e2e: local harbor

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2025-10-23 08:56:39 +08:00 · 2023-02-10 04:45:25 +01:00
parent 6a8fbf0dbc
commit 2d8166c4b9
3 changed files with 149 additions and 12 deletions
--- a/.github/e2e/harbor/env
+++ b/.github/e2e/harbor/env
@@ -0,0 +1,8 @@
+REGISTRY_FQDN=localhost:8081
+REGISTRY_USER=admin
+REGISTRY_PASSWORD=Harbor12345
+REGISTRY_SLUG=localhost:8081/test-docker-action/test-docker-action
+
+HARBOR_HOST=localhost
+HARBOR_PORT=8081
+HARBOR_PROJECT=test-docker-action
--- a/.github/e2e/harbor/install.sh
+++ b/.github/e2e/harbor/install.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+set -eu
+
+: "${HARBOR_VERSION:=v2.7.0}"
+: "${HARBOR_HOST:=localhost}"
+: "${HARBOR_PORT:=49154}"
+: "${REGISTRY_USER:=admin}"
+: "${REGISTRY_PASSWORD:=Harbor12345}"
+
+: "${HARBOR_PROJECT:=test-docker-action}"
+
+project_post_data() {
+  cat <<EOF
+{
+  "project_name": "$HARBOR_PROJECT",
+  "public": true
+}
+EOF
+}
+
+export TERM=xterm
+
+# download
+echo "::group::Downloading Harbor $HARBOR_VERSION"
+(
+  cd /tmp
+  set -x
+  wget -q "https://github.com/goharbor/harbor/releases/download/${HARBOR_VERSION}/harbor-offline-installer-${HARBOR_VERSION}.tgz" -O harbor-online-installer.tgz
+  tar xvf harbor-online-installer.tgz
+)
+echo "::endgroup::"
+
+# config
+echo "::group::Configuring Harbor"
+(
+  cd /tmp/harbor
+  set -x
+  cp harbor.yml.tmpl harbor.yml
+  harborConfig="$(harborHost="$HARBOR_HOST" harborPort="$HARBOR_PORT" harborPwd="$REGISTRY_PASSWORD" yq --no-colors '.hostname = env(harborHost) | .http.port = env(harborPort) | .harbor_admin_password = env(harborPwd) | del(.https)' harbor.yml)"
+  tee harbor.yml <<<"$harborConfig" >/dev/null
+  yq --no-colors harbor.yml
+)
+echo "::endgroup::"
+
+# install and start
+echo "::group::Installing Harbor"
+(
+  cd /tmp/harbor
+  set -x
+  ./install.sh
+  sleep 10
+  netstat -aptn
+)
+echo "::endgroup::"
+
+# compose config
+echo "::group::Compose config"
+(
+  cd /tmp/harbor
+  set -x
+  docker compose config
+)
+echo "::endgroup::"
+
+# create project
+echo "::group::Creating project"
+(
+  set -x
+  curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H "Content-Type: application/json" -d "$(project_post_data)" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects"
+)
+echo "::endgroup::"
+
+# list projects
+echo "::group::List projects"
+(
+  set -x
+  curl --fail -s -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -H "Content-Type: application/json" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects" | jq
+)
+echo "::endgroup::"
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -25,69 +25,119 @@ on:
 env:
  BUILDX_VERSION: latest
  BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
+  HARBOR_VERSION: v2.7.0

 jobs:
-  docker:
+  build:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          -
+            name: Docker Hub
            registry: ''
            slug: ghactionstest/ghactionstest
            username_secret: DOCKERHUB_USERNAME
            password_secret: DOCKERHUB_TOKEN
+            type: remote
          -
+            name: GitHub
            registry: ghcr.io
            slug: ghcr.io/docker-ghactiontest/test
            username_secret: GHCR_USERNAME
            password_secret: GHCR_PAT
+            type: remote
          -
+            name: GitLab
            registry: registry.gitlab.com
            slug: registry.gitlab.com/test1716/test
            username_secret: GITLAB_USERNAME
            password_secret: GITLAB_TOKEN
+            type: remote
          -
+            name: AWS ECR
            registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com
            slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action
            username_secret: AWS_ACCESS_KEY_ID
            password_secret: AWS_SECRET_ACCESS_KEY
+            type: remote
          -
+            name: AWS ECR Public
            registry: public.ecr.aws
            slug: public.ecr.aws/q3b5f1u4/test-docker-action
            username_secret: AWS_ACCESS_KEY_ID
            password_secret: AWS_SECRET_ACCESS_KEY
+            type: remote
          -
+            name: Google Artifact Registry
            registry: us-east4-docker.pkg.dev
            slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action
            username_secret: GAR_USERNAME
            password_secret: GAR_JSON_KEY
+            type: remote
          -
+            name: Google Container Registry
            registry: gcr.io
            slug: gcr.io/sandbox-298914/test-docker-action
            username_secret: GCR_USERNAME
            password_secret: GCR_JSON_KEY
+            type: remote
          -
+            name: Azure Container Registry
            registry: officialgithubactions.azurecr.io
            slug: officialgithubactions.azurecr.io/test-docker-action
            username_secret: AZURE_CLIENT_ID
            password_secret: AZURE_CLIENT_SECRET
+            type: remote
          -
+            name: Quay
            registry: quay.io
            slug: quay.io/crazymax/build-push-action
            username_secret: QUAY_USERNAME
            password_secret: QUAY_TOKEN
+            type: remote
+          -
+            name: Harbor
+            id: harbor
+            type: local
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
+      -
+        name: Set up env
+        if: matrix.type == 'local'
+        run: |
+          cat ./.github/e2e/${{ matrix.id }}/env >> $GITHUB_ENV
+      -
+        name: Set up BuildKit config
+        run: |
+          touch /tmp/buildkitd.toml
+          if [ "${{ matrix.type }}" = "local" ]; then
+            echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
+          fi
+      -
+        name: Set up Docker daemon
+        if: matrix.type == 'local'
+        run: |
+          if [ ! -e /etc/docker/daemon.json ]; then
+            echo '{}' | tee /etc/docker/daemon.json >/dev/null
+          fi
+          DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
+          sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
+          sudo service docker restart
+      -
+        name: Install ${{ matrix.name }}
+        if: matrix.type == 'local'
+        run: |
+          sudo -E bash ./.github/e2e/${{ matrix.id }}/install.sh
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v4
        with:
-          images: ${{ matrix.slug }}
+          images: ${{ env.REGISTRY_SLUG || matrix.slug }}
          tags: |
            type=ref,event=branch
            type=ref,event=tag
@@ -100,17 +150,19 @@ jobs:
        uses: docker/setup-buildx-action@v2
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
-          buildkitd-flags: --debug
+          config: /tmp/buildkitd.toml
+          buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+            network=host
      -
        name: Login to Registry
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v2
        with:
-          registry: ${{ matrix.registry }}
-          username: ${{ secrets[matrix.username_secret] }}
-          password: ${{ secrets[matrix.password_secret] }}
+          registry: ${{ env.REGISTRY_FQDN || matrix.registry }}
+          username: ${{ env.REGISTRY_USER || secrets[matrix.username_secret] }}
+          password: ${{ env.REGISTRY_PASSWORD || secrets[matrix.password_secret] }}
      -
        name: Build and push
        uses: ./
@@ -121,16 +173,14 @@ jobs:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ matrix.slug }}:master
+          cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || matrix.slug }}:master
          cache-to: type=inline
      -
        name: Inspect image
-        if: github.event_name != 'pull_request'
        run: |
-          docker pull ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
-          docker image inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
+          docker pull ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
+          docker image inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
      -
        name: Check manifest
-        if: github.event_name != 'pull_request'
        run: |
-          docker buildx imagetools inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'
+          docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'