Release Promotion Tests #1132
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a Java project with Gradle on promotion of WSM to the terra staging environment | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle | |
name: Release Promotion Tests | |
on: | |
workflow_dispatch: {} | |
jobs: | |
release-promotion-tests: | |
runs-on: ubuntu-latest | |
# required for IAP authentication - see terra-helmfile-shim | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set env | |
id: set-env-step | |
run: | | |
if ${{ github.event_name == 'workflow_dispatch' }}; then | |
ENV=${{ github.event.inputs.testEnv }} | |
else | |
echo ::error ::${{ github.event_name }} not supported for this workflow | |
exit 1 | |
fi | |
echo test-env=staging >> $GITHUB_OUTPUT | |
# | |
# | |
# 2022-12-15 DDO-2528 terra-helmfile shim | |
# Release version information has been migrated to Sherlock. | |
# These two steps add a temporary shim to simulate the old versions file format | |
# until testrunner can be configured to talk to it. | |
# | |
# Set up auth to Sherlock | |
- name: "Authenticate to GCP" | |
id: 'iap_auth' | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' | |
service_account: '[email protected]' | |
token_format: 'id_token' | |
id_token_audience: '257801540345-1gqi6qi66bjbssbv01horu9243el2r8b.apps.googleusercontent.com' | |
id_token_include_email: true | |
create_credentials_file: false | |
export_environment_variables: false | |
- name: "Generate GHA OIDC Token" | |
id: 'gha_auth' | |
uses: actions/github-script@v7 | |
with: | |
script: core.setOutput('id_token', await core.getIDToken()) | |
# Generate versions file | |
- name: terra-helmfile-shim | |
run: | | |
set -exo pipefail | |
ENV="staging" | |
SHERLOCK_URL="https://sherlock.dsp-devops-prod.broadinstitute.org" | |
OLD_TERRA_HELMFILE_DIR="integration/terra-helmfile" | |
VERSIONS_FILE="${OLD_TERRA_HELMFILE_DIR}/versions/app/${ENV}.yaml" | |
OVERRIDES_FILE="${OLD_TERRA_HELMFILE_DIR}/environments/live/${ENV}.yaml" | |
mkdir -p $( dirname "${VERSIONS_FILE}" ) | |
mkdir -p $( dirname "${OVERRIDES_FILE}" ) | |
# write an empty overrides file | |
echo "releases: {}" > "${OVERRIDES_FILE}" | |
# | |
# call the chart-releases endpoint to get a list of chart-releases in the target env | |
# | |
curl --fail \ | |
-H 'Authorization: Bearer ${{ steps.iap_auth.outputs.id_token }}' \ | |
-H 'X-GHA-OIDC-JWT: ${{ steps.gha_auth.outputs.id_token }}' \ | |
"${SHERLOCK_URL}/api/chart-releases/v3?environment=${ENV}" \ | |
> /tmp/.chart-releases.json | |
# | |
# use jq to massage the output into the old versions file format, which looks like: | |
# releases: | |
# workspacemanager: | |
# appVersion: 1.2.3 | |
# chartVersion: 4.5.6 | |
# | |
# happily, YAML is a superset of JSON so we don't need to do a format conversion | |
# | |
cat /tmp/.chart-releases.json |\ | |
jq 'map({ (.chart): {appVersion: .appVersionExact, chartVersion: .chartVersionExact}}) | add | { releases: . }' \ | |
> "${VERSIONS_FILE}" | |
echo "Wrote versions file to ${VERSIONS_FILE}:" | |
cat "${VERSIONS_FILE}" | |
- name: Set config files | |
id: set-config-files-step | |
run: | | |
TEST_SERVER=workspace-staging.json | |
TEST=suites/staging/FullIntegration.json | |
echo test-server=$TEST_SERVER >> $GITHUB_OUTPUT | |
echo test=$TEST >> $GITHUB_OUTPUT | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
- name: Write config | |
id: config | |
uses: ./.github/actions/write-credentials | |
with: | |
user-delegated-sa-b64: ${{ secrets.USER_DELEGATED_SA_STAGING }} | |
- name: Run the integration test suite | |
id: integration-test | |
if: ${{ always() }} | |
uses: ./.github/actions/integration-test | |
with: | |
test-server: ${{ steps.set-config-files-step.outputs.test-server }} | |
test: ${{ steps.set-config-files-step.outputs.test }} | |
- name: "Notify QA Slack" | |
if: always() && (steps.set-env-step.outputs.test-env == 'alpha' || steps.set-env-step.outputs.test-env == 'staging') | |
uses: broadinstitute/[email protected] | |
# see https://github.com/broadinstitute/action-slack | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
with: | |
status: ${{ job.status }} | |
channel: "#dsde-qa" | |
username: "Workspace Manager ${{ steps.set-env-step.outputs.test-env }} tests" | |
author_name: "Workspace Manager ${{ steps.set-env-step.outputs.test-env }} integrationTest" | |
fields: repo,job,workflow,commit,eventName,author,took | |
- name: "Notify Workspaces test failure Slack" | |
if: failure() | |
uses: broadinstitute/[email protected] | |
# see https://github.com/broadinstitute/action-slack | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
with: | |
status: ${{ job.status }} | |
channel: "#dsp-workspaces-test-alerts" | |
username: "Workspace Manager ${{ steps.set-env-step.outputs.test-env }} tests" | |
author_name: "Workspace Manager ${{ steps.set-env-step.outputs.test-env }} integrationTest" | |
fields: repo,job,workflow,commit,eventName,author,took | |
- name: Archive WSM and TestRunner logs | |
id: archive_logs | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: wsm-and-testrunner-logs | |
path: | | |
wsm.log | |
${{ steps.integration-test.outputs.results-dir }} |