tests.yml

---
name: Cluster creation and destruction test

on:
    workflow_dispatch:
    pull_request:
        # the paths should be synced with ../labeler.yml
        paths:
        - modules/fixtures/**
        - modules/**.tf
        - .tool-versions
        - .github/workflows/tests.yml
        - .github/actions/**
        - justfile

# limit to a single execution per actor of this workflow
concurrency:
  group: "${{ github.workflow }}-${{ github.actor }}"

env:
  AWS_PROFILE: "infex"
  AWS_REGION: "eu-west-2"
  TF_S3_BUCKET: "camunda-tf-rosa"
  OCP_ADMIN_USERNAME: "cluster-admin"
  OCP_NAMESPACE: "myns"

jobs:

  action-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
        with:
          ref: ${{ github.head_ref }}
          fetch-depth: 0

      - name: Get OCP Cluster Name and Delete Flag
        id: commit_info
        run: |
            commit_message=$(git log -1 --pretty=format:"%B")
            if echo "$commit_message" | grep -qE 'ocp_cluster_name=([^\s]+)'; then
                cluster_name=$(echo "$commit_message" | grep -oP 'ocp_cluster_name=\K[^\s]+')
            else
                cluster_name=$(git rev-parse --short HEAD)
            fi

            if echo "$commit_message" | grep -q 'delete_ocp_cluster=false'; then
                delete_cluster="false"
            else
                delete_cluster="true"
            fi

            echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT"
            echo "delete_cluster=$delete_cluster" >> "$GITHUB_OUTPUT"

      - name: Import Secrets
        id: secrets
        uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
        with:
          url: ${{ secrets.VAULT_ADDR }}
          method: approle
          roleId: ${{ secrets.VAULT_ROLE_ID }}
          secretId: ${{ secrets.VAULT_SECRET_ID }}
          exportEnv: false
          secrets: |
            secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
            secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
            secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
            secret/data/products/infrastructure-experience/ci/common CI_OPENSHIFT_MAIN_PASSWORD;

      # Official action does not support profiles
      - name: Add profile credentials to ~/.aws/credentials
        run: |
          aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
          aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
          aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }}

      - name: Create Cluster
        timeout-minutes: 125
        uses: ./.github/actions/rosa-create-cluster
        id: create_cluster
        with:
          rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
          cluster-name: ${{ steps.commit_info.outputs.cluster_name }}
          admin-username: ${{ env.OCP_ADMIN_USERNAME }}
          admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}
          aws-region: ${{ env.AWS_REGION }}
          namespace:  ${{ env.OCP_NAMESPACE }}
          s3-backend-bucket: ${{ env.TF_S3_BUCKET }}

      - name: Generate kubeconfig
        uses: nick-fields/retry@v3
        id: kube_config
        with:
          timeout_minutes: 10
          max_attempts: 40
          shell: bash
          retry_wait_seconds: 15
          command: |
            oc login --username ${{ env.OCP_ADMIN_USERNAME }} --password ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}"
            oc whoami

            kubectl config rename-context $(oc config current-context) "${{ steps.commit_info.outputs.cluster_name }}"
            kubectl config use "${{ steps.commit_info.outputs.cluster_name }}"

      - name: Create namespace if not exists
        shell: bash
        run: |
            if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then
                oc new-project "${{ env.OCP_NAMESPACE }}"
            else
                echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists"
            fi

      - name: Delete Cluster
        timeout-minutes: 125
        if: always() && steps.commit_info.outputs.delete_cluster == 'true'
        uses: ./.github/actions/rosa-delete-cluster
        with:
          rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
          cluster-name: "${{ steps.commit_info.outputs.cluster_name }}"
          aws-region: ${{ env.AWS_REGION }}
          s3-backend-bucket: ${{ env.TF_S3_BUCKET }}