|
| 1 | +run-name: AWS EC2 - ${{ github.event_name }} by @${{ github.actor }} |
| 2 | +# name: Fabric Build |
| 3 | +concurrency: aws-workflow |
| 4 | +on: |
| 5 | + workflow_dispatch: |
| 6 | + inputs: |
| 7 | + this_repo_branch: |
| 8 | + type: string |
| 9 | + description: Select the branch to use from this repo |
| 10 | + default: main |
| 11 | + windows_repo_branch: |
| 12 | + type: string |
| 13 | + description: Select the branch to use from windows-host-configuration repo |
| 14 | + default: main |
| 15 | + terraform_run_destroy: |
| 16 | + type: choice |
| 17 | + options: |
| 18 | + - true |
| 19 | + - false |
| 20 | + fail_first_test: |
| 21 | + type: choice |
| 22 | + options: |
| 23 | + - false |
| 24 | + - true |
| 25 | + fail_second_test: |
| 26 | + type: choice |
| 27 | + options: |
| 28 | + - false |
| 29 | + - true |
| 30 | + push: |
| 31 | + branches: |
| 32 | + - 'arthur/secret-manager' |
| 33 | + # pull_request: |
| 34 | + |
| 35 | + schedule: |
| 36 | + # only runs on default branch |
| 37 | + # * is a special character in YAML so you have to quote this string |
| 38 | + - cron: '15 */12 * * *' |
| 39 | + |
| 40 | +jobs: |
| 41 | + |
| 42 | + Run-Test-Build: |
| 43 | + strategy: |
| 44 | + max-parallel: 30 |
| 45 | + fail-fast: false |
| 46 | + matrix: |
| 47 | + test_groups: ['base_defaults'] |
| 48 | + runs-on: ubuntu-latest |
| 49 | + permissions: |
| 50 | + id-token: write |
| 51 | + contents: write |
| 52 | + pull-requests: write |
| 53 | + issues: read |
| 54 | + checks: write |
| 55 | + env: |
| 56 | + TF_VAR_REGION: "us-west-2" |
| 57 | + THIS_REPO_BRANCH: main |
| 58 | + WINDOWS_REPO_BRANCH: main |
| 59 | + TERRAFORM_RUN_DESTROY: true |
| 60 | + FAIL_FIRST_TEST: false |
| 61 | + FAIL_SECOND_TEST: false |
| 62 | + WORK_DIR: test_code |
| 63 | + CLOUD: aws |
| 64 | + MODULE: aws_machines |
| 65 | + # TF_LOG: DEBUG |
| 66 | + |
| 67 | + steps: |
| 68 | + # GCP Login |
| 69 | + # This is key generated in GCP console for service account |
| 70 | + - id: 'auth' |
| 71 | + uses: 'google-github-actions/auth@v0' |
| 72 | + with: |
| 73 | + credentials_json: ${{ secrets.GCP_CREDENTIALS }} |
| 74 | + |
| 75 | + - name: 'Set up Cloud SDK' |
| 76 | + uses: 'google-github-actions/setup-gcloud@v0' |
| 77 | + with: |
| 78 | + project_id: ${{ secrets.GCP_PROJECT_ID }} |
| 79 | + |
| 80 | + - id: 'secrets' |
| 81 | + uses: 'google-github-actions/get-secretmanager-secrets@v1' |
| 82 | + with: |
| 83 | + secrets: |- |
| 84 | + TF_VAR_PUBLIC_KEY:projects/896946759488/secrets/TF_VAR_PUBLIC_KEY |
| 85 | + THUNDERDOME_AWS_ROLE:projects/896946759488/secrets/THUNDERDOME_AWS_ROLE |
| 86 | + PRIVATE_KEY:projects/896946759488/secrets/PRIVATE_KEY |
| 87 | + STAGE_CUSTOMER_ID:projects/896946759488/secrets/STAGE_CUSTOMER_ID |
| 88 | + STAGE_DATASTREAM_TOKEN:projects/896946759488/secrets/STAGE_DATASTREAM_TOKEN |
| 89 | + STAGE_DOMAIN:projects/896946759488/secrets/STAGE_DOMAIN |
| 90 | + STAGE_USER_EMAIL:projects/896946759488/secrets/STAGE_USER_EMAIL |
| 91 | + STAGE_USER_PASSWORD:projects/896946759488/secrets/STAGE_USER_PASSWORD |
| 92 | +
|
| 93 | +
|
| 94 | +
|
| 95 | + # AWS Login - orig role - has to occur before checkout |
| 96 | + - name: Configure AWS Credentials |
| 97 | + uses: aws-actions/configure-aws-credentials@v1 |
| 98 | + with: |
| 99 | + role-to-assume: ${{ steps.secrets.outputs.THUNDERDOME_AWS_ROLE }} |
| 100 | + aws-region: ${{ env.TF_VAR_REGION }} |
| 101 | + |
| 102 | + - name: Set code repo #Set branches based on via Workflow Dispatch or Pull Request |
| 103 | + run: | |
| 104 | + if ${{ github.event.inputs.this_repo_branch != '' }}; then |
| 105 | + echo "THIS_REPO_BRANCH=refs/heads/${{ github.event.inputs.this_repo_branch }}" >> $GITHUB_ENV |
| 106 | + echo "WINDOWS_REPO_BRANCH=refs/heads/${{ github.event.inputs.windows_repo_branch }}" >> $GITHUB_ENV |
| 107 | + elif ${{ github.event_name == 'pull_request' }}; then |
| 108 | + echo "THIS_REPO_BRANCH=refs/heads/${{ github.head_ref }}" >> $GITHUB_ENV |
| 109 | + echo "WINDOWS_REPO_BRANCH=refs/heads/${{ env.WINDOWS_REPO_BRANCH}}" >> $GITHUB_ENV |
| 110 | + fi |
| 111 | +
|
| 112 | + - name: Set env var |
| 113 | + run: | |
| 114 | + echo "TF_VAR_PUBLIC_KEY=${{ steps.secrets.outputs.TF_VAR_PUBLIC_KEY }}" >> $GITHUB_ENV |
| 115 | +
|
| 116 | + - name: Check out repository code |
| 117 | + uses: actions/checkout@v3 |
| 118 | + with: |
| 119 | + ref: ${{ env.THIS_REPO_BRANCH }} |
| 120 | + |
| 121 | + - name: Set contexts |
| 122 | + run: | |
| 123 | + mkdir context |
| 124 | + echo '${{ toJSON(github) }}' > context/github_context.json |
| 125 | + echo '${{ toJSON(matrix) }}' > context/matrix_context.json |
| 126 | + echo '${{ steps.secrets.outputs.PRIVATE_KEY }}' > context/private_key |
| 127 | + |
| 128 | + working-directory: "${{ env.WORK_DIR }}/python_scripts" |
| 129 | + |
| 130 | + - name: workflow helper |
| 131 | + run: | |
| 132 | + python3 -c "from workflow_tasks import set_custom_vars; set_custom_vars(context_dir='context')" |
| 133 | +
|
| 134 | + python3 -c "from workflow_tasks import tf_override_file; tf_override_file(cloud=\"${{ env.CLOUD }}\", test_group=\"${{ matrix.test_groups }}\")" |
| 135 | +
|
| 136 | + # !!! vvvvv THIS OVERWRITES MAIN.TF FILE for specific cloud module vvvvv !!! |
| 137 | + python3 -c "from workflow_tasks import tf_main_file; tf_main_file(module=\"${{ env.MODULE }}\")" |
| 138 | +
|
| 139 | + python3 -c "from workflow_tasks import tf_output_file; tf_output_file(module=\"${{ env.MODULE }}\")" |
| 140 | +
|
| 141 | + python3 -c "from workflow_tasks import config_ini; config_ini(custid=\"${{ steps.secrets.outputs.STAGE_CUSTOMER_ID }}\", domain=\"${{ steps.secrets.outputs.STAGE_DOMAIN }}\", token=\"${{ steps.secrets.outputs.STAGE_DATASTREAM_TOKEN }}\",user_email=\"${{ steps.secrets.outputs.STAGE_USER_EMAIL }}\",user_password=\"${{ steps.secrets.outputs.STAGE_USER_PASSWORD }}\")" |
| 142 | +
|
| 143 | + working-directory: "${{ env.WORK_DIR }}/python_scripts" |
| 144 | + |
| 145 | + - name: Print Environment Variables - troubleshooting |
| 146 | + run: | |
| 147 | + env | sort -f |
| 148 | +
|
| 149 | + - name: Setup Terraform |
| 150 | + uses: hashicorp/setup-terraform@v2 |
| 151 | + with: |
| 152 | + terraform_wrapper: false |
| 153 | + |
| 154 | + - name: terraform tasks |
| 155 | + run: | |
| 156 | + terraform version |
| 157 | +
|
| 158 | + terraform init |
| 159 | +
|
| 160 | + terraform validate |
| 161 | + working-directory: "${{ env.WORK_DIR }}" |
| 162 | + |
| 163 | + - name: terraform apply |
| 164 | + run: | |
| 165 | + terraform apply -auto-approve |
| 166 | + working-directory: "${{ env.WORK_DIR }}" |
| 167 | + |
| 168 | + # Run tests |
| 169 | + - name: run fabric tests python script |
| 170 | + run: | |
| 171 | + # create output directory for archive files |
| 172 | + mkdir file_outputs |
| 173 | + mkdir log_outputs |
| 174 | + |
| 175 | + # install dependencies |
| 176 | + pip3 install -r requirements.txt |
| 177 | +
|
| 178 | + # run tests |
| 179 | + fab test -a ${{ env.FAIL_FIRST_TEST }} -b ${{ env.THIS_REPO_BRANCH }} -w ${{ env.WINDOWS_REPO_BRANCH }} -o "1: run fabric tests python script" |
| 180 | + working-directory: "${{ env.WORK_DIR }}/python_scripts" |
| 181 | + |
| 182 | + - name: Retry tests |
| 183 | + if: ${{ env.TEST_RESULT == 'FAIL' }} |
| 184 | + run: | |
| 185 | + # run tests |
| 186 | + fab test -a ${{ env.FAIL_SECOND_TEST }} -o "2: Retry tests" -w ${{ env.WINDOWS_REPO_BRANCH }} -b ${{ env.THIS_REPO_BRANCH }} |
| 187 | + |
| 188 | + working-directory: "${{ env.WORK_DIR }}/python_scripts" |
| 189 | + |
| 190 | + - name: cleanup |
| 191 | + if: always() |
| 192 | + run: | |
| 193 | + rm -f python_scripts/config.ini |
| 194 | +
|
| 195 | + sed -i 's/${{ steps.secrets.outputs.STAGE_DATASTREAM_TOKEN }}/******/g' ./python_scripts/file_outputs/* |
| 196 | + sed -i 's/${{ steps.secrets.outputs.STAGE_CUSTOMER_ID }}/******/g' ./python_scripts/file_outputs/* |
| 197 | + sed -i 's/${{ steps.secrets.outputs.STAGE_USER_EMAIL}}/******/g' ./python_scripts/file_outputs/* |
| 198 | + sed -i 's/${{ steps.secrets.outputs.STAGE_USER_PASSWORD}}/******/g' ./python_scripts/file_outputs/* |
| 199 | +
|
| 200 | +
|
| 201 | + sed -i 's/${{ steps.secrets.outputs.STAGE_DATASTREAM_TOKEN }}/******/g' ./python_scripts/log_outputs/* |
| 202 | + sed -i 's/${{ steps.secrets.outputs.STAGE_CUSTOMER_ID }}/******/g' ./python_scripts/log_outputs/* |
| 203 | + sed -i 's/${{ steps.secrets.outputs.STAGE_USER_EMAIL }}/******/g' ./python_scripts/log_outputs/* |
| 204 | + sed -i 's/${{ steps.secrets.outputs.STAGE_USER_PASSWORD }}/******/g' ./python_scripts/log_outputs/* |
| 205 | +
|
| 206 | + working-directory: "${{ env.WORK_DIR }}" |
| 207 | + |
| 208 | + - name: Archive test results |
| 209 | + uses: actions/upload-artifact@v3 |
| 210 | + with: |
| 211 | + name: file_outputs |
| 212 | + path: | |
| 213 | + /home/runner/work/linux-host-configuration-scripts/linux-host-configuration-scripts/test_code/python_scripts/file_outputs/ |
| 214 | + /home/runner/work/linux-host-configuration-scripts/linux-host-configuration-scripts/test_code/python_scripts/log_outputs/ |
| 215 | + retention-days: 1 |
| 216 | + |
| 217 | + - name: terraform destroy |
| 218 | + if: always() |
| 219 | + run: | |
| 220 | + echo "Value of input ${{ env.TERRAFORM_RUN_DESTROY == 'true' }}" |
| 221 | + |
| 222 | + if ${{ env.TERRAFORM_RUN_DESTROY == 'true' }}; then |
| 223 | + terraform destroy -auto-approve |
| 224 | + fi |
| 225 | + working-directory: "${{ env.WORK_DIR }}" |
| 226 | + |
| 227 | + - name: Fail Check |
| 228 | + if: ${{ env.TEST_RESULT == 'FAIL' }} |
| 229 | + uses: actions/github-script@v3 |
| 230 | + with: |
| 231 | + script: | |
| 232 | + core.setFailed('Fabric tests failed') |
0 commit comments