Release Promotion Tests #829
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a Java project with Gradle | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle | |
name: Release Promotion Tests | |
on: | |
workflow_dispatch: | |
inputs: | |
testEnv: | |
description: 'Environment in which tests should be run. Currently runs on alpha and staging' | |
required: true | |
jobs: | |
release-promotion-tests: | |
runs-on: ubuntu-latest | |
# required for IAP authentication - see terra-helmfile-shim | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set env | |
id: set-env-step | |
run: | | |
if ${{ github.event_name == 'workflow_dispatch' }}; then | |
ENV=${{ github.event.inputs.testEnv }} | |
else | |
echo ::error ::${{ github.event_name }} not supported for this workflow | |
exit 1 | |
fi | |
echo test-env=$ENV >> $GITHUB_OUTPUT | |
# | |
# | |
# 2022-12-15 DDO-2528 terra-helmfile shim | |
# Release version information has been migrated to Sherlock. | |
# These two steps add a temporary shim to simulate the old versions file format | |
# until testrunner can be configured to talk to it. | |
# | |
# Set up workload-identity so we can auth to Sherlock | |
- name: "Authenticate to GCP" | |
id: 'auth' | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' | |
service_account: '[email protected]' | |
token_format: 'id_token' | |
id_token_audience: '1038484894585-k8qvf7l876733laev0lm8kenfa2lj6bn.apps.googleusercontent.com' | |
id_token_include_email: true | |
create_credentials_file: false | |
export_environment_variables: false | |
# Generate versions file | |
- name: terra-helmfile-shim | |
run: | | |
set -exo pipefail | |
ENV="${{ steps.set-env-step.outputs.test-env }}" | |
SHERLOCK_URL="https://sherlock.dsp-devops.broadinstitute.org" | |
OLD_TERRA_HELMFILE_DIR="integration/terra-helmfile" | |
VERSIONS_FILE="${OLD_TERRA_HELMFILE_DIR}/versions/app/${ENV}.yaml" | |
OVERRIDES_FILE="${OLD_TERRA_HELMFILE_DIR}/environments/live/${ENV}.yaml" | |
mkdir -p $( dirname "${VERSIONS_FILE}" ) | |
mkdir -p $( dirname "${OVERRIDES_FILE}" ) | |
# write an empty overrides file | |
echo "releases: {}" > "${OVERRIDES_FILE}" | |
# | |
# call the chart-releases endpoint to get a list of chart-releases in the target env | |
# | |
curl --fail \ | |
-H 'Authorization: Bearer ${{ steps.auth.outputs.id_token }}' \ | |
"${SHERLOCK_URL}/api/v2/chart-releases?environment=${ENV}" \ | |
> /tmp/.chart-releases.json | |
# | |
# use jq to massage the output into the old versions file format, which looks like: | |
# releases: | |
# workspacemanager: | |
# appVersion: 1.2.3 | |
# chartVersion: 4.5.6 | |
# | |
# happily, YAML is a superset of JSON so we don't need to do a format conversion | |
# | |
cat /tmp/.chart-releases.json |\ | |
jq 'map({ (.chart): {appVersion: .appVersionExact, chartVersion: .chartVersionExact}}) | add | { releases: . }' \ | |
> "${VERSIONS_FILE}" | |
echo "Wrote versions file to ${VERSIONS_FILE}:" | |
cat "${VERSIONS_FILE}" | |
- name: Set config files | |
id: set-config-files-step | |
run: | | |
if ${{ steps.set-env-step.outputs.test-env == 'dev' }}; then | |
TEST_SERVER=workspace-dev.json | |
TEST=suites/dev/FullIntegration.json | |
elif ${{ steps.set-env-step.outputs.test-env == 'alpha' }}; then | |
TEST_SERVER=workspace-alpha.json | |
TEST=suites/alpha/FullIntegration.json | |
elif ${{ steps.set-env-step.outputs.test-env == 'staging' }}; then | |
TEST_SERVER=workspace-staging.json | |
TEST=suites/staging/FullIntegration.json | |
else | |
echo ::error ::${{ steps.set-env-step.outputs.test-env }} environment not supported for this workflow | |
exit 1 | |
fi | |
echo test-server=$TEST_SERVER >> $GITHUB_OUTPUT | |
echo test=$TEST >> $GITHUB_OUTPUT | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Cache Gradle packages | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}-${{ hashFiles('**/*.gradle') }} | |
restore-keys: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }} | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Get Vault token | |
id: vault-token-step | |
env: | |
VAULT_ADDR: https://clotho.broadinstitute.org:8200 | |
run: | | |
VAULT_TOKEN=$(docker run --rm --cap-add IPC_LOCK \ | |
-e "VAULT_ADDR=${VAULT_ADDR}" \ | |
vault:1.1.0 \ | |
vault write -field token \ | |
auth/approle/login role_id=${{ secrets.VAULT_APPROLE_ROLE_ID }} \ | |
secret_id=${{ secrets.VAULT_APPROLE_SECRET_ID }}) | |
echo ::add-mask::$VAULT_TOKEN | |
echo vault-token=$VAULT_TOKEN >> $GITHUB_OUTPUT | |
- name: Write configuration | |
uses: ./.github/actions/write-config | |
with: | |
target: ${{ steps.set-env-step.outputs.test-env }} | |
vault-token: ${{ steps.vault-token-step.outputs.vault-token }} | |
- name: Run the integration test suite | |
id: integration-test | |
if: ${{ always() }} | |
uses: ./.github/actions/integration-test | |
with: | |
test-server: ${{ steps.set-config-files-step.outputs.test-server }} | |
test: ${{ steps.set-config-files-step.outputs.test }} | |
- name: "Notify QA Slack" | |
if: always() && (steps.set-env-step.outputs.test-env == 'alpha' || steps.set-env-step.outputs.test-env == 'staging') | |
uses: broadinstitute/[email protected] | |
# see https://github.com/broadinstitute/action-slack | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
with: | |
status: ${{ job.status }} | |
channel: "#dsde-qa" | |
username: "Workspace Manager ${{ steps.set-env-step.outputs.test-env }} tests" | |
author_name: "Workspace Manager ${{ steps.set-env-step.outputs.test-env }} integrationTest" | |
fields: repo,job,workflow,commit,eventName,author,took | |
- name: Archive WSM and TestRunner logs | |
id: archive_logs | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: wsm-and-testrunner-logs | |
path: | | |
wsm.log | |
${{ steps.integration-test.outputs.results-dir }} |