88
99 strategy :
1010 matrix :
11- python-version : ['3.8', '3.9', '3.10', '3.11', '3.12', '3.13','pypy3.10']
11+ python-version : ['3.8', '3.9', '3.10', '3.11', '3.12', '3.13', 'pypy3.10']
1212
1313 env :
14- REALM : test
15- USER : oauth_user
16- PASSWORD : password
17- CLIENT_ID : vertica
18- CLIENT_SECRET : P9f8350QQIUhFfK1GF5sMhq4Dm3P6Sbs
14+ REALM : ${{ secrets.REALM }}
15+ USER : ${{ secrets.USER }}
16+ PASSWORD : ${{ secrets.PASSWORD }}
17+ CLIENT_ID : ${{ secrets.CLIENT_ID }}
18+ CLIENT_SECRET : ${{ secrets.CLIENT_SECRET }}
1919
2020 steps :
2121 # ---------------------------
4545
4646 - name : Add Helm repositories
4747 run : |
48- helm repo add vertica-charts https://vertica.github.io/charts || true
48+ helm repo add vertica-charts https://vertica.github.io/charts
4949 helm repo add bitnami https://charts.bitnami.com/bitnami || true
5050 helm repo update
5151
5454 # ---------------------------
5555 - name : Install MinIO
5656 run : |
57- kubectl create ns minio || true
57+ kubectl create ns minio
5858 cat <<'EOF' > minio.yaml
5959 apiVersion: apps/v1
6060 kind: Deployment
7373 spec:
7474 containers:
7575 - name: minio
76- image: minio/minio:RELEASE.2025-09-07T16-13-09Z-cpuv1
76+ image: minio/minio:latest
7777 args: ["server", "/data"]
7878 env:
7979 - name: MINIO_ROOT_USER
@@ -102,7 +102,7 @@ jobs:
102102 targetPort: 9000
103103 EOF
104104 kubectl apply -f minio.yaml
105- kubectl -n minio rollout status deployment/minio --timeout=2m || true
105+ kubectl -n minio rollout status deployment/minio --timeout=2m
106106 kubectl get pods -n minio -o wide || true
107107 kubectl get svc -n minio || true
108108
@@ -119,7 +119,7 @@ jobs:
119119
120120name : Create MinIO Secret
121121 run : |
122- kubectl create ns my-verticadb-operator || true
122+ kubectl create ns my-verticadb-operator
123123 kubectl delete secret communal-creds -n my-verticadb-operator --ignore-not-found
124124 kubectl create secret generic communal-creds \
125125 -n my-verticadb-operator \
@@ -218,7 +218,7 @@ jobs:
218218 for i in {1..30}; do
219219 kubectl get pod ${POD} -n ${NS} && break || sleep 10
220220 done
221- kubectl wait --for=condition=Ready pod/${POD} -n ${NS} --timeout=5m || true
221+ kubectl wait --for=condition=Ready pod/${POD} -n ${NS} --timeout=5m
222222
223223 echo "🚀 Creating test runner pod..."
224224 kubectl -n ${NS} run test-runner --image=python:3.13-slim --restart=Never --command -- sleep infinity
@@ -240,7 +240,7 @@ jobs:
240240 # ---------------------------
241241 - name : Deploy Keycloak
242242 run : |
243- kubectl create ns keycloak || true
243+ kubectl create ns keycloak
244244 cat <<'EOF' | kubectl apply -f -
245245 apiVersion: apps/v1
246246 kind: Deployment
@@ -334,15 +334,10 @@ jobs:
334334 GRANT AUTHENTICATION v_dbadmin_hash TO dbadmin;
335335 \"
336336 "
337-
337+
338338# ---------------------------
339339 # Testing section
340340 # ---------------------------
341- - name : Check Vertica load balance policy
342- run : |
343- kubectl -n my-verticadb-operator exec verticadb-sample-defaultsubcluster-0 -c server -- \
344- /opt/vertica/bin/vsql -U dbadmin -c "SELECT get_load_balance_policy();"
345-
346341 - name : Run Python tests in-cluster
347342 run : |
348343 set -euo pipefail
@@ -373,25 +368,74 @@ jobs:
373368 kubectl -n ${NS} get endpoints ${SVC} -o yaml || true
374369 exit 1
375370 fi
376- echo "Creating Python test pod..."
377- kubectl -n ${NS} delete pod ${POD} --ignore-not-found || true
378- if [[ "${IMAGE}" == *"pypy"* ]]; then
379- kubectl -n ${NS} run ${POD} --image=${IMAGE} --restart=Never --command -- python -c "import time; time.sleep(10**6)"
380- else
381- kubectl -n ${NS} run ${POD} --image=${IMAGE} --restart=Never --command -- sleep infinity
371+
372+ echo "Fetching token from Keycloak..."
373+ TOKEN=$(kubectl -n keycloak exec deploy/keycloak -- \
374+ curl -s -X POST "http://keycloak.keycloak.svc.cluster.local:8080/realms/${REALM}/protocol/openid-connect/token" \
375+ -d "client_id=${CLIENT_ID}" \
376+ -d "username=${USER}" \
377+ -d "password=${PASSWORD}" \
378+ -d "grant_type=password" \
379+ -d "client_secret=${CLIENT_SECRET}" | jq -r .access_token)
380+
381+ if [ -z "$TOKEN" ]; then
382+ echo "❌ Failed to fetch access token"
383+ exit 1
382384 fi
383- # Try waiting for Ready, but capture failure
385+
386+ echo "Creating Kubernetes Secret with token..."
387+ kubectl -n ${NS} delete secret oauth-token --ignore-not-found
388+ kubectl -n ${NS} create secret generic oauth-token \
389+ --from-literal=access_token="$TOKEN"
390+
391+ echo "Creating Python test pod with secret mount..."
392+ kubectl -n ${NS} delete pod ${POD} --ignore-not-found || true
393+ cat <<EOF | kubectl apply -f -
394+ apiVersion: v1
395+ kind: Pod
396+ metadata:
397+ name: ${POD}
398+ namespace: ${NS}
399+ spec:
400+ restartPolicy: Never
401+ containers:
402+ - name: tester
403+ image: ${IMAGE}
404+ command: ["sleep", "infinity"]
405+ env:
406+ - name: VP_TEST_OAUTH_ACCESS_TOKEN
407+ valueFrom:
408+ secretKeyRef:
409+ name: oauth-token
410+ key: access_token
411+ - name: VP_TEST_HOST
412+ value: verticadb-sample-defaultsubcluster.my-verticadb-operator.svc.cluster.local
413+ - name: VP_TEST_PORT
414+ value: "5433"
415+ - name: VP_TEST_DATABASE
416+ value: vdb
417+ - name: VP_TEST_OAUTH_USER
418+ value: oauth_user
419+ - name: VP_TEST_USER
420+ value: dbadmin
421+ - name: VP_TEST_PASSWORD
422+ value: ""
423+ EOF
424+
425+ echo "Waiting for test pod readiness..."
384426 if ! kubectl -n ${NS} wait --for=condition=Ready pod/${POD} --timeout=180s; then
385427 echo "Pod did not become Ready. Collecting debug info..."
386428 kubectl -n ${NS} describe pod ${POD} || true
387429 kubectl -n ${NS} logs ${POD} || true
388430 exit 1
389431 fi
432+
390433 echo "Copying repository into pod..."
391- kubectl -n ${NS} exec -i pod/${POD} -- mkdir -p /workspace
392- tar cf - . | kubectl -n ${NS} exec -i pod/${POD} -- tar xf - -C /workspace
434+ kubectl -n ${NS} exec -i ${POD} -- mkdir -p /workspace
435+ tar cf - . | kubectl -n ${NS} exec -i ${POD} -- tar xf - -C /workspace
436+
393437 echo "Installing dependencies..."
394- kubectl -n ${NS} exec pod/ ${POD} -- bash -lc '
438+ kubectl -n ${NS} exec ${POD} -- bash -lc '
395439 set -e
396440 apt-get update -qq
397441 apt-get install -y -qq build-essential libssl-dev libpq-dev netcat-traditional curl
@@ -404,70 +448,30 @@ jobs:
404448 pypy3 -m pip install --upgrade pip
405449 pypy3 -m pip install tox pytest
406450 fi
407- # Conditionally adjust PATH for PyPy
408- if [[ "${{ matrix.python-version }}" == pypy* ]]; then
451+ if command -v pypy3 >/dev/null 2>&1; then
409452 export PATH=$PATH:/opt/pypy/bin
410453 else
411454 export PATH=$PATH:/root/.local/bin
412455 fi
413456 which tox && tox --version
414457 '
415- echo "Fetching token from Keycloak..."
416- CT_POD="curl-token-$$"
417- kubectl -n keycloak delete pod ${CT_POD} --ignore-not-found || true
418- kubectl -n keycloak run ${CT_POD} --restart=Never --image=curlimages/curl:latest --command -- sleep 120
419- kubectl -n keycloak wait --for=condition=Ready pod/${CT_POD} --timeout=120s || true
420- kubectl -n keycloak exec pod/${CT_POD} -- sh -c "
421- curl -s -X POST 'http://keycloak.keycloak.svc.cluster.local:8080/realms/${REALM}/protocol/openid-connect/token' \
422- -d 'client_id=${CLIENT_ID}' \
423- -d 'username=${USER}' \
424- -d 'password=${PASSWORD}' \
425- -d 'grant_type=password' \
426- -d 'client_secret=${CLIENT_SECRET}' > /tmp/token.json
427- "
428- kubectl -n keycloak cp ${CT_POD}:/tmp/token.json token.json || {
429- echo "Failed to copy token.json from curl pod"
430- kubectl -n keycloak logs ${CT_POD} || true
431- exit 1
432- }
433- kubectl -n keycloak delete pod ${CT_POD} --ignore-not-found || true
434- TOKEN=$(python3 -c 'import json; print(__import__("json").load(open("token.json")).get("access_token",""))')
435- if [ -z "$TOKEN" ]; then
436- echo "No access_token found in token.json"
437- cat token.json
438- exit 1
439- fi
440- echo "Access token retrieved (length: ${#TOKEN})"
441- printf '%s' "$TOKEN" | kubectl -n ${NS} exec -i pod/${POD} -- tee /workspace/access_token.txt >/dev/null
458+
442459 echo "🏃 Running Python tests inside pod..."
443- kubectl -n ${NS} exec -i pod/ ${POD} -- bash -lc "
460+ kubectl -n ${NS} exec -i ${POD} -- bash -lc "
444461 set -euo pipefail
445462 cd /workspace
446- export VP_TEST_OAUTH_ACCESS_TOKEN='${TOKEN}'
447- export VP_TEST_HOST='verticadb-sample-defaultsubcluster.my-verticadb-operator.svc.cluster.local'
448- export VP_TEST_PORT=5433
449- export VP_TEST_DATABASE='vdb'
450- export VP_TEST_OAUTH_USER='oauth_user'
451- export VP_TEST_USER='dbadmin'
452- export VP_TEST_PASSWORD=''
453463 echo '🔍 Checking connectivity to Vertica...'
454- if command -v nc >/dev/null 2>&1; then
455- nc -zv \${VP_TEST_HOST} \${VP_TEST_PORT} || { echo '❌ Cannot reach Vertica host'; exit 1; }
456- else
457- timeout 5 bash -c 'cat < /dev/null > /dev/tcp/'\"\${VP_TEST_HOST}\"'/'\"\${VP_TEST_PORT}\"'' || { echo '❌ Cannot reach Vertica host'; exit 1; }
458- fi
464+ nc -zv \${VP_TEST_HOST} \${VP_TEST_PORT} || { echo '❌ Cannot reach Vertica host'; exit 1; }
459465 echo 'Vertica reachable; performing token introspection...'
460466 INTROSPECT_OUTPUT=\$(curl -s -X POST http://keycloak.keycloak.svc.cluster.local:8080/realms/test/protocol/openid-connect/token/introspect \
461467 -d 'client_id=vertica' \
462- -d 'client_secret=P9f8350QQIUhFfK1GF5sMhq4Dm3P6Sbs ' \
468+ -d 'client_secret=${CLIENT_SECRET} ' \
463469 -d 'token='\${VP_TEST_OAUTH_ACCESS_TOKEN})
464470 if echo \"\$INTROSPECT_OUTPUT\" | grep -q '\"active\":true'; then
465471 echo 'Token introspection successful (active=true)'
466472 else
467- echo 'Token introspection failed:'
468- echo \"\$INTROSPECT_OUTPUT\"; exit 1
473+ echo 'Token introspection failed:'; echo \"\$INTROSPECT_OUTPUT\"; exit 1
469474 fi
470-
471475 if command -v pypy3 >/dev/null 2>&1; then
472476 export PATH=\$PATH:/opt/pypy/bin
473477 fi
0 commit comments