Skip to content

AWS EC2 Tests

AWS EC2 Tests #90

Workflow file for this run

---
name: AWS EC2 Tests
on:
schedule:
- cron: 0 3 * * 1-5
workflow_dispatch:
pull_request:
paths:
- .github/workflows/aws_ec2_tests.yml
- .tool-versions
- aws/ec2/**
- '!aws/ec2/test/golden/**'
# limit to a single execution per actor of this workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
AWS_PROFILE: infex
AWS_REGION: eu-west-2
S3_BACKEND_BUCKET: tf-state-multi-reg
S3_BUCKET_REGION: eu-central-1
jobs:
test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
camunda:
# renovate: datasource=github-releases depName=camunda/camunda versioning=regex:^8\.6?(\.(?<patch>\d+))?$
- 8.6.5
- 8.7.0-SNAPSHOT
isPR:
- ${{ github.event_name == 'pull_request' && !contains(github.head_ref, 'SNAPSHOT') }}
previous_camunda:
- 8.6.2
# we don't include SNAPSHOT in PR due to the instability of its nature except if it's explicitly mentioned
exclude:
- camunda: 8.7.0-SNAPSHOT
isPR: true
steps:
################## Checkout ##################
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
############# Tool Installations #############
- name: Install tooling using asdf
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
################## Secrets ###################
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@v3
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
################ AWS Config ##################
# Official action does not support profiles
- name: Add profile credentials to ~/.aws/credentials
shell: bash
run: |
aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
################ Prerequisites ##################
- name: Export test prefix
run: |
prefix="ec2-test-$(tr -dc 'a-z0-9' </dev/urandom | head -c 5)"
echo "TF_PREFIX=${prefix}" >> "$GITHUB_ENV"
- name: Replace matrix dots with hyphen
run: |
version=$(echo "${{ matrix.camunda }}" | tr '.' '-')
echo "CAMUNDA_HYPHENS=$version" >> "$GITHUB_ENV"
# yamllint disable rule:line-length
- name: Configure Terraform Backend
run: |
cp ${{ github.workspace }}/aws/ec2/test/fixtures/*.tf ${{ github.workspace }}/aws/ec2/terraform/
echo "TF_CLI_ARGS_init=-backend-config='bucket=${{ env.S3_BACKEND_BUCKET }}' -backend-config='key=state/${{ env.TF_PREFIX }}/terraform.tfstate' -backend-config='region=${{ env.S3_BUCKET_REGION }}' -backend-config='encrypt=true'" >> "$GITHUB_ENV"
# yamllint enable rule:line-length
- name: Set Camunda version
working-directory: aws/ec2/scripts
run: |
# We need to replace the string without substitution except for that of GitHub Actions
# shellcheck disable=SC2016
sed -i '0,/CAMUNDA_VERSION/s/CAMUNDA_VERSION=.*/CAMUNDA_VERSION=${CAMUNDA_VERSION:-"${{ matrix.camunda }}"}/' camunda-install.sh
########## Create Infrastructure ############
- name: Terratest - Terraform Apply
if: always() && success()
working-directory: aws/ec2/test/src
timeout-minutes: 41
run: |
go test -v -timeout 40m -run TestSetup
################ Run Tests ##################
- name: Terratest - Run all Tests
id: terratest
working-directory: aws/ec2/test/src
timeout-minutes: 121
env:
CAMUNDA_VERSION: ${{ matrix.camunda }}
CAMUNDA_PREVIOUS_VERSION: ${{ matrix.previous_camunda }}
run: |
# shellcheck disable=SC2155
export PATH=$PATH:$(go env GOPATH)/bin
mkdir /home/runner/.ssh
touch /home/runner/.ssh/config
go install gotest.tools/gotestsum@latest
# Run all tests except TestSetup and TestTeardown
go run gotest.tools/gotestsum@latest --junitfile tests.xml -- --timeout=120m --skip 'TestSetup|TestTeardown'
################ Cleanup ##################
- name: Terratest - Terraform Destroy
if: always()
working-directory: aws/ec2/test/src
timeout-minutes: 31
run: |
go test -v -timeout 30m -run TestTeardown
# this is a workaround for test report not working as expected due to https://github.com/test-summary/action/issues/5
- name: Filter logger.go from the test report (too large)
if: always()
working-directory: aws/ec2/test/src
run: |
sed 's/&#xA;/\n/g' < "./tests.xml" |
grep -E -v '^.*logger\.go.*$' |
sed 's/\n/&#xA;/g' > "./tests-${{ env.CAMUNDA_HYPHENS }}-filtered.xml"
- name: Upload test reports
if: always()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
with:
name: test-reports-${{ env.CAMUNDA_HYPHENS }}
path: ${{ github.workspace }}/aws/ec2/test/src/tests-${{ env.CAMUNDA_HYPHENS }}-filtered.xml
retention-days: 7
- name: Cleanup S3 state bucket
if: always() && steps.terratest.outcome == 'success'
run: |
aws s3 rm "s3://tf-state-multi-reg/state/${TF_PREFIX}/terraform.tfstate"
- name: Remove profile credentials from ~/.aws/credentials
if: always()
run: |
rm -rf ~/.aws/credentials
test-report:
runs-on: ubuntu-latest
if: always()
needs:
- test
outputs:
SNAPSHOT_ERROR: ${{ steps.determine-if-failed-tests-include-snapshot.outputs.SNAPSHOT_ERROR }}
steps:
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
pattern: test-reports-*
path: /tmp/testreports
merge-multiple: true
- name: Determine if failed tests include SNAPSHOT
id: determine-if-failed-tests-include-snapshot
run: |
file=$(find /tmp/testreports -name "*SNAPSHOT*.xml" -type f)
echo "Found file: $file"
if grep -q "FAIL" "$file"; then
echo "File containing 'SNAPSHOT' with FAIL exists"
echo "SNAPSHOT_ERROR=true" >> "$GITHUB_OUTPUT"
else
echo "No file containing 'SNAPSHOT' or with FAIL found"
echo "SNAPSHOT_ERROR=false" >> "$GITHUB_OUTPUT"
fi
- name: Run test-summary
uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2
with:
paths: /tmp/testreports/**/*.xml
notify-on-failure:
runs-on: ubuntu-latest
# if only snapshot error was detected, don't report
if: github.event_name == 'schedule' && failure() && needs.test-report.outputs.SNAPSHOT_ERROR == 'false'
needs:
- test
- test-report
steps:
- name: Notify in Slack in case of failure
id: slack-notification
uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@033b3a26fc64d789daff444f77e0b689266c22ee # 1.2.6
with:
vault_addr: ${{ secrets.VAULT_ADDR }}
vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}