| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 |
- on:
- repository_dispatch:
- types: [ok-to-test-managed-command]
- permissions:
- id-token: write
- contents: read
- env:
- # Common versions
- GO_VERSION: '1.19'
- GINKGO_VERSION: 'v2.1.6'
- DOCKER_BUILDX_VERSION: 'v0.4.2'
- # Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
- # a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
- # credentials have been provided before trying to run steps that need them.
- GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
- GCP_SM_SA_JSON: ${{ secrets.GCP_SM_SA_JSON}}
- GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID}}
- TF_VAR_GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID}}
- GCP_SM_SA_GKE_JSON: ${{ secrets.GCP_SM_SA_GKE_JSON}}
- GCP_GKE_CLUSTER: test-cluster
- GCP_GKE_ZONE: ${{ secrets.GCP_GKE_ZONE}}
- GCP_GSA_NAME: ${{ secrets.GCP_GSA_NAME}} # Goolge Service Account
- GCP_KSA_NAME: ${{ secrets.GCP_KSA_NAME}} # Kubernetes Service Account
- TF_VAR_GCP_GSA_NAME: ${{ secrets.GCP_GSA_NAME}} # Goolge Service Account for tf
- TF_VAR_GCP_KSA_NAME: ${{ secrets.GCP_KSA_NAME}} # Kubernetes Service Account for tf
- AWS_OIDC_ROLE_ARN: ${{ secrets.AWS_OIDC_ROLE_ARN}}
- AWS_SA_NAME: ${{ secrets.AWS_SA_NAME }}
- AWS_SA_NAMESPACE: ${{ secrets.AWS_SA_NAMESPACE }}
- AWS_REGION: "eu-central-1"
- AWS_CLUSTER_NAME: "eso-e2e-managed"
- TF_VAR_AWS_SA_NAME: ${{ secrets.AWS_SA_NAME }}
- TF_VAR_AWS_SA_NAMESPACE: ${{ secrets.AWS_SA_NAMESPACE }}
- TF_VAR_AWS_REGION: "eu-central-1"
- TF_VAR_AWS_CLUSTER_NAME: "eso-e2e-managed"
- AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID}}
- AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET}}
- TENANT_ID: ${{ secrets.TENANT_ID}}
- VAULT_URL: ${{ secrets.VAULT_URL}}
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- GITHUB_PR_NUMBER: ${{ github.event.client_payload.pull_request.number }}
- CLOUD_PROVIDER: ${{ github.event.client_payload.slash_command.args.named.provider }}
- INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }}
- GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
- name: managed e2e tests
- jobs:
- integration-trusted:
- runs-on: ubuntu-latest
- if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor !='dependabot[bot]'
- steps:
- - name: Branch based PR checkout
- uses: actions/checkout@v3
- - name: Fetch History
- run: git fetch --prune --unshallow
- - uses: ./.github/actions/e2e-managed
- env:
- CLOUD_PROVIDER: aws
- GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
- integration-managed:
- runs-on: ubuntu-latest
- if: github.event_name == 'repository_dispatch'
- steps:
- # Check out merge commit
- - name: Fork based /ok-to-test-managed checkout
- uses: actions/checkout@v3
- with:
- ref: 'refs/pull/${{ env.GITHUB_PR_NUMBER }}/merge'
- - name: Fetch History
- run: git fetch --prune --unshallow
- - uses: ./.github/actions/e2e-managed
- # set status=completed
- - uses: actions/github-script@v6
- if: ${{ always() }}
- env:
- number: ${{ env.GITHUB_PR_NUMBER }}
- provider: ${{ env.CLOUD_PROVIDER }}
- job: ${{ github.job }}
- # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
- conclusion: ${{ job.status }}
- with:
- github-token: ${{ env.GITHUB_TOKEN }}
- script: |
- const { data: pull } = await github.rest.pulls.get({
- ...context.repo,
- pull_number: process.env.number
- });
- const ref = pull.head.sha;
- const { data: checks } = await github.rest.checks.listForRef({
- ...context.repo,
- ref
- });
- const job_name = "e2e-managed-" + process.env.provider
- const check = checks.check_runs.filter(c => c.name === job_name);
- const { data: result } = await github.rest.checks.update({
- ...context.repo,
- check_run_id: check[0].id,
- status: 'completed',
- conclusion: process.env.conclusion
- });
- return result;
|
