From ea5091be4bf08711b3f797c73f2a225ce2696095 Mon Sep 17 00:00:00 2001
From: xoph <xoph@posteo.de>
Date: Tue, 10 Oct 2023 19:04:46 +0200
Subject: [PATCH] ci: skip non-required integration tests

load often fails. complexity and upgrade are not indicators of a direct issue and might be failing. such non-required tests can/must be skipped in certain situations.
---
 .../workflows/.reusable-integration-test.yml  | 72 ++++++++++++++++++-
 .github/workflows/cicd.yaml                   |  1 -
 .github/workflows/nightly-build.yaml          |  1 -
 .github/workflows/release.yaml                |  1 -
 4 files changed, 69 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/.reusable-integration-test.yml b/.github/workflows/.reusable-integration-test.yml
index 7fe0f27c1..b6ea206f5 100644
--- a/.github/workflows/.reusable-integration-test.yml
+++ b/.github/workflows/.reusable-integration-test.yml
@@ -29,8 +29,9 @@ env:
 
 jobs:
   integration-test:
-    name: integration test
+    name: functional
     runs-on: ubuntu-latest
+    if: inputs.skip_integration_tests != 'all'
     permissions:
       packages: read
     env:
@@ -42,8 +43,6 @@ jobs:
       matrix:
         integration-test-arg:
           [
-            "complexity",
-            "load",
             "regular",
             "cosign",
             "multi-cosigned",
@@ -53,6 +52,71 @@ jobs:
             "pre-config",
             "other-ns",
             "configured-cert",
+          ]
+    services:
+      alerting-endpoint:
+        image: securesystemsengineering/alerting-endpoint
+        ports:
+          - 56243:56243
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Login with registry
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ inputs.build_registry }}
+          username: ${{ inputs.repo_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Install yq
+        run: |
+          sudo snap install yq
+      - uses: ./.github/actions/k8s-version-config
+        name: Setup k8s cluster
+        with:
+          k8s-version: v1.25
+      - name: Get alerting endpoint IP
+        id: get_ip
+        uses: ./.github/actions/alerting-endpoint
+      - name: Run test
+        run: |
+          bash tests/integration/integration-test.sh "${{ matrix.integration-test-arg }}"
+        env:
+          ALERTING_ENDPOINT_IP: ${{ steps.get_ip.outputs.ip }}
+      - name: Display Connaisseur configuration
+        if: always()
+        run: |
+          echo "::group::values.yaml"
+          yq e '... comments=""' helm/values.yaml
+          echo "::endgroup::"
+      - name: Display k8s state if integration test failed
+        if: failure()
+        run: |
+          kubectl describe deployments.apps -n connaisseur -lapp.kubernetes.io/name=connaisseur
+          kubectl describe pods -n connaisseur -lapp.kubernetes.io/name=connaisseur
+      - name: Display logs if integration test failed
+        if: failure()
+        run: |
+          kubectl logs -n connaisseur -lapp.kubernetes.io/name=connaisseur --prefix=true
+
+  optional-integration-test:
+    name: optional
+    runs-on: ubuntu-latest
+    if: |
+      inputs.skip_integration_tests != 'non-required' &&
+      inputs.skip_integration_tests != 'all'
+    permissions:
+      packages: read
+    env:
+      IMAGE: ${{ inputs.build_image_repository }}
+      TAG: ${{ inputs.build_tag }}
+      COSIGN_PUBLIC_KEY: ${{ inputs.cosign_public_key }}
+    strategy:
+      fail-fast: false
+      matrix:
+        integration-test-arg:
+          [
+            "complexity",
+            "load",
             "upgrade",
           ]
     services:
@@ -101,7 +165,9 @@ jobs:
           kubectl logs -n connaisseur -lapp.kubernetes.io/name=connaisseur --prefix=true
 
   k8s-versions:
+    name: k8s versions
     runs-on: ubuntu-latest
+    if: inputs.skip_integration_tests != 'all'
     permissions:
       packages: read
     env:
diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml
index 1ea464f56..c7455a681 100644
--- a/.github/workflows/cicd.yaml
+++ b/.github/workflows/cicd.yaml
@@ -84,7 +84,6 @@ jobs:
   integration-test:
     uses: ./.github/workflows/.reusable-integration-test.yml
     needs: [conditionals, build]
-    if: needs.conditionals.outputs.skip_integration_tests != 'all'
     permissions:
       packages: read
     secrets: inherit
diff --git a/.github/workflows/nightly-build.yaml b/.github/workflows/nightly-build.yaml
index 008f4d295..dd30a8f79 100644
--- a/.github/workflows/nightly-build.yaml
+++ b/.github/workflows/nightly-build.yaml
@@ -46,7 +46,6 @@ jobs:
   integration-test:
     uses: ./.github/workflows/.reusable-integration-test.yml
     needs: [conditionals, build]
-    if: needs.conditionals.outputs.skip_integration_tests != 'all'
     permissions:
       packages: read
     secrets: inherit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index a72fe9aac..f6d01270a 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -51,7 +51,6 @@ jobs:
   integration-test:
     uses: ./.github/workflows/.reusable-integration-test.yml
     needs: [conditionals, build, version-match]
-    if: needs.conditionals.outputs.skip_integration_tests != 'all'
     permissions:
       packages: read
     secrets: inherit