acceptance-tests.yml

on:
  pull_request:
    branches:
      - master
    types: [opened,synchronize]
    paths:
      - '**.go'
  workflow_dispatch:

name: Vault Acceptance Tests

jobs:
  acceptance-tests:
    runs-on: ubuntu-latest
    continue-on-error: false
    environment: development
    outputs:
      artifactory_version: ${{ steps.run_artifactory_container.outputs.version }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Unshallow
        run: git fetch --prune --unshallow
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.21
      - name: Install Helm
        uses: azure/setup-helm@v4.2.0
      - name: Install GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          install-only: true
      - name: Create Artifactory data directories and copy data
        env:
          ARTIFACTORY_LICENSE: ${{ secrets.ARTIFACTORY_LICENSE }}
        run: |
          mkdir -p ${{ runner.temp }}/artifactory/extra_conf
          mkdir -p ${{ runner.temp }}/artifactory/var/etc
          echo $ARTIFACTORY_LICENSE > ${{ runner.temp }}/artifactory/extra_conf/artifactory.lic
          cp ${{ github.workspace }}/scripts/system.yaml ${{ runner.temp }}/artifactory/var/etc/system.yaml
          sudo chown -R 1030:1030 ${{ runner.temp }}/artifactory/var
      - name: Run Artifactory container
        id: run_artifactory_container
        run: |
          echo "Get latest Artifactory image tag"
          helm repo add artifactory https://charts.jfrog.io
          helm repo update
          ARTIFACTORY_VERSION=$(helm search repo | grep "artifactory " | awk '{$1=$1};1' | cut -f3 -d " ")
          echo "version=$ARTIFACTORY_VERSION" >> "$GITHUB_OUTPUT"
          echo "Start up Artifactory container"
          docker run -i --name artifactory -d --rm \
            -v ${{ runner.temp }}/artifactory/extra_conf:/artifactory_extra_conf \
            -v ${{ runner.temp }}/artifactory/var:/var/opt/jfrog/artifactory \
            -p 8081:8081 -p 8082:8082 \
            releases-docker.jfrog.io/jfrog/artifactory-pro:${ARTIFACTORY_VERSION}
          echo "Set localhost to a container IP address, since we run docker inside of docker"
          export LOCALHOST=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.Gateway}}{{end}}' artifactory)
          export JFROG_URL="http://${LOCALHOST}:8082"
          echo "JFROG_URL=$JFROG_URL" >> "$GITHUB_ENV"
          echo "Waiting for Artifactory services to start at ${JFROG_URL}"
          until $(curl -sf -o /dev/null -m 5 ${JFROG_URL}/artifactory/api/system/ping/); do
            printf '.'
            sleep 5
          done
          echo "Waiting for Artifactory UI to start"
          until $(curl -sf -o /dev/null -m 5 ${JFROG_URL}/ui/login/); do
            printf '.'
            sleep 5
          done
          export COOKIES=$(curl -s -c - "${JFROG_URL}/ui/api/v1/ui/auth/login?_spring_security_remember_me=false" \
            --header "accept: application/json, text/plain, */*" \
            --header "content-type: application/json;charset=UTF-8" \
            --header "x-requested-with: XMLHttpRequest" \
            -d '{"user":"admin","password":"'"${{ secrets.ARTIFACTORY_PASSWORD }}"'","type":"login"}' | grep FALSE)
          export REFRESHTOKEN=$(echo $COOKIES | grep REFRESHTOKEN | awk '{print $7}')
          export ACCESSTOKEN=$(echo $COOKIES | grep ACCESSTOKEN | awk '{print $14}')
          export JFROG_ACCESS_TOKEN=$(curl -s -g --request GET "${JFROG_URL}/ui/api/v1/system/security/token?services[]=all" \
            --header "accept: application/json, text/plain, */*" \
            --header "x-requested-with: XMLHttpRequest" \
            --header "cookie: ACCESSTOKEN=${ACCESSTOKEN}; REFRESHTOKEN=${REFRESHTOKEN}")
          echo "::add-mask::$JFROG_ACCESS_TOKEN"
          echo "JFROG_ACCESS_TOKEN=$JFROG_ACCESS_TOKEN" >> "$GITHUB_ENV"
      - name: Execute acceptance tests
        run: make acceptance
      - name: Clean up Docker container
        if: always() && ${{ steps.run_artifactory_container.outcome == 'success' }}
        run: docker stop artifactory
      - name: Send workflow status to Slack
        uses: slackapi/slack-github-action@v1.26.0
        if: always()
        with:
          payload: |
            {
              "text": "${{ github.workflow }} https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ github.job }} GitHub Action result: ${{ job.status == 'success' && ':white_check_mark:' || ':x:' }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}",
              "blocks": [
                {
                  "type": "section",
                  "text": {
                    "type": "mrkdwn",
                    "text": "${{ github.workflow }} <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ github.job }}| GitHub Action result>: ${{ job.status == 'success' && ':white_check_mark:' || ':x:' }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}"
                  }
                }
              ]
            }
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_PR_WEBHOOK }}
          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

  update-changelog:
    runs-on: ubuntu-latest
    needs: acceptance-tests
    if: ${{ github.event_name == 'pull_request' }} && ${{ needs.acceptance-tests.result == 'success' }}
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ github.event.pull_request.head.ref }}
      - name: Update CHANGELOG and push commit
        env:
          ARTIFACTORY_VERSION: ${{ needs.acceptance-tests.outputs.artifactory_version }}
        run: |
          echo "Adding Artifactory version to CHANGELOG.md"
          sed -i -E "0,/(##\s.+\..+\..+\s\(.+\)).*/ s/(##\s.+\..+\..+\s\(.+\)).*/\1. Tested on Artifactory $ARTIFACTORY_VERSION/" CHANGELOG.md
          head -10 CHANGELOG.md
          git add CHANGELOG.md
          export REGEX="Changes to be committed*"
          export GIT_STATUS=$(git status)
          if [[ ${GIT_STATUS} =~ ${REGEX} ]]; then
            echo "Commiting changes"
            git config --global user.name 'JFrog CI'
            git config --global user.email 'jfrog-solutions-ci+1@jfrog.com'
            git config --get user.name
            git config --get user.email
            git commit --author="JFrog CI <jfrog-solutions-ci+1@jfrog.com>" -m "JFrog Pipelines - Add Artifactory version to CHANGELOG.md"
            git push
          else
            echo "There is nothing to commit: Artifactory version hadn't changed."
          fi
      - name: Send workflow status to Slack
        uses: slackapi/slack-github-action@v1.26.0
        if: success()
        with:
          payload: |
            {
              "text": "Vault Artifactory Secrets Plugin. A new PR was submitted by ${{ github.event.pull_request.user.login }} - ${{ github.event.pull_request.html_url }}, branch ${{ github.event.pull_request.base.ref }}. Changes tested successfully. <@U01H1SLSPA8> or <@UNDRUL1EU> please, review and merge.",
              "blocks": [
                {
                  "type": "section",
                  "text": {
                    "type": "mrkdwn",
                    "text": "<http://github.com/${{ github.repository }}|Vault Artifactory Secrets Plugin>. A new PR was submitted by *${{ github.event.pull_request.user.login }}* - <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>, branch *${{ github.event.pull_request.base.ref }}*. Changes tested successfully. <@U01H1SLSPA8> or <@UNDRUL1EU> please, review and merge."
                  }
                }
              ]
            }
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_PR_WEBHOOK }}
          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK