fact/.github/workflows/performance-tests.yml at main · stackrox/fact · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Run performance tests
on:
  workflow_call:
    inputs:
      version:
        description: The version of fact to be tested (commit SHA or tag)
        default: ${{ github.head_ref || github.ref_name }}
        type: string
      registry:
        description: Container registry holding the image to test
        default: quay.io/stackrox-io/fact
        type: string
      tag:
        description: The container image tag to test
        type: string
      job-tag:
        description: Additional tag to prevent collision on GCP VM naming
        type: string
        default: ''
      berserker-version:
        description: The version of Berserker to be used (commit SHA or tag)
        default: '1.0-87-g1b75521c9d'
        type: string

jobs:
  performance-tests:
    runs-on: ubuntu-24.04
    strategy:
      fail-fast: false
      matrix:
        vm:
          - fedora-coreos

    steps:
    - uses: actions/checkout@v4
      with:
        path: fact
    - uses: actions/checkout@v4
      with:
        repository: stackrox/collector
        path: collector
        ref: master
    - uses: actions/setup-python@v5
      with:
        python-version: "3.10"

    - name: Authenticate with GCP
      uses: 'google-github-actions/auth@v2'
      with:
        credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_CI_VM_SVC_ACCT }}'

    - name: Setup GCP
      uses: 'google-github-actions/setup-gcloud@v2'

    - uses: ./collector/.github/actions/setup-vm-creds
      with:
        gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }}
        gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }}
        s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }}
        ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }}
        ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }}
        s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }}
        ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }}
        redhat-username: ${{ secrets.REDHAT_USERNAME }}
        redhat-password: ${{ secrets.REDHAT_PASSWORD }}
        vm-type: ${{ matrix.vm }}
        job-tag: ${{ inputs.job-tag }}
        workspace: ${{ github.workspace }}/collector

    - name: Create vars.yml
      env:
        FACT_VERSION: ${{ inputs.version }}
        FACT_REGISTRY: ${{ inputs.registry }}
        FACT_TAG: ${{ inputs.tag }}
        BERSERKER_VERSION: ${{ inputs.berserker-version }}
      run: |
        FACT_IMAGE_NAME="$(make -sC "${GITHUB_WORKSPACE}/fact" image-name)"
        cat << EOF > vars.yml
        ---
        job_id: ${JOB_ID}
        fact:
          image: ${FACT_IMAGE_NAME}
          version: ${FACT_VERSION}
          tag: ${FACT_TAG}
        berserker:
          version: ${BERSERKER_VERSION}
        quay:
          username: ${{ secrets.QUAY_RHACS_ENG_RO_USERNAME }}
          password: ${{ secrets.QUAY_RHACS_ENG_RO_PASSWORD }}
        opensearch:
          url: ${{ secrets.K6_ELASTICSEARCH_URL }}
          user: ${{ secrets.K6_ELASTICSEARCH_USER }}
          password: ${{ secrets.K6_ELASTICSEARCH_PASSWORD }}
        EOF

    - name: Create Test VMs
      # Looks like Collector ansible create-benchmark-vms has hardcoded list
      # of vms to create, hence piggy back on create-ci-vms
      run: |
        make -C "./collector/ansible" create-ci-vms

    - name: Run the tests
      run: |
        ansible-playbook \
          -i "${GITHUB_WORKSPACE}/collector/ansible/ci" \
          -e @vars.yml \
          "${GITHUB_WORKSPACE}/fact/ansible/run-performance-tests.yml"

    - name: Teardown VMs
      if: always()
      run: |
        make -C "./collector/ansible" destroy-vms