generated from oracle/template-repo
-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Oke 23021 - End to end test cases (#14)
* added e2e test cases workflow * refactored github action workflows
- Loading branch information
1 parent
f3c216f
commit 9897db8
Showing
10 changed files
with
536 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
name: BuildnPush | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
IMAGE_REGISTRY: | ||
required: true | ||
type: string | ||
outputs: | ||
IMAGE_PATH: | ||
description: "Image Path" | ||
value: ${{ jobs.image-build-n-push.outputs.IMAGE_PATH }} | ||
|
||
jobs: | ||
unit-tests: | ||
uses: ./.github/workflows/unit-tests.yaml | ||
image-build-n-push: | ||
needs: [unit-tests] | ||
runs-on: ubuntu-latest | ||
name: Builds container image and pushes to registry | ||
env: | ||
IMAGE_REGISTRY: ${{ inputs.IMAGE_REGISTRY }} | ||
outputs: | ||
IMAGE_PATH: ${{ steps.print-docker-image-path.outputs.IMAGE_PATH }} | ||
steps: | ||
|
||
- name: Checkout | ||
uses: actions/checkout@v3.3.0 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v2 | ||
with: | ||
platforms: amd64 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
|
||
- name: Log into GitHub Container Registry | ||
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${GITHUB_ACTOR,,} --password-stdin | ||
|
||
- name: Build Image | ||
run: IMAGE_REGISTRY="${{ env.IMAGE_REGISTRY }}" make docker-build | ||
|
||
- name: Push Image | ||
run: IMAGE_REGISTRY="${{ env.IMAGE_REGISTRY }}" make docker-push | ||
|
||
- name: Print Image Path | ||
id: print-docker-image-path | ||
run: echo IMAGE_PATH=`IMAGE_REGISTRY="${{ env.IMAGE_REGISTRY }}" make print-docker-image-path` >> $GITHUB_OUTPUT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,292 @@ | ||
name: E2E Tests | ||
|
||
on: | ||
pull_request: {} | ||
# workflow_run: | ||
# workflows: ["BuildnPush"] | ||
# types: | ||
# - completed | ||
concurrency: dev_environment | ||
|
||
env: | ||
OCI_CLI_USER: ${{ secrets.OCI_CLI_USER }} | ||
OCI_CLI_TENANCY: ${{ secrets.OCI_CLI_TENANCY }} | ||
OCI_CLI_FINGERPRINT: ${{ secrets.OCI_CLI_FINGERPRINT }} | ||
OCI_CLI_KEY_CONTENT: ${{ secrets.OCI_CLI_KEY_CONTENT }} | ||
OCI_CLI_REGION: ${{ secrets.OCI_CLI_REGION }} | ||
|
||
# OCI_CLUSTER_ID: ${{ vars.CLUSTER_ID }} | ||
# OCI_VAULT_ID: ${{ vars.VAULT_ID }} | ||
OCI_VAULT_SECRET_VALUE: ${{ vars.VAULT_SECRET_VALUE }} | ||
# OCI_DEBUG: "--debug" | ||
|
||
jobs: | ||
build: | ||
uses: ./.github/workflows/build-n-push.yaml | ||
with: | ||
IMAGE_REGISTRY: ${{ vars.IMAGE_REGISTRY }} | ||
secrets: inherit | ||
setup-vault: | ||
runs-on: ubuntu-latest | ||
name: Setup Vault and secrets | ||
needs: [ build ] | ||
env: | ||
OCI_VAULT_ID: ${{ vars.VAULT_ID }} | ||
OCI_VAULT_KEY_ID: ${{ vars.VAULT_KEY_ID }} | ||
outputs: | ||
OCI_VAULT_ID: ${{ env.OCI_VAULT_ID }} | ||
OCI_VAULT_KEY_ID: ${{ env.OCI_VAULT_KEY_ID }} | ||
VAULT_SECRET_NAME: ${{ vars.SECRET_NAME_PREFIX }}-${{ env.OCI_RANDOM }} | ||
VAULT_SECRET_OCID: ${{ steps.extract-secret-ocid.outputs.VAULT_SECRET_OCID }} | ||
steps: | ||
- name: create env with random | ||
id: gen-random | ||
run: echo "OCI_RANDOM=${RANDOM}" >> $GITHUB_ENV | ||
|
||
- name: Create vault if doesn't exist | ||
if: ${{ vars.USE_EXISTING_VAULT != 'true' }} | ||
uses: oracle-actions/run-oci-cli-command@v1.1 | ||
id: create-vault | ||
with: | ||
silent: false | ||
command: "kms management vault create --compartment-id ${{ vars.COMPARTMENT_ID }} --display-name ${{ vars.VAULT_NAME_PREFIX }}-${{ env.OCI_RANDOM }} --vault-type default" | ||
query: "data.id" | ||
|
||
- name: get vault from previous output | ||
if: ${{ vars.USE_EXISTING_VAULT != 'true' }} | ||
run: echo "OCI_VAULT_ID=${{ steps.create-vault.outputs.raw_output }}" >> $GITHUB_ENV | ||
|
||
- name: create key if doesn't exist | ||
if: ${{ vars.USE_EXISTING_VAULT != 'true' }} | ||
uses: oracle-actions/run-oci-cli-command@v1.1 | ||
id: create-vault-key | ||
with: | ||
silent: false | ||
command: "kms management key create --endpoint ${{ vars.VAULT_MGMT_ENDPOINT }} --compartment-id ${{ vars.COMPARTMENT_ID }} --display-name key-${RANDOM} --key-shape '{ \"algorithm\" : \"AES\", \"length\" : 32 }'" | ||
query: "data.id" | ||
|
||
- name: create env for key id from create-vault-key output | ||
if: ${{ vars.USE_EXISTING_VAULT != 'true' }} | ||
run: echo "OCI_VAULT_KEY_ID=${{ steps.create-vault-key.outputs.raw_output }}" >> $GITHUB_ENV | ||
|
||
- name: create secret in vault | ||
uses: oracle-actions/run-oci-cli-command@v1.1 | ||
id: create-secret | ||
with: | ||
silent: false | ||
command: vault secret create-base64 --compartment-id ${{ vars.COMPARTMENT_ID }} --vault-id ${{ env.OCI_VAULT_ID }} --key-id ${{ env.OCI_VAULT_KEY_ID }} --secret-name ${{ vars.SECRET_NAME_PREFIX }}-${{ env.OCI_RANDOM }} --secret-content-content ${{ env.OCI_VAULT_SECRET_VALUE }}" | ||
# query: "data.id" | ||
|
||
- name: extract secret id | ||
id: extract-secret-ocid | ||
run: echo VAULT_SECRET_OCID=`echo ${{ steps.create-secret.outputs.output }} | jq -r ".data.id"` >> $GITHUB_OUTPUT | ||
|
||
setup-cluster: | ||
runs-on: ubuntu-latest | ||
name: Setup Cluster | ||
needs: [ build ] | ||
env: | ||
OCI_CLUSTER_ID: ${{ vars.CLUSTER_ID }} | ||
outputs: | ||
OCI_CLUSTER_ID: ${{ steps.print-cluster-id.outputs.clusterId }} | ||
steps: | ||
# - name: create vcn if doesn't exist | ||
# - name: get vcn id from previous output or existing var | ||
# - name: create cluster | ||
# if: ${{ vars.USE_EXISTING_CLUSTER != 'true' }} | ||
# uses: oracle-actions/run-oci-cli-command@v1.1 | ||
# id: create-cluster | ||
# with: | ||
# silent: false | ||
# command: "ce cluster create --compartment-id ${{ vars.COMPARTMENT_ID }} | ||
# --vcn-id ${{ vars.VCN_ID }} --kubernetes-version ${{ vars.K8S_VERSION }} | ||
# --wait-for-state succeeded" | ||
# query: "data.secret-name" | ||
|
||
# - name: create env for key id from create-vault-key output | ||
# if: ${{ vars.USE_EXISTING_CLUSTER != 'true' }} | ||
# run: echo "OCI_CLUSTER_ID=${{ steps.create-cluster.outputs.raw_output }}" >> $GITHUB_ENV | ||
|
||
# - name: create nodepool | ||
# if: ${{ vars.USE_EXISTING_CLUSTER != 'true' }} | ||
|
||
# - name: get kubeconfig | ||
# uses: oracle-actions/run-oci-cli-command@v1.1 | ||
# id: get-kube-config | ||
# with: | ||
# silent: false | ||
# command: "ce cluster create-kubeconfig --cluster-id ${{ env.OCI_CLUSTER_ID }} --file $HOME/.kube/config --region ${{ env.OCI_CLI_REGION }} --token-version 2.0.0 --kube-endpoint PUBLIC_ENDPOINT" | ||
|
||
- name: print cluster id from vars | ||
id: print-cluster-id | ||
run: echo "clusterId=${{ env.OCI_CLUSTER_ID }}" >> $GITHUB_OUTPUT | ||
|
||
deploy-provider: | ||
runs-on: ubuntu-latest | ||
name: Deploy Provider | ||
needs: [ setup-vault , setup-cluster , build ] | ||
env: | ||
OCI_VAULT_ID: ${{ needs.setup-vault.outputs.OCI_VAULT_ID }} | ||
OCI_VAULT_SECRET_NAME: ${{ needs.setup-vault.outputs.VAULT_SECRET_NAME }} | ||
OCI_VAULT_SECRET_OCID: ${{ needs.setup-vault.outputs.VAULT_SECRET_OCID }} | ||
OCI_VAULT_SECRET_OCID_1: ${{ needs.setup-vault.outputs.VAULT_SECRET_OCID_1 }} | ||
OCI_CLUSTER_ID: ${{ needs.setup-cluster.outputs.OCI_CLUSTER_ID }} | ||
PROVIDER_NAMESPACE: ${{ vars.PROVIDER_NAMESPACE }} | ||
IMAGE_PATH : ${{ needs.build.outputs.IMAGE_PATH }} | ||
outputs: | ||
OCI_VAULT_SECRET_NAME: ${{ needs.setup-vault.outputs.VAULT_SECRET_NAME }} | ||
OCI_VAULT_SECRET_OCID: ${{ needs.setup-vault.outputs.VAULT_SECRET_OCID }} | ||
OCI_CLUSTER_ID: ${{ needs.setup-cluster.outputs.OCI_CLUSTER_ID }} | ||
steps: | ||
- name: Configure Kubectl | ||
uses: oracle-actions/configure-kubectl-oke@v1.3.1 | ||
id: test-configure-kubectl-oke-action | ||
with: | ||
cluster: ${{ env.OCI_CLUSTER_ID }} | ||
|
||
- name: test cluster access | ||
run: kubectl get nodes -A | ||
|
||
- name: create namespace in the cluster | ||
continue-on-error: true | ||
run: kubectl create namespace ${{ env.PROVIDER_NAMESPACE }} | ||
|
||
# - name: Install Helm | ||
# uses: azure/setup-helm@v3 | ||
|
||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: split image path into repo and tag | ||
id: split-image-path | ||
run: | | ||
echo PROVIDER_IMAGE_REPO=`echo ${{ env.IMAGE_PATH }} | sed -e "s/:.*$//"` >> $GITHUB_OUTPUT | ||
echo PROVIDER_IMAGE_TAG=`echo ${{ env.IMAGE_PATH }} | sed -e "s/.*://"` >> $GITHUB_OUTPUT | ||
- name: print image values | ||
run: | | ||
echo ${{ steps.split-image-path.outputs.PROVIDER_IMAGE_REPO }} | ||
echo ${{ steps.split-image-path.outputs.PROVIDER_IMAGE_TAG }} | ||
- name: Deploy Helm chart | ||
run: | | ||
helm upgrade --install oci-provider charts/oci-secrets-store-csi-driver-provider \ | ||
--namespace ${{ env.PROVIDER_NAMESPACE }} \ | ||
--set "provider.image.repository=${{ steps.split-image-path.outputs.PROVIDER_IMAGE_REPO }},provider.image.tag=${{ steps.split-image-path.outputs.PROVIDER_IMAGE_TAG }}" | ||
- name: list pods | ||
run: | | ||
kubectl get daemonset --namespace oci-provider \ | ||
--selector='app.kubernetes.io/name in (oci-secrets-store-csi-driver-provider, secrets-store-csi-driver)' | ||
- name: update auth file with correct values | ||
run: | | ||
sed -e 's/region:.*/region: ${{ env.OCI_CLI_REGION }}/' \ | ||
-e 's/tenancy:.*/tenancy: ${{ env.OCI_CLI_TENANCY }}/' \ | ||
-e 's/user:.*/user: ${{ env.OCI_CLI_USER }}/' \ | ||
-e 's/fingerprint:.*/fingerprint: ${{ env.OCI_CLI_FINGERPRINT }}/' e2e/example/user-auth-config-example.yaml > e2e/example/user-auth-config-example.yaml.tmp | ||
# - name: print updated yaml file | ||
# run: cat e2e/example/user-auth-config-example.yaml.tmp | ||
|
||
- name: delete secret if exists | ||
continue-on-error: true | ||
run: kubectl delete secret oci-config | ||
|
||
- name: create kubernetes secret for user auth config | ||
run: | | ||
kubectl create secret generic oci-config \ | ||
--from-file=config=e2e/example/user-auth-config-example.yaml.tmp \ | ||
--from-literal=private-key="${{ env.OCI_CLI_KEY_CONTENT }}" | ||
- name: update spc file with correct values | ||
run: | | ||
sed -e 's/vaultId:.*/vaultId: ${{ env.OCI_VAULT_ID }}/' \ | ||
-e 's/authType:.*/authType: user/' \ | ||
-e 's/- name:.*/- name: ${{ env.OCI_VAULT_SECRET_NAME }}/' e2e/example/secret-provider-class.yaml > e2e/example/secret-provider-class.yaml.tmp | ||
- name: update deployment file with secret name | ||
run: | | ||
sed -e 's/testingSecretName:.*/testingSecretName: ${{ env.OCI_VAULT_SECRET_NAME }}/' \ | ||
e2e/example/app.deployment.yaml > e2e/example/app.deployment.yaml.tmp | ||
- name: print updated yaml file | ||
run: cat e2e/example/secret-provider-class.yaml.tmp | ||
|
||
- name: deploy spc | ||
run: kubectl apply -f e2e/example/secret-provider-class.yaml.tmp | ||
|
||
- name: deploy workload | ||
run: kubectl apply -f e2e/example/app.deployment.yaml.tmp | ||
|
||
- name: Wait for pod to run | ||
id: wait-on-pod | ||
# run: kubectl wait --for=jsonpath='{.status.phase}'=Running pods/${{ env.POD_NAME }} --timeout=90s | ||
run: sleep 90 | ||
|
||
- name: Verify pods are running | ||
id: pod-names | ||
run: kubectl get pods -l testingSecretName=${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers | ||
|
||
- name: capture pod name into env | ||
run: echo "POD_NAME=`kubectl get pods -l testingSecretName=${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers`" >> $GITHUB_ENV | ||
|
||
- name: print secret value | ||
id: print-secret-content | ||
run: echo "SECRET_CONTENT=`kubectl exec -it ${{ env.POD_NAME }} -- cat /mnt/secrets-store/${{ env.OCI_VAULT_SECRET_NAME }} 2> /dev/null | base64`" >> $GITHUB_ENV | ||
|
||
# - name: convert to base64 | ||
# id: convert-to-base64 | ||
# run: echo -n ${{ steps.print-secret-content.outputs.output }} | base64 | ||
|
||
- name: print values | ||
run: echo "${{ env.SECRET_CONTENT }} == ${{ env.OCI_VAULT_SECRET_VALUE}}" | ||
|
||
- name: verify value | ||
run: if [ "${{ env.SECRET_CONTENT }}" == "${{ env.OCI_VAULT_SECRET_VALUE}}" ]; then exit 0; else exit 1; fi | ||
|
||
# cleanup | ||
- name: remove deployment | ||
if: ${{ always() }} | ||
run: | | ||
kubectl delete -f e2e/example/app.deployment.yaml.tmp \ | ||
-f e2e/example/secret-provider-class.yaml.tmp | ||
- name: delete secret | ||
if: ${{ always() }} | ||
run: kubectl delete secret oci-config | ||
|
||
- name: uninstall provider | ||
if: ${{ always() }} | ||
run: helm uninstall oci-provider -n ${{ env.PROVIDER_NAMESPACE }} | ||
|
||
cleanup: | ||
runs-on: ubuntu-latest | ||
needs: [deploy-provider] | ||
name: Cleanup resources | ||
env: | ||
OCI_VAULT_SECRET_NAME: ${{ needs.deploy-provider.outputs.OCI_VAULT_SECRET_NAME }} | ||
OCI_VAULT_SECRET_OCID: ${{ needs.deploy-provider.outputs.OCI_VAULT_SECRET_OCID }} | ||
OCI_CLUSTER_ID: ${{ needs.deploy-provider.outputs.OCI_CLUSTER_ID }} | ||
steps: | ||
- name: delete cluster | ||
if: ${{ vars.USE_EXISTING_CLUSTER != 'true' }} | ||
uses: oracle-actions/run-oci-cli-command@v1.1 | ||
with: | ||
command: "ce cluster delete --cluster-id ${{ env.OCI_CLUSTER_ID }} --wait-for-state SUCCEEDED" | ||
|
||
# - name: get secret id | ||
# id: get-secret-ocid | ||
# uses: oracle-actions/run-oci-cli-command@v1.1 | ||
# with: | ||
# command: "vault secret list --name ${{ env.OCI_VAULT_SECRET_NAME }} --compartment-id ${{ vars.COMPARTMENT_ID }}" | ||
# query: data[0].id | ||
|
||
- name: delete secrets | ||
uses: oracle-actions/run-oci-cli-command@v1.1 | ||
with: | ||
command: "vault secret schedule-secret-deletion --secret-id ${{ env.OCI_VAULT_SECRET_OCID }}" | ||
# - name: delete vcn if created | ||
# - name: delete vault if created |
Oops, something went wrong.