flux2/.github/workflows/e2e-bootstrap.yaml

name: e2e-bootstrap

on:
  workflow_dispatch:
  push:
    branches: [ 'main', 'release/**' ]
  pull_request:
    branches: [ 'main', 'release/**' ]
    paths-ignore: [ 'docs/**', 'rfcs/**' ]

permissions:
  contents: read

jobs:
  e2e-boostrap-github:
    runs-on: ubuntu-latest
    if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
    steps:
      - name: Checkout
        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: Setup Go
        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          go-version: 1.26.x
          cache-dependency-path: |
            **/go.sum
            **/go.mod
      - name: Setup Kubernetes
        uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0
        with:
          version: v0.32.0
          cluster_name: kind
          # The versions below should target the newest Kubernetes version
          # Keep this up-to-date with https://endoflife.date/kubernetes
          node_image: ghcr.io/fluxcd/kindest/node:v1.36.1-amd64
          kubectl_version: v1.36.0
      - name: Setup Kustomize
        uses: fluxcd/pkg/actions/kustomize@5a7f3ce0de742b6c561a50f90940d81cf6fc698d # main
      - name: Setup yq
        uses: fluxcd/pkg/actions/yq@5a7f3ce0de742b6c561a50f90940d81cf6fc698d # main
      - name: Build
        run: make build-dev
      - name: Set outputs
        id: vars
        run: |
          REPOSITORY_NAME=${{ github.event.repository.name }}
          BRANCH_NAME=${GITHUB_REF##*/}
          COMMIT_SHA=$(git rev-parse HEAD)
          PSEUDO_RAND_SUFFIX=$(echo "${BRANCH_NAME}-${COMMIT_SHA}" | shasum | awk '{print $1}')
          TEST_REPO_NAME="${REPOSITORY_NAME}-${PSEUDO_RAND_SUFFIX}"
          echo "test_repo_name=$TEST_REPO_NAME" >> $GITHUB_OUTPUT
      - name: bootstrap init
        run: |
          ./bin/flux bootstrap github --manifests ./manifests/test/ \
          --owner=fluxcd-testing \
          --image-pull-secret=ghcr-auth \
          --registry-creds=fluxcd:$GITHUB_TOKEN \
          --repository=${{ steps.vars.outputs.test_repo_name }} \
          --branch=main \
          --path=test-cluster \
          --team=team-z
        env:
          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
      - name: verify image pull secret
        run: |
          kubectl -n flux-system get secret ghcr-auth | grep dockerconfigjson
      - name: bootstrap no-op
        run: |
          ./bin/flux bootstrap github --manifests ./manifests/test/ \
          --owner=fluxcd-testing \
          --image-pull-secret=ghcr-auth \
          --repository=${{ steps.vars.outputs.test_repo_name }} \
          --branch=main \
          --path=test-cluster \
          --team=team-z
        env:
          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
      - name: bootstrap customize
        run: |
          make setup-bootstrap-patch
          ./bin/flux bootstrap github --manifests ./manifests/test/ \
          --owner=fluxcd-testing \
          --repository=${{ steps.vars.outputs.test_repo_name }} \
          --branch=main \
          --path=test-cluster \
          --team=team-z
          if [ $(kubectl get deployments.apps source-controller -o jsonpath='{.spec.template.spec.securityContext.runAsUser}') != "10000" ]; then
          echo "Bootstrap not customized as controller is not running as user 10000" && exit 1
          fi
        env:
          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
          GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }}
          GITHUB_ORG_NAME: fluxcd-testing
      - name: uninstall
        run: |
          ./bin/flux uninstall -s --keep-namespace
          kubectl delete ns flux-system --timeout=10m --wait=true
      - name: test image automation
        run: |
          make setup-image-automation
          ./bin/flux bootstrap github --manifests ./manifests/test/ \
          --owner=fluxcd-testing \
          --repository=${{ steps.vars.outputs.test_repo_name }} \
          --branch=main \
          --path=test-cluster \
          --read-write-key
          ./bin/flux reconcile image repository podinfo
          ./bin/flux reconcile image policy podinfo
          ./bin/flux reconcile image update flux-system
          ./bin/flux get images all
          ./bin/flux -n flux-system events --for ImageUpdateAutomation/flux-system
          kubectl -n flux-system get -o yaml ImageUpdateAutomation flux-system
          kubectl -n flux-system get -o yaml ImageUpdateAutomation flux-system | \
           yq '.status.lastPushCommit | length > 1' | grep 'true'
        env:
          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
          GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }}
          GITHUB_ORG_NAME: fluxcd-testing
      - name: delete repository
        if: ${{ always() }}
        continue-on-error: true
        run: |
          gh repo delete fluxcd-testing/${{ steps.vars.outputs.test_repo_name }} --yes
        env:
          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
      - name: Debug failure
        if: failure()
        run: |
          kubectl -n flux-system get all
          kubectl -n flux-system logs deploy/source-controller
          kubectl -n flux-system logs deploy/kustomize-controller