Merge pull request #6 from pagopa/integration-test-branch

feat: Add integration test [PAGOPA-959]
pagopa · Aug 23, 2023 · bfc1692 · bfc1692
2 parents bd07efb + 11a2e83
commit bfc1692
Show file tree

Hide file tree

Showing 43 changed files with 2,137 additions and 16 deletions.
diff --git a/.devops/deploy-pipelines.yml b/.devops/deploy-pipelines.yml
@@ -17,17 +17,17 @@ parameters:
       - buildNumber
       - skip
     default: skip
-  - name: TEST
-    displayName: Run tests
-    type: boolean
-    default: false
   - name: "FORCE_REPLACE_DOCKER_IMAGE"
     displayName: "Force the existing docker image to be replaced"
     type: boolean
     default: False
     values:
       - False
       - True
+  - name: INTEGRATION_TEST
+    displayName: Run integration tests
+    type: boolean
+    default: true
 
 variables:
   imageRepository: '$(IMAGE_REPOSITORY_NAME)'
@@ -38,24 +38,38 @@ variables:
     NODO_HOST: "https://api.dev.platform.pagopa.it/nodo/nodo-per-pa/v1/"
     STAGE: "d"
     RESOURCE_GROUP: 'pagopa-d-weu-gps-gpd-rg'
-    dockerRegistryServiceConnection: $(DEV_CONTAINER_REGISTRY_SERVICE_CONN)
-    dockerNamespace: $(DEV_CONTAINER_NAMESPACE)
+    DOCKER_REGISTRY_SERVICE_CONNECTION: $(DEV_CONTAINER_REGISTRY_SERVICE_CONN)
+    DOCKER_NAMESPACE: $(DEV_CONTAINER_NAMESPACE)
+    POOL_IMAGE_TEST: "pagopa-dev-loadtest-linux"
+    API_CONFIG_SUBSCRIPTION_KEY: $(DEV_API_CONFIG_SUBSCRIPTION_KEY)
+    GPD_SUBSCRIPTION_KEY: $(DEV_GPD_SUBSCRIPTION_KEY)
+    PAYMENTS_REST_SUBSCRIPTION_KEY: $(DEV_PAYMENTS_REST_SUBSCRIPTION_KEY)
+    PAYMENTS_SOAP_SUBSCRIPTION_KEY: $(DEV_PAYMENTS_SOAP_SUBSCRIPTION_KEY)
+    REPORTING_SUBSCRIPTION_KEY: $(DEV_REPORTING_SUBSCRIPTION_KEY)
+    REPORTING_BATCH_CONNECTION_STRING: $(DEV_REPORTING_BATCH_CONNECTION_STRING)
   ${{ if eq(parameters['ENV'], 'uat') }}:
     AZURE_SUBSCRIPTION: $(UAT_AZURE_SUBSCRIPTION)
     APP_NAME: $(UAT_WEB_APP_NAME)
     NODO_HOST: "https://api.uat.platform.pagopa.it/nodo/nodo-per-pa/v1/"
     STAGE: "u"
     RESOURCE_GROUP: 'pagopa-u-weu-gps-gpd-rg'
-    dockerRegistryServiceConnection: $(UAT_CONTAINER_REGISTRY_SERVICE_CONN)
-    dockerNamespace: $(UAT_CONTAINER_NAMESPACE)
+    DOCKER_REGISTRY_SERVICE_CONNECTION: $(UAT_CONTAINER_REGISTRY_SERVICE_CONN)
+    DOCKER_NAMESPACE: $(UAT_CONTAINER_NAMESPACE)
+    POOL_IMAGE_TEST: "pagopa-uat-loadtest-linux"
+    API_CONFIG_SUBSCRIPTION_KEY: $(UAT_API_CONFIG_SUBSCRIPTION_KEY)
+    GPD_SUBSCRIPTION_KEY: $(UAT_GPD_SUBSCRIPTION_KEY)
+    PAYMENTS_REST_SUBSCRIPTION_KEY: $(UAT_PAYMENTS_REST_SUBSCRIPTION_KEY)
+    PAYMENTS_SOAP_SUBSCRIPTION_KEY: $(UAT_PAYMENTS_SOAP_SUBSCRIPTION_KEY)
+    REPORTING_SUBSCRIPTION_KEY: $(UAT_REPORTING_SUBSCRIPTION_KEY)
+    REPORTING_BATCH_CONNECTION_STRING: $(UAT_REPORTING_BATCH_CONNECTION_STRING)
   ${{ if eq(parameters['ENV'], 'prod') }}:
     AZURE_SUBSCRIPTION: $(PROD_AZURE_SUBSCRIPTION)
     APP_NAME: $(PROD_WEB_APP_NAME)
     NODO_HOST: "https://api.platform.pagopa.it/nodo/nodo-per-pa/v1/"
     STAGE: "p"
     RESOURCE_GROUP: 'pagopa-p-weu-gps-gpd-rg'
-    dockerRegistryServiceConnection: $(PROD_CONTAINER_REGISTRY_SERVICE_CONN)
-    dockerNamespace: $(PROD_CONTAINER_NAMESPACE)
+    DOCKER_REGISTRY_SERVICE_CONNECTION: $(PROD_CONTAINER_REGISTRY_SERVICE_CONN)
+    DOCKER_NAMESPACE: $(PROD_CONTAINER_NAMESPACE)
 
   ${{ if eq(variables['Build.SourceBranchName'], 'merge') }}:
     SOURCE_BRANCH: "main" # force to main branch
@@ -143,8 +157,8 @@ stages:
 
           - template: templates/docker-release/template.yaml@pagopaCommons
             parameters:
-              CONTAINER_REGISTRY_SERVICE_CONN: $(dockerRegistryServiceConnection)
-              CONTAINER_REGISTRY_FQDN: $(dockerNamespace)
+              CONTAINER_REGISTRY_SERVICE_CONN: $(DOCKER_REGISTRY_SERVICE_CONNECTION)
+              CONTAINER_REGISTRY_FQDN: $(DOCKER_NAMESPACE)
               DOCKER_IMAGE_NAME: $(imageRepository)
               DOCKER_IMAGE_TAG: $(current_version)
               FORCE_REPLACE_DOCKER_IMAGE: ${{ parameters.FORCE_REPLACE_DOCKER_IMAGE }}
@@ -177,16 +191,16 @@ stages:
             inputs:
               azureSubscription: $(AZURE_SUBSCRIPTION)
               appName: "${{variables.APP_NAME}}-fn-gpd-service"
-              imageName: "${{variables.dockerNamespace}}/${{ variables.imageRepository }}:latest"
+              imageName: "${{variables.DOCKER_NAMESPACE}}/${{ variables.imageRepository }}:latest"
               slotName: production
               resourceGroupName: $(RESOURCE_GROUP)
           - task: AzureFunctionAppContainer@1
-            displayName: Deploy Function App PROD staging
+            displayName: Deploy Function App [PROD] staging
             condition: eq('${{ parameters.ENV }}', 'prod')
             inputs:
               azureSubscription: $(AZURE_SUBSCRIPTION)
               appName: "${{variables.APP_NAME}}-fn-gpd-service"
-              imageName: "${{variables.dockerNamespace}}/${{ variables.imageRepository }}:latest"
+              imageName: "${{variables.DOCKER_NAMESPACE}}/${{ variables.imageRepository }}:latest"
               deployToSlotOrASE: true
               slotName: staging
               resourceGroupName: $(RESOURCE_GROUP)
@@ -234,4 +248,41 @@ stages:
               scriptLocation: 'inlineScript'
               failOnStandardError: true
               inlineScript: |
-                az functionapp stop --name ${{variables.APP_NAME}}-fn-gpd-service --resource-group $(RESOURCE_GROUP) --slot staging
+                az functionapp stop --name ${{variables.APP_NAME}}-fn-gpd-service --resource-group $(RESOURCE_GROUP) --slot staging
+
+  # Run Tests
+  - stage: Integration_Test
+    dependsOn:
+      - Deploy
+    condition: and(and(succeeded(), eq('${{ parameters.INTEGRATION_TEST }}', 'true')), ne('${{ parameters.ENV }}', 'prod'))
+    jobs:
+      - job: integration_tests
+        pool:
+          name: $(POOL_IMAGE_TEST)
+        displayName: "Prepare and run integration tests"
+        timeoutInMinutes: 0
+        steps:
+          - checkout: self
+            persistCredentials: true
+
+          - script: |
+              git checkout $(SOURCE_BRANCH)
+              git pull
+
+          - task: Docker@2
+            displayName: "Docker login"
+            inputs:
+              containerRegistry: "$(DOCKER_REGISTRY_SERVICE_CONNECTION)"
+              command: "login"
+
+          - task: Bash@3
+            displayName: "Run Integration Tests"
+            inputs:
+              targetType: "inline"
+              script: |
+                cd ./integration-test/ && \
+                sh run_integration_test.sh ${{ parameters.ENV }}
+            env:
+              API_SUBSCRIPTION_KEY: $(API_SUBSCRIPTION_KEY)
+              REPORTING_BATCH_CONNECTION_STRING: $(REPORTING_BATCH_CONNECTION_STRING)
+              CONTAINER_REGISTRY: $(DOCKER_NAMESPACE)
diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml
@@ -0,0 +1,67 @@
+name: Integration Tests
+
+on:
+  schedule:
+    - cron: '00 08 * * 2'
+
+  workflow_dispatch:
+    inputs:
+      environment:
+        required: true
+        type: choice
+        description: Select the Environment
+        options:
+          - dev
+          - uat
+        default: uat
+      canary:
+        description: 'run the tests on canary version'
+        required: false
+        type: boolean
+        default: false
+
+permissions:
+  id-token: write
+  contents: read
+  deployments: write
+
+
+jobs:
+  integration_test:
+    name: Test
+    runs-on: ubuntu-latest
+    environment: ${{(github.event.inputs == null && 'uat') || inputs.environment }}
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
+
+      - name: Run Integration Tests
+        shell: bash
+        run: |
+          export CANARY=${{ inputs.canary }}
+          export REPORTING_BATCH_QUEUE=${{ vars.REPORTING_BATCH_QUEUE }}
+          export FLOW_SA_CONNECTION_STRING="${{ secrets.FLOW_SA_CONNECTION_STRING }}"
+
+          cd ./integration-test
+          chmod +x ./run_integration_test.sh
+          ./run_integration_test.sh ${{( github.event.inputs == null && 'uat') || inputs.environment }} ${{ secrets.API_SUBSCRIPTION_KEY }}
+
+  notify:
+    needs: [ integration_test ]
+    runs-on: ubuntu-latest
+    name: Notify
+    if: always()
+    steps:
+      - name: Report Status
+        if: always()
+        uses: ravsamhq/notify-slack-action@v2
+        with:
+          status: ${{ needs.integration_test.result }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          notify_when: 'failure,skipped'
+          notification_title: '{workflow} has {status_message}'
+          message_format: '{emoji} <{workflow_url}|{workflow}> {status_message} in <{repo_url}|{repo}>'
+          footer: 'Linked to Repo <{repo_url}|{repo}>'
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,7 @@ target/
 
 # Log file
 *.log
+**/yarn.lock
 
 # BlueJ files
 *.ctxt
@@ -37,3 +38,12 @@ hs_err_pid*
 local.settings.json
 bin/
 obj/
+
+# Project files
+/target/
+**/node_modules
+
+# Terraform
+**/.terraform/
+/.identity/.terraform.lock.hcl
+*.lock
diff --git a/.identity/00_data.tf b/.identity/00_data.tf
@@ -0,0 +1,48 @@
+data "azurerm_resource_group" "dashboards" {
+  name = "dashboards"
+}
+
+data "azurerm_kubernetes_cluster" "aks" {
+  name                = local.aks_cluster.name
+  resource_group_name = local.aks_cluster.resource_group_name
+}
+
+data "github_organization_teams" "all" {
+  root_teams_only = true
+  summary_only    = true
+}
+
+data "azurerm_key_vault" "key_vault" {
+  name                = "pagopa-${var.env_short}-kv"
+  resource_group_name = "pagopa-${var.env_short}-sec-rg"
+}
+
+data "azurerm_key_vault" "domain_key_vault" {
+  name                = "pagopa-${var.env_short}-${local.domain}-kv"
+  resource_group_name = "pagopa-${var.env_short}-${local.domain}-sec-rg"
+}
+
+data "azurerm_key_vault_secret" "key_vault_sonar" {
+  name         = "sonar-token"
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+data "azurerm_key_vault_secret" "key_vault_bot_token" {
+  name         = "bot-token-github"
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+data "azurerm_key_vault_secret" "key_vault_cucumber_token" {
+  name         = "cucumber-token"
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+data "azurerm_key_vault_secret" "key_vault_integration_test_subkey" {
+  name         = "integration-test-subkey"
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+data "azurerm_key_vault_secret" "flow_sa_connection_string" {
+  name         = "flows-sa-${var.env_short}-connection-string"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf
@@ -0,0 +1,84 @@
+#module "github_runner_app" {
+#  source = "git::https://github.com/pagopa/github-actions-tf-modules.git//app-github-runner-creator?ref=main"
+#
+#  app_name = local.app_name
+#
+#  subscription_id = data.azurerm_subscription.current.id
+#
+#  github_org              = local.github.org
+#  github_repository       = local.github.repository
+#  github_environment_name = var.env
+#
+#  container_app_github_runner_env_rg = local.container_app_environment.resource_group
+#}
+#
+#resource "null_resource" "github_runner_app_permissions_to_namespace" {
+#  triggers = {
+#    aks_id               = data.azurerm_kubernetes_cluster.aks.id
+#    service_principal_id = module.github_runner_app.client_id
+#    namespace            = local.domain
+#    version              = "v2"
+#  }
+#
+#  provisioner "local-exec" {
+#    command = <<EOT
+#      az role assignment create --role "Azure Kubernetes Service RBAC Admin" \
+#      --assignee ${self.triggers.service_principal_id} \
+#      --scope ${self.triggers.aks_id}/namespaces/${self.triggers.namespace}
+#
+#      az role assignment list --role "Azure Kubernetes Service RBAC Admin"  \
+#      --scope ${self.triggers.aks_id}/namespaces/${self.triggers.namespace}
+#    EOT
+#  }
+#
+#  provisioner "local-exec" {
+#    when    = destroy
+#    command = <<EOT
+#      az role assignment delete --role "Azure Kubernetes Service RBAC Admin" \
+#      --assignee ${self.triggers.service_principal_id} \
+#      --scope ${self.triggers.aks_id}/namespaces/${self.triggers.namespace}
+#    EOT
+#  }
+#}
+#
+#resource "azurerm_role_assignment" "environment_terraform_resource_group_dashboards" {
+#  scope                = data.azurerm_resource_group.dashboards.id
+#  role_definition_name = "Contributor"
+#  principal_id         = module.github_runner_app.object_id
+#}
+#
+#resource "azurerm_role_assignment" "environment_key_vault" {
+#  scope                = data.azurerm_key_vault.key_vault.id
+#  role_definition_name = "Reader"
+#  principal_id         = module.github_runner_app.object_id
+#}
+#
+#resource "azurerm_role_assignment" "environment_key_vault_domain" {
+#  scope                = data.azurerm_key_vault.domain_key_vault.id
+#  role_definition_name = "Reader"
+#  principal_id         = module.github_runner_app.object_id
+#}
+#
+#resource "azurerm_key_vault_access_policy" "ad_kv_group_policy" {
+#  key_vault_id = data.azurerm_key_vault.key_vault.id
+#
+#  tenant_id = data.azurerm_client_config.current.tenant_id
+#  object_id = module.github_runner_app.object_id
+#
+#  key_permissions         = []
+#  secret_permissions      = ["Get", "List"]
+#  storage_permissions     = []
+#  certificate_permissions = []
+#}
+#
+#resource "azurerm_key_vault_access_policy" "ad_domain_kv_group_policy" {
+#  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+#
+#  tenant_id = data.azurerm_client_config.current.tenant_id
+#  object_id = module.github_runner_app.object_id
+#
+#  key_permissions         = []
+#  secret_permissions      = ["Get", "List"]
+#  storage_permissions     = []
+#  certificate_permissions = []
+#}