policy: Do not store policy reference in Cilium socket option #1528
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI run integration tests | |
on: | |
pull_request_target: | |
types: [opened, synchronize, reopened] | |
# By specifying the access of one of the scopes, all of those that are not specified are set to 'none'. | |
permissions: | |
# To be able to access the repository with actions/checkout | |
contents: read | |
jobs: | |
proxylib: | |
timeout-minutes: 360 | |
name: Run unit tests for proxylib | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
# renovate: datasource=golang-version depName=go | |
go-version: 1.23.3 | |
- name: Checkout code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: Check module vendoring | |
run: | | |
go mod tidy | |
go mod vendor | |
test -z "$(git status --porcelain)" || (echo "please run 'go mod tidy && go mod vendor', and submit your changes"; exit 1) | |
- name: Run unit tests | |
run: | | |
make -C proxylib test | |
tests: | |
timeout-minutes: 360 | |
name: Run integration tests on amd64 | |
runs-on: ubuntu-latest-64-cores-256gb | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
- name: Login to quay.io | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_ENVOY_USERNAME_DEV }} | |
password: ${{ secrets.QUAY_ENVOY_PASSWORD_DEV }} | |
- name: Cache Docker layers | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: /tmp/buildx-cache | |
key: docker-cache-tests | |
restore-keys: docker-cache-main | |
- name: Checkout PR Source Code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
persist-credentials: false | |
- name: Prep for build | |
run: | | |
echo "${{ github.event.pull_request.head.sha }}" >SOURCE_VERSION | |
echo "ENVOY_VERSION=$(cat ENVOY_VERSION)" >> $GITHUB_ENV | |
echo "BUILDER_DOCKER_HASH=$(git ls-tree --full-tree HEAD -- ./Dockerfile.builder.tests | awk '{ print $3 }')" >> $GITHUB_ENV | |
- name: Checking if cilium-envoy-builder image exists | |
id: cilium-builder-tests-tag-in-repositories | |
shell: bash | |
run: | | |
if docker buildx imagetools inspect quay.io/${{ github.repository_owner }}/cilium-envoy-builder-dev:test-${{ env.BUILDER_DOCKER_HASH }} &>/dev/null; then | |
echo exists="true" >> $GITHUB_OUTPUT | |
else | |
echo exists="false" >> $GITHUB_OUTPUT | |
fi | |
- name: PR Multi-arch build & push of Builder image (dev) | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
if: steps.cilium-builder-tests-tag-in-repositories.outputs.exists == 'false' | |
id: docker_build_builder_tests_ci | |
with: | |
provenance: false | |
context: . | |
file: ./Dockerfile.builder.tests | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: quay.io/${{ github.repository_owner }}/cilium-envoy-builder-dev:test-${{ env.BUILDER_DOCKER_HASH }} | |
- name: Run integration tests on amd64 | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
id: docker_tests_ci | |
with: | |
provenance: false | |
context: . | |
file: ./Dockerfile.tests | |
platforms: linux/amd64 | |
build-args: | | |
BUILDER_BASE=quay.io/${{ github.repository_owner }}/cilium-envoy-builder-dev:test-${{ env.BUILDER_DOCKER_HASH }} | |
ARCHIVE_IMAGE=quay.io/${{ github.repository_owner }}/cilium-envoy-builder:test-main-archive-latest | |
BAZEL_BUILD_OPTS=--remote_upload_local_results=false | |
BAZEL_TEST_OPTS=--test_timeout=300 --local_test_jobs=1 --flaky_test_attempts=3 | |
cache-from: type=local,src=/tmp/buildx-cache | |
push: false |