[8.x](backport #2946) Fix Cloudformation CI workflow (#2947) #141

Workflow file for this run

.github/workflows/cloudformation-ci.yml at a6301da

	name: CloudFormation-CI

	on:
	# pull_request_target:
	# branches:
	# - main
	# - "[0-9]+.[0-9]+"
	# - "8.x"
	# types: [opened, synchronize, reopened]
	# paths:
	# - deploy/cloudformation/*.yml
	# - .github/workflows/cloudformation-ci.yml
	push:
	branches:
	- main
	- "[0-9]+.[0-9]+"
	- "8.x"
	paths:
	- deploy/cloudformation/*.yml
	- .github/workflows/cloudformation-ci.yml

	env:
	WORKING_DIR: deploy/test-environments
	INTEGRATIONS_SETUP_DIR: tests/integrations_setup
	TF_VAR_ec_api_key: ${{ secrets.EC_API_KEY }}

	jobs:
	Deploy-CloudFormation:
	name: "Deploy CloudFormation"
	runs-on: ubuntu-20.04
	timeout-minutes: 40
	defaults:
	run:
	working-directory: ${{ env.WORKING_DIR }}
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: Init Hermit
	run: ./bin/hermit env -r >> $GITHUB_ENV
	working-directory: ./

	- name: Set up unique deployment names
	run: \|
	suffix="$(date +%s \| tail -c 3)"
	echo "TF_VAR_deployment_name=DEPLOY_PR${{ github.event.number }}-$suffix" >> $GITHUB_ENV
	echo "CNVM_STACK_NAME=cnvm-stack-pr${{ github.event.number }}-$suffix" >> $GITHUB_ENV

	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: '3.9'

	- name: Install Poetry
	run: \|
	curl -sSL https://install.python-poetry.org \| python3 -
	poetry --version

	- name: Install Fleet API dependencies
	id: fleet-api-deps
	working-directory: ./tests
	run: \|
	poetry install

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: "eu-west-1"

	- name: Provision Elastic Cloud Environment
	id: apply
	if: success()
	env:
	TF_VAR_stack_version: ${{ env.ELK_VERSION }}
	TF_VAR_ess_region: "gcp-us-west2"
	run: \|
	./manage_infrastructure.sh "elk-stack" "apply"

	- name: Set Environment Output
	id: env-output
	run: \|
	./manage_infrastructure.sh "elk-stack" "output"

	- name: Install integrations
	working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }}
	env:
	STACK_VERSION: ${{ env.ELK_VERSION }}
	run: \|
	poetry run python ./install_cnvm_integration.py

	- name: Deploy CNVM agent
	env:
	STACK_NAME: "${{ env.CNVM_STACK_NAME}}"
	run: \|
	just deploy-cloudformation

	- name: Wait for CloudFormation stack
	id: wait-for-cfn
	run: \|
	aws cloudformation wait stack-create-complete --stack-name ${{ env.CNVM_STACK_NAME }}

	- name: Wait for agents to enroll
	id: wait-for-agents
	working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }}
	timeout-minutes: 1
	env:
	STACK_VERSION: "${{ env.ELK_VERSION }}"
	run: \|
	poetry run python ./agents_enrolled.py

	- name: Cleanup Environment
	if: always()
	run: \|
	./manage_infrastructure.sh "elk-stack" "destroy"
	aws cloudformation delete-stack --stack-name ${{ env.CNVM_STACK_NAME }}
	aws cloudformation wait stack-delete-complete --stack-name ${{ env.CNVM_STACK_NAME }}

	Deploy-CloudFormation-DirectKeys:
	name: "Deploy CloudFormation DirectKeys"
	runs-on: ubuntu-latest
	timeout-minutes: 40
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: Hermit Environment
	uses: ./.github/actions/hermit
	with:
	init-tools: 'true'

	- name: Set up unique deployment names
	run: \|
	suffix="$(date +%s \| tail -c 3)"
	echo "DIRECT_KEY_STACK_NAME=direct-key-stack-pr${{ github.event.number }}-$suffix" >> $GITHUB_ENV

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TEST_ACC }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST_ACC }}
	aws-region: "eu-west-1"

	- name: Deploy CloudFormation stack
	env:
	CF_FILE: 'deploy/cloudformation/elastic-agent-direct-access-key-cspm.yml'
	run: \|
	aws cloudformation validate-template --template-body file://${{ env.CF_FILE }}
	aws cloudformation create-stack --stack-name ${{ env.DIRECT_KEY_STACK_NAME }} --template-body file://${{ env.CF_FILE }} --capabilities CAPABILITY_NAMED_IAM
	aws cloudformation wait stack-create-complete --stack-name ${{ env.DIRECT_KEY_STACK_NAME }}

	- name: Get Direct Keys
	id: direct-keys
	shell: bash
	run: \|
	BODY="$(aws cloudformation describe-stacks --stack-name ${{ env.DIRECT_KEY_STACK_NAME }} --query 'Stacks[0].Outputs' --output json)"
	NEW_ACCESS_KEY_ID="$(echo "${BODY}" \| jq -r '.[] \| select(.OutputKey \| test("AccessKeyId")) \| .OutputValue')"
	echo "::add-mask::$NEW_ACCESS_KEY_ID"
	NEW_SECRET_ACCESS_KEY="$(echo "${BODY}" \| jq -r '.[] \| select(.OutputKey \| test("SecretAccessKey")) \| .OutputValue')"
	echo "::add-mask::$NEW_SECRET_ACCESS_KEY"
	echo "NEW_ACCESS_KEY_ID=${NEW_ACCESS_KEY_ID}" >> $GITHUB_OUTPUT
	echo "NEW_SECRET_ACCESS_KEY=${NEW_SECRET_ACCESS_KEY}" >> $GITHUB_OUTPUT

	- name: Run AWS integration tests
	uses: ./.github/actions/aws-ci
	with:
	elk-version: ${{ env.ELK_VERSION }}
	aws-access-key-id: ${{ steps.direct-keys.outputs.NEW_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ steps.direct-keys.outputs.NEW_SECRET_ACCESS_KEY }}
	aws-account-type: single-account

	- name: Cleanup Environment
	if: always()
	run: \|
	aws cloudformation delete-stack --stack-name ${{ env.DIRECT_KEY_STACK_NAME }}
	aws cloudformation wait stack-delete-complete --stack-name ${{ env.DIRECT_KEY_STACK_NAME }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[8.x](backport #2946) Fix Cloudformation CI workflow (#2947) #141

Workflow file

[8.x](backport #2946) Fix Cloudformation CI workflow (#2947) #141

Jobs

Run details

Workflow file for this run