ci(helm): consume prebuilt openshell CLI artifact in kind e2e job #10
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Branch Helm E2E | |
| on: | |
| push: | |
| branches: | |
| - "pull-request/[0-9]+" | |
| workflow_dispatch: {} | |
| permissions: {} | |
| jobs: | |
| pr_metadata: | |
| name: Resolve PR metadata | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| outputs: | |
| should_run: ${{ steps.gate.outputs.should_run }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - id: gate | |
| uses: ./.github/actions/pr-gate | |
| with: | |
| required_label: test:e2e-helm | |
| build-gateway: | |
| needs: [pr_metadata] | |
| if: needs.pr_metadata.outputs.should_run == 'true' | |
| permissions: | |
| contents: read | |
| packages: write | |
| uses: ./.github/workflows/docker-build.yml | |
| with: | |
| component: gateway | |
| platform: linux/amd64 | |
| build-supervisor: | |
| needs: [pr_metadata] | |
| if: needs.pr_metadata.outputs.should_run == 'true' | |
| permissions: | |
| contents: read | |
| packages: write | |
| uses: ./.github/workflows/docker-build.yml | |
| with: | |
| component: supervisor | |
| platform: linux/amd64 | |
| # Build the CLI inside the CI container, where z3/clang/build deps are | |
| # already provisioned. The bare runner that runs helm-e2e doesn't ship | |
| # z3, so we consume this prebuilt artifact instead of cargo-building on | |
| # the host. | |
| build-cli: | |
| needs: [pr_metadata] | |
| if: needs.pr_metadata.outputs.should_run == 'true' | |
| permissions: | |
| contents: read | |
| packages: read | |
| uses: ./.github/workflows/shadow-rust-native-build.yml | |
| with: | |
| component: cli | |
| arch: amd64 | |
| helm-e2e: | |
| name: Helm E2E (Rust smoke) | |
| needs: [pr_metadata, build-gateway, build-supervisor, build-cli] | |
| if: needs.pr_metadata.outputs.should_run == 'true' | |
| runs-on: linux-amd64-cpu8 | |
| timeout-minutes: 60 | |
| permissions: | |
| contents: read | |
| packages: read | |
| env: | |
| MISE_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| KIND_CLUSTER_NAME: helm-e2e-${{ github.run_id }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install mise | |
| run: | | |
| curl https://mise.run | sh | |
| echo "$HOME/.local/bin" >> "$GITHUB_PATH" | |
| echo "$HOME/.local/share/mise/shims" >> "$GITHUB_PATH" | |
| - name: Install tools | |
| run: mise install --locked | |
| - name: Log in to GHCR | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin | |
| - name: Create kind cluster | |
| uses: helm/kind-action@v1 | |
| with: | |
| cluster_name: ${{ env.KIND_CLUSTER_NAME }} | |
| wait: 120s | |
| # mise.toml sets KUBECONFIG="{{config_root}}/kubeconfig"; helm/kind-action | |
| # writes to ~/.kube/config. Materialize the kind context at the mise path | |
| # so `mise run e2e:helm` (and the wrapper's `kubectl --context=…`) finds | |
| # the kind cluster. | |
| - name: Export kind kubeconfig to mise path | |
| run: | | |
| set -euo pipefail | |
| kind get kubeconfig --name "$KIND_CLUSTER_NAME" > "$GITHUB_WORKSPACE/kubeconfig" | |
| chmod 600 "$GITHUB_WORKSPACE/kubeconfig" | |
| # Pre-pull and side-load: kind nodes don't have ghcr credentials, and | |
| # tagging IMAGE_TAG to a SHA means the chart's IfNotPresent pull policy | |
| # is satisfied once the image is loaded into the node's containerd. | |
| - name: Load gateway and supervisor images into kind | |
| run: | | |
| set -euo pipefail | |
| for component in gateway supervisor; do | |
| image="ghcr.io/nvidia/openshell/${component}:${{ github.sha }}" | |
| docker pull "$image" | |
| kind load docker-image "$image" --name "$KIND_CLUSTER_NAME" | |
| done | |
| - name: Download prebuilt openshell CLI | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: rust-binary-cli-linux-amd64 | |
| path: prebuilt-cli | |
| - name: Stage openshell CLI | |
| id: cli | |
| run: | | |
| set -euo pipefail | |
| install -m 0755 prebuilt-cli/openshell "$GITHUB_WORKSPACE/openshell" | |
| echo "path=$GITHUB_WORKSPACE/openshell" >> "$GITHUB_OUTPUT" | |
| "$GITHUB_WORKSPACE/openshell" --version | |
| - name: Run Helm E2E (Rust smoke) | |
| env: | |
| OPENSHELL_E2E_KUBE_CONTEXT: kind-${{ env.KIND_CLUSTER_NAME }} | |
| OPENSHELL_CLI_PATH: ${{ steps.cli.outputs.path }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| OPENSHELL_REGISTRY: ghcr.io/nvidia/openshell | |
| run: mise run --no-deps --skip-deps e2e:helm |