luigidematteis opened a new pull request, #88:
URL: https://github.com/apache/openserverless-operator/pull/88
## Description
This PR adds a new workflow for testing operator PRs end-to-end.
### Operator PR test workflow (`operator-pr-test.yaml`)
New `repository_dispatch`-driven workflow that receives events from the
operator repo when a maintainer comments `/testing <platform>` on a PR. It:
- Clones the operator PR branch with `--recurse-submodules` (picking up the
`olaris/` task submodule)
- Builds the operator Docker image from the PR code
- Pushes it to GHCR under the testing repo's namespace
(`ghcr.io/<owner>/openserverless-testing:pr-<num>-<sha>`)
- Patches `opsroot.json` to point to the just-built image via `jq`
- Sets `OPS_ROOT` to the submodule path so `ops` uses the PR's task
definitions
- Runs the full acceptance test suite against the specified platform
Uses `${{ github.repository_owner }}` throughout, so the same workflow works
on forks and upstream without changes.
### Secrets and environment variables
- Secrets are loaded at runtime from 1Password vault
`OpenServerless/TESTING` using `1password/load-secrets-action@v2` (Linux/Mac)
and `shyim/1password-load-secrets-action@v1` (Windows)
- The only GitHub Secret required is `OP_SERVICE_ACCOUNT_TOKEN`
(authenticates the 1Password action)
- `NGROK_TOKEN` remains as a GitHub Secret (not stored in 1Password)
- `OPS_REPO` and `OPS_BRANCH` are configurable via repository variables
### SSH via DNS hostnames
- `1-deploy.sh` uses `K3S_AMD_APIHOST` / `K3S_ARM_APIHOST` as the SSH target
### Bug fix in `tests.yaml`
- Fixed platform name parsing for dispatch-based triggers: the sed pattern
was incorrectly stripping platform suffixes (e.g. "amd" from "k3s-amd") when no
timestamp was present
- Removed `branches-ignore: '*'` from the `push` trigger (redundant filter
that caused the workflow to fire on branch pushes)
### Deploy script updates (`tests/1-deploy.sh`)
- k3s-amd/k3s-arm blocks use `K3S_AMD_APIHOST` / `K3S_ARM_APIHOST` for both
`ops config apihost` and `ops setup server` (SSH target)
- SSH connection uses `SSH_USER` variable (defaults to `root`)
- Kubeconfig setup reads from `K8S_KUBECONFIG_B64` for generic K8s platforms
## 1Password vault fields required
```
1Password vault "OpenServerless" / item "TESTING"
├── K3S_AMD_APIHOST DNS FQDN for k3s AMD
├── K3S_ARM_APIHOST DNS FQDN for k3s ARM
├── K8S_KUBECONFIG_B64 Base64-encoded kubeconfig for K8s clusters
├── K8S_APIHOST DNS FQDN for generic K8s
├── ID_RSA_B64 Base64-encoded SSH key for VM access
├── APIHOST Fallback DNS FQDN
└── NGROK_PASSWORD ngrok password (debug)
```
## GitHub Secrets required
| Secret | Purpose |
|---|---|
| `OP_SERVICE_ACCOUNT_TOKEN` | Authenticates 1Password access at runtime |
| `NGROK_TOKEN` | ngrok auth token (debug) |
## Companion PR
This PR works together with a PR on `openserverless-operator` that:
- Adds `openserverless-task` as a git submodule at `olaris/`
- Adds `trigger-testing.yaml` workflow (dispatches `operator-pr-test` events
to this repo)
- Requires `OPENSERVERLESS_TESTING_PAT` secret on the operator repo
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
