From e76b3b95114ad696a89fe36f6b1bced4b090b9cf Mon Sep 17 00:00:00 2001 From: Timothy Messier Date: Wed, 29 Mar 2023 05:17:51 +0000 Subject: [PATCH] ci(cliui): Move to separate workflow This will run the cli ui (bats) tests in a separate workflow from the build workflow. This takes advantage of the newer workflow_run event to trigger the tests after the build has completed, so that the artifacts from the build step can still be used. --- .github/workflows/build.yml | 117 +------------------------ .github/workflows/test-cli-ui.yml | 140 ++++++++++++++++++++++++++++++ 2 files changed, 141 insertions(+), 116 deletions(-) create mode 100644 .github/workflows/test-cli-ui.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 469b13c484..a28f88c2d4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -353,7 +353,7 @@ jobs: - product-metadata - set-product-version - build-linux - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars.BUILDER_LINUX) }} strategy: matrix: arch: ["arm", "arm64", "386", "amd64"] @@ -399,118 +399,3 @@ jobs: docker-image-name: ${{ needs.build-docker.outputs.name }} docker-image-file: "boundary_default_linux_amd64_${{ needs.set-product-version.outputs.product-version }}_${{ github.sha }}.docker.dev.tar" secrets: inherit - - bats: - runs-on: ubuntu-latest - name: CLI tests - if: "! github.event.pull_request.head.repo.fork" - needs: - - set-product-version - - build-linux - steps: - - uses: actions/checkout@v3 - - name: Import GPG key for Boundary pass keystore - id: import_gpg - uses: crazy-max/ghaction-import-gpg@v5 - with: - gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} - - name: Trust the pass keystore GPG key - id: trust_gpg - run: | - gpg -a --encrypt -r ${{ secrets.ENOS_GPG_UID }} --trust-model always - echo "trusted-key ${{ secrets.ENOS_GPG_UID }}" >> ~/.gnupg/gpg.conf - cat ~/.gnupg/gpg.conf - - name: Set up Bats CLI UI tests dependency cache - id: dep-cache - uses: actions/cache@v3 - with: - path: /tmp/bats-cli-ui-deps - key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2 - - name: Set up Node for Bats install - uses: actions/setup-node@v3 - with: - node-version: 16 - - name: Install Bats via NPM - # Use npm so this workflow is portable on multiple runner distros - run: npm install --location=global bats - - name: Download jq for Bats CLI UI tests - if: steps.dep-cache.outputs.cache-hit != 'true' - # NOTE: if you update the jq version make sure to update the dep cache key - run: | - mkdir -p /tmp/bats-cli-ui-deps - wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /tmp/bats-cli-ui-deps/jq-bin - - name: Install jq for Bats CLI UI tests - run: | - chmod +x /tmp/bats-cli-ui-deps/jq-bin - sudo cp /tmp/bats-cli-ui-deps/jq-bin /usr/local/bin/jq - - name: Download and unzip pass for Boundary keyring - if: steps.dep-cache.outputs.cache-hit != 'true' - # NOTE: if you update the password store version make sure to update the dep cache key - run: | - mkdir -p /tmp/bats-cli-ui-deps/pass - wget https://git.zx2c4.com/password-store/snapshot/password-store-1.7.4.tar.xz -O /tmp/bats-cli-ui-deps/pass/pass.tar.xz - cd /tmp/bats-cli-ui-deps/pass - tar -xvf pass.tar.xz - - name: Install pass for Boundary keyring - run: | - cd /tmp/bats-cli-ui-deps/pass/password-store-1.7.4 - sudo make install - pass init ${{ secrets.ENOS_GPG_UID }} - - name: Download Vault AMD64 binary for integration testing - if: steps.dep-cache.outputs.cache-hit != 'true' - run: | - wget https://releases.hashicorp.com/vault/1.12.2/vault_1.12.2_linux_amd64.zip -O /tmp/bats-cli-ui-deps/vault.zip - - name: Install Vault - run: | - unzip /tmp/bats-cli-ui-deps/vault.zip -d /usr/local/bin - - name: Download Linux AMD64 Boundary bundle - id: download - uses: actions/download-artifact@v3 - with: - name: boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip - path: /tmp - - name: Unpack boundary bundle - run: | - unzip ${{steps.download.outputs.download-path}}/boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip -d /usr/local/bin - rm ${{steps.download.outputs.download-path}}/boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip - - name: Versions - run: | - echo "go version:" - go version - echo "bats version:" - bats --version - echo "jq version:" - jq --version - echo "gpg version:" - gpg --version - echo "pass version:" - pass --version - echo "bash version:" - bash --version - echo "boundary version:" - boundary version - echo "vault version:" - vault version - - name: Run cli bats tests - run: | - export VAULT_ADDR=http://127.0.0.1:8200 - export VAULT_TOKEN=boundarytok - make -C internal/tests/cli test-vault-up - until vault status; do docker container inspect boundary-cli-tests-vault &> /dev/null || exit -1; sleep 1; done - make test-cli - - name: Cleanup - if: success() || failure() - run: | - make -C internal/tests/cli test-vault-down - - name: Send Slack message - if: ${{ failure() }} - uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0 - with: - channel-id: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }} - payload: | - { - "text": ":x: bats tests failed: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n*Branch:* ${{ github.event.ref }}\n*SHA:* <${{ github.event.head_commit.url }}|${{ github.event.after }}>" - } - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_TOKEN }} diff --git a/.github/workflows/test-cli-ui.yml b/.github/workflows/test-cli-ui.yml new file mode 100644 index 0000000000..53bd86d927 --- /dev/null +++ b/.github/workflows/test-cli-ui.yml @@ -0,0 +1,140 @@ +name: test-cli-ui + +on: + workflow_dispatch: + workflow_run: + workflows: [ build ] + types: + - completed + +permissions: + contents: read + actions: read + +jobs: + set-product-version: + runs-on: ${{ fromJSON(vars.RUNNER) }} + outputs: + product-version: ${{ steps.set-product-version.outputs.product-version }} + base-product-version: $${{ steps.set-product-version.outputs.base-product-version }} + prerelease-product-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} + steps: + - uses: actions/checkout@v3 + - name: Set Product version + id: set-product-version + uses: hashicorp/actions-set-product-version@v1 + + bats: + runs-on: ${{ fromJSON(vars.RUNNER) }} + name: CLI tests + if: "! github.event.pull_request.head.repo.fork" + needs: + - set-product-version + steps: + - uses: actions/checkout@v3 + - name: Import GPG key for Boundary pass keystore + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} + - name: Trust the pass keystore GPG key + id: trust_gpg + run: | + gpg -a --encrypt -r ${{ secrets.ENOS_GPG_UID }} --trust-model always + echo "trusted-key ${{ secrets.ENOS_GPG_UID }}" >> ~/.gnupg/gpg.conf + cat ~/.gnupg/gpg.conf + - name: Set up Bats CLI UI tests dependency cache + id: dep-cache + uses: actions/cache@v3 + with: + path: /tmp/bats-cli-ui-deps + key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2 + - name: Set up Node for Bats install + uses: actions/setup-node@v3 + with: + node-version: 16 + - name: Install Bats via NPM + # Use npm so this workflow is portable on multiple runner distros + run: npm install --location=global bats + - name: Download jq for Bats CLI UI tests + if: steps.dep-cache.outputs.cache-hit != 'true' + # NOTE: if you update the jq version make sure to update the dep cache key + run: | + mkdir -p /tmp/bats-cli-ui-deps + wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /tmp/bats-cli-ui-deps/jq-bin + - name: Install jq for Bats CLI UI tests + run: | + chmod +x /tmp/bats-cli-ui-deps/jq-bin + sudo cp /tmp/bats-cli-ui-deps/jq-bin /usr/local/bin/jq + - name: Download and unzip pass for Boundary keyring + if: steps.dep-cache.outputs.cache-hit != 'true' + # NOTE: if you update the password store version make sure to update the dep cache key + run: | + mkdir -p /tmp/bats-cli-ui-deps/pass + wget https://git.zx2c4.com/password-store/snapshot/password-store-1.7.4.tar.xz -O /tmp/bats-cli-ui-deps/pass/pass.tar.xz + cd /tmp/bats-cli-ui-deps/pass + tar -xvf pass.tar.xz + - name: Install pass for Boundary keyring + run: | + cd /tmp/bats-cli-ui-deps/pass/password-store-1.7.4 + sudo make install + pass init ${{ secrets.ENOS_GPG_UID }} + - name: Download Vault AMD64 binary for integration testing + if: steps.dep-cache.outputs.cache-hit != 'true' + run: | + wget https://releases.hashicorp.com/vault/1.12.2/vault_1.12.2_linux_amd64.zip -O /tmp/bats-cli-ui-deps/vault.zip + - name: Install Vault + run: | + unzip /tmp/bats-cli-ui-deps/vault.zip -d /usr/local/bin + - name: Download Linux AMD64 Boundary bundle + uses: dawidd6/action-download-artifact@5e780fc7bbd0cac69fc73271ed86edf5dcb72d67 # v2.26.0 + with: + workflow: build.yml + commit: ${{ github.sha }} + name: boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip + path: /tmp + - name: Unpack boundary bundle + run: | + unzip /tmp/boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip -d /usr/local/bin + rm /tmp/boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip + - name: Versions + run: | + echo "go version:" + go version + echo "bats version:" + bats --version + echo "jq version:" + jq --version + echo "gpg version:" + gpg --version + echo "pass version:" + pass --version + echo "bash version:" + bash --version + echo "boundary version:" + boundary version + echo "vault version:" + vault version + - name: Run cli bats tests + run: | + export VAULT_ADDR=http://127.0.0.1:8200 + export VAULT_TOKEN=boundarytok + make -C internal/tests/cli test-vault-up + until vault status; do docker container inspect boundary-cli-tests-vault &> /dev/null || exit 255; sleep 1; done + make test-cli + - name: Cleanup + if: success() || failure() + run: | + make -C internal/tests/cli test-vault-down + - name: Send Slack message + if: ${{ failure() }} + uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0 + with: + channel-id: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }} + payload: | + { + "text": ":x: bats tests failed: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n*Branch:* ${{ github.event.ref }}\n*SHA:* <${{ github.event.head_commit.url }}|${{ github.event.after }}>" + } + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_TOKEN }}