zot/.github/workflows/ecosystem-tools.yaml

name: "Ecosystem client tools"
on:
  push:
    branches:
      - main
  pull_request:
    branches: [main]
  release:
    types:
      - published

permissions: read-all

jobs:
  client-tools:
    name: Check client tools
    runs-on: oracle-vm-16cpu-64gb-x86-64
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          cache: false
          check-latest: true
          go-version: 1.25.x
      - name: Install dependencies
        run: |
          cd $GITHUB_WORKSPACE
          go install github.com/swaggo/swag/cmd/swag@v1.16.2
          go mod download
          sudo apt-get update
          sudo apt-get install -y libgpgme-dev libassuan-dev libbtrfs-dev \
            libdevmapper-dev pkg-config rpm uidmap haproxy jq valkey-tools whois \
            npm
          # install skopeo
          git clone -b v1.12.0 https://github.com/containers/skopeo.git
          cd skopeo
          make bin/skopeo
          sudo cp bin/skopeo /usr/bin
          skopeo -v
          # install cri-o (for crictl)
          OS=xUbuntu_22.04
          CRIO_VERSION=1.26
          curl -fsSL https://download.opensuse.org/repositories/isv:/kubernetes:/addons:/cri-o:/prerelease:/main:/build/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
          echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://download.opensuse.org/repositories/isv:/kubernetes:/addons:/cri-o:/prerelease:/main:/build/deb/ /" | sudo tee /etc/apt/sources.list.d/cri-o.list
          sudo apt update
          sudo apt install -y cri-o runc
          sudo systemctl enable crio.service
          sudo systemctl start crio.service
          sudo chmod 0777 /var/run/crio/crio.sock
          # install docker
          # Add Docker's official GPG key:
          sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
          sudo chmod a+r /etc/apt/keyrings/docker.asc
          echo \
          "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
           $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
          sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
          sudo apt update
          sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
          docker version
          # install nodejs deps (for oidc claim mapping support)
          sudo npm install -g oidc-provider express
          # install dex
          git clone https://github.com/dexidp/dex.git
          cd dex/
          git checkout v2.39.1
          make bin/dex
          ./bin/dex serve $GITHUB_WORKSPACE/test/dex/config-dev.yaml &
          # Prepare for stacker run on Ubuntu 24
          cd $GITHUB_WORKSPACE
          sudo ./scripts/enable_userns.sh
      - name: Run CI tests
        run: |
          make run-blackbox-ci
      - uses: ./.github/actions/setup-localstack
      - name: Run cloud-only tests
        run: |
          make run-blackbox-cloud-ci
        env:
          AWS_ACCESS_KEY_ID: fake
          AWS_SECRET_ACCESS_KEY: fake

      # DynamoDB scale-out tests
      - name: Run cloud scale-out DynamoDB tests
        id: dynamodb_scale
        run: |
          make run-cloud-scale-out-tests
        env:
          AWS_ACCESS_KEY_ID: fake
          AWS_SECRET_ACCESS_KEY: fake
        continue-on-error: true
      - name: Print service logs for DynamoDB scale-out
        run: |
          find /tmp/zot-ft-logs -name '*.log' -print0 | xargs -0 cat
      - name: Upload DynamoDB zot logs as build artifact
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        if: always()
        with:
          name: zot-scale-out-dynamodb-logs
          path: /tmp/zot-ft-logs
          if-no-files-found: ignore
      - name: DynamoDB multi-hop detection
        id: dynamodb_multihop
        run: |
          if find /tmp/zot-ft-logs -name '*.log' -print0 | xargs -0 cat | grep 'cannot proxy an already proxied request'; then
            echo "detected multi-hop in DynamoDB tests"
            exit 1
          else
            exit 0
          fi
        continue-on-error: true
      - name: Clean up DynamoDB scale-out logs
        run: |
          rm -r /tmp/zot-ft-logs
      - name: Fail job if DynamoDB error
        if: ${{ steps.dynamodb_scale.outcome != 'success' || steps.dynamodb_multihop.outcome != 'success' }}
        run: |
          echo "DynamoDB scale-out tests failed"
          exit 1

      # Redis scale-out tests
      - name: Run cloud scale-out Redis tests
        id: redis_scale
        run: |
          make run-cloud-scale-out-redis-tests
        env:
          AWS_ACCESS_KEY_ID: fake
          AWS_SECRET_ACCESS_KEY: fake
        continue-on-error: true
      - name: Print service logs for Redis scale-out
        run: |
          find /tmp/zot-ft-logs/redis -name '*.log' -print0 | xargs -0 cat
      - name: Upload Redis zot logs as build artifact
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        if: always()
        with:
          name: zot-scale-out-redis-logs
          path: /tmp/zot-ft-logs
          if-no-files-found: ignore
      - name: Redis multi-hop detection
        id: redis_multihop
        run: |
          if find /tmp/zot-ft-logs/redis -name '*.log' -print0 | xargs -0 cat | grep 'cannot proxy an already proxied request'; then
            echo "detected multi-hop in Redis tests"
            exit 1
          else
            exit 0
          fi
        continue-on-error: true
      - name: Clean up Redis scale-out logs
        run: |
          rm -rf /tmp/zot-ft-logs/redis
      - name: Fail job if Redis error
        if: ${{ steps.redis_scale.outcome != 'success' || steps.redis_multihop.outcome != 'success' }}
        run: |
          echo "Redis scale-out tests failed"
          exit 1
      - name: Upload zb test results zip as build artifact
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        if: always()
        with:
          name: zb-cloud-scale-out-functional-results-${{ github.sha }}
          path: ./zb-results/
      - uses: ./.github/actions/teardown-localstack