@ -25,8 +25,11 @@ jobs:
fail-fast : false # don't fail as that can skip required cleanup steps for jobs
matrix:
include:
- test : smoke
- test : cli_ui
- filter : 'integration test:smoke'
- filter : 'integration test:cli_ui'
- filter : 'e2e_credential_vault'
- filter : 'e2e_host_aws'
- filter : 'e2e_host_static'
runs-on : ubuntu-latest
env:
GITHUB_TOKEN : ${{ secrets.SERVICE_USER_GITHUB_TOKEN }}
@ -44,14 +47,12 @@ jobs:
# it changes the output to text when we expect it to be JSON.
terraform_wrapper : false
- name : Import GPG key for Boundary pass keystore
if : matrix.test == 'cli_ui'
id : import_gpg
uses : crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key : ${{ secrets.ENOS_GPG_PRIVATE_KEY }}
passphrase : ${{ secrets.ENOS_GPG_PASSPHRASE }}
- name : Trust the pass keystore GPG key
if : matrix.test == 'cli_ui'
id : trust_gpg
run : |
gpg -a --encrypt -r ${{ secrets.ENOS_GPG_UID }} --trust-model always
@ -75,47 +76,57 @@ jobs:
mkdir -p ./enos/support
echo "${{ secrets.ENOS_CI_SSH_KEY }}" > ./enos/support/private_key.pem
chmod 600 ./enos/support/private_key.pem
- name : Set up Bats CLI UI tests dependency cache
if : matrix.test == 'cli_ui'
- name : Set up dependency cache
id : dep-cache
uses : actions/cache@v3
with:
path : /tmp/bats-cli-ui-deps
key : enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4
path : /tmp/test-deps
key : enos-test-deps-jq-1.6-password-store-1.7.4-vault-1.11.4
- name : Debug dep-cache
run : |
mkdir -p /tmp/test-deps
ls -la /tmp/test-deps
- name : Set up Node for Bats install
if : matrix.test == 'cli_ui'
if : matrix. filter == 'integration test: cli_ui'
uses : actions/setup-node@v3
with:
node-version : 16
- name : Install Bats via NPM
if : matrix. test == ' cli_ui'
if : matrix. filter == 'integration test: cli_ui'
# Use npm so this workflow is portable on multiple runner distros
run : npm install --location=global bats
- name : Download jq for Bats CLI UI tests
if : matrix.test == 'cli_ui' && steps.dep-cache.outputs.cache-hit != 'true'
if :
# NOTE: if you update the jq version make sure to update the dep cache key
run : |
mkdir -p /tmp/ bats-cli-ui -deps
wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /tmp/ bats-cli-ui -deps/jq-bin
mkdir -p /tmp/ test -deps
wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /tmp/ test -deps/jq-bin
- name : Install jq for Bats CLI UI tests
if : matrix. test == ' cli_ui'
if : matrix. filter == 'integration test: cli_ui'
run : |
chmod +x /tmp/ bats-cli-ui -deps/jq-bin
sudo cp /tmp/ bats-cli-ui -deps/jq-bin /usr/local/bin/jq
chmod +x /tmp/ test -deps/jq-bin
sudo cp /tmp/ test -deps/jq-bin /usr/local/bin/jq
- name : Download and unzip pass for Boundary keyring
if : matrix.test == 'cli_ui' && steps.dep-cache.outputs.cache-hit != 'true'
if :
# NOTE: if you update the password store version make sure to update the dep cache key
run : |
mkdir -p /tmp/ bats-cli-ui -deps/pass
wget https://git.zx2c4.com/password-store/snapshot/password-store-1.7.4.tar.xz -O /tmp/ bats-cli-ui -deps/pass/pass.tar.xz
cd /tmp/ bats-cli-ui -deps/pass
mkdir -p /tmp/ test -deps/pass
wget https://git.zx2c4.com/password-store/snapshot/password-store-1.7.4.tar.xz -O /tmp/ test -deps/pass/pass.tar.xz
cd /tmp/ test -deps/pass
tar -xvf pass.tar.xz
- name : Install pass for Boundary keyring
if : matrix.test == 'cli_ui'
run : |
cd /tmp/ bats-cli-ui -deps/pass/password-store-1.7.4
cd /tmp/ test -deps/pass/password-store-1.7.4
sudo make install
pass init ${{ secrets.ENOS_GPG_UID }}
- name : Download Vault AMD64 binary for integration testing
if : steps.dep-cache.outputs.cache-hit != 'true'
run : |
wget https://releases.hashicorp.com/vault/1.11.4/vault_1.11.4_linux_amd64.zip -O /tmp/test-deps/vault.zip
- name : Install Vault for integration testing
if : matrix.filter == 'e2e_credential_vault'
run : |
unzip /tmp/test-deps/vault.zip -d /usr/local/bin
- name : Download Linux AMD64 Boundary bundle
id : download
uses : actions/download-artifact@v3
@ -137,12 +148,13 @@ jobs:
ENOS_VAR_local_boundary_dir : ./support/
ENOS_VAR_crt_bundle_path : ./support/boundary.zip
ENOS_VAR_tfc_api_token : ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_test_email : ${{ secrets.SERVICE_USER_EMAIL }}
# Skip a few known failing bats tests
ENOS_VAR_skip_failing_bats_tests : "true"
run : |
mkdir -p ./enos/terraform-plugin-cache
export ENOS_VAR_enos_user=$GITHUB_ACTOR && \
enos scenario run --timeout 60m0s --chdir ./enos integration test:${{ matrix.test }} builder:crt
enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.filter }} builder:crt
- name : Retry Enos scenario
id : run_retry
if : steps.run.outcome == 'failure'
@ -153,13 +165,13 @@ jobs:
ENOS_VAR_local_boundary_dir : ./support/
ENOS_VAR_crt_bundle_path : ./support/boundary.zip
ENOS_VAR_tfc_api_token : ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_test_email : ${{ secrets.SERVICE_USER_EMAIL }}
# Skip a few known failing bats tests
ENOS_VAR_skip_failing_bats_tests : "true"
run : |
export ENOS_VAR_enos_user=$GITHUB_ACTOR && \
enos scenario run --timeout 60m0s --chdir ./enos integration test:${{ matrix.test }} builder:crt
enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.filter }} builder:crt
- name : Destroy Enos scenario
if : ${{ always() }}
env:
ENOS_VAR_aws_region : us-east-1
ENOS_VAR_aws_ssh_keypair_name : enos-ci-ssh-key
@ -167,11 +179,12 @@ jobs:
ENOS_VAR_local_boundary_dir : ./support/
ENOS_VAR_crt_bundle_path : ./support/boundary.zip
ENOS_VAR_tfc_api_token : ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_test_email : ${{ secrets.SERVICE_USER_EMAIL }}
# Skip a few known failing bats tests
ENOS_VAR_skip_failing_bats_tests : "true"
run : |
export ENOS_VAR_enos_user=$GITHUB_ACTOR && \
enos scenario destroy --timeout 60m0s --chdir ./enos integration test:${{ matrix.test }} builder:crt
enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.filter }} builder:crt
- name : Output debug information on failure
if : ${{ failure() }}
run : |
Michael Anthony
4 years ago
committed by
Michael Li