open-vault/.github/workflows/test-enos-scenario-ui.yml
hc-github-team-secure-vault-core 64c865eb26
backport of commit 7d800b1af20de24149817fd735e2001403446ab1 (#23520)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-10-04 14:44:02 -06:00

147 lines
6.5 KiB
YAML

---
name: Vault UI Tests
on:
workflow_call:
inputs:
test_filter:
type: string
description: "A filter to limit the ui tests to. Will be appended to the ember test command as '-f=<filter>'"
required: false
storage_backend:
type: string
description: "The storage backend to use, either 'raft' or 'consul'"
default: raft
workflow_dispatch:
inputs:
test_filter:
type: string
description: "A filter to limit the ui tests to. Will be appended to the ember test command as '-f=<filter>'"
required: false
storage_backend:
description: "The storage backend to use, either 'raft' or 'consul'"
required: true
default: raft
type: choice
options:
- raft
- consul
jobs:
get-metadata:
name: Get metadata
runs-on: ubuntu-latest
outputs:
runs-on: ${{ steps.get-metadata.outputs.runs-on }}
vault_edition: ${{ steps.get-metadata.outputs.vault_edition }}
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- id: get-metadata
env:
IS_ENT: ${{ startsWith(github.event.repository.name, 'vault-enterprise' ) }}
run: |
if [ "$IS_ENT" == true ]; then
echo "detected vault_edition=ent"
echo "runs-on=['self-hosted', 'ondemand', 'os=linux', 'type=m5d.4xlarge']" >> "$GITHUB_OUTPUT"
echo "vault_edition=ent" >> "$GITHUB_OUTPUT"
else
echo "detected vault_edition=oss"
echo "runs-on=\"custom-linux-xl-vault-latest\"" >> "$GITHUB_OUTPUT"
echo "vault_edition=oss" >> "$GITHUB_OUTPUT"
fi
run-ui-tests:
name: Run UI Tests
needs: get-metadata
runs-on: ${{ fromJSON(needs.get-metadata.outputs.runs-on) }}
timeout-minutes: 90
env:
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
# Pass in enos variables
ENOS_VAR_aws_region: us-east-1
ENOS_VAR_aws_ssh_keypair_name: ${{ github.event.repository.name }}-ci-ssh-key
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
ENOS_VAR_vault_license_path: ./support/vault.hclic
GOPRIVATE: github.com/hashicorp
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: ./.github/actions/set-up-go
with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- uses: hashicorp/action-setup-enos@v1
with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- name: Set Up Git
run: git config --global url."https://${{ secrets.elevated_github_token }}:@github.com".insteadOf "https://github.com"
- name: Set Up Node
uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
with:
node-version-file: './ui/package.json'
- name: Set Up Terraform
uses: hashicorp/setup-terraform@v2
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_wrapper: false
terraform_version: 1.5.7 # QT-623: pin to terraform 1.5.x until a tfjson bug is resolved
- name: Prepare scenario dependencies
run: |
mkdir -p ./enos/support/terraform-plugin-cache
echo "${{ secrets.SSH_KEY_PRIVATE_CI }}" > ./enos/support/private_key.pem
chmod 600 ./enos/support/private_key.pem
- name: Set Up Vault Enterprise License
if: contains(github.event.repository.name, 'ent')
run: echo "${{ secrets.VAULT_LICENSE }}" > ./enos/support/vault.hclic || true
- name: Check Chrome Installed
id: chrome-check
run: echo "chrome-version=$(chrome --version 2> /dev/null || google-chrome --version 2> /dev/null || google-chrome-stable --version 2> /dev/null || echo 'not-installed')" >> "$GITHUB_OUTPUT"
- name: Install Chrome Dependencies
if: steps.chrome-check.outputs.chrome-version == 'not-installed'
run: |
sudo apt update
sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2
- name: Install Chrome
if: steps.chrome-check.outputs.chrome-version == 'not-installed'
uses: browser-actions/setup-chrome@c485fa3bab6be59dce18dbc18ef6ab7cbc8ff5f1 # v1.2.0
- name: Installed Chrome Version
run: |
echo "Installed Chrome Version = [$(chrome --version 2> /dev/null || google-chrome --version 2> /dev/null || google-chrome-stable --version 2> /dev/null)]"
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }}
role-skip-session-tagging: true
role-duration-seconds: 3600
- name: Set Up Cluster
id: setup_cluster
env:
ENOS_VAR_ui_run_tests: false
# Continue once and retry to handle occasional blips when creating infrastructure.
continue-on-error: true
run: enos scenario launch --timeout 60m0s --chdir ./enos ui edition:${{ needs.get-metadata.outputs.vault_edition }} backend:${{ inputs.storage_backend }}
- name: Retry Set Up Cluster
id: setup_cluster_retry
if: steps.setup_cluster.outcome == 'failure'
env:
ENOS_VAR_ui_run_tests: false
run: enos scenario launch --timeout 60m0s --chdir ./enos ui edition:${{ needs.get-metadata.outputs.vault_edition }} backend:${{ inputs.storage_backend }}
- name: Run UI Tests
id: run_ui_tests
env:
ENOS_VAR_ui_test_filter: "${{ inputs.test_filter }}"
run: enos scenario run --timeout 60m0s --chdir ./enos ui edition:${{ needs.get-metadata.outputs.vault_edition }} backend:${{ inputs.storage_backend }}
- name: Ensure scenario has been destroyed
if: ${{ always() }}
run: enos scenario destroy --timeout 60m0s --chdir ./enos ui edition:${{ needs.get-metadata.outputs.vault_edition }} backend:${{ inputs.storage_backend }}
- name: Clean up Enos runtime directories
if: ${{ always() }}
run: |
rm -rf /tmp/enos*
rm -rf ./enos/support
rm -rf ./enos/.enos