Cross cloud providers tests #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Cross-Cloud Chainsaw Tests | |
on: | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: '0 0 * * *' # Nightly run at midnight | |
workflow_dispatch: # Manual trigger | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
build-and-push-images: | |
permissions: | |
id-token: write | |
contents: read | |
name: Build and Push Docker Images | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Configure AWS credentials from OIDC | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::061717858829:role/ecr-pull-push-role | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
run: | | |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws | |
# - name: Build and Tag Docker Images | |
# env: | |
# COMMIT_HASH: ${{ github.sha }} | |
# run: | | |
# # Build images | |
# make build-images TAG=${COMMIT_HASH} | |
# # Tag images for public ECR | |
# docker tag keyval/odigos-collector:${COMMIT_HASH} public.ecr.aws/y2v0v6s7/keyval/odigos-collector:${COMMIT_HASH} | |
# docker tag keyval/odigos-instrumentor:${COMMIT_HASH} public.ecr.aws/y2v0v6s7/keyval/odigos-instrumentor:${COMMIT_HASH} | |
# docker tag keyval/odigos-ui:${COMMIT_HASH} public.ecr.aws/y2v0v6s7/keyval/odigos-ui:${COMMIT_HASH} | |
# docker tag keyval/odigos-scheduler:${COMMIT_HASH} public.ecr.aws/y2v0v6s7/keyval/odigos-scheduler:${COMMIT_HASH} | |
# docker tag keyval/odigos-autoscaler:${COMMIT_HASH} public.ecr.aws/y2v0v6s7/keyval/odigos-autoscaler:${COMMIT_HASH} | |
# docker tag keyval/odigos-odiglet:${COMMIT_HASH} public.ecr.aws/y2v0v6s7/keyval/odigos-odiglet:${COMMIT_HASH} | |
# docker push public.ecr.aws/y2v0v6s7/keyval/odigos-collector:${COMMIT_HASH} | |
# docker push public.ecr.aws/y2v0v6s7/keyval/odigos-instrumentor:${COMMIT_HASH} | |
# docker push public.ecr.aws/y2v0v6s7/keyval/odigos-ui:${COMMIT_HASH} | |
# docker push public.ecr.aws/y2v0v6s7/keyval/odigos-scheduler:${COMMIT_HASH} | |
# docker push public.ecr.aws/y2v0v6s7/keyval/odigos-autoscaler:${COMMIT_HASH} | |
# docker push public.ecr.aws/y2v0v6s7/keyval/odigos-odiglet:${COMMIT_HASH} | |
test: | |
permissions: | |
id-token: write | |
contents: read | |
needs: build-and-push-images | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
cloud-provider: [aks] # Add or remove providers as needed [TODO: later add -> eks + gke] | |
env: | |
TEST_SCENARIO: multi-apps | |
steps: | |
- name: Configure AWS credentials from OIDC | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::061717858829:role/ecr-pull-push-role | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
run: | | |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
- name: Configure Cloud Provider | |
run: | | |
if [ "${{ matrix.cloud-provider }}" = "aks" ]; then | |
echo "Configuring for AKS" | |
# Set environment variables for Azure provider | |
echo "ARM_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "ARM_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}" >> $GITHUB_ENV | |
echo "ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}" >> $GITHUB_ENV | |
echo "ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }}" >> $GITHUB_ENV | |
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} | |
az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
elif [ "${{ matrix.cloud-provider }}" = "eks" ]; then | |
echo "Configuring for EKS" | |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws configure set region us-east-1 | |
elif [ "${{ matrix.cloud-provider }}" = "gke" ]; then | |
echo "Configuring for GKE" | |
echo "${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}" | base64 --decode > gcp-key.json | |
gcloud auth activate-service-account --key-file=gcp-key.json | |
gcloud config set project ${{ secrets.GCP_PROJECT_ID }} | |
else | |
echo "Unknown cloud provider: ${{ matrix.cloud-provider }}" | |
exit 1 | |
fi | |
- uses: opentofu/setup-opentofu@v1 | |
- name: Set Terraform Directory Based on Cloud Provider | |
run: | | |
if [ "${{ matrix.cloud-provider }}" == "aks" ]; then | |
echo "TF_DIR=./tests-infrastructure/terraform/aks" >> $GITHUB_ENV | |
elif [ "${{ matrix.cloud-provider }}" == "eks" ]; then | |
echo "TF_DIR=./tests-infrastructure/terraform/eks" >> $GITHUB_ENV | |
elif [ "${{ matrix.cloud-provider }}" == "gke" ]; then | |
echo "TF_DIR=./tests-infrastructure/terraform/gke" >> $GITHUB_ENV | |
else | |
echo "Unknown cloud provider" | |
exit 1 | |
fi | |
- name: Initialize OpenTofu | |
run: tofu -chdir=$TF_DIR init | |
- name: Plan OpenTofu | |
run: tofu -chdir=$TF_DIR plan | |
- name: Apply OpenTofu Configuration | |
run: | | |
tofu -chdir=$TF_DIR apply -auto-approve | |
az aks get-credentials --resource-group tests-rg --name tests-aks | |
- name: Verify cluster Access | |
run: | | |
kubectl get nodes || exit 1 | |
- name: Install Chainsaw | |
uses: kyverno/[email protected] | |
- name: Run E2E Tests | |
run: | | |
echo "MODE=cross-cloud-tests" >> $GITHUB_ENV | |
chainsaw test tests/e2e/${{ env.TEST_SCENARIO }} | |
- name: Destroy Resources | |
if: always() # Ensures this runs even if earlier steps fail | |
run: tofu -chdir=$TF_DIR destroy -auto-approve |