-
Notifications
You must be signed in to change notification settings - Fork 20
140 lines (126 loc) · 5.54 KB
/
e2e-test-with-domain.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: E2E Testing with domain
on:
schedule:
- cron: '0 2 */2 * *' # schedule the test to run every second day at 2:00am
push:
branches:
- main
paths-ignore: # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-ignoring-paths
- 'docs/**'
- '.atlassian/**'
- 'test/unittest**'
pull_request_target:
types: [ labeled ]
workflow_dispatch:
jobs:
test:
if: ${{ github.event.label.name == 'e2e' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
name: E2E Testing with domain
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
env:
AWS_DEFAULT_REGION: us-east-1
SLACK_WEBHOOK_URL_ALERTS: ${{ secrets.SLACK_WEBHOOK_URL_ALERTS }}
SLACK_WEBHOOK_URL_NOTIFICATIONS: ${{ secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS }}
AWS_ADDITIONAL_ROLE: ${{ secrets.AWS_ADDITIONAL_ROLE }}
TF_VAR_bamboo_license: ${{ secrets.TF_VAR_BAMBOO_LICENSE }}
TF_VAR_confluence_license: ${{ secrets.TF_VAR_CONFLUENCE_LICENSE }}
TF_VAR_bitbucket_license: ${{ secrets.TF_VAR_BITBUCKET_LICENSE }}
TF_VAR_crowd_license: ${{ secrets.TF_VAR_CROWD_LICENSE }}
TF_VAR_bamboo_admin_password: ${{ secrets.TF_VAR_BAMBOO_ADMIN_PASSWORD }}
TF_VAR_bitbucket_admin_password: ${{ secrets.TF_VAR_BITBUCKET_ADMIN_PASSWORD }}
TF_VAR_crowd_admin_password: ${{ secrets.TF_VAR_CROWD_ADMIN_PASSWORD }}
TF_VAR_kinesis_log_producers_role_arns: ${{ secrets.TF_VAR_KINESIS_LOG_PRODUCERS_ROLE_ARNS }}
TF_VAR_osquery_fleet_enrollment_secret_name: ${{ secrets.TF_VAR_OSQUERY_FLEET_ENROLLMENT_SECRET_NAME }}
TF_VAR_osquery_fleet_enrollment_host: ${{ secrets.TF_VAR_OSQUERY_FLEET_ENROLLMENT_HOST }}
TF_VAR_crowdstrike_secret_name: ${{ secrets.TF_VAR_CROWDSTRIKE_SECRET_NAME }}
TF_VAR_crowdstrike_kms_key_name: ${{ secrets.TF_VAR_CROWDSTRIKE_KMS_KEY_NAME }}
TF_VAR_crowdstrike_aws_account_id: ${{ secrets.TF_VAR_CROWDSTRIKE_AWS_ACCOUNT_ID }}
USE_DOMAIN: "true"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Install the latest Terraform
run: |
# check existing version
terraform -version
# download the latest
URL=$(curl -fsSL https://api.releases.hashicorp.com/v1/releases/terraform/latest | jq -r '.builds[] | select((.arch=="amd64") and (.os=="linux")).url')
curl -s -o /tmp/terraform.zip ${URL}
echo A | unzip /tmp/terraform.zip -d /usr/local/bin/
rm /tmp/terraform.zip
# check the latest version
terraform -version
- name: Pin Kubectl version
uses: azure/[email protected]
with:
version: 'v1.24.0'
- name: Setup Go environment
uses: actions/setup-go@v3
with:
go-version: '1.18'
- name: Setup Python environment
uses: actions/setup-python@v4
with:
python-version: '3.9.14'
- run: |
python -m pip install --upgrade pip
pip install boto3 retry
- name: Setup dependencies
id: setup-dependencies
working-directory: test/
run: |
go version
go get -v -t -d ./... && go mod tidy
echo "exit_code=$?" >> $GITHUB_OUTPUT
- name: Create test output directory
run: mkdir test/e2etest/artifacts
- name: Add private SSH key for Bitbucket tests
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.BITBUCKET_E2E_TEST_PRIV_SSH_KEY }}
name: bitbucket-e2e # optional
known_hosts: dummy-entry
if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
- name: Add public SSH key for Bitbucket tests
run: |
echo ${{ secrets.BITBUCKET_E2E_TEST_PUB_SSH_KEY }} > /home/runner/.ssh/bitbucket-e2e.pub
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@master
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: DCTerraformSession
role-duration-seconds: 7200
- name: E2E Testing with domain
id: e2e-test
working-directory: test/
run: |
set -o pipefail
# boto3 ignores AWS creds env vars for some reason
mkdir -p ~/.aws
echo -e "[default]\naws_access_key_id = ${AWS_ACCESS_KEY_ID}\naws_secret_access_key = ${AWS_SECRET_ACCESS_KEY}\naws_session_token = ${AWS_SESSION_TOKEN}" > ~/.aws/credentials
go test ./e2etest -v -timeout 100m -run Installer | tee ./e2etest/artifacts/e2etest.log
- name: Upload test log files
if: always()
uses: actions/[email protected]
with:
name: e2e-test-artifacts
path: test/e2etest/artifacts/
- name: Send slack notification
if: always()
run: |
export GITHUB_EVENT_NUMBER="${{ github.event.number}}"
export JOB_STATUS="${{ job.status }}"
export PULL_REQUEST_URL="${{ github.event.pull_request._links.html.href }}"
export PULL_REQUEST_TITLE="${{ github.event.pull_request.title }}"
export SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL_NOTIFICATIONS}
scripts/send_slack_notifications.sh
if [[ ${JOB_STATUS} == "failure" ]]; then
export SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL_ALERTS}
scripts/send_slack_notifications.sh
fi