From c7fc8280f04b5ad2f968eafc49b28f224262515b Mon Sep 17 00:00:00 2001 From: Tim Nguyen Date: Thu, 9 Sep 2021 18:58:59 -0400 Subject: [PATCH] Add gh action files --- .../deploy-integ-appstream-egress.yml | 24 +++++++++++++++++++ main/infrastructure-tests/README.md | 1 - .../config/settings/example.yml | 2 +- .../config/settings/github.yml | 18 ++++++++++++++ main/infrastructure-tests/support/setupAws.js | 11 +++++---- .../infrastructure-tests/support/utilities.js | 19 ++++++++++++++- 6 files changed, 67 insertions(+), 8 deletions(-) create mode 100644 main/infrastructure-tests/config/settings/github.yml diff --git a/.github/workflows/deploy-integ-appstream-egress.yml b/.github/workflows/deploy-integ-appstream-egress.yml index aabd2112d9..fd66fd7499 100644 --- a/.github/workflows/deploy-integ-appstream-egress.yml +++ b/.github/workflows/deploy-integ-appstream-egress.yml @@ -48,6 +48,30 @@ jobs: run: | cp ./main/end-to-end-tests/e2eGitHubConfig.AppStreamEgress.yml ./main/config/settings/${STAGE_NAME}.yml ./scripts/environment-deploy.sh ${STAGE_NAME} + infrastructure-test: + name: Infrastructure test + runs-on: ubuntu-18.04 +# needs: deploy + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Use Node.js + uses: actions/setup-node@v1 + with: + node-version: 12 + - name: Install pnpm and system libraries + run: npm install -g pnpm + - name: Install dependencies + run: pnpm install + working-directory: main/infrastructure-tests + - name: Run infrastructure tests + run: pnpm run testAppStreamEgressEnabled -- --stage=github + working-directory: ./main/infrastructure-tests + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_APPSTREAM_EGRESS }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_APPSTREAM_EGRESS }} + INFRA_TESTS_HOSTING_ACCOUNT_ID: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_ID }} + INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME }} integration-test: name: Integration test runs-on: ubuntu-18.04 diff --git a/main/infrastructure-tests/README.md b/main/infrastructure-tests/README.md index 738c26e234..f9e6b73e1f 100644 --- a/main/infrastructure-tests/README.md +++ b/main/infrastructure-tests/README.md @@ -1,5 +1,4 @@ # Infrastructure Tests for SWB - This test suite checks if the hosting account Cloudformation stack is set up with the correct security settings. Tests were added to ensure that if AppStream and Egress are enabled, the stack does not have subnets and security group with internet connectivity. diff --git a/main/infrastructure-tests/config/settings/example.yml b/main/infrastructure-tests/config/settings/example.yml index cfdb38082e..d753073079 100644 --- a/main/infrastructure-tests/config/settings/example.yml +++ b/main/infrastructure-tests/config/settings/example.yml @@ -1,7 +1,7 @@ # The AWS region where the service workbench application is deployed awsRegion: us-east-1 -# AWS profile to use for deployment. You must provide this value if isBuildServer = false +# AWS profile with permissions to the main account. Example: default awsProfile: # Make sure that the solutionName matches the one you are using in /main/config/settings diff --git a/main/infrastructure-tests/config/settings/github.yml b/main/infrastructure-tests/config/settings/github.yml new file mode 100644 index 0000000000..f04ba3771a --- /dev/null +++ b/main/infrastructure-tests/config/settings/github.yml @@ -0,0 +1,18 @@ +# The AWS region where the service workbench application is deployed +awsRegion: eu-west-1 + +# AWS profile to use for deployment. You must provide this value if isBuildServer = false +awsProfile: default + +# Make sure that the solutionName matches the one you are using in /main/config/settings +solutionName: sw + +# Required. Usually, this is the same as the stage name that you used when you deployed the service +# workbench application +envName: thingut3 + +# Make sure that the envType matches the one you are using in /main/config/settings +envType: dev + +# ExternalId set for the trust relationship of the assumed role in the hosting account. By default it's `workbench` +externalId: workbench diff --git a/main/infrastructure-tests/support/setupAws.js b/main/infrastructure-tests/support/setupAws.js index 9e6da8d7c8..b4c186f366 100644 --- a/main/infrastructure-tests/support/setupAws.js +++ b/main/infrastructure-tests/support/setupAws.js @@ -1,12 +1,13 @@ const AWS = require('aws-sdk'); - +const { getSettings } = require('./utilities'); // Setup AWS SDK to assume credentials of hosting account async function setupAws() { - // eslint-disable-next-line no-undef - const { awsProfile, awsRegion, envName, externalId, hostingAccountId, hostingAccountStackName } = __settings__; - + const { awsProfile, awsRegion, envName, externalId, hostingAccountId, hostingAccountStackName } = getSettings(); // Get main account credentials - AWS.config.credentials = new AWS.SharedIniFileCredentials({ profile: awsProfile }); + // For github actions the AWS creds are provided through environment variables, for local dev environments it's provided through awsProfile + if (awsProfile) { + AWS.config.credentials = new AWS.SharedIniFileCredentials({ profile: awsProfile }); + } AWS.config.region = awsRegion; // Assume credentials of hosting account diff --git a/main/infrastructure-tests/support/utilities.js b/main/infrastructure-tests/support/utilities.js index ae49310ee0..1470133107 100644 --- a/main/infrastructure-tests/support/utilities.js +++ b/main/infrastructure-tests/support/utilities.js @@ -3,7 +3,7 @@ const _ = require('lodash'); async function getCFStackResources() { // eslint-disable-next-line no-undef - const { hostingAccountStackName } = __settings__; + const { hostingAccountStackName } = getSettings(); const cloudformation = new AWS.CloudFormation(); return cloudformation .describeStackResources({ @@ -25,7 +25,24 @@ async function getStackResourcesByType(resourceType, stackResources = {}) { }); } +function getSettings() { + // eslint-disable-next-line no-undef + const { awsProfile, awsRegion, envName, externalId } = __settings__; + // eslint-disable-next-line no-undef + let { hostingAccountId, hostingAccountStackName } = __settings__; + + if (hostingAccountId === undefined) { + hostingAccountId = process.env.INFRA_TESTS_HOSTING_ACCOUNT_ID; + } + if (hostingAccountStackName === undefined) { + hostingAccountStackName = process.env.INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME; + } + + return { awsProfile, awsRegion, envName, externalId, hostingAccountId, hostingAccountStackName }; +} + module.exports = { + getSettings, getCFStackResources, getStackResourcesByType, };