-
Notifications
You must be signed in to change notification settings - Fork 1
142 lines (123 loc) · 5.93 KB
/
tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
---
name: Cluster creation and destruction test
on:
schedule:
- cron: 0 1 * * 1 # At 01:00 on Monday.
workflow_dispatch:
inputs:
cluster_name:
description: Cluster name.
required: false
type: string
delete_cluster:
description: Whether to delete the cluster.
required: false
type: boolean
default: true
pull_request:
# the paths should be synced with ../labeler.yml
paths:
- modules/fixtures/backend.tf
- modules/fixtures/**/*.tf
- modules/**.tf
- .tool-versions
- .github/workflows/tests.yml
- .github/actions/**/*.yml
- justfile
# limit to a single execution per actor of this workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
AWS_PROFILE: infex
# please keep those variables synced with daily-cleanup.yml
TESTS_AWS_REGION: eu-west-2
TF_S3_BUCKET: tests-rosa-tf-state-eu-central-1
TF_S3_REGION: eu-central-1
OCP_ADMIN_USERNAME: kube-admin
OCP_NAMESPACE: myns
jobs:
action-test:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
- name: Install tooling using asdf
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- name: Get OCP Cluster Name
id: commit_info
run: |
if [[ -n "${{ inputs.cluster_name }}" ]]; then
cluster_name="${{ inputs.cluster_name }}"
else
cluster_name="cl-$(git rev-parse --short HEAD)"
fi
echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT"
# Get the current commit hash for the modules revision
tf_modules_revision=$(git rev-parse HEAD)
echo "tf_modules_revision=$tf_modules_revision" | tee -a "$GITHUB_OUTPUT"
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
secret/data/products/infrastructure-experience/ci/common CI_OPENSHIFT_MAIN_PASSWORD;
# Official action does not support profiles
- name: Add profile credentials to ~/.aws/credentials
run: |
aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set region ${{ env.TESTS_AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
- name: Create Cluster
timeout-minutes: 125
uses: ./.github/actions/rosa-create-cluster
id: create_cluster
# Do not interrupt tests; otherwise, the Terraform state may become inconsistent.
if: always() && success()
with:
rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
cluster-name: ${{ steps.commit_info.outputs.cluster_name }}
admin-username: ${{ env.OCP_ADMIN_USERNAME }}
admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}
aws-region: ${{ env.TESTS_AWS_REGION }}
s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
s3-bucket-region: ${{ env.TF_S3_REGION }}
tf-modules-revision: ${{ steps.commit_info.outputs.tf_modules_revision }}
- name: Create namespace if not exists
shell: bash
run: |
if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then
oc new-project "${{ env.OCP_NAMESPACE }}"
else
echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists"
fi
- name: Delete Cluster
timeout-minutes: 125
if: always() && !(github.event_name == 'workflow_dispatch' && github.event.inputs.delete_cluster == 'false')
uses: ./.github/actions/rosa-delete-cluster
with:
rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
cluster-name: ${{ steps.commit_info.outputs.cluster_name }}
aws-region: ${{ env.TESTS_AWS_REGION }}
s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
s3-bucket-region: ${{ env.TF_S3_REGION }}
tf-modules-revision: ${{ steps.commit_info.outputs.tf_modules_revision }}
- name: Notify in Slack in case of failure
id: slack-notification
if: failure() && github.event_name == 'schedule'
uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@2723815da46088717a7b73c199aa005d8d5b27a1 # 1.2.8
with:
vault_addr: ${{ secrets.VAULT_ADDR }}
vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}