-
Notifications
You must be signed in to change notification settings - Fork 135
162 lines (145 loc) · 6.43 KB
/
e2e-tf-deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: Helm Charts E2E Testing
on:
schedule:
- cron: '0 3 */2 * *' # schedule the test to run every second day at 3:00am
push:
branches:
- main
paths:
- 'src/main/charts/bamboo/**'
- 'src/main/charts/bamboo-agent/**'
- 'src/main/charts/bitbucket/**'
- 'src/main/charts/confluence/**'
- 'src/main/charts/jira/**'
- 'src/main/charts/crowd/**'
pull_request_target:
types: [ labeled ]
workflow_dispatch:
jobs:
test:
if: ${{ github.event.label.name == 'e2e' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
name: Deploy Infrastructure and Run E2E Tests
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
env:
AWS_DEFAULT_REGION: us-east-1
TF_VAR_bamboo_license: ${{ secrets.TF_VAR_BAMBOO_LICENSE }}
TF_VAR_confluence_license: ${{ secrets.TF_VAR_CONFLUENCE_LICENSE }}
TF_VAR_bitbucket_license: ${{ secrets.TF_VAR_BITBUCKET_LICENSE }}
TF_VAR_crowd_license: ${{ secrets.TF_VAR_CROWD_LICENSE }}
TF_VAR_bamboo_admin_password: ${{ secrets.TF_VAR_BAMBOO_ADMIN_PASSWORD }}
TF_VAR_crowd_admin_password: ${{ secrets.TF_VAR_CROWD_ADMIN_PASSWORD }}
TF_VAR_bitbucket_admin_password: ${{ secrets.TF_VAR_BITBUCKET_ADMIN_PASSWORD }}
TF_VAR_kinesis_log_producers_role_arns: ${{ secrets.TF_VAR_KINESIS_LOG_PRODUCERS_ROLE_ARNS }}
TF_VAR_osquery_fleet_enrollment_secret_name: ${{ secrets.TF_VAR_OSQUERY_FLEET_ENROLLMENT_SECRET_NAME }}
TF_VAR_osquery_fleet_entrollment_host: ${{ secrets.TF_VAR_OSQUERY_FLEET_ENROLLMENT_HOST }}
TF_VAR_crowdstrike_secret_name: ${{ secrets.TF_VAR_CROWDSTRIKE_SECRET_NAME }}
TF_VAR_crowdstrike_kms_key_name: ${{ secrets.TF_VAR_CROWDSTRIKE_KMS_KEY_NAME }}
TF_VAR_crowdstrike_aws_account_id: ${{ secrets.TF_VAR_CROWDSTRIKE_AWS_ACCOUNT_ID }}
USE_DOMAIN: "true"
steps:
- name: Checkout Helm charts
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Install the latest Terraform
run: |
# check existing version
terraform -version
# download the latest
URL=$(curl -fsSL https://api.releases.hashicorp.com/v1/releases/terraform/latest | jq -r '.builds[] | select((.arch=="amd64") and (.os=="linux")).url')
curl -s -o /tmp/terraform.zip ${URL}
echo A | unzip /tmp/terraform.zip -d /usr/local/bin/
rm /tmp/terraform.zip
# check the latest version
terraform -version
- name: Pin Kubectl version
uses: azure/[email protected]
with:
version: 'v1.30.0'
- name: Install Helm
uses: azure/setup-helm@v1
with:
version: v3.15.3
- name: Execute helm dependency update for Helm charts
run: |
helm dependency update src/main/charts/bamboo
helm dependency update src/main/charts/bamboo-agent
helm dependency update src/main/charts/bitbucket
helm dependency update src/main/charts/confluence
helm dependency update src/main/charts/jira
helm dependency update src/main/charts/crowd
- name: Checkout Deployment Automation
run: |
DEPLOYMENT_REPO='https://github.com/atlassian-labs/data-center-terraform.git'
LTS=$(git ls-remote --tags --exit-code --refs "$DEPLOYMENT_REPO" \
| sed -E 's/^[[:xdigit:]]+[[:space:]]+refs\/tags\/(.+)/\1/g' \
| grep '^[0-9]*.[0-9]*.[0-9]*$' | sort -V | tail -1)
echo "Using LTS version('${LTS}') of Deployment Automation to provision the infrastructure for Atlassian DC Products."
git clone -b $LTS $DEPLOYMENT_REPO tf
- name: Setup test environment
uses: actions/setup-go@v3
with:
go-version: '1.18'
- name: Setup Python environment
uses: actions/setup-python@v5
with:
python-version: '3.9.14'
- run: |
python -m pip install --upgrade pip
pip install boto3
- name: Install test dependencies
id: setup-dependencies
working-directory: tf/test/
run: |
go version
go get -v -t -d ./... && go mod tidy
echo ::set-output name=exit_code::$?
- name: Add private SSH key for Bitbucket tests
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.BITBUCKET_E2E_TEST_PRIV_SSH_KEY }}
name: bitbucket-e2e # optional
known_hosts: dummy-entry
if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
- name: Add public SSH key for Bitbucket tests
run: |
echo ${{ secrets.BITBUCKET_E2E_TEST_PUB_SSH_KEY }} > /home/runner/.ssh/bitbucket-e2e.pub
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@master
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: DCTerraformHelmSession
role-duration-seconds: 7200
- name: Deploy the infrastructure, install helm charts, run E2E tests, and cleanup
id: e2e-test
working-directory: tf/test/
run: |
set -o pipefail
# Create test output directory
mkdir e2etest/artifacts
# Add root of helm chart repo to the config template
cat << EOF >> ./e2etest/test-config.tfvars.tmpl
# install local helm charts
local_helm_charts_path="$(dirname $(dirname $(pwd)))/src/main/charts"
confluence_install_local_chart = true
jira_install_local_chart = true
bitbucket_install_local_chart = true
bamboo_install_local_chart = true
crowd_install_local_chart = true
EOF
# Deploy infrastructure, install helm charts, run e2e tests, and cleanup all
# boto3 ignores AWS creds env vars for some reason
mkdir -p ~/.aws
echo -e "[default]\naws_access_key_id = ${AWS_ACCESS_KEY_ID}\naws_secret_access_key = ${AWS_SECRET_ACCESS_KEY}\naws_session_token = ${AWS_SESSION_TOKEN}" > ~/.aws/credentials
go test ./e2etest -v -timeout 85m -run Installer | tee ./e2etest/artifacts/e2etest.log
- name: Upload test log files
if: always()
uses: actions/[email protected]
with:
name: e2e-test-artifacts
path: tf/test/e2etest/artifacts/