aws-e2e-tests-non-root.yaml

name: AWS E2E Tests (Non-root)
run-name: AWS E2E Tests (Non-root) - ${{ github.run_id }} - @${{ github.actor }}

on:
  push:
    branches:
      - master
      - branch/*
  pull_request:
    paths:
      - '.github/workflows/aws-e2e-tests-non-root.yaml'
      - '**.go'
      - 'go.mod'
      - 'go.sum'
      - 'build.assets/Makefile'
      - 'build.assets/Dockerfile*'
      - 'Makefile'
  merge_group:
    paths:
      - '.github/workflows/aws-e2e-tests-non-root.yaml'
      - '**.go'
      - 'go.mod'
      - 'go.sum'
      - 'build.assets/Makefile'
      - 'build.assets/Dockerfile*'
      - 'Makefile'

env:
  TEST_KUBE: true
  TEST_AWS_DB: true
  AWS_REGION: us-west-2
  GHA_ASSUME_ROLE: arn:aws:iam::307493967395:role/tf-aws-e2e-gha-role
  KUBERNETES_SERVICE_ASSUME_ROLE: arn:aws:iam::307493967395:role/tf-eks-discovery-ci-cluster-kubernetes-service-access-role
  KUBE_DISCOVERY_SERVICE_ASSUME_ROLE: arn:aws:iam::307493967395:role/tf-eks-discovery-ci-cluster-discovery-service-access-role
  EKS_CLUSTER_NAME: gha-discovery-ci-eks-us-west-2-307493967395
  DATABASE_USER: teleport-ci-e2e-test
  DATABASE_SERVICE_ASSUME_ROLE: arn:aws:iam::307493967395:role/ci-database-e2e-tests-database-svc
  DATABASE_DISCOVERY_SERVICE_ASSUME_ROLE: arn:aws:iam::307493967395:role/ci-database-e2e-tests-discovery-svc
  RDS_POSTGRES_INSTANCE_NAME: ci-database-e2e-tests-rds-postgres-instance-us-west-2-307493967395
  RDS_MYSQL_INSTANCE_NAME: ci-database-e2e-tests-rds-mysql-instance-us-west-2-307493967395
  DISCOVERY_MATCHER_LABELS: "*=*"
jobs:
  test:
    name: AWS E2E Tests (Non-root)
    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
    runs-on: ubuntu-22.04-16core

    permissions:
      contents: read
      packages: read
      id-token: write

    container:
      image: ghcr.io/gravitational/teleport-buildbox:teleport14
      env:
        WEBASSETS_SKIP_BUILD: 1
      options: --cap-add=SYS_ADMIN --privileged

    steps:
      - name: Checkout Teleport
        uses: actions/checkout@v4

      - name: Prepare workspace
        uses: ./.github/actions/prepare-workspace

      - name: Chown
        run: |
          mkdir -p $(go env GOMODCACHE)
          mkdir -p $(go env GOCACHE)
          chown -Rf ci:ci ${GITHUB_WORKSPACE} $(go env GOMODCACHE) $(go env GOCACHE)
        continue-on-error: true

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
        with:
          aws-region: ${{ env.AWS_REGION }}
          role-to-assume: ${{ env.GHA_ASSUME_ROLE }}

      - name: Run tests
        timeout-minutes: 10
        run: |
          runuser -u ci -g ci make e2e-aws RDPCLIENT_SKIP_BUILD=1