ci: tear-down PR dev cluster and children #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Workflow | |
| on: | |
| pull_request: | |
| types: | |
| - synchronize | |
| - closed | |
| defaults: | |
| run: | |
| working-directory: go/src/github.com/stackrox/infra | |
| concurrency: pr-${{ github.ref }} | |
| env: | |
| CLUSTER_NAME: infra-pr-${{ github.event.pull_request.number }} | |
| GH_TOKEN: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }} | |
| jobs: | |
| destroy: | |
| runs-on: ubuntu-latest | |
| env: | |
| KUBECONFIG: /tmp/kubeconfig | |
| INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | |
| INFRACTL: bin/infractl -k -e localhost:8443 | |
| USE_GKE_GCLOUD_AUTH_PLUGIN: "True" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| path: go/src/github.com/stackrox/infra | |
| - name: Authenticate to GCloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.INFRA_CI_AUTOMATION_GCP_SA }} | |
| - name: Set up Cloud SDK | |
| uses: "google-github-actions/setup-gcloud@v2" | |
| with: | |
| install_components: "gke-gcloud-auth-plugin" | |
| - name: Download production infractl | |
| uses: stackrox/actions/infra/install-infractl@v1 | |
| - name: Wait for cluster | |
| run: | | |
| set +e | |
| set -x | |
| set -o pipefail | |
| for I in {1..60}; do | |
| ~/.local/bin/infractl get "$CLUSTER_NAME" | tee >( cat >&2 ) | grep READY && break || echo $? | |
| sleep 60 | |
| done | |
| for I in {1..60}; do | |
| kubectl -n infra rollout status deploy/infra-server-service --timeout=60s && break || echo $? | |
| sleep 60 | |
| done | |
| - name: create test clusters | |
| env: | |
| INFRA_TOKEN: ${{ secrets.INFRA_TOKEN_DEV }} | |
| run: | | |
| set +e | |
| set -x | |
| kubectl -n infra port-forward svc/infra-server-service 8443:8443 > /dev/null 2>&1 & | |
| sleep 10 | |
| $INFRACTL create gke-default tstlonglifer --lifespan 8h | |
| $INFRACTL create gke-default tstshortlifer --lifespan 30s | |
| $INFRACTL create gke-default tstexpired --lifespan 20m | |
| $INFRACTL create gke-default tstdestroyed --lifespan 2h | |
| $INFRACTL create rosahcp tstrosahcp --lifespan 45m | |
| $INFRACTL delete tstdestroyed --json | |
| $INFRACTL list --all --expired --quiet | |
| kill %1 | |
| - name: Download artifacts | |
| run: | | |
| ~/.local/bin/infractl artifacts "$CLUSTER_NAME" -d /tmp/ >> "$GITHUB_STEP_SUMMARY" | |
| kubectl get nodes -o wide || true | |
| - name: Download branch infractl | |
| run: | | |
| kubectl -n infra port-forward svc/infra-server-service 8443:8443 > /dev/null 2>&1 & | |
| sleep 10 | |
| kubectl -n infra logs -l app=infra-server --tail=-1 | |
| make pull-infractl-from-dev-server | |
| kill %1 | |
| - name: Destroy created clusters still running | |
| env: | |
| INFRA_TOKEN: ${{ secrets.INFRA_TOKEN_DEV }} | |
| run: | | |
| set -x | |
| set +e | |
| kubectl -n infra port-forward svc/infra-server-service 8443:8443 > /dev/null 2>&1 & | |
| sleep 10 | |
| $INFRACTL version | |
| echo 'For 30 minutes, list and delete child clusters that are not failed.' | |
| for I in {1..30}; do | |
| $INFRACTL list --all --expired --quiet | |
| if [[ $($INFRACTL list --all --expired --status='READY,CREATING,DESTROYING' | tee >(cat >&2) | wc -l) -gt 0 ]]; then | |
| echo 'Active clusters found. Deleting ...' | |
| else | |
| echo 'No active clusters found.' | |
| break | |
| fi | |
| # shellcheck disable=SC2086 | |
| $INFRACTL list --all --expired --status='READY,FAILED,CREATING' | grep '^[^ ]' \ | |
| | xargs -I{} $INFRACTL delete {} | |
| echo "(sleep 1 minute then check again. try $I/30)" | |
| sleep 60 | |
| done | |
| for I in {1..10}; do | |
| $INFRACTL list --all --expired --quiet | |
| count=$($INFRACTL list --all --expired --status='READY,CREATING,DESTROYING' | tee >(cat >&2) | wc -l) | |
| if [[ $count -gt 0 ]]; then | |
| echo 'Active clusters found. Deleting ...' | |
| else | |
| echo 'No active clusters found.' | |
| break | |
| fi | |
| # shellcheck disable=SC2086 | |
| $INFRACTL list --all --expired --status='READY,FAILED,CREATING' | grep '^[^ ]' \ | |
| | xargs -I{} $INFRACTL delete {} | |
| echo "(sleep 1 minute then check again. try $I/30)" | |
| sleep 60 | |
| done | |
| for I in {1..10}; do | |
| $INFRACTL list --all --expired | |
| count=0 | |
| for cluster in $($INFRACTL list --all --quiet --expired --status='READY,CREATING,DESTROYING'); do | |
| echo "$(( ++ count )): ${cluster}" | |
| done | |
| if [[ $count -gt 0 ]]; then | |
| echo 'Active clusters found. Deleting ...' | |
| else | |
| echo 'No active clusters found.' | |
| break | |
| fi | |
| # shellcheck disable=SC2086 | |
| $INFRACTL list --all --expired --status='READY,FAILED,CREATING' | grep '^[^ ]' \ | |
| | xargs -I{} $INFRACTL delete {} | |
| echo "(sleep 1 minute then check again. try $I/30)" | |
| sleep 60 | |
| done | |
| kill %1 | |
| - name: Destroy PR dev cluster | |
| run: | | |
| echo "would now run:" ~/.local/bin/infractl delete "$CLUSTER_NAME" |