-
Notifications
You must be signed in to change notification settings - Fork 33
196 lines (182 loc) · 6.47 KB
/
enteprise.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
name: "enterprise"
on:
pull_request:
branches: [master]
types: [labeled, opened, synchronize, reopened]
paths-ignore:
- "docs/**"
- "*.md"
- .github/workflows/docs.yml
- .pre-commit-config.yaml
push:
branches: [master]
paths-ignore:
- "docs/**"
- "*.md"
- .github/workflows/docs.yml
- .pre-commit-config.yaml
workflow_dispatch:
env:
DTAS_VERSION: v1.5.5
BUILD_NUMBER: ${{ github.run_id }}
PY_COLORS: 1
PYTHONUNBUFFERED: 1
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
cancel-in-progress: false
jobs:
check-nexus-secrets:
name: Ensure required nexus secrets are available
runs-on: ubuntu-latest
outputs:
secrets-available: ${{ steps.check-secrets.outputs.secrets-available }}
steps:
- name: Check secrets
id: check-secrets
run: | # pragma: allowlist secret
if [ -z "${{ secrets.nexus_username }}" ] || [-z "${{ secrets.nexus_password }}"]; then
echo "nexus_username or nexus_password is missing"
echo "secrets-available=false" >> $GITHUB_OUTPUT
exit 0
fi
echo "secrets-available=true" >> $GITHUB_OUTPUT
docker:
name: Test ${{ matrix.role.name }} role on ${{ matrix.molecule_distro.image }}
runs-on: ubuntu-latest
needs: check-nexus-secrets
if: needs.check-nexus-secrets.outputs.secrets-available == 'true'
outputs:
dtas_version: ${{ steps.jobvars.outputs.dtas_version }}
strategy:
fail-fast: true
matrix:
molecule_distro:
- image: ubuntu:22.04
- image: rockylinux/rockylinux:9.4
role:
- name: adf_app
- name: search_enterprise
- name: repository
- name: sfs
- name: sync
- name: trouter
steps:
- name: Share var with further reusable workflows
id: jobvars
run: echo "dtas_version=$DTAS_VERSION" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Setup Python
uses: ./.github/actions/setup-python
id: setup-python
- name: Install python packages
uses: Alfresco/alfresco-build-tools/.github/actions/pipenv@bd803ea1bf16464eaf9726560c0496b41d15c03f # v7.1.0
with:
python-version: ${{ steps.setup-python.outputs.python-version }}
- name: Install and cache ansible galaxy dependencies
uses: ./.github/actions/galaxy
with:
cache-name: enterprise
- name: Setup workspace
uses: ./.github/actions/setup-workspace
- name: Run tests
env:
MOLECULE_ROLE_IMAGE: ${{ matrix.molecule_distro.image }}
NEXUS_USERNAME: ${{ secrets.nexus_username }}
NEXUS_PASSWORD: ${{ secrets.nexus_password }}
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
timeout_minutes: 60
max_attempts: 3
retry_wait_seconds: 10
command: cd roles/${{ matrix.role.name }} && pipenv run molecule test
docker_integration:
name: Test ${{ matrix.scenario.name }} scenario on ${{ matrix.molecule_distro.image }}
needs:
- docker
strategy:
fail-fast: false
matrix:
molecule_distro:
- image: ubuntu:22.04
- image: rockylinux/rockylinux:9.4
scenario:
- name: pki
- name: elasticsearch
- name: identity
- name: prerun_network_checks
runner:
- ubuntu-latest
include:
- scenario:
name: docker_enterprise
molecule_distro:
image: rockylinux/rockylinux:9.4
runner: ubuntu-latest-arm64-small
- scenario:
name: docker_enterprise
molecule_distro:
image: ubuntu:22.04
runner: ubuntu-latest-arm64-small
uses: ./.github/workflows/docker.yml
with:
scenario: ${{ matrix.scenario.name }}
os_distribution: ${{ matrix.molecule_distro.image }}
galaxy_cache: enterprise
dtas_version: ${{ needs.docker.outputs.dtas_version }}
dtas_additional_params: ${{ matrix.runner == 'ubuntu-latest-arm64-small' && '-k "not test_transformation"' || '' }}
runner: ${{ matrix.runner }}
secrets:
nexus_username: ${{ secrets.NEXUS_USERNAME }}
nexus_password: ${{ secrets.NEXUS_PASSWORD }}
dtas_token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.DEPENDABOT_GITHUB_TOKEN }}
ec2:
name: ${{ matrix.molecule_scenario.desc }}
if: github.actor != 'dependabot[bot]' && (contains(github.event.pull_request.labels.*.name, 'ec2-test') || github.ref_name == 'master')
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
molecule_scenario:
- name: default
vars: vars-ubuntu20-73.yml
desc: EC2 ACS 7.3 (Ubuntu 20.04)
- name: default
vars: vars-rocky8.yml
desc: EC2 ACS 7.4 (Rocky Linux 8.9)
- name: default
vars: vars-rhel8.yml
desc: EC2 ACS 7.4 (RHEL 8.9)
- name: default
vars: vars-ubuntu-community.yml
desc: EC2 ACS 23.x Community (Ubuntu 22.04)
- name: default
vars: vars-rocky9.yml
desc: EC2 ACS 23.x (Rocky Linux 9.4)
- name: multimachine
vars: vars.yml
desc: EC2 ACS 23.x clustered (RHEL 9.4)
- name: opensearch
vars: vars.yml
desc: EC2 ACS 23.x opensearch (RHEL 9.4)
env:
AWS_REGION: eu-west-1
MOLECULE_IT_AWS_VPC_SUBNET_ID: subnet-6bdd4223
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
# avoid auth conflict when cloning DTAS during verify step
persist-credentials: false
- name: Run tests on push
timeout-minutes: 185
uses: ./.github/actions/molecule_integration_ec2
with:
matrix_name: ${{ matrix.molecule_scenario.name }}
matrix_vars: ${{ matrix.molecule_scenario.vars }}
matrix_desc: ${{ matrix.molecule_scenario.desc }}
nexus_username: ${{ secrets.NEXUS_USERNAME }}
nexus_password: ${{ secrets.NEXUS_PASSWORD }}
aws_access_key_id: ${{ secrets.aws_access_key_id }}
aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
pat: ${{ secrets.BOT_GITHUB_TOKEN }}