Tag EKS cluster security group, route tables, network interfaces and … #993
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: E2E Testing with domain | |
on: | |
schedule: | |
- cron: '0 2 */2 * *' # schedule the test to run every second day at 2:00am | |
push: | |
branches: | |
- main | |
paths-ignore: # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-ignoring-paths | |
- 'docs/**' | |
- '.atlassian/**' | |
- 'test/unittest**' | |
pull_request_target: | |
types: [ labeled ] | |
workflow_dispatch: | |
jobs: | |
test: | |
if: ${{ github.event.label.name == 'e2e' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} | |
name: E2E Testing with domain | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
env: | |
AWS_DEFAULT_REGION: us-east-1 | |
SLACK_WEBHOOK_URL_ALERTS: ${{ secrets.SLACK_WEBHOOK_URL_ALERTS }} | |
SLACK_WEBHOOK_URL_NOTIFICATIONS: ${{ secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS }} | |
AWS_ADDITIONAL_ROLE: ${{ secrets.AWS_ADDITIONAL_ROLE }} | |
TF_VAR_bamboo_license: ${{ secrets.TF_VAR_BAMBOO_LICENSE }} | |
TF_VAR_confluence_license: ${{ secrets.TF_VAR_CONFLUENCE_LICENSE }} | |
TF_VAR_bitbucket_license: ${{ secrets.TF_VAR_BITBUCKET_LICENSE }} | |
TF_VAR_crowd_license: ${{ secrets.TF_VAR_CROWD_LICENSE }} | |
TF_VAR_bamboo_admin_password: ${{ secrets.TF_VAR_BAMBOO_ADMIN_PASSWORD }} | |
TF_VAR_bitbucket_admin_password: ${{ secrets.TF_VAR_BITBUCKET_ADMIN_PASSWORD }} | |
TF_VAR_crowd_admin_password: ${{ secrets.TF_VAR_CROWD_ADMIN_PASSWORD }} | |
TF_VAR_osquery_fleet_enrollment_secret_name: ${{ secrets.TF_VAR_OSQUERY_FLEET_ENROLLMENT_SECRET_NAME }} | |
TF_VAR_osquery_fleet_enrollment_host: ${{ secrets.TF_VAR_OSQUERY_FLEET_ENROLLMENT_HOST }} | |
TF_VAR_crowdstrike_secret_name: ${{ secrets.TF_VAR_CROWDSTRIKE_SECRET_NAME }} | |
TF_VAR_crowdstrike_kms_key_name: ${{ secrets.TF_VAR_CROWDSTRIKE_KMS_KEY_NAME }} | |
TF_VAR_crowdstrike_aws_account_id: ${{ secrets.TF_VAR_CROWDSTRIKE_AWS_ACCOUNT_ID }} | |
TF_VAR_kinesis_log_producers_role_arns: ${{ secrets.TF_VAR_KINESIS_LOG_PRODUCERS_ROLE_ARNS }} | |
USE_DOMAIN: "true" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Install the latest Terraform | |
run: | | |
# check existing version | |
terraform -version || true | |
# download the latest | |
URL=$(curl -fsSL https://api.releases.hashicorp.com/v1/releases/terraform/latest | jq -r '.builds[] | select((.arch=="amd64") and (.os=="linux")).url') | |
curl -s -o /tmp/terraform.zip ${URL} | |
echo A | unzip /tmp/terraform.zip -d /usr/local/bin/ | |
rm /tmp/terraform.zip | |
# check the latest version | |
terraform -version | |
- name: Pin Kubectl version | |
uses: azure/[email protected] | |
with: | |
version: 'v1.24.0' | |
- name: Setup Go environment | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.18' | |
- name: Setup Python environment | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.9.14' | |
- run: | | |
python -m pip install --upgrade pip | |
pip install boto3 retry | |
- name: Setup dependencies | |
id: setup-dependencies | |
working-directory: test/ | |
run: | | |
go version | |
go get -v -t -d ./... && go mod tidy | |
echo "exit_code=$?" >> $GITHUB_OUTPUT | |
- name: Create test output directory | |
run: mkdir test/e2etest/artifacts | |
- name: Add private SSH key for Bitbucket tests | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: ${{ secrets.BITBUCKET_E2E_TEST_PRIV_SSH_KEY }} | |
name: bitbucket-e2e # optional | |
known_hosts: dummy-entry | |
if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) | |
- name: Add public SSH key for Bitbucket tests | |
run: | | |
echo ${{ secrets.BITBUCKET_E2E_TEST_PUB_SSH_KEY }} > /home/runner/.ssh/bitbucket-e2e.pub | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
aws-region: us-east-1 | |
role-to-assume: ${{ secrets.AWS_IAM_ROLE }} | |
role-session-name: DCTerraformSession | |
role-duration-seconds: 7200 | |
- name: E2E Testing with domain | |
id: e2e-test | |
working-directory: test/ | |
run: | | |
set -o pipefail | |
# boto3 ignores AWS creds env vars for some reason | |
mkdir -p ~/.aws | |
echo -e "[default]\naws_access_key_id = ${AWS_ACCESS_KEY_ID}\naws_secret_access_key = ${AWS_SECRET_ACCESS_KEY}\naws_session_token = ${AWS_SESSION_TOKEN}" > ~/.aws/credentials | |
go test ./e2etest -v -timeout 100m -run Installer | tee ./e2etest/artifacts/e2etest.log | |
- name: Upload test log files | |
if: always() | |
uses: actions/[email protected] | |
with: | |
name: e2e-test-artifacts | |
path: test/e2etest/artifacts/ | |
- name: Send slack notification | |
if: always() | |
run: | | |
export GITHUB_EVENT_NUMBER="${{ github.event.number}}" | |
export JOB_STATUS="${{ job.status }}" | |
export PULL_REQUEST_URL="${{ github.event.pull_request._links.html.href }}" | |
export PULL_REQUEST_TITLE="${{ github.event.pull_request.title }}" | |
export SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL_NOTIFICATIONS} | |
scripts/send_slack_notifications.sh | |
if [[ ${JOB_STATUS} == "failure" ]]; then | |
export SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL_ALERTS} | |
scripts/send_slack_notifications.sh | |
fi |