Use deterministic tag for e2e-images and cleanup after use #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | ||
| workflow_call: | ||
| inputs: | ||
| MANAGEMENT_CLUSTER_ENVIRONMENT: | ||
| description: "The infrastructure to use for the management cluster: eks, kind or isolated-kind" | ||
| type: string | ||
| required: true | ||
| default: "eks" | ||
| test_suite: | ||
| description: "The test suite to run (i.e. path to it)" | ||
| required: true | ||
| type: string | ||
| test_name: | ||
| description: "The display name for the test" | ||
| required: true | ||
| type: string | ||
| artifact_name: | ||
| description: "The name for the uploaded artifacts" | ||
| required: true | ||
| type: string | ||
| run_azure_janitor: | ||
| description: "Run the Azure janitor after the test to cleanup" | ||
| required: false | ||
| default: false | ||
| type: boolean | ||
| run_gcp_janitor: | ||
| description: "Run the GCP janitor after the test to cleanup" | ||
| required: false | ||
| default: true | ||
| type: boolean | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| env: | ||
| NGROK_AUTHTOKEN: ${{ secrets.NGROK_AUTHTOKEN }} | ||
| NGROK_API_KEY: ${{ secrets.NGROK_API_KEY }} | ||
| RANCHER_HOSTNAME: ${{ secrets.NGROK_DOMAIN }} | ||
| RANCHER_PASSWORD: ${{ secrets.RANCHER_PASSWORD }} | ||
| CAPA_ENCODED_CREDS: ${{ secrets.CAPA_ENCODED_CREDS }} | ||
| CAPG_ENCODED_CREDS: ${{ secrets.CAPG_ENCODED_CREDS }} | ||
| GCP_PROJECT: ${{ secrets.GCP_PROJECT }} | ||
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | ||
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | ||
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | ||
| GITHUB_USERNAME: ${{ github.actor }} | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| AWS_REGION: eu-west-2 | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| MANAGEMENT_CLUSTER_ENVIRONMENT: ${{ inputs.MANAGEMENT_CLUSTER_ENVIRONMENT }} | ||
| GINKGO_LABEL_FILTER: full | ||
| GINKGO_TESTS: ${{ github.workspace }}/${{ inputs.test_suite }} | ||
| GINKGO_NODES: 5 | ||
| TAG: v${{ github.run_number }}.${{ github.run_attempt }} | ||
| jobs: | ||
| run_e2e_tests: | ||
| runs-on: [self-hosted, linux] | ||
| steps: | ||
| - name: Install eksctl | ||
| run: | | ||
| ARCH=amd64 | ||
| PLATFORM=$(uname -s)_$ARCH | ||
| curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_$PLATFORM.tar.gz" | ||
| curl -sL "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_checksums.txt" | grep $PLATFORM | sha256sum --check | ||
| tar -xzf eksctl_$PLATFORM.tar.gz -C /tmp && rm eksctl_$PLATFORM.tar.gz | ||
| sudo mv /tmp/eksctl /usr/local/bin | ||
| - name: Install aws-iam-authenticator | ||
| run: | | ||
| curl -L -o aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.6.14/aws-iam-authenticator_0.6.14_linux_amd64 | ||
| chmod +x ./aws-iam-authenticator | ||
| sudo mv ./aws-iam-authenticator /usr/local/bin | ||
| aws-iam-authenticator version | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: setupGo | ||
| uses: actions/[email protected] | ||
| with: | ||
| go-version: "=1.22.10" | ||
| - name: Docker login | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Build and push e2e image | ||
| if: ${{ inputs.MANAGEMENT_CLUSTER_ENVIRONMENT == 'eks' }} | ||
| run: make e2e-image-build-and-push | ||
| - name: Run e2e tests | ||
| run: make test-e2e | ||
| - name: Collect run artifacts | ||
| if: always() | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: artifacts_${{ inputs.artifact_name }} | ||
| path: _artifacts | ||
| - name: Cleanup Azure Resources | ||
| if: ${{ inputs.run_azure_janitor && always() }} | ||
| uses: rancher/[email protected] | ||
| with: | ||
| resource-groups: highlander-e2e* | ||
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID}} | ||
| client-id: ${{ secrets.AZURE_CLIENT_ID}} | ||
| client-secret: ${{ secrets.AZURE_CLIENT_SECRET}} | ||
| tenant-id: ${{ secrets.AZURE_TENANT_ID}} | ||
| commit: true | ||
| - name: Cleanup GCP Resources | ||
| if: ${{ inputs.run_gcp_janitor && always() }} | ||
| uses: rancher/[email protected] | ||
| with: | ||
| credentials-json: ${{ secrets.GCP_CREDENTIALS }} | ||
| zones: ${{ secrets.GCP_ZONE }} | ||
| project-id: ${{ secrets.GCP_PROJECT }} | ||
| age-in-hours: 6 | ||
| resource-label-key: ${{ secrets.GCP_LABEL_KEY }} | ||
| resource-label-value: ${{ secrets.GCP_LABEL_VALUE }} | ||
| - name: Cleanup e2e test image | ||
| if: always() | ||
| run: | | ||
| IMAGE_URL="$(gh api /orgs/rancher/packages/container/turtles-e2e/versions | jq ".[] | select( .metadata.container.tags | contains([\"$TAG\"])) | .url" | sed 's/\"//g')" | ||
| gh api -X DELETE "$IMAGE_URL" | ||
| - name: Send failed status to slack | ||
| if: failure() | ||
| uses: slackapi/[email protected] | ||
| with: | ||
| webhook-type: incoming-webhook | ||
| payload: | | ||
| { | ||
| "blocks": [ | ||
| { | ||
| "type": "section", | ||
| "text": { | ||
| "type": "mrkdwn", | ||
| "text": "Rancher turtles E2E test (${{ inputs.test_name }}) run failed. Job trigger by ${{ github.event_name }} event." | ||
| }, | ||
| "accessory": { | ||
| "type": "button", | ||
| "text": { | ||
| "type": "plain_text", | ||
| "text": ":github:", | ||
| "emoji": true | ||
| }, | ||
| "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | ||
