chore: Implemented running integration tests in CI

Fgruntjes · Feb 1, 2023 · 6fff2f8 · 6fff2f8
1 parent 95ef7b4
commit 6fff2f8
Show file tree

Hide file tree

Showing 41 changed files with 2,709 additions and 292 deletions.
diff --git a/.config/.ansible-lint b/.config/.ansible-lint
@@ -0,0 +1,10 @@
+---
+# check this website for detailed configuration options:
+#    https://ansible-lint.readthedocs.io/configuring/#ansible-lint-configuration
+
+profile: shared
+
+exclude_paths:
+  - .github
+  - .git
+  - "*/docker-compose.yaml"
diff --git a/.config/.editorconfig b/.config/.editorconfig
@@ -0,0 +1,6 @@
+root = true
+
+[*]
+insert_final_newline = true
+indent_style = space
+indent_size = 4
diff --git a/.github/actions/config_cli_tools/action.yaml b/.github/actions/config_cli_tools/action.yaml
@@ -0,0 +1,24 @@
+name: 'Configure CLI tools for CI/CD'
+description: 'Setup CI/CD tools and authentication'
+inputs:
+    google_workload_identity_provider:
+        required: true
+        description: "Google workload identity provider, created in `deploy/setup.sh`."
+    google_service_account:
+        required: true
+        description: "Google service account email, created in `deploy/setup.sh`."
+runs:
+    using: "composite"
+    steps:
+    -   uses: google-github-actions/auth@v1
+        with:
+            workload_identity_provider: ${{ inputs.google_workload_identity_provider }}
+            service_account: ${{ inputs.google_service_account }}
+    -   uses: google-github-actions/setup-gcloud@v1
+    -   uses: giantswarm/install-binary-action@v1
+        with:
+            binary: 'atlas'
+            version: '1.4.0'
+            smoke_test: "${binary} --version"
+            tarball_binary_path: "*/bin/${binary}"
+            download_url: 'https://fastdl.mongodb.org/mongocli/mongodb-atlas-cli_${version}_linux_x86_64.tar.gz'
diff --git a/.github/actions/config_docker/action.yaml b/.github/actions/config_docker/action.yaml
@@ -0,0 +1,28 @@
+name: 'Configure Docker tools'
+description: 'Setup Docker tools and authentication'
+inputs:
+    google_workload_identity_provider:
+        required: true
+        description: "Google workload identity provider, created in `deploy/setup.sh`."
+    google_service_account:
+        required: true
+        description: "Google service account email, created in `deploy/setup.sh`."
+    container_registry:
+        required: true
+        description: "Container registry to login to"
+runs:
+    using: "composite"
+    steps:
+    -   uses: google-github-actions/auth@v1
+        id: google_auth
+        with:
+            token_format: 'access_token'
+            workload_identity_provider: ${{ inputs.google_workload_identity_provider }}
+            service_account: ${{ inputs.google_service_account }}
+            access_token_lifetime: 300s
+    -   uses: docker/login-action@v2
+        with:
+            registry: ${{ inputs.container_registry }}
+            username: oauth2accesstoken
+            password: ${{ steps.google_auth.outputs.access_token }}
+    -   uses: docker/setup-buildx-action@v2
diff --git a/.github/package.json b/.github/package.json
diff --git a/.github/project_matrix.sh b/.github/project_matrix.sh
@@ -9,6 +9,11 @@ function isFunction() {
     [[ ! "${PROJECT_NAME}" =~ .Tests$ ]] && [[ "${PROJECT_NAME}" =~ ^App.Function ]]
 }
 
+function isDocker() {
+    PROJECT_NAME=$1
+    [[ -f "${PROJECT_DIRECTORY}/Dockerfile" ]]
+}
+
 function isTest() {
     PROJECT_NAME=$1
     [[ "${PROJECT_NAME}" =~ \.Tests$ && "${PROJECT_NAME}" != "App.Lib.Tests" ]]
@@ -32,6 +37,11 @@ do
                 RESULT_PROJECTS+=($PROJECT_NAME)
             fi
             ;;
+        docker)
+            if isDocker "${PROJECT_NAME}"; then
+                RESULT_PROJECTS+=($PROJECT_NAME)
+            fi
+            ;;
         tests)
             if isTest "${PROJECT_NAME}"; then
                 RESULT_PROJECTS+=($PROJECT_NAME)
@@ -44,7 +54,7 @@ do
             ;;
         *)
             echo "Unknown project type ${1}"
-            echo "Usage: project_matrix.sh {functions|tests|typescript} [--json]"
+            echo "Usage: project_matrix.sh {functions|tests|typescript|docker} [--json]"
             exit 1
             ;;
     esac

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -2,45 +2,55 @@ name: Build
 on:
     workflow_call:
         inputs:
-            tag:
+            environment:
                 required: true
                 type: string
-            labels:
-                required: false
+            tag:
+                required: true
                 type: string
+        secrets:
+            GOOGLE_WORKLOAD_IDENTITY_PROVIDER:
+                required: true
+            GOOGLE_SERVICE_ACCOUNT_EMAIL:
+                required: true
+            GOOGLE_PROJECT_ID:
+                required: true
+            GOOGLE_REGION:
+                required: true
 
 jobs:
     project_matrix:
         uses: ./.github/workflows/project_matrix.yaml
 
-    build:
+    build_images:
         runs-on: ubuntu-latest
+        needs: [project_matrix]
         strategy:
             matrix:
-                project: ${{fromJson(needs.project_matrix.outputs.functions)}}
+                project: ${{ fromJson(needs.project_matrix.outputs.docker) }}
         permissions:
             contents: 'read'
             id-token: 'write'
         steps:
         -   uses: actions/checkout@v3
-        -   uses: google-github-actions/auth@v0
-            id: google_auth
+        -   uses: ./.github/actions/config_docker
             with:
-                token_format: 'access_token'
-                workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
-                service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT }}
-        -   uses: docker/login-action@v2
+                google_workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
+                google_service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
+                container_registry: ${{ secrets.GOOGLE_REGION }}-docker.pkg.dev
+        -   uses: docker/metadata-action@v4
+            id: meta
             with:
-                registry: gcr.io
-                username: oauth2accesstoken
-                password: ${{ steps.google_auth.outputs.access_token }}
-        -   uses: docker/setup-buildx-action@v2
+                images: ${{ secrets.GOOGLE_REGION }}-docker.pkg.dev/${{ secrets.GOOGLE_PROJECT_ID }}/docker/${{ inputs.environment }}/${{ matrix.project }}
+                tags: ${{ inputs.tag }}
         -   uses: docker/build-push-action@v3
             with:
                 context: .
                 file: '${{ matrix.project }}/Dockerfile'
                 push: true
-                tags: gcr.io/${{ secrets.GOOGLE_PROJECT_ID }}/${{ matrix.project }}:${{inputs.tag}}
+                tags: ${{ steps.meta.outputs.tags }}
+                labels: ${{ steps.meta.outputs.labels }}
                 cache-from: type=gha
                 cache-to: type=gha,mode=max
-                labels: ${{inputs.labels}}
+                # @see https://github.com/docker/buildx/issues/1533
+                provenance: false
diff --git a/.github/workflows/delete.yaml b/.github/workflows/delete.yaml
@@ -0,0 +1,73 @@
+name: Cleanup
+on:
+    workflow_call:
+        inputs:
+            environment:
+                required: true
+                type: string
+
+        secrets:
+            GOOGLE_WORKLOAD_IDENTITY_PROVIDER:
+                required: true
+            GOOGLE_SERVICE_ACCOUNT_EMAIL:
+                required: true
+            GOOGLE_PROJECT_ID:
+                required: true
+            GOOGLE_REGION:
+                required: true
+            SENTRY_DSN:
+                required: true
+            CLOUDFLARE_API_TOKEN:
+                required: true
+            CLOUDFLARE_ACCOUNT_ID:
+                required: true
+            MONGODB_ATLAS_PUBLIC_KEY:
+                required: true
+            MONGODB_ATLAS_PRIVATE_KEY:
+                required: true
+            MONGODB_ATLAS_PROJECT_ID:
+                required: true
+
+jobs:
+    delete_containers:
+        runs-on: ubuntu-latest
+        timeout-minutes: 5
+        permissions:
+            contents: read
+            id-token: write
+        steps:
+        -   uses: actions/checkout@v3
+        -   uses: ./.github/actions/config_docker
+            with:
+                google_workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
+                google_service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
+                container_registry: ${{ secrets.GOOGLE_REGION }}-docker.pkg.dev
+        -   uses: 'docker://europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli'
+            with:
+                args: >-
+                    -repo=${{ secrets.GOOGLE_REGION }}-docker.pkg.dev/${{ secrets.GOOGLE_PROJECT_ID }}/docker/${{ inputs.environment }}
+                    -recursive=true
+        
+    delete_resources:
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            id-token: write
+        steps:
+        -   uses: actions/checkout@v3
+        -   uses: ./.github/actions/config_cli_tools
+            with:
+                google_workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
+                google_service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
+        -   run: ./deploy/run-ansible.sh src/delete.yml
+            env:
+                APP_TAG: ${{ inputs.tag }}
+                APP_ENVIRONMENT: ${{ inputs.environment }}
+                SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+                GOOGLE_REGION: ${{ secrets.GOOGLE_REGION }}
+                GOOGLE_PROJECT_ID: ${{ secrets.GOOGLE_PROJECT_ID }}
+                MONGODB_ATLAS_PUBLIC_KEY: ${{ secrets.MONGODB_ATLAS_PUBLIC_KEY }}
+                MONGODB_ATLAS_PRIVATE_KEY: ${{ secrets.MONGODB_ATLAS_PRIVATE_KEY }}
+                MONGODB_ATLAS_PROJECT_ID: ${{ secrets.MONGODB_ATLAS_PROJECT_ID }}
+                CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -1,4 +1,5 @@
 name: Deploy
+
 on:
     workflow_call:
         inputs:
@@ -8,60 +9,52 @@ on:
             tag:
                 required: true
                 type: string
-            region:
-                required: false
-                default: 'europe-central2'
+        secrets:
+            GOOGLE_WORKLOAD_IDENTITY_PROVIDER:
+                required: true
+            GOOGLE_SERVICE_ACCOUNT_EMAIL:
+                required: true
+            GOOGLE_PROJECT_ID:
+                required: true
+            GOOGLE_REGION:
+                required: true
+            SENTRY_DSN:
+                required: true
+            CLOUDFLARE_API_TOKEN:
+                required: true
+            CLOUDFLARE_ACCOUNT_ID:
+                required: true
+            MONGODB_ATLAS_PUBLIC_KEY:
+                required: true
+            MONGODB_ATLAS_PRIVATE_KEY:
+                required: true
+            MONGODB_ATLAS_PROJECT_ID:
+                required: true
 
 jobs:
-    project_matrix:
-        uses: ./.github/workflows/project_matrix.yaml
-
     deploy:
         runs-on: ubuntu-latest
         environment:
-            name: ${{inputs.environment}}
+            name: ${{ inputs.environment }}
             url: https://github.com
-        needs:
-        - build
         permissions:
-            contents: 'read'
-            id-token: 'write'
-        strategy:
-            matrix:
-                project: ${{fromJson(needs.project_matrix.outputs.functions)}}
+            contents: read
+            id-token: write
         steps:
         -   uses: actions/checkout@v3
-        -   uses: google-github-actions/auth@v0
+        -   uses: ./.github/actions/config_cli_tools
             with:
-                workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
-                service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT }}
-        # Deploy cloud functions
-        -   run: environment_input="${{ inputs.environment }}"; echo "dotnet_env=$(echo "${environment_input%%_*}" | sed -e 's/^./\U&/)" >> $GITHUB_ENV
-        -   uses: mshick/fast-envsubst@v1
+                google_workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
+                google_service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
+        -   run: ./deploy/run-ansible.sh src/deploy.yml
             env:
-                SERVICE: ${{ matrix.project }}
-                DEPLOY_ENV: ${{inputs.environment}}
-                DOTNET_ENVIRONMENT: ${{ env.dotnet_env }}
-                IMAGE: gcr.io/${{ secrets.GOOGLE_PROJECT_ID }}/${{ matrix.project }}:${{inputs.tag}}
-                Database__ConnectionString: ${{ secrets.DATABASE__CONNECTIONSTRING }}
-                Sentry__Dsn: ${{ secrets.SENTRY__DSN }}
-                Database__DatabaseName: ${{inputs.environment}}
-            with:
-                in-file: ${{ matrix.project }}/service.yaml
-                out-file: ${{ matrix.project }}/service.deploy.yaml
-        -   run: cat ${{ matrix.project }}/service.deploy.yaml
-        -   uses: google-github-actions/deploy-cloudrun@v0
-            id: cloudrun
-            with:
-                metadata: ${{ matrix.project }}/service.deploy.yaml
-                region: ${{ inputs.region }}
-        # Deploy infra (terraform)
-        -   uses: hashicorp/setup-terraform@v2
-        -   run: |
-                test -d ${{ matrix.project }}/terraform || exit 0
-                cd ${{ matrix.project }}/terraform
-                terraform init
-                terraform plan -out plan.tf \
-                    -var "environment=${{ inputs.environment }}" \
-                    -var "cloudrun_url=${{ steps.cloudrun.outputs.url }}"
-                terraform apply -auto-approve plan.tf
+                APP_TAG: ${{ inputs.environment }}-${{ inputs.tag }}
+                APP_ENVIRONMENT: ${{ inputs.environment }}
+                SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+                GOOGLE_REGION: ${{ secrets.GOOGLE_REGION }}
+                GOOGLE_PROJECT_ID: ${{ secrets.GOOGLE_PROJECT_ID }}
+                MONGODB_ATLAS_PUBLIC_KEY: ${{ secrets.MONGODB_ATLAS_PUBLIC_KEY }}
+                MONGODB_ATLAS_PRIVATE_KEY: ${{ secrets.MONGODB_ATLAS_PRIVATE_KEY }}
+                MONGODB_ATLAS_PROJECT_ID: ${{ secrets.MONGODB_ATLAS_PROJECT_ID }}
+                CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
diff --git a/.github/workflows/project_matrix.yaml b/.github/workflows/project_matrix.yaml
@@ -2,24 +2,24 @@ name: ProjectMatrix
 on:
     workflow_call:
         outputs:
-            functions:
-                value: ${{ jobs.project_matrix.outputs.functions }}
             tests:
                 value: ${{ jobs.project_matrix.outputs.tests }}
             typescript:
                 value: ${{ jobs.project_matrix.outputs.typescript }}
+            docker:
+                value: ${{ jobs.project_matrix.outputs.docker }}
 jobs:
     project_matrix:
         runs-on: ubuntu-latest
         steps:
         -   uses: actions/checkout@v3
-        -   run: echo "matrix=$(.github/project_matrix.sh functions --json)" >> $GITHUB_OUTPUT
-            id: functions
         -   run: echo "matrix=$(.github/project_matrix.sh tests --json)" >> $GITHUB_OUTPUT
             id: tests
         -   run: echo "matrix=$(.github/project_matrix.sh typescript --json)" >> $GITHUB_OUTPUT
             id: typescript
+        -   run: echo "matrix=$(.github/project_matrix.sh docker --json)" >> $GITHUB_OUTPUT
+            id: docker
         outputs:
-            functions: ${{ steps.functions.outputs.matrix }}
             tests: ${{ steps.tests.outputs.matrix }}
             typescript: ${{ steps.typescript.outputs.matrix }}
+            docker: ${{ steps.docker.outputs.matrix }}