-
Notifications
You must be signed in to change notification settings - Fork 2
197 lines (190 loc) · 7.85 KB
/
test-pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
name: Run pr tests
on:
pull_request:
branches:
- master
jobs:
version-incremented: # checks that version has been incremented in node, python, and deployment. And that they match.
name: Are version numbers incremented
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Required due to get git tag list due to the way Git works
- uses: actions/setup-python@v3
with:
python-version: '3.10'
- name: Check versions
run: python release_utils/check-tag-incremented.py
shell: sh
lint-gh-actions:
name: Lint GH Actions workflows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: reviewdog/action-actionlint@v1
plan-terraform: # https://learn.hashicorp.com/tutorials/terraform/github-actions?in=terraform/automation
name: Run Terraform Validate and Plan
runs-on: ubuntu-latest
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
HCLOUD_TOKEN: ${{ secrets.HETZNER_API_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_BUCKET_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_BUCKET_KEY }}
B2_APPLICATION_KEY_ID: ${{ secrets.B2_MASTER_KEY_ID }}
B2_APPLICATION_KEY: ${{ secrets.B2_MASTER_KEY }}
TF_VAR_pw_hash: ${{ secrets.NODE_ROOT_USER_PW_HASH }}
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.7.5"
- id: fmt
run: terraform fmt -check
- id: init
run: terraform init
working-directory: deploy/terraform
- id: validate
run: terraform validate -no-color
working-directory: deploy/terraform
- id: plan
run: terraform plan -no-color -input=false
working-directory: deploy/terraform
continue-on-error: true
- name: Update Pull Request
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `## Terraform Lint/Plan Results
#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
# Fetch kubeconfig for lint-kustomization job:
# How to fetch Terraform variables from CLI
# https://learn.hashicorp.com/tutorials/terraform/outputs
- name: Get node IPv4 address # GITHUB DOESNT SUPPORT IPV6 FFS
id: tf_ip_addr
run: terraform output -raw ipv4_address
working-directory: deploy/terraform
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.7.5"
terraform_wrapper: false
- name: Get SSH key
run: terraform output -raw ssh_key > "$HOME/id_ed25519"
working-directory: deploy/terraform
- name: chmod SSH key
run: chmod 700 "$HOME/id_ed25519"
- name: Download kubeconfig file
run: |
scp \
-qo "StrictHostKeyChecking=no" \
-i "$HOME/id_ed25519" \
root@${{ steps.tf_ip_addr.outputs.stdout }}:/etc/rancher/k3s/k3s.yaml .
- name: Set kubeconfig server URL and store kubeconfig in step output
uses: mikefarah/yq@master
with:
cmd: yq -i '.clusters[0].cluster.server = "https://${{ steps.tf_ip_addr.outputs.stdout }}:6443"' 'k3s.yaml'
- name: Send kubeconfig to lint-kustomization job # https://stackoverflow.com/a/57877438
uses: actions/upload-artifact@v3
with:
name: "kubeconfig"
path: "k3s.yaml"
lint-kustomization:
name: Lint Kustomize/Kubernetes
runs-on: ubuntu-latest
needs: plan-terraform # Needs kubeconfig from terraform
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v3
with:
python-version: '3.10'
- name: 'Build tmeit.se manifests'
uses: stefanprodan/kube-tools@v1
with:
kustomize: '4.5.7'
command: |-
kustomize build deploy/kubernetes/tmeit-se -o tmeit-rendered-with-jobs.yaml
- name: Remove Job manifests from test # Jobs are immutable and if we do kubectl apply with one without deleting it on the cluster, the api will throw an error
run: python release_utils/remove-job-manifests.py
shell: sh
- name: Receive kubeconfig from plan-terraform job # https://stackoverflow:com/a/57877438
uses: actions/download-artifact@v3
with:
name: "kubeconfig"
- name: Copy kubeconfig to correct location
run: mkdir "$HOME/.kube/" && mv k3s.yaml "$HOME/.kube/config"
- name: 'lint prod manifests' # NOTE: latest version of kubectl can be found here https://dl.k8s.io/release/stable.txt
run: |
curl -LO "https://dl.k8s.io/release/v1.25.3/bin/linux/amd64/kubectl"
curl -LO "https://dl.k8s.io/v1.25.3/bin/linux/amd64/kubectl.sha256"
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
chmod +x kubectl
kubectl apply --dry-run=server --server-side=true --force-conflicts -f tmeit-rendered.yaml
test-containerfile: # Build containers to test that they build properly
name: Build app containers
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build containers
uses: redhat-actions/buildah-build@v2
with:
image: tmeit-app
context: '.'
containerfiles: |-
containerfiles/tmeit-app.Containerfile
containerfiles/tmeit-run-migrations.Containerfile
containerfiles/tmeit-worker.Containerfile
containerfiles/db-backup-agent.Containerfile
test-app: # Run app tests
name: Test app
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build test container
uses: redhat-actions/buildah-build@v2
with:
image: tmeit-app-test
context: '.'
containerfiles: containerfiles/tmeit-app-test.Containerfile
- name: run test
run: podman run tmeit-app-test
test-migrations: # Run migrations and insert dummy data. Also make sure there are no migrations needed to be done
name: Test migrations
runs-on: ubuntu-latest
services:
postgres: # Run a postgres container alongside test to be tested on (The name of this key is also the hostname)
image: postgres:15beta1
env:
POSTGRES_USER: tmeit_backend
POSTGRES_PASSWORD: test # Make sure this matches back/db_migrations/scripts/pr-migration-tests.sh
POSTGRES_DB: tmeit_backend
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- uses: actions/checkout@v4
- name: Build tester container
run: |
docker build . -f containerfiles/create-test-db.Containerfile -t create-test-db
docker build . -f containerfiles/test-migrations.Containerfile -t test-migrations
- name: Test migrations
run: docker run --network ${{ job.container.network }} test-migrations