-
Notifications
You must be signed in to change notification settings - Fork 33
231 lines (212 loc) · 7.54 KB
/
enteprise.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
name: "enterprise"
on:
pull_request:
branches: [master]
types: [labeled, opened, synchronize, reopened]
paths-ignore:
- "docs/**"
- "*.md"
- .github/workflows/docs.yml
- .pre-commit-config.yaml
push:
branches: [master]
paths-ignore:
- "docs/**"
- "*.md"
- .github/workflows/docs.yml
- .pre-commit-config.yaml
workflow_dispatch:
env:
DTAS_VERSION: v1.6.0
BUILD_NUMBER: ${{ github.run_id }}
PY_COLORS: 1
PYTHONUNBUFFERED: 1
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
cancel-in-progress: false
jobs:
requirements:
name: Ensure requirements are met
runs-on: ubuntu-latest
outputs:
secrets-available: ${{ steps.check-secrets.outputs.secrets-available }}
steps:
- name: Check if nexus secrets are available
id: check-secrets
run: | # pragma: allowlist secret
if [ -z "${{ secrets.nexus_username }}" ] || [-z "${{ secrets.nexus_password }}"]; then
echo "nexus_username or nexus_password is missing"
echo "secrets-available=false" >> $GITHUB_OUTPUT
exit 0
fi
echo "secrets-available=true" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Python
uses: ./.github/actions/setup-python
id: setup-python
- name: Install python packages
uses: Alfresco/alfresco-build-tools/.github/actions/pipenv@16272633584df58ea603112c4aac4564c8673cd6 # v8.9.0
with:
python-version: ${{ steps.setup-python.outputs.python-version }}
- name: Ensure required artifacts have been cached
uses: ./.github/actions/cache-downloads
with:
cache-name: enterprise
docker:
name: Test ${{ matrix.role.name }} role on ${{ matrix.molecule_distro.image }}
runs-on: ubuntu-latest
needs: requirements
if: needs.requirements.outputs.secrets-available == 'true'
outputs:
dtas_version: ${{ steps.jobvars.outputs.dtas_version }}
strategy:
fail-fast: false
matrix:
molecule_distro:
- image: ubuntu:22.04
- image: rockylinux/rockylinux:9.4
role:
- name: adf_app
- name: search_enterprise
- name: repository
- name: sfs
- name: sync
- name: trouter
- name: audit_storage
steps:
- name: Share var with further reusable workflows
id: jobvars
run: echo "dtas_version=$DTAS_VERSION" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Python
uses: ./.github/actions/setup-python
id: setup-python
- name: Install python packages
uses: Alfresco/alfresco-build-tools/.github/actions/pipenv@16272633584df58ea603112c4aac4564c8673cd6 # v8.9.0
with:
python-version: ${{ steps.setup-python.outputs.python-version }}
- name: Install and cache ansible galaxy dependencies
uses: ./.github/actions/galaxy
with:
cache-name: enterprise
- name: Setup workspace
uses: ./.github/actions/setup-workspace
- name: Cache downloads
uses: ./.github/actions/cache-downloads
with:
cache-name: enterprise
- name: Run tests
env:
MOLECULE_ROLE_IMAGE: ${{ matrix.molecule_distro.image }}
NEXUS_USERNAME: ${{ secrets.nexus_username }}
NEXUS_PASSWORD: ${{ secrets.nexus_password }}
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
timeout_minutes: 60
max_attempts: 3
retry_wait_seconds: 10
command: cd roles/${{ matrix.role.name }} && pipenv run molecule test
docker_integration:
name: Test ${{ matrix.scenario.name }} scenario on ${{ matrix.molecule_distro.image }}
needs:
- docker
strategy:
fail-fast: false
matrix:
molecule_distro:
- image: ubuntu:22.04
- image: rockylinux/rockylinux:9.4
scenario:
- name: pki
- name: elasticsearch
- name: identity
- name: prerun_network_checks
runner:
- ubuntu-latest
include:
- scenario:
name: docker_enterprise
molecule_distro:
image: rockylinux/rockylinux:9.4
runner: ubuntu-24.04-arm
- scenario:
name: docker_enterprise
molecule_distro:
image: ubuntu:22.04
runner: ubuntu-24.04-arm
- scenario:
name: docker_enterprise
molecule_distro:
image: ubuntu:24.04
runner: ubuntu-24.04-arm
uses: ./.github/workflows/docker.yml
with:
scenario: ${{ matrix.scenario.name }}
os_distribution: ${{ matrix.molecule_distro.image }}
galaxy_cache: enterprise
dtas_version: ${{ needs.docker.outputs.dtas_version }}
dtas_additional_params: ${{ matrix.runner == 'ubuntu-24.04-arm' && '-k "not test_transformation"' || '' }}
runner: ${{ matrix.runner }}
secrets:
nexus_username: ${{ secrets.NEXUS_USERNAME }}
nexus_password: ${{ secrets.NEXUS_PASSWORD }}
dtas_token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.DEPENDABOT_GITHUB_TOKEN }}
ec2:
name: ${{ matrix.molecule_scenario.desc }}
if: >-
github.actor != 'dependabot[bot]' &&
(contains(github.event.pull_request.labels.*.name, 'ec2-test') || github.ref_name == 'master') &&
needs.requirements.outputs.secrets-available == 'true'
runs-on: ubuntu-latest
needs: requirements
strategy:
fail-fast: false
matrix:
molecule_scenario:
- name: default
vars: vars-ubuntu20-72.yml
desc: EC2 ACS 7.2 (Ubuntu 20.04)
- name: default
vars: vars-ubuntu20-73.yml
desc: EC2 ACS 7.3 (Ubuntu 20.04)
- name: default
vars: vars-rocky8.yml
desc: EC2 ACS 7.4 (Rocky Linux 8.9)
- name: default
vars: vars-rhel8.yml
desc: EC2 ACS 7.4 (RHEL 8.9)
- name: default
vars: vars-ubuntu-community.yml
desc: EC2 ACS 23.x Community (Ubuntu 24.04)
- name: default
vars: vars-rocky9.yml
desc: EC2 ACS 23.x (Rocky Linux 9.4)
- name: multimachine
vars: vars.yml
desc: EC2 ACS 23.x clustered (RHEL 9.4)
- name: opensearch
vars: vars.yml
desc: EC2 ACS 23.x opensearch (RHEL 9.4)
env:
AWS_REGION: eu-west-1
MOLECULE_IT_AWS_VPC_SUBNET_ID: subnet-6bdd4223
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# avoid auth conflict when cloning DTAS during verify step
persist-credentials: false
- name: Run tests on push
timeout-minutes: 185
uses: ./.github/actions/molecule_integration_ec2
with:
matrix_name: ${{ matrix.molecule_scenario.name }}
matrix_vars: ${{ matrix.molecule_scenario.vars }}
matrix_desc: ${{ matrix.molecule_scenario.desc }}
nexus_username: ${{ secrets.NEXUS_USERNAME }}
nexus_password: ${{ secrets.NEXUS_PASSWORD }}
aws_access_key_id: ${{ secrets.aws_access_key_id }}
aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
pat: ${{ secrets.BOT_GITHUB_TOKEN }}