Add gh action files

awslabs · Sep 9, 2021 · c7fc828 · c7fc828
1 parent 212046a
commit c7fc828
Show file tree

Hide file tree

Showing 6 changed files with 67 additions and 8 deletions.
diff --git a/.github/workflows/deploy-integ-appstream-egress.yml b/.github/workflows/deploy-integ-appstream-egress.yml
@@ -48,6 +48,30 @@ jobs:
         run: |
           cp ./main/end-to-end-tests/e2eGitHubConfig.AppStreamEgress.yml ./main/config/settings/${STAGE_NAME}.yml
           ./scripts/environment-deploy.sh ${STAGE_NAME}
+  infrastructure-test:
+    name: Infrastructure test
+    runs-on: ubuntu-18.04
+#    needs: deploy
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12
+      - name: Install pnpm and system libraries
+        run: npm install -g pnpm
+      - name: Install dependencies
+        run: pnpm install
+        working-directory: main/infrastructure-tests
+      - name: Run infrastructure tests
+        run: pnpm run testAppStreamEgressEnabled -- --stage=github
+        working-directory: ./main/infrastructure-tests
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_APPSTREAM_EGRESS }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_APPSTREAM_EGRESS }}
+          INFRA_TESTS_HOSTING_ACCOUNT_ID: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_ID }}
+          INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME }}
   integration-test:
     name: Integration test
     runs-on: ubuntu-18.04

diff --git a/main/infrastructure-tests/README.md b/main/infrastructure-tests/README.md
@@ -1,5 +1,4 @@
 # Infrastructure Tests for SWB
-
 This test suite checks if the hosting account Cloudformation stack is set up with the correct security settings. Tests were added 
 to ensure that if AppStream and Egress are enabled, the stack does not have subnets and security group with internet connectivity.
 

diff --git a/main/infrastructure-tests/config/settings/example.yml b/main/infrastructure-tests/config/settings/example.yml
@@ -1,7 +1,7 @@
 # The AWS region where the service workbench application is deployed
 awsRegion: us-east-1
 
-# AWS profile to use for deployment. You must provide this value if isBuildServer = false
+# AWS profile with permissions to the main account. Example: default
 awsProfile:
 
 # Make sure that the solutionName matches the one you are using in /main/config/settings

diff --git a/main/infrastructure-tests/config/settings/github.yml b/main/infrastructure-tests/config/settings/github.yml
@@ -0,0 +1,18 @@
+# The AWS region where the service workbench application is deployed
+awsRegion: eu-west-1
+
+# AWS profile to use for deployment. You must provide this value if isBuildServer = false
+awsProfile: default
+
+# Make sure that the solutionName matches the one you are using in /main/config/settings
+solutionName: sw
+
+# Required. Usually, this is the same as the stage name that you used when you deployed the service
+# workbench application
+envName: thingut3
+
+# Make sure that the envType matches the one you are using in /main/config/settings
+envType: dev
+
+# ExternalId set for the trust relationship of the assumed role in the hosting account. By default it's `workbench`
+externalId: workbench
diff --git a/main/infrastructure-tests/support/setupAws.js b/main/infrastructure-tests/support/setupAws.js
@@ -1,12 +1,13 @@
 const AWS = require('aws-sdk');
-
+const { getSettings } = require('./utilities');
 // Setup AWS SDK to assume credentials of hosting account
 async function setupAws() {
-  // eslint-disable-next-line no-undef
-  const { awsProfile, awsRegion, envName, externalId, hostingAccountId, hostingAccountStackName } = __settings__;
-
+  const { awsProfile, awsRegion, envName, externalId, hostingAccountId, hostingAccountStackName } = getSettings();
   // Get main account credentials
-  AWS.config.credentials = new AWS.SharedIniFileCredentials({ profile: awsProfile });
+  // For github actions the AWS creds are provided through environment variables, for local dev environments it's provided through awsProfile
+  if (awsProfile) {
+    AWS.config.credentials = new AWS.SharedIniFileCredentials({ profile: awsProfile });
+  }
   AWS.config.region = awsRegion;
 
   // Assume credentials of hosting account

diff --git a/main/infrastructure-tests/support/utilities.js b/main/infrastructure-tests/support/utilities.js
@@ -3,7 +3,7 @@ const _ = require('lodash');
 
 async function getCFStackResources() {
   // eslint-disable-next-line no-undef
-  const { hostingAccountStackName } = __settings__;
+  const { hostingAccountStackName } = getSettings();
   const cloudformation = new AWS.CloudFormation();
   return cloudformation
     .describeStackResources({
@@ -25,7 +25,24 @@ async function getStackResourcesByType(resourceType, stackResources = {}) {
   });
 }
 
+function getSettings() {
+  // eslint-disable-next-line no-undef
+  const { awsProfile, awsRegion, envName, externalId } = __settings__;
+  // eslint-disable-next-line no-undef
+  let { hostingAccountId, hostingAccountStackName } = __settings__;
+
+  if (hostingAccountId === undefined) {
+    hostingAccountId = process.env.INFRA_TESTS_HOSTING_ACCOUNT_ID;
+  }
+  if (hostingAccountStackName === undefined) {
+    hostingAccountStackName = process.env.INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME;
+  }
+
+  return { awsProfile, awsRegion, envName, externalId, hostingAccountId, hostingAccountStackName };
+}
+
 module.exports = {
+  getSettings,
   getCFStackResources,
   getStackResourcesByType,
 };