Skip to content
Helm Install Test

Helm Install Test #1

Sign in to view logs

Helm Install Test

Helm Install Test #1

Workflow file for this run

.github/workflows/helm-install-test.yml at 3fdc323
name: Helm Install Test
on:
schedule:
# Run daily at 6 AM UTC
- cron: '0 6 * * *'
workflow_dispatch:
jobs:
helm-install:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Set up Helm
uses: azure/setup-helm@v4.3.1
- name: Log in to Container Registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Create Kind cluster
uses: helm/kind-action@v1
with:
node_image: kindest/node:v1.29.2
cluster_name: helm-test
- name: Deploy MinIO as S3 backend
run: |
kubectl create namespace s3proxy
cat <<EOF | kubectl apply -n s3proxy -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
spec:
replicas: 1
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
containers:
- name: minio
image: minio/minio:latest
args: ["server", "/data"]
env:
- name: MINIO_ROOT_USER
value: minioadmin
- name: MINIO_ROOT_PASSWORD
value: minioadmin
ports:
- containerPort: 9000
---
apiVersion: v1
kind: Service
metadata:
name: minio
spec:
selector:
app: minio
ports:
- port: 9000
EOF
kubectl wait --for=condition=ready pod -l app=minio -n s3proxy --timeout=120s
- name: Deploy simple Redis
run: |
cat <<EOF | kubectl apply -n s3proxy -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:7-alpine
ports:
- containerPort: 6379
resources:
limits:
memory: 128Mi
cpu: 100m
---
apiVersion: v1
kind: Service
metadata:
name: redis
spec:
selector:
app: redis
ports:
- port: 6379
EOF
kubectl wait --for=condition=ready pod -l app=redis -n s3proxy --timeout=120s
- name: Install chart from GHCR
run: |
OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
helm install s3proxy oci://ghcr.io/${OWNER}/charts/s3proxy-python --version 0.0.0-latest \
--namespace s3proxy \
--set image.repository=ghcr.io/${OWNER}/s3proxy-python \
--set image.tag=latest \
--set image.pullPolicy=Always \
--set s3.host="http://minio:9000" \
--set secrets.encryptKey=test-encryption-key-for-ci \
--set secrets.awsAccessKeyId=minioadmin \
--set secrets.awsSecretAccessKey=minioadmin \
--set redis-ha.enabled=false \
--set externalRedis.url="redis://redis:6379/0" \
--set replicaCount=3 \
--set resources.limits.cpu=100m \
--set resources.requests.cpu=50m \
--wait \
--timeout 5m
- name: Verify pods are running
run: |
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=s3proxy-python -n s3proxy --timeout=120s
kubectl get pods -n s3proxy
# Verify we have 3 s3proxy pods
POD_COUNT=$(kubectl get pods -n s3proxy -l app.kubernetes.io/name=s3proxy-python --no-headers | grep Running | wc -l)
if [ "$POD_COUNT" -lt 3 ]; then
echo "Expected 3 s3proxy pods, got $POD_COUNT"
exit 1
fi
echo "✓ All 3 s3proxy pods running"
- name: Check health endpoint
run: |
kubectl port-forward svc/s3proxy-python 4433:4433 -n s3proxy &
sleep 3
curl -sf http://localhost:4433/healthz && echo "Health check passed"
- name: Run S3 smoke test
run: |
kubectl run s3-smoke-test -n s3proxy --rm -i --restart=Never \
--image=amazon/aws-cli:latest \
--env="AWS_ACCESS_KEY_ID=minioadmin" \
--env="AWS_SECRET_ACCESS_KEY=minioadmin" \
--env="AWS_DEFAULT_REGION=us-east-1" \
--command -- /bin/sh -c '
set -e
ENDPOINT="http://s3proxy-python:4433"
echo "=== Creating test bucket ==="
aws --endpoint-url $ENDPOINT s3 mb s3://smoke-test-bucket
echo "=== Uploading test file ==="
echo "Hello from CI smoke test - $(date)" > /tmp/test.txt
ORIG_MD5=$(md5sum /tmp/test.txt | cut -c1-32)
aws --endpoint-url $ENDPOINT s3 cp /tmp/test.txt s3://smoke-test-bucket/test.txt
echo "=== Listing bucket ==="
aws --endpoint-url $ENDPOINT s3 ls s3://smoke-test-bucket/
echo "=== Downloading and verifying ==="
aws --endpoint-url $ENDPOINT s3 cp s3://smoke-test-bucket/test.txt /tmp/downloaded.txt
DOWN_MD5=$(md5sum /tmp/downloaded.txt | cut -c1-32)
if [ "$ORIG_MD5" = "$DOWN_MD5" ]; then
echo "✓ Round-trip successful - checksums match"
else
echo "✗ Checksum mismatch!"
exit 1
fi
echo "=== Verifying encryption (raw read from MinIO) ==="
aws --endpoint-url http://minio:9000 s3 cp s3://smoke-test-bucket/test.txt /tmp/raw.txt 2>/dev/null || true
if [ -f /tmp/raw.txt ]; then
RAW_MD5=$(md5sum /tmp/raw.txt | cut -c1-32)
if [ "$ORIG_MD5" != "$RAW_MD5" ]; then
echo "✓ Data is encrypted - raw content differs from original"
else
echo "✗ Data NOT encrypted - raw matches original!"
exit 1
fi
fi
echo "=== Cleanup ==="
aws --endpoint-url $ENDPOINT s3 rm s3://smoke-test-bucket/test.txt
aws --endpoint-url $ENDPOINT s3 rb s3://smoke-test-bucket
echo ""
echo "✓ All smoke tests passed!"
'
- name: Show logs on failure
if: failure()
run: |
echo "=== Pod Status ==="
kubectl get pods -n s3proxy -o wide
echo ""
echo "=== S3Proxy Logs ==="
kubectl logs -l app.kubernetes.io/name=s3proxy-python -n s3proxy --tail=100
echo ""
echo "=== MinIO Logs ==="
kubectl logs -l app=minio -n s3proxy --tail=50
echo ""
echo "=== Events ==="
kubectl get events -n s3proxy --sort-by=.lastTimestamp