Adjust gh actions post workflow

kyma-project · Dec 12, 2024 · f4efbf3 · f4efbf3
1 parent 0cfa807
commit f4efbf3
Show file tree

Hide file tree

Showing 6 changed files with 268 additions and 3 deletions.
diff --git a/...ons/integration-test-gardener/action.yaml → ...n-test-gardener-custom-domain/action.yaml b/...ons/integration-test-gardener/action.yaml → ...n-test-gardener-custom-domain/action.yaml
diff --git a/.github/actions/integration-tests-gardener/action.yaml b/.github/actions/integration-tests-gardener/action.yaml
@@ -0,0 +1,96 @@
+name: 'Integration tests (Gardener)'
+description: 'Runs integration tests on Gardener'
+inputs:
+  manager_image:
+    description: "Manager image used for test"
+    required: true
+  gardener_secret:
+    description: "Kubeconfig secret for Gardener"
+    required: true
+  gardener_provider:
+    description: "Gardener provider to use"
+    required: true
+  gardener_project_name:
+    required: true
+    description: "Name of the gardener project"
+  test_make_target:
+    description: 'Make target for integration tests to run'
+    default: 'test-integration'
+  client_id:
+    description: "Client id for oidc"
+    required: true
+  client_secret:
+    description: "Client secret for oidc"
+    required: true
+  oidc_well_known_url:
+    description: "OIDC well known URL"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Generate cluster name
+      shell: bash
+      run: echo CLUSTER_NAME=ag-$(echo $RANDOM | md5sum | head -c 7) >> $GITHUB_ENV
+    - uses: actions/setup-go@v5
+      with:
+        go-version-file: "go.mod"
+    - name: Checkout to PR branch # to remove after getting rid of pull_request_target
+      shell: bash
+      if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+      run: |
+        git fetch origin pull/${{ github.event.number }}/head:PR-${{ github.event.number }}
+        git checkout PR-${{ github.event.number }}
+    - name: Prepare gardener kubeconfig
+      shell: bash
+      env:
+        GARDENER_TOKEN: ${{ inputs.gardener_secret }}
+      run: "${{ github.workspace }}/hack/ci/gardener_kubeconfig.sh"
+    - name: Provision cluster
+      shell: bash
+      env:
+        GARDENER_KUBECONFIG: "${{ github.workspace }}/gardener_kubeconfig.yaml"
+        CLUSTER_KUBECONFIG: "${{ github.workspace }}/${{ env.CLUSTER_NAME }}_kubeconfig.yaml"
+        GARDENER_PROVIDER: ${{ inputs.gardener_provider }}
+        GARDENER_PROJECT_NAME: ${{ inputs.gardener_project_name }}
+      run: "${{ github.workspace }}/hack/ci/provision-gardener.sh"
+    - name: Run integration tests
+      shell: bash
+      env:
+        IMG: ${{ inputs.manager_image }}
+        CLIENT_ID: ${{ inputs.client_id }}
+        CLIENT_SECRET: ${{ inputs.client_secret }}
+        OIDC_CONFIG_URL: ${{ inputs.oidc_well_known_url }}
+        CLUSTER_KUBECONFIG: "${{ github.workspace }}/${{ env.CLUSTER_NAME }}_kubeconfig.yaml"
+      run: EXPORT_RESULT=true "${{ github.workspace }}/hack/ci/int-tests-gardener.sh" ${{ inputs.test_make_target }}
+    - name: Gather deployment logs
+      shell: bash
+      if: always()
+      run: |
+        mkdir logs
+        export KUBECONFIG="${{ github.workspace }}/${{ env.CLUSTER_NAME }}_kubeconfig.yaml"
+        (kubectl logs -n kyma-system deployments/istio-controller-manager || true) > logs/istio-controller-manager.log
+        (kubectl logs -n kyma-system deployments/api-gateway-controller-manager || true) > logs/api-gateway-controller-manager.log
+        (kubectl logs -n istio-system deployments/istio-ingressgateway || true) > logs/istio-ingressgateway.log
+        (kubectl logs -n istio-system deployments/istiod || true) > logs/istiod.log
+        (kubectl logs -n kyma-system deployments/ory-oathkeeper || true) > logs/ory-oathkeeper.log
+        (kubectl get --all-namespaces apirules.gateway.kyma-project.io -oyaml || true) > logs/apirules-dump.yaml
+        (kubectl get --all-namespaces apigateways.operator.kyma-project.io -oyaml || true) > logs/gateway-dump.yaml
+        (kubectl get -n kyma-system deployment ory-oathkeeper -oyaml || true) > logs/ory-oathkeeper-dump.yaml
+    - name: Uploads logs
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: logs-${{ github.job }}-${{ inputs.test_make_target }}
+        path: logs/
+    - name: Uploads artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: html-reports-${{ github.job }}-${{ inputs.test_make_target }}
+        path: tests/integration/reports/
+    - name: Deprovision cluster
+      if: always()
+      shell: bash
+      env:
+        GARDENER_KUBECONFIG: "${{ github.workspace }}/gardener_kubeconfig.yaml"
+        GARDENER_PROJECT_NAME: ${{ inputs.gardener_project_name }}
+      run: "${{ github.workspace }}/hack/ci/deprovision-gardener.sh"
diff --git a/.github/actions/lint/action.yaml b/.github/actions/lint/action.yaml
@@ -0,0 +1,7 @@
+name: 'Lint'
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version-file: "go.mod"
diff --git a/.github/actions/slack-notification-failed-workflow/action.yaml b/.github/actions/slack-notification-failed-workflow/action.yaml
@@ -17,4 +17,5 @@ runs:
         payload-templated: true
         payload: |
           repository: ${{ github.repository }},
-          workflow: ${{ github.workflow }}
+          workflow: ${{ github.workflow }},
+          actor: ${{ github.actor }},
diff --git a/.github/workflows/post-main-integration.yaml b/.github/workflows/post-main-integration.yaml
@@ -46,12 +46,24 @@ jobs:
       - id: get-sha
         uses: ./.github/actions/get-latest-sha
 
+  unit-tests:
+    name: Unit tests & lint
+    needs: [get-sha]
+    # The additional if is required, because there are optional jobs
+    if: ${{ always() && !failure() && !cancelled() }}
+    uses: ./.github/workflows/call-unit-lint.yaml
+    secrets: inherit
+
   integration-tests:
     name: Integration tests
     runs-on: ubuntu-latest
     needs: [get-sha]
     # The additional if is required, because there are optional jobs
     if: ${{ always() && !failure() && !cancelled() }}
+    strategy:
+      fail-fast: false
+      matrix:
+        test_make_target: [ "test-integration-ory", "test-integration-istio", "test-integration-v2alpha1", "test-integration-gateway", "test-integration-gateway" ]
     steps:
       - uses: actions/checkout@v4
         with:
@@ -65,6 +77,33 @@ jobs:
           client_secret: ${{ secrets.CLIENT_SECRET }}
           oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
 
+  integration-tests-aws:
+    name: Integration tests
+    runs-on: ubuntu-latest
+    needs: [get-sha]
+    # The additional if is required, because there are optional jobs
+    if: ${{ always() && !failure() && !cancelled() }}
+    strategy:
+      fail-fast: false
+      matrix:
+        test_make_target: [ "test-integration-ory", "test-integration-istio", "test-integration-v2alpha1", "test-integration-gateway", "test-integration-gateway" ]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: ./.github/actions/integration-tests-gardener
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
+          gardener_secret: ${{ secrets.GARDENER_TOKEN }}
+          gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }}
+          gardener_provider: aws
+          client_id: ${{ secrets.CLIENT_ID }}
+          client_secret: ${{ secrets.CLIENT_SECRET }}
+          oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
+          test_make_target: ${{ matrix.test_make_target }}
+
   migration-downtime-tests:
     name: Zero Downtime Migration Tests
     runs-on: ubuntu-latest
@@ -86,6 +125,33 @@ jobs:
           manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
           test_make_target: ${{ matrix.test_make_target }}
 
+  migration-downtime-tests-aws:
+    name: Zero Downtime Migration Tests AWS
+    runs-on: ubuntu-latest
+    needs: [get-sha]
+    # The additional if is required, because there are optional jobs
+    if: ${{ always() && !failure() && !cancelled() }}
+    strategy:
+      fail-fast: false
+      matrix:
+        test_make_target: [ "test-migration-zero-downtime HANDLER=no_auth", "test-migration-zero-downtime HANDLER=allow", "test-migration-zero-downtime HANDLER=noop", "test-migration-zero-downtime HANDLER=jwt", "test-migration-zero-downtime HANDLER=oauth2_introspection" ]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: ./.github/actions/integration-tests-gardener
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
+          gardener_secret: ${{ secrets.GARDENER_TOKEN }}
+          gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }}
+          gardener_provider: aws
+          client_id: ${{ secrets.CLIENT_ID }}
+          client_secret: ${{ secrets.CLIENT_SECRET }}
+          oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
+          test_make_target: ${{ matrix.test_make_target }}
+
   upgrade-tests:
     name: Upgrade tests
     runs-on: ubuntu-latest
@@ -117,7 +183,7 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
-      - uses: ./.github/actions/integration-test-gardener
+      - uses: ./.github/actions/integration-test-gardener-custom-domain
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -142,7 +208,7 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
-      - uses: ./.github/actions/integration-test-gardener
+      - uses: ./.github/actions/integration-test-gardener-custom-domain
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/hack/ci/int-tests-gardener.sh b/hack/ci/int-tests-gardener.sh
@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+
+# Description: This script runs given integration tests on a real Gardener cluster
+# It installs istio and api gateway and then runs make test targets provided via commandline arguments to that script
+# It requires the following env variables:
+# - IMG - API gateway image to be deployed (by make deploy)
+# - CLUSTER_NAME - Gardener cluster name
+# - CLUSTER_KUBECONFIG - Gardener cluster kubeconfig path
+# - TEST_SA_ACCESS_KEY_PATH - path to the GCP Service account json file
+# - TEST_CUSTOM_DOMAIN - a domain used by tests (a subdomain is created during tests execution)
+
+set -eo pipefail
+
+if [ $# -lt 1 ]; then
+    >&2 echo "Make target is required as parameter"
+    exit 2
+fi
+
+function check_required_vars() {
+  local requiredVarMissing=false
+  for var in "$@"; do
+    if [ -z "${!var}" ]; then
+      >&2 echo "Environment variable ${var} is required but not set"
+      requiredVarMissing=true
+    fi
+  done
+  if [ "${requiredVarMissing}" = true ] ; then
+    exit 2
+  fi
+}
+
+requiredVars=(
+    IMG
+    CLUSTER_NAME
+    CLUSTER_KUBECONFIG
+    TEST_SA_ACCESS_KEY_PATH
+)
+
+check_required_vars "${requiredVars[@]}"
+
+echo "Executing integration tests in cluster ${CLUSTER_NAME}, kubeconfig ${CLUSTER_KUBECONFIG}"
+export KUBECONFIG="${CLUSTER_KUBECONFIG}"
+
+export CLUSTER_DOMAIN=$(kubectl get configmap -n kube-system shoot-info -o jsonpath="{.data.domain}")
+echo "Cluster domain: ${CLUSTER_DOMAIN}"
+
+export GARDENER_PROVIDER=$(kubectl get configmap -n kube-system shoot-info -o jsonpath="{.data.provider}")
+echo "Gardener provider: ${GARDENER_PROVIDER}"
+
+echo "Custom domain: ${TEST_CUSTOM_DOMAIN}"
+
+export TEST_DOMAIN="${CLUSTER_DOMAIN}"
+export KYMA_DOMAIN="${CLUSTER_DOMAIN}" # it is required by env_vars.sh
+export IS_GARDENER=true
+
+# Add pwd to path to be able to use binaries downloaded in scripts
+export PATH="${PATH}:${PWD}"
+
+echo "Installing istio"
+make install-istio
+
+echo "Deploying api-gateway, image: ${IMG}"
+make deploy
+
+echo "Waiting for the ingress gateway external address"
+[ "$GARDENER_PROVIDER" == "aws" ] && address_field="{.status.loadBalancer.ingress[0].hostname}" || address_field="{.status.loadBalancer.ingress[0].ip}"
+kubectl wait --timeout=300s --namespace istio-system services/istio-ingressgateway --for=jsonpath="${address_field}"
+ingress_external_address=$(kubectl get services --namespace istio-system istio-ingressgateway --output jsonpath="${address_field}")
+ingress_external_status_port=$(kubectl get services --namespace istio-system istio-ingressgateway --output jsonpath='{.spec.ports[?(@.name=="status-port")].targetPort}')
+
+echo "Determined ingress external address: ${ingress_external_address} and external status port: ${ingress_external_status_port}"
+
+echo "Waiting until it is possible to connect to the ingress gateway"
+trial=1
+# check if it is possible to establish connection to the ingress gateway (the exact http status code doesn't matter)
+until curl --silent --output /dev/null "http://${ingress_external_address}:${ingress_external_status_port}"
+do
+  if (( trial >= 60 ))
+  then
+     echo "Exceeded number of trials while waiting for the ingress gateway, giving up..."
+     exit 4
+  fi
+  echo "Ingress gateway does not respond, trying again..."
+  sleep 10
+  trial=$((trial + 1))
+done
+echo "Ingress gateway responded"
+
+echo "Executing tests"
+for make_target in "$@"
+do
+    echo "Executing make target $make_target"
+    make $make_target
+done
+echo "Tests finished"