-
Notifications
You must be signed in to change notification settings - Fork 0
230 lines (227 loc) · 12 KB
/
acceptance-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
on:
pull_request:
branches:
- main
types: [opened,synchronize]
paths:
- '**.go'
workflow_dispatch:
name: Terraform & OpenTofu Acceptance Tests
jobs:
acceptance-tests-matrix:
name: ${{ matrix.cli }}
runs-on: ubuntu-latest
continue-on-error: false
environment: development
strategy:
fail-fast: true
matrix:
cli: [terraform, tofu]
outputs:
tf_version: ${{ steps.install_terraform_cli.outputs.version }}
tofu_version: ${{ steps.install_opentofu_cli.outputs.version }}
artifactory_version: ${{ steps.run_artifactory_container.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21
- name: Install Helm
run: |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod +x get_helm.sh
./get_helm.sh
rm get_helm.sh
- name: Install Terraform CLI
id: install_terraform_cli
if: ${{ matrix.cli == 'terraform' }}
run: |
wget -q -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update
sudo apt-get install -y terraform
TF_VERSION=$(terraform -v -json | jq -r .terraform_version)
echo $TF_VERSION
echo "version=$TF_VERSION" >> "$GITHUB_OUTPUT"
- name: Install OpenTofu CLI
id: install_opentofu_cli
if: ${{ matrix.cli == 'tofu' }}
run: |
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg
echo "Set up the OpenTofu repository"
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://get.opentofu.org/opentofu.gpg | sudo tee /etc/apt/keyrings/opentofu.gpg >/dev/null
curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | sudo gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu-repo.gpg >/dev/null
sudo chmod a+r /etc/apt/keyrings/opentofu.gpg /etc/apt/keyrings/opentofu-repo.gpg
echo "Create the OpenTofu source list"
echo \
"deb [signed-by=/etc/apt/keyrings/opentofu.gpg,/etc/apt/keyrings/opentofu-repo.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main
deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg,/etc/apt/keyrings/opentofu-repo.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" | \
sudo tee /etc/apt/sources.list.d/opentofu.list > /dev/null
sudo chmod a+r /etc/apt/sources.list.d/opentofu.list
echo "Installing OpenTofu"
sudo apt-get update
sudo apt-get install -y tofu
echo "TF_ACC_TERRAFORM_PATH=$(which tofu)" >> "$GITHUB_ENV"
echo "TF_ACC_PROVIDER_NAMESPACE=hashicorp" >> "$GITHUB_ENV"
echo "TF_ACC_PROVIDER_HOST=registry.opentofu.org" >> "$GITHUB_ENV"
TOFU_VERSION=$(tofu -v -json | jq -r .terraform_version)
echo $TOFU_VERSION
echo "version=$TOFU_VERSION" >> "$GITHUB_OUTPUT"
- name: Install GoReleaser
run: |
echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list
sudo apt-get update
sudo apt-get install -y goreleaser
- name: Create Artifactory data directories and copy data
env:
ARTIFACTORY_LICENSE: ${{ secrets.ARTIFACTORY_LICENSE }}
run: |
mkdir -p ${{ runner.temp }}/artifactory/extra_conf
mkdir -p ${{ runner.temp }}/artifactory/var/etc
echo $ARTIFACTORY_LICENSE > ${{ runner.temp }}/artifactory/extra_conf/artifactory.lic
cp ${{ github.workspace }}/scripts/system.yaml ${{ runner.temp }}/artifactory/var/etc/system.yaml
sudo chown -R 1030:1030 ${{ runner.temp }}/artifactory/var
- name: Run Artifactory container
id: run_artifactory_container
run: |
echo "Get latest Artifactory image tag"
helm repo add artifactory https://charts.jfrog.io
helm repo update
ARTIFACTORY_VERSION=$(helm search repo | grep "artifactory " | awk '{$1=$1};1' | cut -f3 -d " ")
echo "version=$ARTIFACTORY_VERSION" >> "$GITHUB_OUTPUT"
echo "Start up Artifactory container"
docker run -i --name artifactory -d --rm \
-v ${{ runner.temp }}/artifactory/extra_conf:/artifactory_extra_conf \
-v ${{ runner.temp }}/artifactory/var:/var/opt/jfrog/artifactory \
-p 8081:8081 -p 8082:8082 \
releases-docker.jfrog.io/jfrog/artifactory-pro:${ARTIFACTORY_VERSION}
echo "Set localhost to a container IP address, since we run docker inside of docker"
export LOCALHOST=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.Gateway}}{{end}}' artifactory)
export JFROG_URL="http://${LOCALHOST}:8082"
echo "JFROG_URL=$JFROG_URL" >> "$GITHUB_ENV"
echo "Waiting for Artifactory services to start at ${JFROG_URL}"
until $(curl -sf -o /dev/null -m 5 ${JFROG_URL}/artifactory/api/system/ping/); do
printf '.'
sleep 5
done
echo "Waiting for Artifactory UI to start"
until $(curl -sf -o /dev/null -m 5 ${JFROG_URL}/ui/login/); do
printf '.'
sleep 5
done
export COOKIES=$(curl -s -c - "${JFROG_URL}/ui/api/v1/ui/auth/login?_spring_security_remember_me=false" \
--header "accept: application/json, text/plain, */*" \
--header "content-type: application/json;charset=UTF-8" \
--header "x-requested-with: XMLHttpRequest" \
-d '{"user":"admin","password":"'"${{ secrets.ARTIFACTORY_PASSWORD }}"'","type":"login"}' | grep FALSE)
export REFRESHTOKEN=$(echo $COOKIES | grep REFRESHTOKEN | awk '{print $7}')
export ACCESSTOKEN=$(echo $COOKIES | grep ACCESSTOKEN | awk '{print $14}')
export JFROG_ACCESS_TOKEN=$(curl -s -g --request GET "${JFROG_URL}/ui/api/v1/system/security/token?services[]=all" \
--header "accept: application/json, text/plain, */*" \
--header "x-requested-with: XMLHttpRequest" \
--header "cookie: ACCESSTOKEN=${ACCESSTOKEN}; REFRESHTOKEN=${REFRESHTOKEN}")
echo "::add-mask::$JFROG_ACCESS_TOKEN"
echo "JFROG_ACCESS_TOKEN=$JFROG_ACCESS_TOKEN" >> "$GITHUB_ENV"
- name: Download and decrypt license file
env:
JFROG_LICENSE_BUCKET_URL: ${{ secrets.JFROG_LICENSE_BUCKET_URL }}
JFROG_LICENSE_BUCKET_KEY: ${{ secrets.JFROG_LICENSE_BUCKET_KEY }}
run: |
curl -s -o ${{ runner.temp }}/encrypted_license.json $JFROG_LICENSE_BUCKET_URL
openssl aes-256-cbc -d -md md5 -in ${{ runner.temp }}/encrypted_license.json -pass pass:$JFROG_LICENSE_BUCKET_KEY > ${{ runner.temp }}/decrypted_license.json
echo "JFROG_LICENSE_BUCKET_FILE=${{ runner.temp }}/decrypted_license.json" >> "$GITHUB_ENV"
- name: Execute acceptance tests
env:
JFROG_LICENSE_BUCKET_URL: ${{ secrets.JFROG_LICENSE_BUCKET_URL }}
JFROG_LICENSE_BUCKET_KEY: ${{ secrets.JFROG_LICENSE_BUCKET_KEY }}
run: make acceptance
- name: Install provider
run: |
export PROVIDER_VERSION=$(git describe --tags --abbrev=0 | sed -n 's/v\([0-9]*\).\([0-9]*\).\([0-9]*\)/\1.\2.\3/p')
cat sample.tf | sed -e "s/version =.*/version = \"${PROVIDER_VERSION}\"/g" > sample.tf.tmp
cp sample.tf.tmp sample.tf && rm sample.tf.tmp
TERRAFORM_CLI=${{ matrix.cli }} make install
- name: Clean up Docker container
if: always()
run: docker stop artifactory
- name: Send workflow status to Slack
uses: slackapi/[email protected]
if: always()
with:
payload: |
{
"text": "${{ github.workflow }} https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ github.job }} ${{ matrix.cli }} GitHub Action result: ${{ job.status == 'success' && ':white_check_mark:' || ':x:' }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "${{ github.workflow }} <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ github.job }}|${{ matrix.cli }} GitHub Action result>: ${{ job.status == 'success' && ':white_check_mark:' || ':x:' }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_PR_WEBHOOK }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
update-changelog:
runs-on: ubuntu-latest
needs: acceptance-tests-matrix
if: ${{ github.event_name == 'pull_request' }} && ${{ needs.acceptance-tests-matrix.result == 'success' }}
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}
- name: Update CHANGELOG and push commit
env:
ARTIFACTORY_VERSION: ${{ needs.acceptance-tests-matrix.outputs.artifactory_version }}
TERRAFORM_VERSION: ${{ needs.acceptance-tests-matrix.outputs.tf_version }}
OPENTOFU_VERSION: ${{ needs.acceptance-tests-matrix.outputs.tofu_version }}
run: |
echo "Adding Artifactory version to CHANGELOG.md"
sed -i -E "0,/(##\s.+\..+\..+\s\(.+\)).*/ s/(##\s.+\..+\..+\s\(.+\)).*/\1. Tested on Artifactory $ARTIFACTORY_VERSION with Terraform $TERRAFORM_VERSION and OpenTofu $OPENTOFU_VERSION/" CHANGELOG.md
head -10 CHANGELOG.md
git add CHANGELOG.md
export REGEX="Changes to be committed*"
export GIT_STATUS=$(git status)
if [[ ${GIT_STATUS} =~ ${REGEX} ]]; then
echo "Commiting changes"
git config --global user.name 'JFrog CI'
git config --global user.email '[email protected]'
git config --get user.name
git config --get user.email
git commit --author="JFrog CI <[email protected]>" -m "JFrog Pipelines - Add Artifactory version to CHANGELOG.md"
git push
else
echo "There is nothing to commit: Artifactory version hadn't changed."
fi
- name: Send workflow status to Slack
uses: slackapi/[email protected]
if: success()
with:
payload: |
{
"text": "Terraform Provider Platform. A new PR was submitted by ${{ github.event.pull_request.user.login }} - ${{ github.event.pull_request.html_url }}, branch ${{ github.event.pull_request.base.ref }}. Changes tested successfully. <@U01H1SLSPA8> or <@UNDRUL1EU> please, review and merge.",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "<http://github.com/${{ github.repository }}|Terraform Provider Platform>. A new PR was submitted by *${{ github.event.pull_request.user.login }}* - <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>, branch *${{ github.event.pull_request.base.ref }}*. Changes tested successfully. <@U01H1SLSPA8> or <@UNDRUL1EU> please, review and merge."
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_PR_WEBHOOK }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK