name: E2E Tests on: push: branches: [main] pull_request: branches: [main] workflow_dispatch: permissions: contents: read # Only one E2E run at a time — the shared E2E_RELEASE in headlamp-dev cannot # be shared across concurrent runs. cancel-in-progress: false queues rather # than cancels to avoid skipping the teardown step. concurrency: group: e2e-${{ github.repository }} cancel-in-progress: false env: E2E_NAMESPACE: headlamp-dev E2E_RELEASE: headlamp-e2e-argocd HEADLAMP_VERSION: v0.40.1 jobs: e2e: runs-on: runners-privilegedescalation timeout-minutes: 15 steps: - name: Checkout uses: actions/checkout@v6 - name: Detect package manager id: pkg-manager run: | if [ -f "pnpm-lock.yaml" ]; then echo "manager=pnpm" >> $GITHUB_OUTPUT PM=$(python3 -c "import json,sys; d=json.load(open('package.json')); print('true' if d.get('packageManager','').startswith('pnpm@') else 'false')" 2>/dev/null || echo "false") echo "has_package_manager=$PM" >> $GITHUB_OUTPUT else echo "manager=npm" >> $GITHUB_OUTPUT echo "has_package_manager=false" >> $GITHUB_OUTPUT fi - name: Setup Node uses: actions/setup-node@v6 with: node-version: '22' cache: ${{ steps.pkg-manager.outputs.manager == 'npm' && 'npm' || '' }} - name: Setup pnpm (Corepack, respects packageManager field) if: steps.pkg-manager.outputs.manager == 'pnpm' && steps.pkg-manager.outputs.has_package_manager == 'true' run: | npm install -g corepack corepack enable pnpm corepack prepare $(node -p "require('./package.json').packageManager") --activate - name: Setup pnpm (version latest, no packageManager field) if: steps.pkg-manager.outputs.manager == 'pnpm' && steps.pkg-manager.outputs.has_package_manager == 'false' uses: pnpm/action-setup@v5 with: run_install: false version: latest - name: Get pnpm store directory id: pnpm-store if: steps.pkg-manager.outputs.manager == 'pnpm' run: echo "dir=$(pnpm store path --silent)" >> $GITHUB_OUTPUT - name: Cache pnpm store if: steps.pkg-manager.outputs.manager == 'pnpm' uses: actions/cache@v5 with: path: ${{ steps.pnpm-store.outputs.dir }} key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }} restore-keys: | ${{ runner.os }}-pnpm- - name: Setup kubectl uses: azure/setup-kubectl@v4 with: version: 'latest' - name: Get kubeconfig run: | set -euo pipefail echo "=== Runner kubeconfig diagnostic ===" echo "KUBECONFIG=${KUBECONFIG:-}" for path in /runner/config /home/runner/.kube/config "${HOME:-}/.kube/config"; do if [ -f "$path" ]; then echo "FOUND kubeconfig at: $path" fi done echo "" echo "=== In-cluster service account check ===" in_cluster=false if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then echo "Service account token present — in-cluster mode available" in_cluster=true fi if [ -f /runner/config ]; then echo "KUBECONFIG=/runner/config" >> "$GITHUB_ENV" elif [ -f /home/runner/.kube/config ]; then echo "KUBECONFIG=/home/runner/.kube/config" >> "$GITHUB_ENV" elif [ -f "${HOME:-}/.kube/config" ]; then echo "KUBECONFIG=${HOME:-}/.kube/config" >> "$GITHUB_ENV" elif [ "$in_cluster" = true ]; then echo "No static kubeconfig found — generating in-cluster kubeconfig" KUBECFG_DIR="${HOME:-}/.kube" mkdir -p "$KUBECFG_DIR" kubectl config set-cluster in-cluster \ --server="https://${KUBERNETES_SERVICE_HOST:-kubernetes.default.svc}:${KUBERNETES_SERVICE_PORT:-443}" \ --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \ --embed-certs=true \ --kubeconfig="$KUBECFG_DIR/config" kubectl config set-credentials in-cluster \ --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ --kubeconfig="$KUBECFG_DIR/config" kubectl config set-context in-cluster \ --cluster=in-cluster \ --user=in-cluster \ --kubeconfig="$KUBECFG_DIR/config" kubectl config use-context in-cluster \ --kubeconfig="$KUBECFG_DIR/config" echo "KUBECONFIG=$KUBECFG_DIR/config" >> "$GITHUB_ENV" else echo "::error::No kubeconfig found" exit 1 fi - name: Apply RBAC for E2E pipeline run: | set -x kubectl apply -f deployment/e2e-ci-runner-rbac.yaml echo "Waiting for RBAC propagation..." sleep 5 kubectl get role e2e-ci-runner -n headlamp-dev kubectl get rolebinding e2e-ci-runner-binding -n headlamp-dev 2>&1 | tail -3 || true set +x - name: Install dependencies run: | if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then pnpm install --frozen-lockfile else npm ci fi - name: Build plugin run: npx @kinvolk/headlamp-plugin build - name: Deploy E2E Headlamp instance run: scripts/deploy-e2e-headlamp.sh - name: Load E2E environment run: | if [ -f .env.e2e ]; then cat .env.e2e >> "$GITHUB_ENV" else echo "::error::deploy-e2e-headlamp.sh did not produce .env.e2e" exit 1 fi - name: Install Playwright browsers run: | if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then pnpm exec playwright install --with-deps chromium else npx playwright install --with-deps chromium fi - name: Run E2E tests run: | if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then pnpm run e2e else npm run e2e fi env: HEADLAMP_URL: ${{ env.HEADLAMP_URL }} HEADLAMP_TOKEN: ${{ env.HEADLAMP_TOKEN }} - name: Collect deployment diagnostics on failure if: failure() run: | echo "=== Pod state ===" kubectl get pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true echo "=== Pod describe ===" kubectl describe pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true echo "=== Container logs (current) ===" kubectl logs -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" \ --tail=100 2>&1 || true echo "=== Container logs (previous, if crashed) ===" kubectl logs -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" \ --previous --tail=100 2>&1 || true echo "=== Recent namespace events ===" kubectl get events -n "$E2E_NAMESPACE" --sort-by='.lastTimestamp' 2>&1 | tail -20 || true - name: Teardown E2E instance if: always() run: scripts/teardown-e2e-headlamp.sh - name: Upload Playwright report uses: actions/upload-artifact@v7 if: failure() with: name: playwright-report path: playwright-report/ retention-days: 7 - name: Upload test results uses: actions/upload-artifact@v7 if: failure() with: name: test-results path: test-results/ retention-days: 7