-
Notifications
You must be signed in to change notification settings - Fork 14
278 lines (275 loc) · 13.7 KB
/
acceptance-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
on:
pull_request:
branches:
- main
types: [opened,synchronize]
paths:
- '**.go'
workflow_dispatch:
name: Terraform & OpenTofu Acceptance Tests
jobs:
acceptance-tests-matrix:
name: ${{ matrix.cli }}
runs-on: ubuntu-latest
environment: development
strategy:
fail-fast: true
matrix:
cli: [terraform, tofu]
outputs:
artifactory_version: ${{ steps.get_versions.outputs.rt_version }}
xray_version: ${{ steps.get_versions.outputs.xray_version }}
tf_version: ${{ steps.get_terraform_cli_version.outputs.version }}
tofu_version: ${{ steps.get_opentofu_cli_version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Unshallow
run: git fetch --prune --unshallow
- name: Install Helm
uses: azure/[email protected]
- name: Get Artifactory and Xray versions
id: get_versions
env:
XRAY_HELM_CHART_VERSION: ${{ vars.XRAY_HELM_CHART_VERSION }}
XRAY_VERSION: ${{ vars.XRAY_VERSION }}
run: |
helm repo add jfrog https://charts.jfrog.io/
helm repo update
RT_HELM_CHART_VERSION=$(helm search repo | grep "jfrog/artifactory " | awk '{$1=$1};1' | cut -f2 -d " ")
echo "RT_HELM_CHART_VERSION=$RT_HELM_CHART_VERSION" >> "$GITHUB_ENV"
ARTIFACTORY_VERSION=$(helm search repo | grep "jfrog/artifactory " | awk '{$1=$1};1' | cut -f3 -d " ")
echo "rt_version=$ARTIFACTORY_VERSION" >> "$GITHUB_OUTPUT"
XRAY_HELM_CHART_VERSION=${XRAY_HELM_CHART_VERSION:=$(helm search repo | grep "jfrog/xray" | awk '{$1=$1};1' | cut -f2 -d " ")}
XRAY_VERSION=${XRAY_VERSION:=$(helm search repo | grep "jfrog/xray" | awk '{$1=$1};1' | cut -f3 -d " ")}
echo "XRAY_HELM_CHART_VERSION=$XRAY_HELM_CHART_VERSION" >> "$GITHUB_ENV"
echo "xray_version=$XRAY_VERSION" >> "$GITHUB_OUTPUT"
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GKE_SERVICE_ACCOUNT_JSON }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
with:
install_components: gke-gcloud-auth-plugin
- name: Setup kubectl
uses: azure/setup-kubectl@v4
- name: Setup k8s cluster
id: create_cluster
env:
GKE_ZONE: ${{ vars.GKE_ZONE }}
GKE_PROJECT: ${{ vars.GKE_PROJECT }}
MACHINE_TYPE: ${{ vars.GKE_MACHINE_TYPE }}
NUM_NODES: ${{ vars.GKE_NUM_NODES }} # default is 3
run: |
export GKE_CLUSTER=tf-provider-xray-${{ matrix.cli }}-$(date +%s)
echo "GKE_CLUSTER=$GKE_CLUSTER" >> "$GITHUB_ENV"
echo "Whitelist Pipelines Node CIDR to be able to run Artifactory and Xray tests. Same variable is used in gke/create_cluster step to restrict access to the control plane."
export WHITELIST_CIDR=$(curl -s ifconfig.me)/32
echo "WHITELIST_CIDR=$WHITELIST_CIDR" >> "$GITHUB_ENV"
echo "Creating GKE cluster ${GKE_CLUSTER} using default authentication"
gcloud container clusters create "$GKE_CLUSTER" \
--zone "$GKE_ZONE" \
--shielded-secure-boot \
--shielded-integrity-monitoring \
--node-locations "$GKE_ZONE" \
--num-nodes "${NUM_NODES:-5}" \
--enable-autoscaling \
--machine-type "$MACHINE_TYPE" \
--disk-size 50Gi \
--min-nodes 1 \
--max-nodes 5 \
--project "$GKE_PROJECT"
# --enable-master-authorized-networks \
# --master-authorized-networks "$WHITELIST_CIDR"
# add your NAT CIDR to whitelist local or CI/CD NAT IP. Set WHITELIST_CIDR in CI/CD to add CIDR to the list automatically.
gcloud container clusters get-credentials "$GKE_CLUSTER" --zone "$GKE_ZONE" --project "$GKE_PROJECT"
- name: Install Artifactory
id: install_artifactory
env:
ARTIFACTORY_LICENSE: ${{ secrets.ARTIFACTORY_LICENSE }}
run: |
echo "Creating Artifactory License Secret"
echo $ARTIFACTORY_LICENSE > ${{ runner.temp }}/artifactory.cluster.license
kubectl create secret generic artifactory-license --from-file=${{ runner.temp }}/artifactory.cluster.license
MASTER_KEY=$(openssl rand -hex 32)
echo "::add-mask::$MASTER_KEY"
echo "MASTER_KEY=$MASTER_KEY" >> "$GITHUB_ENV"
JOIN_KEY=$(openssl rand -hex 32)
echo "::add-mask::$JOIN_KEY"
echo "JOIN_KEY=$JOIN_KEY" >> "$GITHUB_ENV"
helm upgrade --install artifactory jfrog/artifactory \
--version $RT_HELM_CHART_VERSION \
--set artifactory.masterKey=$MASTER_KEY \
--set artifactory.joinKey=$JOIN_KEY \
--set artifactory.license.secret=artifactory-license \
--set artifactory.license.dataKey=artifactory.cluster.license \
--set artifactory.persistence.size=50Gi \
--set nginx.service.ssloffload=true \
--set postgresql.persistence.size=50Gi
# --set nginx.service.loadBalancerSourceRanges="{$WHITELIST_CIDR}" \
echo "Waiting for Artifactory roll out"
kubectl rollout status deployment/artifactory-artifactory-nginx
kubectl rollout status statefulset/artifactory
SERVICE_IP=$(kubectl get svc --namespace default artifactory-artifactory-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
JFROG_URL=http://$SERVICE_IP
echo "JFROG_URL=$JFROG_URL" >> "$GITHUB_ENV"
echo "JFrog URL: $JFROG_URL"
- name: Get access token
id: get_access_token
run: |
echo "Get cookie to generate Access token"
COOKIES=$(curl -s -c - "${JFROG_URL}/ui/api/v1/ui/auth/login?_spring_security_remember_me=false" \
--header "accept: application/json, text/plain, */*" \
--header "content-type: application/json;charset=UTF-8" \
--header "x-requested-with: XMLHttpRequest" \
-d '{"user":"admin","password":"${{ secrets.ARTIFACTORY_PASSWORD }}","type":"login"}' | grep FALSE)
REFRESHTOKEN=$(echo $COOKIES | grep REFRESHTOKEN | awk '{print $7}')
ACCESSTOKEN=$(echo $COOKIES | grep ACCESSTOKEN | awk '{print $14}')
JFROG_ACCESS_TOKEN=$(curl -s -g --request GET "${JFROG_URL}/ui/api/v1/system/security/token?services[]=all" \
--header "accept: application/json, text/plain, */*" \
--header "x-requested-with: XMLHttpRequest" \
--header "cookie: ACCESSTOKEN=${ACCESSTOKEN}; REFRESHTOKEN=${REFRESHTOKEN}")
echo "::add-mask::$JFROG_ACCESS_TOKEN"
echo "JFROG_ACCESS_TOKEN=$JFROG_ACCESS_TOKEN" >> "$GITHUB_ENV"
- name: Install Xray
id: install_xray
run: |
helm upgrade --install xray jfrog/xray \
--version $XRAY_HELM_CHART_VERSION \
--set postgresql.persistence.size=200Gi \
--set xray.jfrogUrl=http://artifactory-artifactory-nginx \
--set xray.masterKey=$MASTER_KEY \
--set xray.joinKey=$JOIN_KEY \
--set xray.serviceAccount.create=true \
--set xray.rbac.create=true
kubectl rollout status statefulset/xray-postgresql
kubectl rollout status statefulset/xray-rabbitmq
kubectl rollout status statefulset/xray
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.22.7'
- name: Install Terraform CLI
uses: hashicorp/setup-terraform@v3
if: ${{ matrix.cli == 'terraform' }}
- name: Get Terraform CLI version
id: get_terraform_cli_version
if: ${{ matrix.cli == 'terraform' }}
run: |
TF_VERSION=$(terraform -v -json | jq -r .terraform_version)
echo $TF_VERSION
echo "version=$TF_VERSION" >> "$GITHUB_OUTPUT"
- name: Install OpenTofu CLI
uses: opentofu/setup-opentofu@v1
if: ${{ matrix.cli == 'tofu' }}
with:
tofu_wrapper: false
- name: Get OpenTofu CLI version
id: get_opentofu_cli_version
if: ${{ matrix.cli == 'tofu' }}
run: |
echo "TF_ACC_TERRAFORM_PATH=$(which tofu)" >> "$GITHUB_ENV"
echo "TF_ACC_PROVIDER_NAMESPACE=hashicorp" >> "$GITHUB_ENV"
echo "TF_ACC_PROVIDER_HOST=registry.opentofu.org" >> "$GITHUB_ENV"
TOFU_VERSION=$(tofu -v -json | jq -r .terraform_version)
echo $TOFU_VERSION
echo "version=$TOFU_VERSION" >> "$GITHUB_OUTPUT"
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
install-only: true
- name: Execute acceptance tests
run: make acceptance -e TARGET_ARCH=linux_amd64
- name: Install provider
run: |
export PROVIDER_VERSION=$(git describe --tags --abbrev=0 | sed -n 's/v\([0-9]*\).\([0-9]*\).\([0-9]*\)/\1.\2.\3/p')
cat sample.tf | sed -e "s/version =.*/version = \"${PROVIDER_VERSION}\"/g" > sample.tf.tmp
cp sample.tf.tmp sample.tf && rm sample.tf.tmp
TERRAFORM_CLI=${{ matrix.cli }} make install
- name: Send workflow status to Slack
uses: slackapi/[email protected]
if: always()
with:
payload: |
{
"text": "${{ github.workflow }} https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ github.job }} ${{ matrix.cli }} GitHub Action result: ${{ job.status == 'success' && ':white_check_mark:' || ':x:' }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "${{ github.workflow }} <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ github.job }}|${{ matrix.cli }} GitHub Action result>: ${{ job.status == 'success' && ':white_check_mark:' || ':x:' }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_PR_WEBHOOK }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
- name: Delete GKE cluster
if: always() && steps.create_cluster.conclusion == 'success'
env:
GKE_ZONE: ${{ vars.GKE_ZONE }}
GKE_PROJECT: ${{ vars.GKE_PROJECT }}
run: |
echo "Deleting GKE cluster ${GKE_CLUSTER} using default authentication"
gcloud container clusters delete "${GKE_CLUSTER}" --zone "${GKE_ZONE}" --project "${GKE_PROJECT}" --quiet
echo "GKE cluster ${GKE_CLUSTER} was successfully deleted"
update-changelog:
runs-on: ubuntu-latest
needs: [acceptance-tests-matrix]
if: |
always() &&
(github.event_name == 'pull_request' && needs.acceptance-tests-matrix.result == 'success')
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}
- name: Update CHANGELOG and push commit
env:
ARTIFACTORY_VERSION: ${{ needs.acceptance-tests-matrix.outputs.artifactory_version }}
XRAY_VERSION: ${{ needs.acceptance-tests-matrix.outputs.xray_version }}
TERRAFORM_VERSION: ${{ needs.acceptance-tests-matrix.outputs.tf_version }}
OPENTOFU_VERSION: ${{ needs.acceptance-tests-matrix.outputs.tofu_version }}
run: |
echo "Adding Artifactory version to CHANGELOG.md"
sed -i -E "0,/(##\s.+\..+\..+\s\(.+\)).*/ s/(##\s.+\..+\..+\s\(.+\)).*/\1. Tested on Artifactory $ARTIFACTORY_VERSION and Xray $XRAY_VERSION with Terraform $TERRAFORM_VERSION and OpenTofu $OPENTOFU_VERSION/" CHANGELOG.md
head -10 CHANGELOG.md
git add CHANGELOG.md
export REGEX="Changes to be committed*"
export GIT_STATUS=$(git status)
if [[ ${GIT_STATUS} =~ ${REGEX} ]]; then
echo "Commiting changes"
git config --global user.name 'JFrog CI'
git config --global user.email '[email protected]'
git config --get user.name
git config --get user.email
git commit --author="JFrog CI <[email protected]>" -m "JFrog Pipelines - Add Artifactory version to CHANGELOG.md"
git push
else
echo "There is nothing to commit: Artifactory version hadn't changed."
fi
- name: Send workflow status to Slack
uses: slackapi/[email protected]
if: success()
with:
payload: |
{
"text": "Terraform Provider Platform. A new PR was submitted by ${{ github.event.pull_request.user.login }} - ${{ github.event.pull_request.html_url }}, branch ${{ github.event.pull_request.base.ref }}. Changes tested successfully. <@U01H1SLSPA8> or <@UNDRUL1EU> please, review and merge.",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "<http://github.com/${{ github.repository }}|Terraform Provider Platform>. A new PR was submitted by *${{ github.event.pull_request.user.login }}* - <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>, branch *${{ github.event.pull_request.base.ref }}*. Changes tested successfully. <@U01H1SLSPA8> or <@UNDRUL1EU> please, review and merge."
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_PR_WEBHOOK }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK