--- name: Run Admin UI E2E Tests on: # Only trigger this working using workflow_call. It assumes that secrets are # being inherited from the caller. workflow_call: inputs: artifact-name: required: true type: string edition: required: true type: string docker-image-file: required: true type: string jobs: test: runs-on: ${{ fromJSON(vars.RUNNER_LARGE) }} continue-on-error: true strategy: fail-fast: false # don't fail as that can skip required cleanup steps for jobs matrix: include: - filter: 'e2e_ui_aws builder:crt protocol:http' infra: 'aws' - filter: 'e2e_ui_docker builder:crt' infra: 'docker' env: GITHUB_TOKEN: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} # Scenario variables ENOS_VAR_aws_region: us-east-1 ENOS_VAR_aws_ssh_keypair_name: ${{ github.event.repository.name }}-ci-ssh-key ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem ENOS_VAR_crt_bundle_path: ./support/boundary.zip ENOS_VAR_test_email: ${{ secrets.SERVICE_USER_EMAIL }} ENOS_VAR_boundary_edition: ${{ inputs.edition }} ENOS_VAR_boundary_docker_image_file: ./support/boundary_docker_image.tar steps: - name: Set git config run: | git config --global url."https://oauth2:${{ secrets.SERVICE_USER_GITHUB_TOKEN }}@github.com".insteadOf "https://github.com" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Set up Node uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 20 package-manager-cache: false - name: Set up Terraform uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 - name: Set up Enos uses: hashicorp/action-setup-enos@v1 with: github-token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} aws-region: us-east-1 role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} role-skip-session-tagging: true role-duration-seconds: 3600 - name: Install Vault CLI run: | wget https://releases.hashicorp.com/vault/1.17.6/vault_1.17.6_linux_amd64.zip -O /tmp/vault.zip unzip -o -q /tmp/vault.zip -d "/usr/local/bin" - name: Download Boundary Linux AMD64 bundle id: download uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.1 with: name: ${{ inputs.artifact-name }} path: ./enos/support/downloads - name: Unzip and rename Boundary bundle run: | unzip -o -q ${{steps.download.outputs.download-path}}/*.zip -d "/usr/local/bin" mv ${{steps.download.outputs.download-path}}/*.zip enos/support/boundary.zip - name: Download Boundary Linux AMD64 docker image if: contains(matrix.filter, 'docker') uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.1 id: download-docker with: name: ${{ inputs.docker-image-file }} path: ./enos/support/downloads - name: Rename docker image file if: contains(matrix.filter, 'docker') run: | mv ${{ steps.download-docker.outputs.download-path }}/*.tar enos/support/boundary_docker_image.tar - name: GPG setup run: | # Create a GPG key KEY_PW=boundary export KEY_PW gpg --generate-key --batch <> ~/.gnupg/gpg-agent.conf gpg-connect-agent reloadagent /bye &>/dev/null # Get information about the created keys lines="$(gpg --list-secret-keys --with-colons --with-keygrip)" KEY_ID="" while read -r line do # Save the first key id to be used later if [[ $line =~ "fpr"* ]]; then if [[ $KEY_ID == "" ]]; then KEY_ID="$(echo "$line" | sed -r 's/fpr|://g')" fi fi # Cache the passphrases for the keys so passwords do not need to be entered if [[ $line =~ "grp"* ]]; then KEYGRIP_ID="$(echo "$line" | sed -r 's/grp|://g')" /usr/lib/gnupg/gpg-preset-passphrase --preset -P "$KEY_PW" "$KEYGRIP_ID" fi done <<< "$lines" # Trust the key touch /tmp/test.txt gpg -a --encrypt -r "$KEY_ID" --trust-model always --batch --yes /tmp/test.txt echo "trusted-key $KEY_ID" >> ~/.gnupg/gpg.conf # Initialize the password store sudo apt-get update sudo apt-get install -y pass pass init "$KEY_ID" &>/dev/null - name: Prepare scenario dependencies id: prepare_scenario run: | mkdir -p ./enos/support echo "${{ secrets.SSH_KEY_PRIVATE_CI }}" > ./enos/support/private_key.pem chmod 600 ./enos/support/private_key.pem - name: Set up test infra id: infra run: | export ENOS_VAR_enos_user=$GITHUB_ACTOR && \ export ENOS_VAR_boundary_license="${{ secrets.BOUNDARY_ENT_LICENSE }}" && \ enos scenario launch --timeout 60m0s --chdir ./enos ${{matrix.filter}} - name: Get SHA of UI version id: get-ui-version run: | echo "Using UI Version $(cat ./internal/ui/VERSION)" echo "sha=$(head -n 1 ./internal/ui/VERSION)" >> "$GITHUB_OUTPUT" echo "repo=boundary-ui" >> "$GITHUB_OUTPUT" - name: Checkout UI repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: hashicorp/${{ steps.get-ui-version.outputs.repo }} ref: ${{ steps.get-ui-version.outputs.sha }} path: support/src/ui token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} - name: Set up pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 with: run_install: false package_json_file: ./support/src/ui/package.json - name: Install node dependencies run: | cd ./support/src/ui pnpm install --frozen-lockfile cd e2e-tests pnpm playwright install --with-deps - name: GH fix for localhost resolution if: contains(matrix.filter, 'docker') run: | cat /etc/hosts && echo "-----------" sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6 -localhost ip6-loopback/g' /etc/hosts cat /etc/hosts ssh -V - name: Run Tests id: run-tests run: | # shellcheck disable=SC1090 source <(bash ./enos/scripts/test_e2e_env.sh) cd ./support/src/ui/e2e-tests pnpm run admin:ce:${{matrix.infra}} --reporter=html - name: Split scenario name if: ${{ failure() && steps.run-tests.outcome == 'failure' }} id: split run: | SCENARIO=$(echo "${{ matrix.filter }}" | cut -d' ' -f1,3 | sed -e 's/:/_/g' | sed -e 's/ /_/g') echo fragment="${SCENARIO}" >> "$GITHUB_OUTPUT" - name: Upload Playwright report if: ${{ failure() && steps.run-tests.outcome == 'failure' }} uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: playwright-report-${{ steps.split.outputs.fragment }} path: ./support/src/ui/e2e-tests/playwright-report - name: Clean up test infra if: ${{ always() }} continue-on-error: true run: | export ENOS_VAR_enos_user=$GITHUB_ACTOR && \ enos scenario destroy --timeout 60m0s --chdir ./enos ${{matrix.filter}} - name: Send Slack message on failure uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 if: failure() with: method: chat.postMessage token: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_TOKEN }} payload: | channel: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }} text: ":x: admin ui tests failed (${{ matrix.filter }}): ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n*Branch:* ${{ github.repository }}:${{ github.head_ref || github.ref_name }}"