ci: Add smoke test workflow

kahirokunn · kahirokunn · commit 71ebea3f3e7c · 2025-06-20T09:24:04.000+09:00
Add a new GitHub Actions workflow for smoke testing. This workflow triggers on pull requests to the main and release branches as well as direct pushes to the main branch. It sets up a Kind cluster, installs necessary tools, and runs a series of installation and verification steps for the Cluster API Operator, cert-manager, and provider components. The workflow includes steps for error handling and cleanup after tests.

Signed-off-by: kahirokunn &lt;okinakahiro@gmail.com&gt;
diff --git a/.github/workflows/smoke-test.yaml b/.github/workflows/smoke-test.yaml
@@ -0,0 +1,191 @@
+name: Smoke Test
+
+on:
+  pull_request:
+    branches:
+      - main
+      - 'release-*'
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  smoke-test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Install kubectl
+        run: |
+          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x kubectl
+          sudo mv kubectl /usr/local/bin/
+
+      - name: Install Helm
+        run: |
+          curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+
+      - name: Create kind cluster
+        run: |
+          chmod +x ./hack/ensure-kind.sh
+          ./hack/ensure-kind.sh
+          kind create cluster --name capi-operator-smoke-test --wait 5m
+          kubectl cluster-info --context kind-capi-operator-smoke-test
+
+      - name: Set up credentials secret
+        run: |
+          # Docker provider doesn't need real AWS credentials, but the secret is required
+          export CREDENTIALS_SECRET_NAME="credentials-secret"
+          export CREDENTIALS_SECRET_NAMESPACE="default"
+          export AWS_B64ENCODED_CREDENTIALS=$(echo -n "dummy-credentials" | base64)
+
+          kubectl create secret generic "${CREDENTIALS_SECRET_NAME}" \
+            --from-literal=AWS_B64ENCODED_CREDENTIALS="${AWS_B64ENCODED_CREDENTIALS}" \
+            --namespace "${CREDENTIALS_SECRET_NAMESPACE}"
+
+      - name: Add Helm repositories
+        run: |
+          helm repo add capi-operator https://kubernetes-sigs.github.io/cluster-api-operator
+          helm repo add jetstack https://charts.jetstack.io --force-update
+          helm repo update
+
+      - name: Install cert-manager
+        run: |
+          helm install cert-manager jetstack/cert-manager \
+            --namespace cert-manager \
+            --create-namespace \
+            --set installCRDs=true \
+            --wait \
+            --timeout 5m
+
+      - name: Wait for cert-manager to be ready
+        run: |
+          kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager
+          kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-webhook
+          kubectl wait --for=condition=Available --timeout=300s -n cert-manager deployment/cert-manager-cainjector
+
+      - name: Install Cluster API Operator
+        run: |
+          helm install capi-operator capi-operator/cluster-api-operator \
+            --create-namespace \
+            -n capi-operator-system \
+            --set infrastructure.docker.enabled=true \
+            --set cert-manager.enabled=true \
+            --set configSecret.name=credentials-secret \
+            --set configSecret.namespace=default \
+            --wait \
+            --timeout 90s
+
+      - name: Deploy providers using cluster-api-operator-providers chart
+        run: |
+          # Create values file for providers
+          cat <<EOF > /tmp/providers-values.yaml
+          core:
+            cluster-api:
+              namespace: capi-system
+              createNamespace: false
+          infrastructure:
+            docker:
+              namespace: capd-system
+              createNamespace: false
+          configSecret:
+            name: credentials-secret
+            namespace: default
+          EOF
+
+          # Install providers chart
+          helm install capi-providers ./hack/charts/cluster-api-operator-providers \
+            -f /tmp/providers-values.yaml \
+            --wait \
+            --timeout 5m
+
+      - name: Wait for providers to be ready
+        run: |
+          echo "Waiting for Core Provider to be ready..."
+          kubectl wait --for=condition=Ready --timeout=300s -n capi-system coreprovider/cluster-api || true
+
+          echo "Waiting for Infrastructure Provider to be ready..."
+          kubectl wait --for=condition=Ready --timeout=300s -n capd-system infrastructureprovider/docker || true
+
+          # Additional wait for deployments
+          kubectl wait --for=condition=Available --timeout=300s -n capi-system deployment/capi-controller-manager || true
+          kubectl wait --for=condition=Available --timeout=300s -n capd-system deployment/capd-controller-manager || true
+
+      - name: Verify installation
+        run: |
+          echo "=== Cluster API Operator Status ==="
+          kubectl get pods -n capi-operator-system
+
+          echo -e "\n=== Core Provider Status ==="
+          kubectl get coreprovider -A -o wide
+          kubectl describe coreprovider -n capi-system cluster-api || true
+
+          echo -e "\n=== Infrastructure Provider Status ==="
+          kubectl get infrastructureprovider -A -o wide
+          kubectl describe infrastructureprovider -n capd-system docker || true
+
+          echo -e "\n=== All Pods ==="
+          kubectl get pods -A | grep -E "(capi-|capd-)"
+
+          echo -e "\n=== CRDs ==="
+          kubectl get crds | grep -E "(cluster.x-k8s.io|operator.cluster.x-k8s.io)"
+
+      - name: Check provider health
+        run: |
+          # Check if core provider is ready
+          CORE_READY=$(kubectl get coreprovider -n capi-system cluster-api -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}')
+          if [ "$CORE_READY" != "True" ]; then
+            echo "Core provider is not ready"
+            kubectl get coreprovider -n capi-system cluster-api -o yaml
+            exit 1
+          fi
+
+          # Check if infrastructure provider is ready
+          INFRA_READY=$(kubectl get infrastructureprovider -n capd-system docker -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}')
+          if [ "$INFRA_READY" != "True" ]; then
+            echo "Infrastructure provider is not ready"
+            kubectl get infrastructureprovider -n capd-system docker -o yaml
+            exit 1
+          fi
+
+          echo "All providers are ready!"
+
+      - name: Collect debug information on failure
+        if: failure()
+        run: |
+          echo "=== Events ==="
+          kubectl get events -A --sort-by='.lastTimestamp' | tail -50
+
+          echo -e "\n=== CAPI Operator Logs ==="
+          kubectl logs -n capi-operator-system deployment/capi-operator-controller-manager --tail=100 || true
+
+          echo -e "\n=== Core Provider Logs ==="
+          kubectl logs -n capi-system deployment/capi-controller-manager --tail=100 || true
+
+          echo -e "\n=== Infrastructure Provider Logs ==="
+          kubectl logs -n capd-system deployment/capd-controller-manager --tail=100 || true
+
+          echo -e "\n=== Describe Failed Pods ==="
+          kubectl get pods -A | grep -v Running | grep -v Completed | tail -n +2 | while read namespace name ready status restarts age; do
+            echo "Describing pod $name in namespace $namespace"
+            kubectl describe pod -n $namespace $name
+            echo "---"
+          done
+
+      - name: Clean up
+        if: always()
+        run: |
+          kind delete cluster --name capi-operator-smoke-test || true
