cncf-conformance #152
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cncf-conformance | |
| # Workflow to run CNCF conformance tests on MicroShift upstream latest release | |
| # | |
| # This workflow runs the CNCF conformance test suite using Sonobuoy in 'certified-conformance' | |
| # mode for official Kubernetes conformance certification. | |
| on: | |
| schedule: | |
| - cron: '0 4 * * *' # Daily at 04:00 UTC | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| default: "latest" | |
| description: MicroShift version to test (e.g., 4.21.0_ga9cd00b34_4.21.0_okd_scos.ec.5 or 'latest' for most recent release) | |
| type: string | |
| registry: | |
| default: "ghcr.io/microshift-io" | |
| description: Container registry to pull bootc images from | |
| type: string | |
| test-timeout: | |
| default: "8400" | |
| description: Sonobuoy test timeout in seconds (8400 = ~2.5 hours) | |
| type: string | |
| env: | |
| VERSION: ${{ github.event.inputs.version || 'latest' }} | |
| REGISTRY: ${{ github.event.inputs.registry || 'ghcr.io/microshift-io' }} | |
| TEST_TIMEOUT: ${{ github.event.inputs.test-timeout || '8400' }} | |
| jobs: | |
| cncf-conformance: | |
| if: github.event_name != 'schedule' || github.repository == 'microshift-io/microshift' | |
| strategy: | |
| matrix: | |
| runners: [ubuntu-24.04, ubuntu-24.04-arm] | |
| name: Run CNCF conformance tests (${{ matrix.runners }}) | |
| runs-on: ${{ matrix.runners }} | |
| steps: | |
| - name: Check out MicroShift upstream repository | |
| uses: actions/checkout@v4 | |
| - name: Detect CPU architecture | |
| id: detect-cpu-arch | |
| uses: ./.github/actions/arch | |
| - name: Prepare the test environment | |
| uses: ./.github/actions/prebuild | |
| - name: Pull pre-built bootc image | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| # Update the 'latest' tag to the latest released version from the | |
| # MicroShift GitHub repository. | |
| # Note: To test images from other repositories, override the 'VERSION' | |
| # and 'REGISTRY' settings to point to a custom multi-arch manifest. | |
| TAG="${{ env.VERSION }}" | |
| if [ "${TAG}" = "latest" ] ; then | |
| TAG="$(curl -s --max-time 60 "https://api.github.com/repos/microshift-io/microshift/releases/latest" | jq -r .tag_name)" | |
| if [ -z "${TAG}" ] || [ "${TAG}" = "null" ] ; then | |
| echo "ERROR: Could not determine the latest release tag from GitHub" | |
| exit 1 | |
| fi | |
| fi | |
| IMAGE="${{ env.REGISTRY }}/microshift:${TAG}" | |
| echo "Pulling ${IMAGE}" | |
| sudo podman pull "${IMAGE}" | |
| sudo podman tag "${IMAGE}" localhost/microshift-okd:latest | |
| - name: Setup 2-node cluster for CNCF tests | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| make run | |
| make run-ready | |
| # Ensure first node is healthy before adding second node | |
| make run-healthy | |
| make add-node | |
| # Ensure both nodes are healthy before running conformance tests | |
| make run-healthy | |
| - name: Configure cluster for CNCF conformance tests | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| # Disable firewalld on cluster nodes to avoid blocking multi-node traffic | |
| echo "Disabling firewalld on cluster nodes..." | |
| for node in microshift-okd-1 microshift-okd-2; do | |
| echo " - Disabling firewalld on ${node}" | |
| sudo podman exec "${node}" systemctl stop firewalld || true | |
| sudo podman exec "${node}" systemctl disable firewalld || true | |
| done | |
| - name: Configure hostname resolution for cluster nodes | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| # Add cluster node hostnames to /etc/hosts to enable hostname resolution | |
| # from the host where tests run. This is needed because Sonobuoy e2e tests | |
| # access kubelet APIs using node names (microshift-okd-1, microshift-okd-2) | |
| # which are only resolvable within the podman network by default. | |
| # We extract the IP address from the first network interface of each container. | |
| echo "Adding cluster node hostnames to /etc/hosts..." | |
| for node in $(sudo podman ps --filter name=microshift-okd- --format '{{.Names}}'); do | |
| ip=$(sudo podman inspect "$node" | jq -r '.[].NetworkSettings.Networks | to_entries[0].value.IPAddress') | |
| if [ -n "$ip" ] && [ "$ip" != "null" ]; then | |
| echo "$ip $node" | sudo tee -a /etc/hosts | |
| echo " ✓ Added: $ip $node" | |
| else | |
| echo "ERROR: Could not get IP address for node: $node" | |
| exit 1 | |
| fi | |
| done | |
| echo "" | |
| echo "Verifying hostname resolution:" | |
| for node in microshift-okd-1 microshift-okd-2; do | |
| if getent hosts "$node" > /dev/null 2>&1; then | |
| echo " ✓ $node resolves successfully" | |
| else | |
| echo "ERROR: Hostname resolution failed for node: $node" | |
| exit 1 | |
| fi | |
| done | |
| - name: Run CNCF conformance tests with Sonobuoy | |
| id: run-sonobuoy | |
| shell: bash | |
| env: | |
| SONOBUOY_VERSION: v0.57.3 | |
| SYSTEMD_LOGS_VERSION: v0.4 | |
| TEST_MODE: certified-conformance | |
| TIMEOUT_TEST: ${{ env.TEST_TIMEOUT }} | |
| RESULTS_DIR: /tmp/sonobuoy-output | |
| run: | | |
| set -euo pipefail | |
| make env CMD="./src/cncf/run_sonobuoy_tests.sh" | |
| - name: Upload Sonobuoy results as artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sonobuoy-results-${{ steps.detect-cpu-arch.outputs.go_arch }} | |
| path: /tmp/sonobuoy-output/ | |
| retention-days: 30 | |
| - name: Clean up Sonobuoy resources | |
| if: always() | |
| shell: bash | |
| run: | | |
| make env CMD="~/go/bin/sonobuoy delete --wait" || true | |
| rm -rf /tmp/sonobuoy-output || true | |
| - name: Collect debug information after tests | |
| if: always() | |
| uses: ./.github/actions/debug-info | |
| - name: Collect MicroShift container sos-report on failure | |
| if: failure() | |
| uses: ./.github/actions/sos-report |