPORT_ETCD_TEST_ENDPOINT: https://etcd0:2379
+      options: --cap-add=SYS_ADMIN --privileged
+
+    services:
+      etcd0:
+        image: ghcr.io/gravitational/ci-etcd:3.3.9
+        options: >-
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+          --add-host etcd0:127.0.0.1
+        ports:
+          - 2379:2379
+          - 2380:2380
+          - 3379:3379
+
+    steps:
+      - name: Checkout Teleport
+        uses: actions/checkout@v3
+
+      - name: Prepare workspace
+        uses: ./.github/actions/prepare-workspace
+
+      - name: Chown
+        run: |
+          mkdir -p $(go env GOMODCACHE)
+          mkdir -p $(go env GOCACHE)
+          chown -Rf ci:ci ${GITHUB_WORKSPACE} $(go env GOMODCACHE) $(go env GOCACHE)
+        continue-on-error: true
+
+      - name: Run tests
+        timeout-minutes: 40
+        run: runuser -u ci -g ci make rdpclient integration
--- a/.github/workflows/integration-tests-root.yaml
+++ b/.github/workflows/integration-tests-root.yaml
@ -0,0 +1,37 @@
+name: Integration Tests (Root)
+run-name: Integration Tests (Root) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      - '**.go'
+      - 'go.mod'
+      - 'go.sum'
+
+jobs:
+  test:
+    name: Integration Tests (Root)
+    runs-on: ubuntu-22.04-16core
+
+    permissions:
+      contents: read
+      id-token: write
+
+    container:
+      image: public.ecr.aws/gravitational/teleport-buildbox:teleport12
+      options: --cap-add=SYS_ADMIN --privileged
+
+    steps:
+      - name: Checkout Teleport
+        uses: actions/checkout@v3
+
+      - name: Prepare workspace
+        uses: ./.github/actions/prepare-workspace
+
+      - name: Run tests
+        timeout-minutes: 40
+        run: |
+          make rdpclient integration-root
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@ -0,0 +1,24 @@
+name: Lint (Go)
+run-name: make lint
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  lint:
+    name: Lint (Go)
+    runs-on: ubuntu-22.04-16core
+
+    container:
+      image: public.ecr.aws/gravitational/teleport-buildbox:teleport12
+      env:
+        GO_LINT_FLAGS: --timeout=15m
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Run linter
+        run: make lint
--- a/.github/workflows/os-compatibility-test.yaml
+++ b/.github/workflows/os-compatibility-test.yaml
@ -0,0 +1,55 @@
+name: OS Compatibility Test
+run-name: OS Compatibility Test
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  build:
+    name: Build Artifacts
+    runs-on: ubuntu-22.04-16core
+    container:
+      image: public.ecr.aws/gravitational/teleport-buildbox-centos7:teleport12
+      env:
+        GOCACHE: /tmp/gocache
+
+    steps:
+      - name: Checkout Teleport
+        uses: actions/checkout@v3
+
+      - name: Prepare workspace
+        uses: ./.github/actions/prepare-workspace
+
+      - name: Run make
+        run: |
+          make build/tctl build/tsh build/tbot build/teleport
+
+      - name: Upload binaries
+        uses: actions/upload-artifact@v3
+        with:
+          name: build
+          path: ${{ github.workspace }}/build/
+
+  test-compat:
+    needs: build
+    name: Run Compatibility Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Download binaries
+        uses: actions/download-artifact@v3
+        with:
+          name: build
+          path: ${{ github.workspace }}/build
+
+      - name: chmod +x
+        run: chmod +x ${GITHUB_WORKSPACE}/build/*
+
+      - name: Run compat matrix
+        timeout-minutes: 10
+        run: |
+          cd ${GITHUB_WORKSPACE} && ./build.assets/build-test-compat.sh
--- a/.github/workflows/unit-tests-code-bypass.yaml
+++ b/.github/workflows/unit-tests-code-bypass.yaml
@ -0,0 +1,14 @@
+name: Unit Tests (Go)
+run-name: Unit Tests (Go) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  pull_request:
+    paths-ignore:
+      - '**.go'
+
+jobs:
+  test:
+    name: Unit Tests (Go)
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No changes to verify"'
--- a/.github/workflows/unit-tests-code.yaml
+++ b/.github/workflows/unit-tests-code.yaml
@ -0,0 +1,58 @@
+name: Unit Tests (Go)
+run-name: Unit Tests (Go) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      - '**.go'
+      - 'go.mod'
+      - 'go.sum'
+
+jobs:
+  test:
+    name: Unit Tests (Go)
+    runs-on: ubuntu-22.04-32core
+
+    permissions:
+      contents: read
+      id-token: write
+      packages: read
+
+    container:
+      image: public.ecr.aws/gravitational/teleport-buildbox:teleport12
+      env:
+        TELEPORT_ETCD_TEST: yes
+        TELEPORT_ETCD_TEST_ENDPOINT: https://etcd0:2379
+        TELEPORT_XAUTH_TEST: yes
+        TELEPORT_BPF_TEST: yes
+      options: --cap-add=SYS_ADMIN --privileged
+
+    services:
+      etcd0:
+        image: ghcr.io/gravitational/ci-etcd:3.3.9
+        options: >-
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+          --add-host etcd0:127.0.0.1
+        ports:
+          - 2379:2379
+          - 2380:2380
+          - 3379:3379
+
+    steps:
+      - name: Checkout Teleport
+        uses: actions/checkout@v3
+
+      - name: Prepare workspace
+        uses: ./.github/actions/prepare-workspace
+
+      - name: Mount debugfs
+        run: mount -t debugfs none /sys/kernel/debug/
+
+      - name: Run tests
+        timeout-minutes: 40
+        run: make test-go test-sh test-api
--- a/.github/workflows/unit-tests-helm-bypass.yaml
+++ b/.github/workflows/unit-tests-helm-bypass.yaml
@ -0,0 +1,15 @@
+# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks
+name: Unit Tests (Helm)
+run-name: Unit Tests (Helm) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  pull_request:
+    paths-ignore:
+      - 'examples/chart/**'
+
+jobs:
+  test:
+    name: Unit Tests (Helm)
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No changes to verify"'
--- a/.github/workflows/unit-tests-helm.yaml
+++ b/.github/workflows/unit-tests-helm.yaml
@ -0,0 +1,28 @@
+name: Unit Tests (Helm)
+run-name: Unit Tests (Helm) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      - 'examples/chart/**'
+
+jobs:
+  test:
+    name: Unit Tests (Helm)
+    runs-on: ubuntu-latest
+
+    container:
+      image: public.ecr.aws/gravitational/teleport-buildbox:teleport12
+      env:
+        HELM_PLUGINS: /root/.local/share/helm/plugins
+
+    steps:
+      - name: Checkout Teleport
+        uses: actions/checkout@v3
+
+      - name: Run tests
+        timeout-minutes: 40
+        run: make test-helm
--- a/.github/workflows/unit-tests-operator-bypass.yaml
+++ b/.github/workflows/unit-tests-operator-bypass.yaml
@ -0,0 +1,18 @@
+name: Unit Tests (Operator)
+run-name: Unit Tests (Operator) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  pull_request:
+    paths-ignore:
+      - /go.mod
+      - /go.sum
+      - operator/**
+      - api/types/**
+      - lib/tbot/**
+
+jobs:
+  test:
+    name: Unit Tests (Operator)
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No changes to verify"'
--- a/.github/workflows/unit-tests-operator.yaml
+++ b/.github/workflows/unit-tests-operator.yaml
@ -0,0 +1,34 @@
+name: Unit Tests (Operator)
+run-name: Unit Tests (Operator) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      - /go.mod
+      - /go.sum
+      - operator/**
+      - api/types/**
+      - lib/tbot/**
+
+jobs:
+  test:
+    name: Unit Tests (Operator)
+    runs-on: ubuntu-latest
+
+    container:
+      image: public.ecr.aws/gravitational/teleport-buildbox:teleport12
+      options: --cap-add=SYS_ADMIN --privileged
+
+    steps:
+      - name: Checkout Teleport
+        uses: actions/checkout@v3
+
+      - name: Prepare workspace
+        uses: ./.github/actions/prepare-workspace
+
+      - name: Run tests
+        timeout-minutes: 40
+        run: make test-operator
--- a/.github/workflows/unit-tests-rust-bypass.yaml
+++ b/.github/workflows/unit-tests-rust-bypass.yaml
@ -0,0 +1,16 @@
+name: Unit Tests (Rust)
+run-name: Unit Tests (Rust) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  pull_request:
+    paths-ignore:
+      - '**.rs'
+      - 'Cargo.toml'
+      - 'Cargo.lock'
+
+jobs:
+  test:
+    name: Unit Tests (Rust)
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No changes to verify"'
--- a/.github/workflows/unit-tests-rust.yaml
+++ b/.github/workflows/unit-tests-rust.yaml
@ -0,0 +1,38 @@
+name: Unit Tests (Rust)
+run-name: Unit Tests (Rust) - ${{ github.run_id }} - @${{ github.actor }}
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      - '**.rs'
+      - 'Cargo.toml'
+      - 'Cargo.lock'
+
+jobs:
+  test:
+    name: Unit Tests (Rust)
+    runs-on: ubuntu-latest
+    container:
+      image: public.ecr.aws/gravitational/teleport-buildbox:teleport12
+      options: --cap-add=SYS_ADMIN --privileged
+
+    steps:
+      - name: Checkout Teleport
+        uses: actions/checkout@v3
+
+      - name: Rust cargo cache
+        uses: actions/cache@v3
+        with:
+          path: |
+            ${{ github.workspace }}/target
+            /usr/local/cargo/registry
+            /usr/local/cargo/git
+          key: ${{ runner.os }}-cargo-${{ github.workflow }}-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-cargo-${{ github.workflow }}-
+
+      - name: Run tests
+        timeout-minutes: 40
+        run: make test-rust
--- a/integration/hsm/hsm_test.go
+++ b/integration/hsm/hsm_test.go
@ -306,7 +306,7 @@ func etcdBackendConfig(t *testing.T) *backend.Config {
 	cfg := &backend.Config{
 		Type: "etcd",
 		Params: backend.Params{
-			"peers":         []string{"https://127.0.0.1:2379"},
+			"peers":         []string{etcdTestEndpoint()},
 			"prefix":        prefix,
 			"tls_key_file":  "../../examples/etcd/certs/client-key.pem",
 			"tls_cert_file": "../../examples/etcd/certs/client-cert.pem",
@ -323,6 +323,15 @@ func etcdBackendConfig(t *testing.T) *backend.Config {
 	return cfg
 }

+// etcdTestEndpoint returns etcd host used in tests.
+func etcdTestEndpoint() string {
+	host := os.Getenv("TELEPORT_ETCD_TEST_ENDPOINT")
+	if host != "" {
+		return host
+	}
+	return "https://127.0.0.1:2379"
+}
+
 func liteBackendConfig(t *testing.T) *backend.Config {
 	return &backend.Config{
 		Type: lite.GetName(),
--- a/lib/backend/etcdbk/etcd_test.go
+++ b/lib/backend/etcdbk/etcd_test.go
@ -45,7 +45,7 @@ func TestMain(m *testing.M) {

 // commonEtcdParams holds the common etcd configuration for all tests.
 var commonEtcdParams = backend.Params{
-	"peers":         []string{"https://127.0.0.1:2379"},
+	"peers":         []string{etcdTestEndpoint()},
 	"prefix":        examplePrefix,
 	"tls_key_file":  "../../../examples/etcd/certs/client-key.pem",
 	"tls_cert_file": "../../../examples/etcd/certs/client-cert.pem",
@ -174,7 +174,7 @@ func TestCompareAndSwapOversizedValue(t *testing.T) {
 	// setup
 	const maxClientMsgSize = 128
 	bk, err := New(context.Background(), backend.Params{
-		"peers":                          []string{"https://127.0.0.1:2379"},
+		"peers":                          []string{etcdTestEndpoint()},
 		"prefix":                         "/teleport",
 		"tls_key_file":                   "../../../examples/etcd/certs/client-key.pem",
 		"tls_cert_file":                  "../../../examples/etcd/certs/client-cert.pem",
@ -247,6 +247,15 @@ func etcdTestEnabled() bool {
 	return os.Getenv("TELEPORT_ETCD_TEST") != ""
 }

+// Returns etcd host used in tests
+func etcdTestEndpoint() string {
+	host := os.Getenv("TELEPORT_ETCD_TEST_ENDPOINT")
+	if host != "" {
+		return host
+	}
+	return "https://127.0.0.1:2379"
+}
+
 func (r blockingFakeClock) Advance(d time.Duration) {
 	if d < 0 {
 		panic("Invalid argument, negative duration")