Skip to content

Release Promotion Tests #846

Release Promotion Tests

Release Promotion Tests #846

# This workflow will build a Java project with Gradle
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
name: Release Promotion Tests
on:
workflow_dispatch:
inputs:
testEnv:
description: 'Environment in which tests should be run. Currently runs on alpha and staging'
required: true
jobs:
release-promotion-tests:
runs-on: ubuntu-latest
# required for IAP authentication - see terra-helmfile-shim
permissions:
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v3
- name: Set env
id: set-env-step
run: |
if ${{ github.event_name == 'workflow_dispatch' }}; then
ENV=${{ github.event.inputs.testEnv }}
else
echo ::error ::${{ github.event_name }} not supported for this workflow
exit 1
fi
echo test-env=$ENV >> $GITHUB_OUTPUT
#
#
# 2022-12-15 DDO-2528 terra-helmfile shim
# Release version information has been migrated to Sherlock.
# These two steps add a temporary shim to simulate the old versions file format
# until testrunner can be configured to talk to it.
#
# Set up workload-identity so we can auth to Sherlock
- name: "Authenticate to GCP"
id: 'auth'
uses: google-github-actions/auth@v1
with:
workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider'
service_account: '[email protected]'
token_format: 'id_token'
id_token_audience: '1038484894585-k8qvf7l876733laev0lm8kenfa2lj6bn.apps.googleusercontent.com'
id_token_include_email: true
create_credentials_file: false
export_environment_variables: false
# Generate versions file
- name: terra-helmfile-shim
run: |
set -exo pipefail
ENV="${{ steps.set-env-step.outputs.test-env }}"
SHERLOCK_URL="https://sherlock.dsp-devops.broadinstitute.org"
OLD_TERRA_HELMFILE_DIR="integration/terra-helmfile"
VERSIONS_FILE="${OLD_TERRA_HELMFILE_DIR}/versions/app/${ENV}.yaml"
OVERRIDES_FILE="${OLD_TERRA_HELMFILE_DIR}/environments/live/${ENV}.yaml"
mkdir -p $( dirname "${VERSIONS_FILE}" )
mkdir -p $( dirname "${OVERRIDES_FILE}" )
# write an empty overrides file
echo "releases: {}" > "${OVERRIDES_FILE}"
#
# call the chart-releases endpoint to get a list of chart-releases in the target env
#
curl --fail \
-H 'Authorization: Bearer ${{ steps.auth.outputs.id_token }}' \
"${SHERLOCK_URL}/api/v2/chart-releases?environment=${ENV}" \
> /tmp/.chart-releases.json
#
# use jq to massage the output into the old versions file format, which looks like:
# releases:
# workspacemanager:
# appVersion: 1.2.3
# chartVersion: 4.5.6
#
# happily, YAML is a superset of JSON so we don't need to do a format conversion
#
cat /tmp/.chart-releases.json |\
jq 'map({ (.chart): {appVersion: .appVersionExact, chartVersion: .chartVersionExact}}) | add | { releases: . }' \
> "${VERSIONS_FILE}"
echo "Wrote versions file to ${VERSIONS_FILE}:"
cat "${VERSIONS_FILE}"
- name: Set config files
id: set-config-files-step
run: |
if ${{ steps.set-env-step.outputs.test-env == 'dev' }}; then
TEST_SERVER=workspace-dev.json
TEST=suites/dev/FullIntegration.json
elif ${{ steps.set-env-step.outputs.test-env == 'alpha' }}; then
TEST_SERVER=workspace-alpha.json
TEST=suites/alpha/FullIntegration.json
elif ${{ steps.set-env-step.outputs.test-env == 'staging' }}; then
TEST_SERVER=workspace-staging.json
TEST=suites/staging/FullIntegration.json
else
echo ::error ::${{ steps.set-env-step.outputs.test-env }} environment not supported for this workflow
exit 1
fi
echo test-server=$TEST_SERVER >> $GITHUB_OUTPUT
echo test=$TEST >> $GITHUB_OUTPUT
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
- name: Cache Gradle packages
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}-${{ hashFiles('**/*.gradle') }}
restore-keys: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Get Vault token
id: vault-token-step
env:
VAULT_ADDR: https://clotho.broadinstitute.org:8200
run: |
VAULT_TOKEN=$(docker run --rm --cap-add IPC_LOCK \
-e "VAULT_ADDR=${VAULT_ADDR}" \
vault:1.1.0 \
vault write -field token \
auth/approle/login role_id=${{ secrets.VAULT_APPROLE_ROLE_ID }} \
secret_id=${{ secrets.VAULT_APPROLE_SECRET_ID }})
echo ::add-mask::$VAULT_TOKEN
echo vault-token=$VAULT_TOKEN >> $GITHUB_OUTPUT
- name: Write configuration
uses: ./.github/actions/write-config
with:
target: ${{ steps.set-env-step.outputs.test-env }}
vault-token: ${{ steps.vault-token-step.outputs.vault-token }}
- name: Run the integration test suite
id: integration-test
if: ${{ always() }}
uses: ./.github/actions/integration-test
with:
test-server: ${{ steps.set-config-files-step.outputs.test-server }}
test: ${{ steps.set-config-files-step.outputs.test }}
- name: "Notify QA Slack"
if: always() && (steps.set-env-step.outputs.test-env == 'alpha' || steps.set-env-step.outputs.test-env == 'staging')
uses: broadinstitute/[email protected]
# see https://github.com/broadinstitute/action-slack
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
channel: "#dsde-qa"
username: "Workspace Manager ${{ steps.set-env-step.outputs.test-env }} tests"
author_name: "Workspace Manager ${{ steps.set-env-step.outputs.test-env }} integrationTest"
fields: repo,job,workflow,commit,eventName,author,took
- name: Archive WSM and TestRunner logs
id: archive_logs
if: always()
uses: actions/upload-artifact@v3
with:
name: wsm-and-testrunner-logs
path: |
wsm.log
${{ steps.integration-test.outputs.results-dir }}