Skip to content

Cluster creation and destruction test #366

Cluster creation and destruction test

Cluster creation and destruction test #366

Workflow file for this run

---
name: Cluster creation and destruction test
on:
schedule:
- cron: 0 1 * * 1 # At 01:00 on Monday.
workflow_dispatch:
inputs:
cluster_name:
description: Cluster name.
required: false
type: string
delete_cluster:
description: Whether to delete the cluster.
required: false
type: boolean
default: true
pull_request:
# the paths should be synced with ../labeler.yml
paths:
- modules/fixtures/backend.tf
- modules/fixtures/**/*.tf
- modules/**.tf
- .tool-versions
- .github/workflows/tests.yml
- .github/actions/**/*.yml
- justfile
# limit to a single execution per actor of this workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
AWS_PROFILE: infex
# please keep those variables synced with daily-cleanup.yml
TESTS_AWS_REGION: eu-west-2
TF_S3_BUCKET: tests-rosa-tf-state-eu-central-1
TF_S3_REGION: eu-central-1
OCP_ADMIN_USERNAME: kube-admin
OCP_NAMESPACE: myns
jobs:
action-test:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
- name: Install tooling using asdf
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- name: Get OCP Cluster Name
id: commit_info
run: |
if [[ -n "${{ inputs.cluster_name }}" ]]; then
cluster_name="${{ inputs.cluster_name }}"
else
cluster_name="cl-$(git rev-parse --short HEAD)"
fi
echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT"
# Get the current commit hash for the modules revision
tf_modules_revision=$(git rev-parse HEAD)
echo "tf_modules_revision=$tf_modules_revision" | tee -a "$GITHUB_OUTPUT"
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
secret/data/products/infrastructure-experience/ci/common CI_OPENSHIFT_MAIN_PASSWORD;
# Official action does not support profiles
- name: Add profile credentials to ~/.aws/credentials
run: |
aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set region ${{ env.TESTS_AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
- name: Create Cluster
timeout-minutes: 125
uses: ./.github/actions/rosa-create-cluster
id: create_cluster
# Do not interrupt tests; otherwise, the Terraform state may become inconsistent.
if: always() && success()
with:
rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
cluster-name: ${{ steps.commit_info.outputs.cluster_name }}
admin-username: ${{ env.OCP_ADMIN_USERNAME }}
admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}
aws-region: ${{ env.TESTS_AWS_REGION }}
s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
s3-bucket-region: ${{ env.TF_S3_REGION }}
tf-modules-revision: ${{ steps.commit_info.outputs.tf_modules_revision }}
- name: Create namespace if not exists
shell: bash
run: |
if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then
oc new-project "${{ env.OCP_NAMESPACE }}"
else
echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists"
fi
- name: Delete Cluster
timeout-minutes: 125
if: always() && !(github.event_name == 'workflow_dispatch' && github.event.inputs.delete_cluster == 'false')
uses: ./.github/actions/rosa-delete-cluster
with:
rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
cluster-name: ${{ steps.commit_info.outputs.cluster_name }}
aws-region: ${{ env.TESTS_AWS_REGION }}
s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
s3-bucket-region: ${{ env.TF_S3_REGION }}
tf-modules-revision: ${{ steps.commit_info.outputs.tf_modules_revision }}
- name: Notify in Slack in case of failure
id: slack-notification
if: failure() && github.event_name == 'schedule'
uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@2723815da46088717a7b73c199aa005d8d5b27a1 # 1.2.8
with:
vault_addr: ${{ secrets.VAULT_ADDR }}
vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}