From ffd2a9da3645eb4282250feb4da2e271de15ab6b Mon Sep 17 00:00:00 2001 From: Taylor Mutch Date: Mon, 1 Jun 2026 11:02:10 -0700 Subject: [PATCH 1/3] ci(kubernetes): pin mise in e2e workflow Signed-off-by: Taylor Mutch --- .github/workflows/e2e-kubernetes-test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/e2e-kubernetes-test.yml b/.github/workflows/e2e-kubernetes-test.yml index d338afc78..b335480a8 100644 --- a/.github/workflows/e2e-kubernetes-test.yml +++ b/.github/workflows/e2e-kubernetes-test.yml @@ -40,6 +40,8 @@ jobs: packages: read env: MISE_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Keep bare-runner installs aligned with the project CI image. + MISE_VERSION: v2026.4.25 KIND_CLUSTER_NAME: kube-e2e-${{ github.run_id }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 From 6181ac48e781ed2841fcf187405926677c1b5f84 Mon Sep 17 00:00:00 2001 From: Taylor Mutch Date: Mon, 1 Jun 2026 13:51:42 -0700 Subject: [PATCH 2/3] ci(kubernetes): mirror postgres image for ha e2e Signed-off-by: Taylor Mutch --- .../helm/openshell/ci/values-high-availability.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/deploy/helm/openshell/ci/values-high-availability.yaml b/deploy/helm/openshell/ci/values-high-availability.yaml index df4ceae65..5ccb79a77 100644 --- a/deploy/helm/openshell/ci/values-high-availability.yaml +++ b/deploy/helm/openshell/ci/values-high-availability.yaml @@ -6,7 +6,19 @@ # this overlay enables the bundled PostgreSQL dependency added by the chart. replicaCount: 2 +global: + security: + # The mirror serves the same pinned Bitnami PostgreSQL digest, but Bitnami's + # chart verification treats non-Docker-Hub registries as unrecognized. + allowInsecureImages: true + postgres: enabled: true + # Keep the HA CI/dev overlay off Docker Hub's unauthenticated pull path. + # The Bitnami subchart defaults to registry-1.docker.io/bitnami/postgresql:latest. + image: + registry: mirror.gcr.io + repository: bitnami/postgresql + digest: sha256:7651d7f24aad83fe68a222f7f20eded10d325c96ebee285ca5bf8162eddcba64 auth: password: openshell-ha-ci From 596f3d3b50dd7f723557696f8ab339cd62ea510d Mon Sep 17 00:00:00 2001 From: Taylor Mutch Date: Mon, 1 Jun 2026 14:29:09 -0700 Subject: [PATCH 3/3] ci(kubernetes): reuse e2e workflow for ha Signed-off-by: Taylor Mutch --- .github/workflows/branch-e2e.yml | 4 ++- .github/workflows/e2e-kubernetes-ha-test.yml | 37 -------------------- .github/workflows/e2e-kubernetes-test.yml | 14 ++++++-- 3 files changed, 15 insertions(+), 40 deletions(-) delete mode 100644 .github/workflows/e2e-kubernetes-ha-test.yml diff --git a/.github/workflows/branch-e2e.yml b/.github/workflows/branch-e2e.yml index 1a0782284..6bb65acc7 100644 --- a/.github/workflows/branch-e2e.yml +++ b/.github/workflows/branch-e2e.yml @@ -117,9 +117,11 @@ jobs: permissions: contents: read packages: read - uses: ./.github/workflows/e2e-kubernetes-ha-test.yml + uses: ./.github/workflows/e2e-kubernetes-test.yml with: image-tag: ${{ github.sha }} + job-name: Kubernetes HA E2E (Rust smoke) + extra-helm-values: deploy/helm/openshell/ci/values-high-availability.yaml core-e2e-result: name: Core E2E result diff --git a/.github/workflows/e2e-kubernetes-ha-test.yml b/.github/workflows/e2e-kubernetes-ha-test.yml deleted file mode 100644 index 756b8024f..000000000 --- a/.github/workflows/e2e-kubernetes-ha-test.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Kubernetes HA E2E Test - -on: - workflow_call: - inputs: - image-tag: - description: "Image tag to test (typically the commit SHA)" - required: true - type: string - runner: - description: "GitHub Actions runner label" - required: false - type: string - default: "linux-amd64-cpu8" - checkout-ref: - description: "Git ref to check out for test inputs (defaults to the workflow SHA)" - required: false - type: string - default: "" - -permissions: - contents: read - packages: read - -jobs: - e2e-kubernetes-ha: - name: Kubernetes HA E2E - permissions: - contents: read - packages: read - uses: ./.github/workflows/e2e-kubernetes-test.yml - secrets: inherit - with: - image-tag: ${{ inputs.image-tag }} - runner: ${{ inputs.runner }} - checkout-ref: ${{ inputs.checkout-ref }} - extra-helm-values: deploy/helm/openshell/ci/values-high-availability.yaml diff --git a/.github/workflows/e2e-kubernetes-test.yml b/.github/workflows/e2e-kubernetes-test.yml index b335480a8..c8c67a5e5 100644 --- a/.github/workflows/e2e-kubernetes-test.yml +++ b/.github/workflows/e2e-kubernetes-test.yml @@ -17,11 +17,21 @@ on: required: false type: string default: "" + job-name: + description: "Display name for the Kubernetes e2e job" + required: false + type: string + default: "Kubernetes E2E (Rust smoke)" extra-helm-values: description: "Colon-separated Helm values files to layer on the Kubernetes e2e chart install" required: false type: string default: "" + mise-version: + description: "mise version to install on the bare Kubernetes e2e runner" + required: false + type: string + default: "v2026.4.25" permissions: contents: read @@ -29,7 +39,7 @@ permissions: jobs: e2e-kubernetes: - name: Kubernetes E2E (Rust smoke) + name: ${{ inputs.job-name }} # Bare runner: running kind-in-container hits nested-Docker / kubeconfig # complications. The runner has Docker; mise installs helm, kubectl, and # the Rust toolchain. @@ -41,7 +51,7 @@ jobs: env: MISE_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Keep bare-runner installs aligned with the project CI image. - MISE_VERSION: v2026.4.25 + MISE_VERSION: ${{ inputs.mise-version }} KIND_CLUSTER_NAME: kube-e2e-${{ github.run_id }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6