feat(netbird): add Gateway API support and reject ingressGrpc without TLS (#74) #141

Workflow file for this run

	name: CI

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]

	jobs:
	# ── Detect which charts changed ──────────────────────────────────────
	detect-changes:
	name: Detect Changes
	runs-on: ubuntu-latest
	permissions:
	pull-requests: read
	outputs:
	netbird: ${{ steps.filter.outputs.netbird }}
	keycloak: ${{ steps.filter.outputs.keycloak }}
	ci: ${{ steps.filter.outputs.ci }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Detect changed paths
	uses: dorny/paths-filter@v3
	id: filter
	with:
	filters: \|
	netbird:
	- 'charts/netbird/**'
	- 'ci/scripts/netbird/**'
	keycloak:
	- 'charts/keycloak/**'
	- 'ci/scripts/keycloak/**'
	ci:
	- '.github/workflows/ci.yaml'
	- 'Makefile'
	- 'dprint.json'
	- '.helmfmt'

	# ── Format check (always runs) ──────────────────────────────────────
	format-check:
	name: Format Check
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install dprint
	run: curl -fsSL https://dprint.dev/install.sh \| sh && echo "$HOME/.dprint/bin" >> "$GITHUB_PATH"

	- name: Check markdown and YAML formatting
	run: dprint check

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: "stable"
	cache: false

	- name: Install helmfmt
	run: go install github.com/digitalstudium/helmfmt@latest

	- name: Check Helm template formatting
	run: \|
	for chart in charts/*/; do
	helmfmt "$chart"
	done
	if ! git diff --exit-code -- 'charts/*/templates/'; then
	echo "::error::Helm templates are not formatted. Run 'helmfmt charts/<chart>' locally."
	exit 1
	fi

	# ── Lint & unit test (always runs) ──────────────────────────────────
	lint-and-unit-test:
	name: Lint & Unit Test
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Helm lint
	run: \|
	for chart in charts/*/; do
	echo "==> Linting ${chart}..."
	helm lint "${chart}"
	done

	- name: Install helm-unittest plugin
	run: helm plugin install https://github.com/helm-unittest/helm-unittest.git --verify=false

	- name: Run unit tests
	run: \|
	for chart in charts/*/; do
	if [ -d "${chart}/tests" ]; then
	echo "==> Testing ${chart}..."
	helm unittest "${chart}"
	fi
	done

	# ── NetBird E2E tests (only when netbird chart or CI config changes) ─
	e2e-sqlite:
	name: "E2E — NetBird: SQLite"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.netbird == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (sqlite)
	run: ci/scripts/netbird/e2e.sh sqlite

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n netbird-e2e get pods -o wide \|\| true
	echo "=== Server logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-server --all-containers --tail=100 \|\| true
	echo "=== Dashboard logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-dashboard --tail=100 \|\| true
	echo "=== Events ==="
	kubectl -n netbird-e2e get events --sort-by='.lastTimestamp' \|\| true

	e2e-postgres:
	name: "E2E — NetBird: PostgreSQL"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.netbird == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (postgres)
	run: ci/scripts/netbird/e2e.sh postgres

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n netbird-e2e get pods -o wide \|\| true
	echo "=== Server logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-server --all-containers --tail=100 \|\| true
	echo "=== Dashboard logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-dashboard --tail=100 \|\| true
	echo "=== PostgreSQL logs ==="
	kubectl -n netbird-e2e logs deployment/postgres --tail=50 \|\| true
	echo "=== Events ==="
	kubectl -n netbird-e2e get events --sort-by='.lastTimestamp' \|\| true

	e2e-mysql:
	name: "E2E — NetBird: MySQL"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.netbird == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (mysql)
	run: ci/scripts/netbird/e2e.sh mysql

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n netbird-e2e get pods -o wide \|\| true
	echo "=== Server logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-server --all-containers --tail=100 \|\| true
	echo "=== Dashboard logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-dashboard --tail=100 \|\| true
	echo "=== MySQL logs ==="
	kubectl -n netbird-e2e logs deployment/mysql --tail=50 \|\| true
	echo "=== Events ==="
	kubectl -n netbird-e2e get events --sort-by='.lastTimestamp' \|\| true

	e2e-gateway:
	name: "E2E — NetBird: Gateway API (Envoy Gateway)"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.netbird == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (gateway)
	run: ci/scripts/netbird/e2e-gateway.sh

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n netbird-gateway-e2e get pods -o wide \|\| true
	echo "=== Gateway status ==="
	kubectl -n netbird-gateway-e2e get gateway netbird-gateway -o yaml \|\| true
	echo "=== Route statuses ==="
	kubectl -n netbird-gateway-e2e get httproute,grpcroute -o yaml \|\| true
	echo "=== Envoy Gateway logs ==="
	kubectl -n envoy-gateway-system logs deployment/envoy-gateway --tail=100 \|\| true
	echo "=== Server logs ==="
	kubectl -n netbird-gateway-e2e logs deployment/netbird-gateway-e2e-server --all-containers --tail=100 \|\| true
	echo "=== Events ==="
	kubectl -n netbird-gateway-e2e get events --sort-by='.lastTimestamp' \|\| true

	e2e-oidc-embedded:
	name: "E2E — NetBird: OIDC (Embedded IdP)"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.netbird == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (oidc-embedded)
	run: ci/scripts/netbird/e2e-oidc.sh embedded

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n netbird-e2e get pods -o wide \|\| true
	echo "=== Server logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-server --all-containers --tail=100 \|\| true
	echo "=== Dashboard logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-dashboard --tail=100 \|\| true
	echo "=== Events ==="
	kubectl -n netbird-e2e get events --sort-by='.lastTimestamp' \|\| true

	e2e-oidc-keycloak:
	name: "E2E — NetBird: OIDC (Keycloak)"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.netbird == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (oidc-keycloak)
	run: ci/scripts/netbird/e2e-oidc.sh keycloak

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n netbird-e2e get pods -o wide \|\| true
	echo "=== Server logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-server --all-containers --tail=100 \|\| true
	echo "=== Dashboard logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-dashboard --tail=100 \|\| true
	echo "=== Keycloak logs ==="
	kubectl -n netbird-e2e logs deployment/keycloak --tail=100 \|\| true
	echo "=== Events ==="
	kubectl -n netbird-e2e get events --sort-by='.lastTimestamp' \|\| true

	e2e-oidc-zitadel:
	name: "E2E — NetBird: OIDC (Zitadel)"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.netbird == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (oidc-zitadel)
	run: ci/scripts/netbird/e2e-oidc.sh zitadel

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n netbird-e2e get pods -o wide \|\| true
	echo "=== Server logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-server --all-containers --tail=100 \|\| true
	echo "=== Dashboard logs ==="
	kubectl -n netbird-e2e logs deployment/netbird-e2e-dashboard --tail=100 \|\| true
	echo "=== Zitadel logs ==="
	kubectl -n netbird-e2e logs deployment/zitadel --tail=100 \|\| true
	echo "=== PostgreSQL logs ==="
	kubectl -n netbird-e2e logs deployment/zitadel-db --tail=50 \|\| true
	echo "=== Events ==="
	kubectl -n netbird-e2e get events --sort-by='.lastTimestamp' \|\| true

	# ── Keycloak E2E tests (only when keycloak chart or CI config changes) ─
	e2e-keycloak-dev:
	name: "E2E — Keycloak: Dev"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.keycloak == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (keycloak dev)
	run: ci/scripts/keycloak/e2e.sh dev

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n keycloak-e2e get pods -o wide \|\| true
	echo "=== Keycloak logs ==="
	kubectl -n keycloak-e2e logs deployment/keycloak-e2e --tail=100 \|\| true
	echo "=== Events ==="
	kubectl -n keycloak-e2e get events --sort-by='.lastTimestamp' \|\| true

	e2e-keycloak-postgres:
	name: "E2E — Keycloak: PostgreSQL"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.keycloak == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (keycloak postgres)
	run: ci/scripts/keycloak/e2e.sh postgres

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n keycloak-e2e get pods -o wide \|\| true
	echo "=== Keycloak logs ==="
	kubectl -n keycloak-e2e logs deployment/keycloak-e2e --tail=100 \|\| true
	echo "=== PostgreSQL logs ==="
	kubectl -n keycloak-e2e logs deployment/postgres --tail=50 \|\| true
	echo "=== Events ==="
	kubectl -n keycloak-e2e get events --sort-by='.lastTimestamp' \|\| true

	e2e-keycloak-replicas:
	name: "E2E — Keycloak: Replicas"
	runs-on: ubuntu-latest
	needs: [detect-changes, lint-and-unit-test]
	if: needs.detect-changes.outputs.keycloak == 'true' \|\| needs.detect-changes.outputs.ci == 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v4.0.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	cluster_name: helms-e2e

	- name: Run e2e test (keycloak replicas)
	run: ci/scripts/keycloak/e2e.sh replicas

	- name: Show debug info on failure
	if: failure()
	run: \|
	echo "=== Pod status ==="
	kubectl -n keycloak-e2e get pods -o wide \|\| true
	echo "=== Keycloak logs ==="
	kubectl -n keycloak-e2e logs deployment/keycloak-e2e --tail=100 \|\| true
	echo "=== PostgreSQL logs ==="
	kubectl -n keycloak-e2e logs deployment/postgres --tail=50 \|\| true
	echo "=== Events ==="
	kubectl -n keycloak-e2e get events --sort-by='.lastTimestamp' \|\| true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(netbird): add Gateway API support and reject ingressGrpc without TLS (#74) #141

Workflow file

feat(netbird): add Gateway API support and reject ingressGrpc without TLS (#74) #141

Uh oh!

Workflow file for this run