fix: remove redundant test-image job from Docker build workflow
This commit is contained in:
GitHub Actions
191
.github/workflows/docker-build.yml
vendored
191
.github/workflows/docker-build.yml
vendored
@@ -722,194 +722,3 @@ jobs:
|
||||
echo "- **Commit**: ${{ env.TRIGGER_HEAD_SHA }}"
|
||||
echo "- **Scan Status**: ${{ steps.trivy-scan.outcome == 'success' && '✅ No critical vulnerabilities' || '❌ Vulnerabilities detected' }}"
|
||||
} >> "$GITHUB_STEP_SUMMARY"
|
||||
|
||||
test-image:
|
||||
name: Test Docker Image
|
||||
needs: build-and-push
|
||||
runs-on: ubuntu-latest
|
||||
if: needs.build-and-push.outputs.skip_build != 'true' && needs.build-and-push.result == 'success' && (github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch')
|
||||
env:
|
||||
# Required for security teardown in integration tests
|
||||
CHARON_EMERGENCY_TOKEN: ${{ secrets.CHARON_EMERGENCY_TOKEN }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
- name: Normalize image name
|
||||
run: |
|
||||
raw="${{ github.repository_owner }}/${{ github.event.repository.name }}"
|
||||
IMAGE_NAME=$(echo "$raw" | tr '[:upper:]' '[:lower:]')
|
||||
echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV"
|
||||
- name: Determine image tag
|
||||
id: tag
|
||||
run: |
|
||||
SHORT_SHA="$(echo "${{ env.TRIGGER_HEAD_SHA }}" | cut -c1-7)"
|
||||
TRIGGER_REF="${{ env.TRIGGER_REF }}"
|
||||
TRIGGER_EVENT="${{ env.TRIGGER_EVENT }}"
|
||||
|
||||
# For PRs, use the pr-{number}-{short-sha} tag generated by metadata-action
|
||||
if [[ "${TRIGGER_EVENT}" == "pull_request" ]]; then
|
||||
PR_NUMBER="${{ env.TRIGGER_PR_NUMBER }}"
|
||||
TAG="pr-${PR_NUMBER}-${SHORT_SHA}"
|
||||
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
|
||||
echo "ℹ️ Using PR tag: ${TAG}"
|
||||
else
|
||||
case "$TRIGGER_REF" in
|
||||
refs/heads/main)
|
||||
echo "tag=latest" >> "$GITHUB_OUTPUT"
|
||||
;;
|
||||
refs/heads/development)
|
||||
echo "tag=dev" >> "$GITHUB_OUTPUT"
|
||||
;;
|
||||
refs/tags/v*)
|
||||
echo "tag=${TRIGGER_REF#refs/tags/v}" >> "$GITHUB_OUTPUT"
|
||||
;;
|
||||
*)
|
||||
echo "tag=${SHORT_SHA}" >> "$GITHUB_OUTPUT"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
- name: Log in to GitHub Container Registry
|
||||
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Pull Docker image
|
||||
run: |
|
||||
IMAGE="${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}"
|
||||
echo "Pulling image: ${IMAGE}"
|
||||
|
||||
if ! docker pull "${IMAGE}"; then
|
||||
echo ""
|
||||
echo "❌ Failed to pull image: ${IMAGE}"
|
||||
echo ""
|
||||
echo "📋 Debugging Information:"
|
||||
echo " Event: ${{ env.TRIGGER_EVENT }}"
|
||||
echo " PR Number: ${{ env.TRIGGER_PR_NUMBER }}"
|
||||
echo " Commit SHA: ${{ env.TRIGGER_HEAD_SHA }}"
|
||||
echo " Tag Generated: ${{ steps.tag.outputs.tag }}"
|
||||
echo " Registry: ${{ env.GHCR_REGISTRY }}"
|
||||
echo " Image Name: ${{ env.IMAGE_NAME }}"
|
||||
echo ""
|
||||
echo " Verify:"
|
||||
echo " 1. build-and-push job completed successfully (check job status)"
|
||||
echo " 2. Tag matches what build-and-push generated (check workflow logs)"
|
||||
echo " 3. Image was pushed to GHCR (check registry)"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ Image pulled successfully: ${IMAGE}"
|
||||
- name: Verify image before proceeding
|
||||
run: |
|
||||
IMAGE="${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}"
|
||||
|
||||
if ! docker image inspect "${IMAGE}" >/dev/null 2>&1; then
|
||||
echo "❌ ERROR: Image not available after pull"
|
||||
echo "Image: ${IMAGE}"
|
||||
docker images
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ Image verified: ${IMAGE}"
|
||||
|
||||
- name: Create Docker Network
|
||||
run: |
|
||||
NETWORK_NAME="charon-test-net"
|
||||
|
||||
# Remove stale network if it exists
|
||||
docker network rm "${NETWORK_NAME}" 2>/dev/null || true
|
||||
|
||||
# Create fresh network
|
||||
if ! docker network create "${NETWORK_NAME}"; then
|
||||
echo "❌ Failed to create Docker network: ${NETWORK_NAME}"
|
||||
docker network ls
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ Docker network created: ${NETWORK_NAME}"
|
||||
|
||||
- name: Run Upstream Service (whoami)
|
||||
run: |
|
||||
docker run -d \
|
||||
--name whoami \
|
||||
--network charon-test-net \
|
||||
traefik/whoami:latest@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab
|
||||
|
||||
- name: Run Charon Container
|
||||
timeout-minutes: 3
|
||||
run: |
|
||||
docker run -d \
|
||||
--name test-container \
|
||||
--network charon-test-net \
|
||||
-p 8080:8080 \
|
||||
-p 80:80 \
|
||||
"${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}"
|
||||
|
||||
# Wait for container to be healthy (max 3 minutes)
|
||||
echo "Waiting for container to start..."
|
||||
timeout 180s bash -c 'until docker exec test-container curl -sf http://localhost:8080/api/v1/health 2>/dev/null | grep -q "status"; do echo "Waiting..."; sleep 2; done' || {
|
||||
echo "❌ Container failed to become healthy"
|
||||
docker logs test-container
|
||||
exit 1
|
||||
}
|
||||
echo "✅ Container is healthy"
|
||||
- name: Run Integration Test
|
||||
timeout-minutes: 5
|
||||
run: .github/skills/scripts/skill-runner.sh integration-test-all
|
||||
|
||||
- name: Check container logs
|
||||
if: always()
|
||||
run: |
|
||||
echo "=== Charon Container Logs ==="
|
||||
docker logs test-container || echo "ERROR: Could not retrieve container logs"
|
||||
|
||||
echo ""
|
||||
echo "=== Docker Container Status ==="
|
||||
docker inspect test-container --format='Status: {{.State.Status}}, Exit Code: {{.State.ExitCode}}' || echo "Container not found"
|
||||
|
||||
echo ""
|
||||
echo "=== CrowdSec Configuration Verification ==="
|
||||
echo "Checking if /etc/crowdsec/config.yaml is accessible in container:"
|
||||
docker exec test-container test -f /etc/crowdsec/config.yaml && echo "✓ config.yaml found" || echo "✗ config.yaml NOT found"
|
||||
|
||||
echo ""
|
||||
echo "Checking CrowdSec symlink:"
|
||||
docker exec test-container ls -la /etc/ | grep crowdsec || echo "No crowdsec entry in /etc"
|
||||
|
||||
echo ""
|
||||
echo "Checking /app/data/crowdsec/config/ contents:"
|
||||
docker exec test-container ls -la /app/data/crowdsec/config/ 2>/dev/null | head -20 || echo "Directory not found or empty"
|
||||
|
||||
echo ""
|
||||
echo "Checking /etc/crowdsec.dist/ contents:"
|
||||
docker exec test-container ls -la /etc/crowdsec.dist/ 2>/dev/null | head -20 || echo "Directory not found or empty"
|
||||
|
||||
- name: Stop container
|
||||
if: always()
|
||||
run: |
|
||||
echo "Cleaning up Docker resources..."
|
||||
|
||||
# Stop and remove containers (continue even if they don't exist)
|
||||
docker stop test-container 2>/dev/null || echo "ℹ️ Container test-container was not running"
|
||||
docker stop whoami 2>/dev/null || echo "ℹ️ Container whoami was not running"
|
||||
docker rm test-container 2>/dev/null || echo "ℹ️ Container test-container not found"
|
||||
docker rm whoami 2>/dev/null || echo "ℹ️ Container whoami not found"
|
||||
|
||||
# Remove network (continue even if it doesn't exist)
|
||||
docker network rm charon-test-net 2>/dev/null || echo "ℹ️ Network charon-test-net not found"
|
||||
|
||||
echo "✅ Cleanup complete"
|
||||
|
||||
- name: Create test summary
|
||||
if: always()
|
||||
run: |
|
||||
{
|
||||
echo "## 🧪 Docker Image Test Results"
|
||||
echo ""
|
||||
echo "- **Image**: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}"
|
||||
echo "- **Integration Test**: ${{ job.status == 'success' && '✅ Passed' || '❌ Failed' }}"
|
||||
} >> "$GITHUB_STEP_SUMMARY"
|
||||
|
||||
Reference in New Issue
Block a user