aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '876b25fead'
${ noResults }
boundary/.github/workflows/enos-run.yml

217 lines
8.9 KiB
Raw Blame History

---
name: enos
on:
# Only trigger this working using workflow_call. It assumes that secrets are
# being inherited from the caller.
workflow_call:
inputs:
artifact-name:
required: true
type: string
go-version:
required: true
type: string
env:
PKG_NAME: boundary
jobs:
enos:
name: Integration
# Enos jobs are still a bit flaky, ensure they don't fail the workflow.
continue-on-error: true
strategy:
fail-fast: false # don't fail as that can skip required cleanup steps for jobs
matrix:
include:
- filter: 'e2e_aws builder:crt'
- filter: 'e2e_database'
- filter: 'e2e_static builder:crt'
- filter: 'e2e_static_with_vault builder:crt'
runs-on: ${{ fromJSON(vars.RUNNER) }}
env:
GITHUB_TOKEN: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }}
outputs:
status: ${{ steps.enos-status.outputs.status }}
steps:
- name: Reset status output
run: echo "status=none" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: ${{ inputs.go-version }}
- name: Install tools to get tparse
run: make tools
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:
# the terraform wrapper will break Terraform execution in enos because
# it changes the output to text when we expect it to be JSON.
terraform_wrapper: false
- name: Import GPG key for Boundary pass keystore
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }}
- name: Trust the pass keystore GPG key
id: trust_gpg
run: |
gpg -a --encrypt -r ${{ secrets.ENOS_GPG_UID }} --trust-model always
echo "trusted-key ${{ secrets.ENOS_GPG_UID }}" >> ~/.gnupg/gpg.conf
cat ~/.gnupg/gpg.conf
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-skip-session-tagging: true
role-duration-seconds: 3600
- name: Set up Enos
uses: hashicorp/action-setup-enos@v1
with:
github-token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }}
- name: Set up AWS SSH private key
run: |
mkdir -p ./enos/support
echo "${{ secrets.ENOS_CI_SSH_KEY }}" > ./enos/support/private_key.pem
chmod 600 ./enos/support/private_key.pem
- name: Set up dependency cache
id: dep-cache
uses: actions/cache@v3
with:
path: /tmp/test-deps
key: enos-test-deps-password-store-1.7.4-vault-1.12.2
- name: Debug dep-cache
run: |
mkdir -p /tmp/test-deps
ls -la /tmp/test-deps
- name: Download and unzip pass for Boundary keyring
if: steps.dep-cache.outputs.cache-hit != 'true'
# NOTE: if you update the password store version make sure to update the dep cache key
run: |
mkdir -p /tmp/test-deps/pass
wget https://git.zx2c4.com/password-store/snapshot/password-store-1.7.4.tar.xz -O /tmp/test-deps/pass/pass.tar.xz
cd /tmp/test-deps/pass
tar -xvf pass.tar.xz
- name: Install pass for Boundary keyring
run: |
cd /tmp/test-deps/pass/password-store-1.7.4
sudo make install
pass init ${{ secrets.ENOS_GPG_UID }}
- name: Download Vault AMD64 binary for integration testing
if: steps.dep-cache.outputs.cache-hit != 'true'
run: |
wget https://releases.hashicorp.com/vault/1.12.2/vault_1.12.2_linux_amd64.zip -O /tmp/test-deps/vault.zip
- name: Install Vault for integration testing
if: matrix.filter == 'e2e_static_with_vault builder:crt' || matrix.filter == 'e2e_database'
run: |
unzip /tmp/test-deps/vault.zip -d /usr/local/bin
- name: Download Linux AMD64 Boundary bundle
id: download
uses: actions/download-artifact@v3
with:
name: ${{ inputs.artifact-name }}
path: ./enos/support/downloads
- name: Unzip and rename Boundary bundle
run: |
unzip ${{steps.download.outputs.download-path}}/*.zip -d enos/support
mv ${{steps.download.outputs.download-path}}/*.zip enos/support/boundary.zip
- name: Output Terraform version info
# Use the same env vars from the following step
env:
ENOS_VAR_aws_region: us-east-1
ENOS_VAR_aws_ssh_keypair_name: enos-ci-ssh-key
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
ENOS_VAR_local_boundary_dir: ./support/
ENOS_VAR_crt_bundle_path: ./support/boundary.zip
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_test_email: ${{ secrets.SERVICE_USER_EMAIL }}
run: |
mkdir -p ./enos/terraform-plugin-cache
export ENOS_VAR_enos_user=$GITHUB_ACTOR && \
enos scenario check --chdir ./enos ${{ matrix.filter }} && \
enos scenario exec --chdir ./enos ${{ matrix.filter }} --cmd "version"
- name: Run Enos scenario
id: run
# Continue once and retry
continue-on-error: true
env:
ENOS_VAR_aws_region: us-east-1
ENOS_VAR_aws_ssh_keypair_name: enos-ci-ssh-key
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
ENOS_VAR_local_boundary_dir: ./support/
ENOS_VAR_crt_bundle_path: ./support/boundary.zip
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_test_email: ${{ secrets.SERVICE_USER_EMAIL }}
run: |
mkdir -p ./enos/terraform-plugin-cache
export ENOS_VAR_enos_user=$GITHUB_ACTOR && \
enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.filter }}
- name: Upload e2e tests output
uses: actions/upload-artifact@v3
with:
name: test-e2e-output.zip
path: enos/test*.out
retention-days: 5
- name: Set Enos Job Status
id: enos-status
# steps.run.outcome reports as failure when there is an error in `Run Enos scenario`
# failure() captures errors before `Run Enos scenario`
# failure() does not capture errors in `Run Enos scenario` due to continue-on-error
if: ${{ steps.run.outcome == 'failure' || failure() }}
run: echo "status=failure" >> $GITHUB_OUTPUT
- name: Retry Enos scenario
id: run_retry
if: steps.run.outcome == 'failure'
env:
ENOS_VAR_aws_region: us-east-1
ENOS_VAR_aws_ssh_keypair_name: enos-ci-ssh-key
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
ENOS_VAR_local_boundary_dir: ./support/
ENOS_VAR_crt_bundle_path: ./support/boundary.zip
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_test_email: ${{ secrets.SERVICE_USER_EMAIL }}
run: |
export ENOS_VAR_enos_user=$GITHUB_ACTOR && \
enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.filter }}
- name: Destroy Enos scenario
env:
ENOS_VAR_aws_region: us-east-1
ENOS_VAR_aws_ssh_keypair_name: enos-ci-ssh-key
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
ENOS_VAR_local_boundary_dir: ./support/
ENOS_VAR_crt_bundle_path: ./support/boundary.zip
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_test_email: ${{ secrets.SERVICE_USER_EMAIL }}
run: |
export ENOS_VAR_enos_user=$GITHUB_ACTOR && \
enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.filter }}
- name: Output debug information on failure
if: ${{ failure() }}
run: |
env
find ./enos -name "scenario.tf" -exec cat {} \;
notify:
name: Notify
needs: enos
runs-on: ${{ fromJSON(vars.RUNNER) }}
if: ${{ always() && needs.enos.outputs.status == 'failure' }}
steps:
- name: Send Slack message
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
with:
channel-id: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }}
payload: |
{
"text": ":x: e2e tests failed: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n*Branch:* ${{ github.event.ref }}\n*SHA:* <${{ github.event.head_commit.url }}|${{ github.event.after }}>"
}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_TOKEN }}
Reference in new issue View Git Blame Copy Permalink