From d0b54826c7601e3c03e6d31f2a970936b8f009cd Mon Sep 17 00:00:00 2001 From: test-cli-e2e-aws Date: Thu, 5 Dec 2024 08:55:59 +0100 Subject: [PATCH] add github job and test aws --- .github/workflows/e2e.yaml | 115 ++++++++++++++++++++++++++++ Makefile | 5 +- test/plural/lib/aws-teardown.yaml | 9 +++ test/plural/lib/workspace-setup.yml | 7 +- test/plural/up.yml | 14 +++- 5 files changed, 141 insertions(+), 9 deletions(-) create mode 100644 test/plural/lib/aws-teardown.yaml diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 07229ea5..826221ff 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -18,13 +18,127 @@ env: TESTOUT_PATH: /home/runner/testout SSH_PATH: /home/runner/.ssh VENOM_PATH: /usr/local/bin/venom + AWS_NUKE_PATH: /usr/local/bin/aws-nuke VENOM_VAR_pluralHome: /home/runner/.plural VENOM_VAR_directory: /home/runner/testout/azure VENOM_VAR_gitRepo: git@github.com:pluralsh/plural-cli-e2e.git VENOM_VAR_gitRepoPrivateKeyPath: /home/runner/.ssh/id_rsa VENOM_VAR_pluralKey: ${{ secrets.E2E_PLURAL_PRIVATE_KEY }} jobs: + plural-up-aws: + name: plural up / AWS + permissions: + contents: 'read' + id-token: 'write' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Store test timestamp + run: echo "TIMESTAMP=$(date +'%s')" >> $GITHUB_ENV + - name: Setup test repository SSH key + run: | + mkdir -p ${{ env.SSH_PATH }} + (base64 -d <<< ${{ secrets.E2E_REPO_PRIVATE_KEY }}) > ${{ env.VENOM_VAR_gitRepoPrivateKeyPath }} + chmod 600 ${{ env.VENOM_VAR_gitRepoPrivateKeyPath }} + eval "$(ssh-agent -s)" + ssh-add ${{ env.VENOM_VAR_gitRepoPrivateKeyPath }} + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.E2E_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.E2E_AWS_SECRET_ACCESS_KEY }} + aws-region: eu-west-1 + role-to-assume: arn:aws:iam::911167907168:user/aws-nuke + - name: Install aws-nuke + run: | + wget -c https://github.com/ekristen/aws-nuke/releases/download/v3.34.0/aws-nuke-v3.34.0-linux-amd64.tar.gz -O - | tar -xz -C /usr/local/bin + chmod +x ${{ env.AWS_NUKE_PATH }} + aws-nuke version + - name: Setup Go + uses: actions/setup-go@v4.1.0 + with: + go-version-file: go.mod + - name: Add GOBIN to PATH + run: echo $GOBIN >> $GITHUB_PATH + - name: Setup Venom + run: | + curl https://github.com/ovh/venom/releases/download/v1.2.0/venom.linux-amd64 -L -o ${{ env.VENOM_PATH }} + chmod +x ${{ env.VENOM_PATH }} + venom version + - name: Setup Plural CLI + run: | + make install-cli + mkdir -p ${{ env.VENOM_VAR_pluralHome }} + plural version + - name: Print Terraform version + run: terraform --version + - name: Print Google Cloud CLI version + run: gcloud --version + - name: Create kube directory + run: | + mkdir -p $HOME/.kube + touch $HOME/.kube/config + chmod 755 $HOME/.kube/config + - name: Run tests + env: + VENOM_VAR_provider: aws + VENOM_VAR_region: eu-west-1 + VENOM_VAR_awsZoneA: eu-west-1a + VENOM_VAR_awsZoneB: eu-west-1b + VENOM_VAR_awsZoneC: eu-west-1c + VENOM_VAR_awsProject: ${{ secrets.E2E_AWS_PROJECT_ID }} + VENOM_VAR_awsBucket: e2e-tf-state-${{ env.TIMESTAMP }} + VENOM_VAR_project: ${{ secrets.E2E_AWS_PROJECT_ID }} + VENOM_VAR_branch: e2e-${{ env.TIMESTAMP }}-aws + VENOM_VAR_username: ${{ secrets.E2E_AWS_SA_USERNAME }} + VENOM_VAR_email: ${{ secrets.E2E_AWS_SA_EMAIL }} + VENOM_VAR_token: ${{ secrets.E2E_AWS_SA_TOKEN }} + TF_VAR_deletion_protection: false + AWS_ACCESS_KEY_ID: ${{ secrets.E2E_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.E2E_AWS_SECRET_ACCESS_KEY }} + run: venom run -vv --html-report --format=json --output-dir ${{ env.TESTOUT_PATH }} test/plural + - name: Post status on Slack + id: slack_message + if: always() + uses: slackapi/slack-github-action@v2.0.0 + with: + webhook-type: incoming-webhook + webhook: ${{ secrets.SLACK_WEBHOOK }} + payload: | + blocks: + - type: section + text: + type: mrkdwn + text: "${{ github.workflow }} workflow finished." + - type: section + fields: + - type: mrkdwn + text: "*Repository*\n" + - type: mrkdwn + text: "*Job*\n`${{ github.job }}`" + - type: mrkdwn + text: "*Status*\n`${{ job.status }}`" + - type: mrkdwn + text: "*Pull request*\n<${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>" + - name: Upload artifacts to Slack on failure + if: failure() + uses: slackapi/slack-github-action@v2.0.0 + with: + method: files.uploadV2 + token: ${{ secrets.SLACK_BOT_TOKEN }} + payload: | + channel_id: ${{ secrets.SLACK_CHANNEL_ID }} + thread_ts: "${{ steps.slack_message.outputs.ts }}" + file_uploads: + - file: ${{ env.TESTOUT_PATH }}/venom.log + filename: venom.log + - file: ${{ env.TESTOUT_PATH }}/test_results.html + filename: rest_results.html plural-up-gcp: + if: false name: plural up / GCP permissions: contents: 'read' @@ -130,6 +244,7 @@ jobs: - file: ${{ env.TESTOUT_PATH }}/test_results.html filename: rest_results.html plural-up-azure: + if: false name: plural up / Azure runs-on: ubuntu-latest steps: diff --git a/Makefile b/Makefile index 24de2627..84994ad3 100644 --- a/Makefile +++ b/Makefile @@ -214,13 +214,14 @@ e2e: --ensure-venom VENOM_VAR_awsZoneA=${PLRL_CLI_E2E_AWS_ZONE_A} \ VENOM_VAR_awsZoneB=${PLRL_CLI_E2E_AWS_ZONE_B} \ VENOM_VAR_awsZoneC=${PLRL_CLI_E2E_AWS_ZONE_C} \ - VENOM_VAR_projectAWS=${PLRL_CLI_E2E_PROJECT} \ - VENOM_VAR_bucketAWS=e2e-tf-state-${TIMESTAMP} \ + VENOM_VAR_awsProject=${PLRL_CLI_E2E_PROJECT} \ + VENOM_VAR_awsBucket=e2e-tf-state-${TIMESTAMP} \ PLURAL_LOGIN_AFFIRM_CURRENT_USER=true \ PLURAL_UP_AFFIRM_DEPLOY=true \ PLURAL_CD_USE_EXISTING_CREDENTIALS=true \ TF_VAR_network=plural-e2e-network-${TIMESTAMP} \ TF_VAR_subnetwork=plural-e2e-subnet-${TIMESTAMP} \ + TF_VAR_deletion_protection=false \ venom run -vv --html-report --format=json --output-dir testout test/plural .PHONY: format diff --git a/test/plural/lib/aws-teardown.yaml b/test/plural/lib/aws-teardown.yaml new file mode 100644 index 00000000..69d93c86 --- /dev/null +++ b/test/plural/lib/aws-teardown.yaml @@ -0,0 +1,9 @@ +executor: aws-teardown +input: + resourceGroup: '' +steps: + - script: aws-nuke run --config ../../nuke-config.yml --force --access-key-id $AWS_ACCESS_KEY_ID --secret-access-key $AWS_SECRET_ACCESS_KEY --no-dry-run + retry: 3 + retry_if: + - result.code ShouldNotEqual 0 + delay: 5 \ No newline at end of file diff --git a/test/plural/lib/workspace-setup.yml b/test/plural/lib/workspace-setup.yml index 57daa115..9ae41070 100644 --- a/test/plural/lib/workspace-setup.yml +++ b/test/plural/lib/workspace-setup.yml @@ -16,7 +16,8 @@ input: awsZoneA: '' awsZoneB: '' awsZoneC: '' - projectAWS: '' + awsProject: '' + awsBucket: '' steps: - script: | @@ -54,8 +55,8 @@ steps: name: {{ .input.name }} spec: cluster: {{ .input.name }} - bucket: {{ .input.bucketAWS }} - project: {{ .input.projectAWS }} + bucket: {{ .input.awsBucket }} + project: {{ .input.awsProject }} provider: {{ .input.provider }} region: {{ .input.region }} owner: diff --git a/test/plural/up.yml b/test/plural/up.yml index 62b03f26..f4dca6ba 100644 --- a/test/plural/up.yml +++ b/test/plural/up.yml @@ -43,8 +43,8 @@ vars: awsZoneA: '' awsZoneB: '' awsZoneC: '' - projectAWS: '' - bucketAWS: '' + awsProject: '' + awsBucket: '' #secrets: # - pluralKey @@ -79,8 +79,8 @@ testcases: awsZoneA: {{ .awsZoneA }} awsZoneB: {{ .awsZoneB }} awsZoneC: {{ .awsZoneC }} - projectAWS: {{ .projectAWS }} - bucketAWS: {{ .bucketAWS }} + awsProject: {{ .awsProject }} + awsBucket: {{ .awsBucket }} - name: Setup context file steps: @@ -133,6 +133,12 @@ testcases: - type: gcloud-teardown project: {{ .project }} + - name: AWS Cloud teardown + skip: + - provider ShouldEqual aws + steps: + - type: aws-teardown + - name: Git teardown steps: - type: git-teardown