Skip to content

Commit

Permalink
chore(ci): refactor DCE to it's own github action
Browse files Browse the repository at this point in the history
  • Loading branch information
@obs-gh-colinhutchinson
obs-gh-colinhutchinson committed Nov 16, 2023
1 parent 2b102d8 commit c8ef7c1
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 56 deletions.
130 changes: 75 additions & 55 deletions .github/workflows/tests-integration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,81 +22,101 @@ jobs:
echo "can-write=true" >> $GITHUB_OUTPUT
fi
test-integration:
runs-on: ubuntu-latest
prepare_matrix:
needs: [permission_check]
if: needs.permission_check.outputs.can-write == 'true'
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.find_hcl_files.outputs.matrix }}
steps:
- name: Install DCE CLI
run: |
# Download dce-cli
wget -q https://github.com/Optum/dce-cli/releases/download/v0.5.0/dce_linux_amd64.zip
- uses: actions/checkout@v4

# Validate checksum
expected_sha="cb140c743373e28a6c1bd4ba3fe1b81a7431dd538e1ad430fede3c1aff4508db"
test $(shasum -a256 ./dce_linux_amd64.zip | awk '{print $1}') == "${expected_sha}"
- name: Setup the test matrix
id: find_hcl_files
run: |
cd integration && \
echo "matrix=$(ls tests/*.hcl | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
unzip ./dce_linux_amd64.zip -d ./
mv dce /usr/local/bin/
- uses: actions/checkout@v4

- name: Create DCE Configuration
run: |
mkdir ~/.dce
echo "api:" >> ~/.dce/config.yaml
echo " host: playground.observe-blunderdome.com" >> ~/.dce/config.yaml
echo " basepath: /" >> ~/.dce/config.yaml
echo "region: us-west-2" >> ~/.dce/config.yaml
- uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'

- name: Setup AWS credentials
uses: aws-actions/configure-aws-credentials@v4.0.1
- name: DCE Provision
uses: observeinc/github-action-dce@b3aadecd9fa7f584f6a6275a6ab770d818045fac
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2

- name: AWS Info
run: aws sts get-caller-identity
budget-amount: '10.0'
budget-currency: 'USD'
expiry: '30m'
email: 'colin.hutchinson+gha@observeinc.com'

- name: Set Principal ID
run: |
echo "PRINCIPAL_ID=gha-${GITHUB_RUN_ID}" >> $GITHUB_ENV
- name: Check for Existing DCE Lease
- name: Create S3 Bucket for Artifacts
run: |
lease_id=$(dce leases list --status Active --principal-id $PRINCIPAL_ID | jq -r '.[0].id')
echo "LEASE_ID=$lease_id" >> $GITHUB_ENV
if ! aws s3api head-bucket --bucket "${{ github.run_id }}-$AWS_REGION" 2>/dev/null; then
aws s3 mb s3://"${{ github.run_id }}-$AWS_REGION" --region us-west-2
fi
env:
AWS_REGION: us-west-2

- name: If lease not found, create a new DCE Lease
if: env.LEASE_ID == 'null'
run: |
dce leases create --budget-amount 100.0 --budget-currency USD --email colin.hutchinson+gha@observeinc.com --principal-id $PRINCIPAL_ID
lease_id=$(dce leases list --status Active --principal-id $PRINCIPAL_ID | jq -r '.[0].id')
echo "LEASE_ID=$lease_id" >> $GITHUB_ENV
- name: Package SAM Applications
run: make sam-package-all
env:
AWS_REGION: us-west-2
S3_BUCKET_PREFIX: ${{ github.run_id }}

- name: Archive SAM directory
uses: actions/upload-artifact@v3
with:
name: repo-and-sam-build
path: |
${{ github.workspace }}/.aws-sam/
test-integration:
runs-on: ubuntu-latest
needs: [permission_check, prepare_matrix]
if: needs.permission_check.outputs.can-write == 'true'
strategy:
matrix:
testfile: ${{fromJson(needs.prepare_matrix.outputs.matrix)}}
steps:
- name: DCE Use
id: dce_setup
uses: observeinc/github-action-dce@b3aadecd9fa7f584f6a6275a6ab770d818045fac
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

- name: checkout
uses: actions/checkout@v4

- name: Download SAM directory
uses: actions/download-artifact@v3
with:
name: repo-and-sam-build
path: ${{ github.workspace }}/.aws-sam/

- uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'

- name: Integration tests
run: |
eval $(dce leases login --print-creds $LEASE_ID)
aws sts get-caller-identity
TEST_ARGS=-verbose make integration-test
- name: Integration test for ${{ matrix.testfile }}
run: S3_BUCKET_PREFIX=${S3_BUCKET_PREFIX} TEST_ARGS='-filter=${{ matrix.testfile }} -verbose' make integration-test
env:
APP: forwarder
AWS_REGION: us-west-2
S3_BUCKET_PREFIX: ${{ github.run_id }}

- name: Cleanup DCE Lease
if: always()
run: |
# Logic to cleanup DCE Lease
if [[ ! -z "$LEASE_ID" && "$LEASE_ID" != "null" ]]; then
account_id=$(dce leases list --principal-id $PRINCIPAL_ID | jq -r ".[] | select(.id == \"$LEASE_ID\") | .accountId")
if [[ ! -z "$account_id" ]]; then
dce leases end \
-p $PRINCIPAL_ID \
-a $account_id
fi
fi
cleanup:
needs: [permission_check, test-integration]
runs-on: ubuntu-latest
if: always()
steps:
- name: DCE Cleanup
if: needs.permission_check.outputs.can-write == 'true'
uses: observeinc/github-action-dce@b3aadecd9fa7f584f6a6275a6ab770d818045fac
with:
action-type: 'decommission'
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
8 changes: 7 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,20 @@ go-test:
go test -v -race ./...

.PHONY: integration-test
integration-test: sam-package-all
integration-test:
cd integration && terraform init && \
if [ "$(DEBUG)" = "1" ]; then \
CHECK_DEBUG_FILE=debug.sh terraform test $(TEST_ARGS); \
else \
terraform test $(TEST_ARGS); \
fi

## debug: Echo the sam-package command instead of running it
debug:
cd integration && terraform init && \
@echo terraform test $(TEST_ARGS)


## sam-validate: validate cloudformation templates
sam-validate:
$(call check_var,APP)
Expand Down

0 comments on commit c8ef7c1

Please sign in to comment.