Production release #635
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test superset deployment | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - edited | |
| - synchronize | |
| - reopened | |
| jobs: | |
| test_local: | |
| name: Superset local deployment | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16' | |
| cache: 'npm' | |
| - run: sudo apt-get update && sudo apt-get install curl | |
| - run: npm ci | |
| - run: ./bin/dev --version | |
| - run: ./bin/dev config:set registry_host registry.dev.architect.io | |
| - run: ./bin/dev config:set api_host https://api.dev.architect.io | |
| - run: ./bin/dev config:set log_level debug | |
| - run: ./bin/dev login -e ${{ secrets.ARCHITECT_EMAIL }} -p ${{ secrets.ARCHITECT_PASSWORD }} | |
| - run: docker volume create volume-key | |
| - run: ./bin/dev link test/integration/hello-world/architect.yml | |
| - run: ./bin/dev link test/mocks/superset/deprecated.architect.yml | |
| - run: ./bin/dev dev -e superset test/mocks/superset/architect.yml --browser=false -s param_unset=test -s world_text=Architect --detached | |
| - name: Check that the app is accessible locally | |
| run: curl --fail -S -I https://hello.localhost.architect.sh | |
| - name: Check that the app returns the expected response | |
| run: curl --fail -S https://hello.localhost.architect.sh | grep "Hello Architect!" | |
| - name: Run a local task | |
| run: ./bin/dev task superset curler-build --local -e superset | |
| test_remote: | |
| name: Superset remote deployment | |
| if: github.base_ref == 'main' | |
| env: | |
| ACCOUNT_NAME: architect-ci | |
| ENVIRONMENT_NAME: example-environment | |
| CLUSTER_NAME: architect-ci-do | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16' | |
| cache: 'npm' | |
| - uses: crazy-max/ghaction-github-runtime@v2 # Exports internal envs for Github Actions. Required for register caching to work. | |
| - run: sudo apt-get update && sudo apt-get install curl | |
| - run: npm ci | |
| - run: ./bin/dev --version | |
| - run: ./bin/dev config:set registry_host registry.dev.architect.io | |
| - run: ./bin/dev config:set api_host https://api.dev.architect.io | |
| - run: ./bin/dev config:set log_level debug | |
| - run: ./bin/dev login -e ${{ secrets.ARCHITECT_EMAIL }} -p ${{ secrets.ARCHITECT_PASSWORD }} | |
| - run: ./bin/dev register -a $ACCOUNT_NAME test/integration/hello-world/architect.yml test/mocks/superset/deprecated.architect.yml | |
| - run: ./bin/dev env:create $ENVIRONMENT_NAME -a $ACCOUNT_NAME --cluster $CLUSTER_NAME | |
| - run: ./bin/dev deploy -a $ACCOUNT_NAME --auto-approve -e $ENVIRONMENT_NAME test/mocks/superset/architect.yml -s param_unset=test -s world_text=Architect | |
| - run: sleep 180 | |
| - name: Check that the app returns the expected response | |
| run: curl --insecure --fail -S https://hello.$ENVIRONMENT_NAME.$ACCOUNT_NAME.dev.arcitect.io/ | grep "Hello Architect!" | |
| - name: Check that cert exists for deployed service | |
| run: | | |
| export CERT_DATA=$(openssl s_client -showcerts -connect hello.$ENVIRONMENT_NAME.$ACCOUNT_NAME.dev.arcitect.io:443 </dev/null | openssl x509 -noout -issuer) | |
| if [[ "$CERT_DATA" = "issuer=C = US, O = Let's Encrypt, CN = R3" || "$CERT_DATA" = "issuer=C = US, O = (STAGING) Let's Encrypt, CN = (STAGING) Artificial Apricot R3" ]]; then echo "Valid cert generated"; else exit 1; fi | |
| # - name: Ensure that network policies are being enforced in the cluster and a service can't connect to one that it shouldn't be able to | |
| # run: | | |
| # ./bin/dev exec -a $ACCOUNT_NAME -e $ENVIRONMENT_NAME superset.services.stateful-api -- sh -c "curl --connect-timeout 10 --insecure -L -I http://hello-world--api:3000/ || true" > network_policy_test.txt 2>&1 </dev/null | |
| # if [[ $(cat network_policy_test.txt) == *"Connection timeout"* ]]; then exit 0; else exit 1; fi | |
| - name: Ensure that network policies are being enforced in the cluster and a service can connect to one that it should be able to | |
| run: ./bin/dev exec -a $ACCOUNT_NAME -e $ENVIRONMENT_NAME superset.services.stateful-frontend -- sh -c "curl --connect-timeout 10 --insecure -L -I http://stateful-reserved-name:8080/" | |
| - name: Run a remote task | |
| run: ./bin/dev task superset curler -a $ACCOUNT_NAME -e $ENVIRONMENT_NAME | |
| - run: ./bin/dev destroy -e $ENVIRONMENT_NAME -a $ACCOUNT_NAME --auto-approve | |
| - run: ./bin/dev env:destroy $ENVIRONMENT_NAME -a $ACCOUNT_NAME --auto-approve |