Skip to content

TPT-3319: Add support for Apply Linode Firewalls #641

TPT-3319: Add support for Apply Linode Firewalls

TPT-3319: Add support for Apply Linode Firewalls #641

Workflow file for this run

on:
pull_request:
workflow_dispatch:
inputs:
test_suite:
description: 'Enter specific test suite. E.g. domain, linode_client'
required: false
sha:
description: 'The hash value of the commit.'
required: true
pull_request_number:
description: 'The number of the PR.'
required: false
name: PR E2E Tests
jobs:
integration-fork-ubuntu:
runs-on: ubuntu-latest
if:
github.event_name == 'workflow_dispatch' && inputs.sha != ''
env:
EXIT_STATUS: 0
steps:
- uses: actions-ecosystem/action-regex-match@v2
id: validate-tests
with:
text: ${{ inputs.test_suite }}
regex: '[^a-z0-9-:.\/_]' # Tests validation
flags: gi
# Check out merge commit
- name: Checkout PR
uses: actions/checkout@v4
with:
ref: ${{ inputs.sha }}
fetch-depth: 0
submodules: 'recursive'
- name: Get the hash value of the latest commit from the PR branch
uses: octokit/[email protected]
id: commit-hash
if: ${{ inputs.pull_request_number != '' }}
with:
query: |
query PRHeadCommitHash($owner: String!, $repo: String!, $pr_num: Int!) {
repository(owner:$owner, name:$repo) {
pullRequest(number: $pr_num) {
headRef {
target {
... on Commit {
oid
}
}
}
}
}
}
owner: ${{ github.event.repository.owner.login }}
repo: ${{ github.event.repository.name }}
pr_num: ${{ fromJSON(inputs.pull_request_number) }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Python deps
run: pip install -U setuptools wheel boto3 certifi
- name: Install Python SDK
run: make dev-install
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run Integration tests
run: |
timestamp=$(date +'%Y%m%d%H%M')
report_filename="${timestamp}_sdk_test_report.xml"
make testint TEST_ARGS="--junitxml=${report_filename}" TEST_SUITE="${{ github.event.inputs.test_suite }}"
env:
LINODE_TOKEN: ${{ secrets.LINODE_TOKEN }}
- name: Upload test results
if: always()
run: |
filename=$(ls | grep -E '^[0-9]{12}_sdk_test_report\.xml$')
python3 e2e_scripts/tod_scripts/xml_to_obj_storage/scripts/add_gha_info_to_xml.py \
--branch_name "${GITHUB_REF#refs/*/}" \
--gha_run_id "$GITHUB_RUN_ID" \
--gha_run_number "$GITHUB_RUN_NUMBER" \
--xmlfile "${filename}"
sync
python3 e2e_scripts/tod_scripts/xml_to_obj_storage/scripts/xml_to_obj.py "${filename}"
env:
LINODE_CLI_OBJ_ACCESS_KEY: ${{ secrets.LINODE_CLI_OBJ_ACCESS_KEY }}
LINODE_CLI_OBJ_SECRET_KEY: ${{ secrets.LINODE_CLI_OBJ_SECRET_KEY }}
- uses: actions/github-script@v7
id: update-check-run
if: ${{ inputs.pull_request_number != '' && fromJson(steps.commit-hash.outputs.data).repository.pullRequest.headRef.target.oid == inputs.sha }}
env:
number: ${{ inputs.pull_request_number }}
job: ${{ github.job }}
conclusion: ${{ job.status }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { data: pull } = await github.rest.pulls.get({
...context.repo,
pull_number: process.env.number
});
const ref = pull.head.sha;
const { data: checks } = await github.rest.checks.listForRef({
...context.repo,
ref
});
const check = checks.check_runs.filter(c => c.name === process.env.job);
const { data: result } = await github.rest.checks.update({
...context.repo,
check_run_id: check[0].id,
status: 'completed',
conclusion: process.env.conclusion
});
return result;
apply-calico-rules:
runs-on: ubuntu-latest
needs: [integration-fork-ubuntu]
if: ${{ success() || failure() }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: 'recursive'
- name: Download kubectl and calicoctl for LKE clusters
run: |
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
curl -LO "https://github.com/projectcalico/calico/releases/download/v3.25.0/calicoctl-linux-amd64"
chmod +x calicoctl-linux-amd64 kubectl
mv calicoctl-linux-amd64 /usr/local/bin/calicoctl
mv kubectl /usr/local/bin/kubectl
- name: Apply Calico Rules to LKE
run: |
cd e2e_scripts/cloud_security_scripts/lke_calico_rules/ && ./lke_calico_rules_e2e.sh
env:
LINODE_TOKEN: ${{ secrets.LINODE_TOKEN }}
add-fw-to-remaining-instances:
runs-on: ubuntu-latest
needs: [integration-fork-ubuntu]
if: ${{ success() || failure() }}
steps:
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Linode CLI
run: |
pip install linode-cli
- name: Create Firewall and Attach to Instances
run: |
FIREWALL_ID=$(linode-cli firewalls create --label "e2e-fw-$(date +%s)" --rules.inbound_policy "DROP" --rules.outbound_policy "ACCEPT" --text --format=id --no-headers)
echo "Created Firewall with ID: $FIREWALL_ID"
for instance_id in $(linode-cli linodes list --format "id" --text --no-header); do
echo "Attaching firewall to instance: $instance_id"
if linode-cli firewalls device-create "$FIREWALL_ID" --id "$instance_id" --type linode; then
echo "Firewall attached to instance $instance_id successfully."
else
echo "An error occurred while attaching firewall to instance $instance_id. Skipping..."
fi
done
env:
LINODE_CLI_TOKEN: ${{ secrets.LINODE_TOKEN }}