mirror of
https://github.com/juanfont/headscale.git
synced 2026-02-23 13:50:36 +01:00
d15ec28799
Docker 29 (shipped with runner-images 20260209.23.1) breaks docker build via Go client libraries (broken pipe writing build context) and docker load/save with certain tarball formats. Add Docker's official apt repository and install docker-ce 28.5.x in all CI jobs that interact with Docker. See https://github.com/actions/runner-images/issues/13474 Updates #3058
131 lines
5.8 KiB
YAML
131 lines
5.8 KiB
YAML
name: Integration Test Template
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
test:
|
|
required: true
|
|
type: string
|
|
postgres_flag:
|
|
required: false
|
|
type: string
|
|
default: ""
|
|
database_name:
|
|
required: true
|
|
type: string
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
# Github does not allow us to access secrets in pull requests,
|
|
# so this env var is used to check if we have the secret or not.
|
|
# If we have the secrets, meaning we are running on push in a fork,
|
|
# there might be secrets available for more debugging.
|
|
# If TS_OAUTH_CLIENT_ID and TS_OAUTH_SECRET is set, then the job
|
|
# will join a debug tailscale network, set up SSH and a tmux session.
|
|
# The SSH will be configured to use the SSH key of the Github user
|
|
# that triggered the build.
|
|
HAS_TAILSCALE_SECRET: ${{ secrets.TS_OAUTH_CLIENT_ID }}
|
|
steps:
|
|
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
with:
|
|
fetch-depth: 2
|
|
- name: Tailscale
|
|
if: ${{ env.HAS_TAILSCALE_SECRET }}
|
|
uses: tailscale/github-action@a392da0a182bba0e9613b6243ebd69529b1878aa # v4.1.0
|
|
with:
|
|
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
|
|
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
|
|
tags: tag:gh
|
|
- name: Setup SSH server for Actor
|
|
if: ${{ env.HAS_TAILSCALE_SECRET }}
|
|
uses: alexellis/setup-sshd-actor@master
|
|
- name: Download headscale image
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
name: headscale-image
|
|
path: /tmp/artifacts
|
|
- name: Download tailscale HEAD image
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
name: tailscale-head-image
|
|
path: /tmp/artifacts
|
|
- name: Download hi binary
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
name: hi-binary
|
|
path: /tmp/artifacts
|
|
- name: Download Go cache
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
name: go-cache
|
|
path: /tmp/artifacts
|
|
- name: Download postgres image
|
|
if: ${{ inputs.postgres_flag == '--postgres=1' }}
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
name: postgres-image
|
|
path: /tmp/artifacts
|
|
- name: Pin Docker to v28 (avoid v29 breaking changes)
|
|
run: |
|
|
# Docker 29 breaks docker build via Go client libraries and
|
|
# docker load/save with certain tarball formats.
|
|
# Pin to Docker 28.x until our tooling is updated.
|
|
# https://github.com/actions/runner-images/issues/13474
|
|
sudo install -m 0755 -d /etc/apt/keyrings
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
|
|
| sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
|
|
https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
|
|
| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
|
sudo apt-get update -qq
|
|
VERSION=$(apt-cache madison docker-ce | grep '28\.5' | head -1 | awk '{print $3}')
|
|
sudo apt-get install -y --allow-downgrades \
|
|
"docker-ce=${VERSION}" "docker-ce-cli=${VERSION}"
|
|
sudo systemctl restart docker
|
|
docker version
|
|
- name: Load Docker images, Go cache, and prepare binary
|
|
run: |
|
|
gunzip -c /tmp/artifacts/headscale-image.tar.gz | docker load
|
|
gunzip -c /tmp/artifacts/tailscale-head-image.tar.gz | docker load
|
|
if [ -f /tmp/artifacts/postgres-image.tar.gz ]; then
|
|
gunzip -c /tmp/artifacts/postgres-image.tar.gz | docker load
|
|
fi
|
|
chmod +x /tmp/artifacts/hi
|
|
docker images
|
|
# Extract Go cache to host directories for bind mounting
|
|
mkdir -p /tmp/go-cache
|
|
tar -xzf /tmp/artifacts/go-cache.tar.gz -C /tmp/go-cache
|
|
ls -la /tmp/go-cache/ /tmp/go-cache/.cache/
|
|
- name: Run Integration Test
|
|
env:
|
|
HEADSCALE_INTEGRATION_HEADSCALE_IMAGE: headscale:${{ github.sha }}
|
|
HEADSCALE_INTEGRATION_TAILSCALE_IMAGE: tailscale-head:${{ github.sha }}
|
|
HEADSCALE_INTEGRATION_POSTGRES_IMAGE: ${{ inputs.postgres_flag == '--postgres=1' && format('postgres:{0}', github.sha) || '' }}
|
|
HEADSCALE_INTEGRATION_GO_CACHE: /tmp/go-cache/go
|
|
HEADSCALE_INTEGRATION_GO_BUILD_CACHE: /tmp/go-cache/.cache/go-build
|
|
run: /tmp/artifacts/hi run --stats --ts-memory-limit=300 --hs-memory-limit=1500 "^${{ inputs.test }}$" \
|
|
--timeout=120m \
|
|
${{ inputs.postgres_flag }}
|
|
# Sanitize test name for artifact upload (replace invalid characters: " : < > | * ? \ / with -)
|
|
- name: Sanitize test name for artifacts
|
|
if: always()
|
|
id: sanitize
|
|
run: echo "name=${TEST_NAME//[\":<>|*?\\\/]/-}" >> $GITHUB_OUTPUT
|
|
env:
|
|
TEST_NAME: ${{ inputs.test }}
|
|
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
if: always()
|
|
with:
|
|
name: ${{ inputs.database_name }}-${{ steps.sanitize.outputs.name }}-logs
|
|
path: "control_logs/*/*.log"
|
|
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
if: always()
|
|
with:
|
|
name: ${{ inputs.database_name }}-${{ steps.sanitize.outputs.name }}-artifacts
|
|
path: control_logs/
|
|
- name: Setup a blocking tmux session
|
|
if: ${{ env.HAS_TAILSCALE_SECRET }}
|
|
uses: alexellis/block-with-tmux-action@master
|