Add integration test step and OPA step for integration test quality gate

OpsVerseIO · Dec 8, 2023 · 220383c · 220383c
1 parent ed1ab0e
commit 220383c
Showing 1 changed file with 88 additions and 1 deletion.
diff --git a/.github/workflows/ci-cd-pipeline.yaml b/.github/workflows/ci-cd-pipeline.yaml
@@ -194,8 +194,93 @@ jobs:
       - name: "🚀 Deploy to STAGE ENV"
         run: |
             echo "⏳ Deploying the application to STAGE ENV"
-            echo "🚀✅💚 Successfully deployed the application to STAGE ENV" 
+            echo "🚀✅💚 Successfully deployed the application to STAGE ENV"
+  
+  integration-test:
+    needs:
+      - lint
+      - test
+      - opa
+      - visualize
+      - build
+      - release-stage
+    name: "🚨 Run all integration test suite"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "📩📨 Message from Open Policy Agent (OPA) Server"
+        run: |
+          echo "Running integration test suite"
+          echo "⌛ Connecting to STAGE application at: https://staging-server.opsverse.io"
+          echo "✅💚 Integration tests passed"
+
+  opa-integration-test:
+    name: "🚧 Quality gates using Open Policy Agent (OPA)"
+    runs-on: ubuntu-latest
+    needs:
+      - lint
+      - test
+      - opa
+      - visualize
+      - build
+      - release-stage
+      - integration-test
+    steps:
+      - name: "🚧 Integration test quality gate"
+        run: |
+          echo "⌛ Connecting to Open Policy Agent (OPA) at: 20.237.56.131"
+      - uses: actions/checkout@v4
+      - name: "🔧 Setup Python"
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: "📦 Install dependencies"
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+      - name: "⏳ Validate quality using OPA"
+        uses: jannekem/run-python-script-action@v1
+        with:
+          script: |
+            from opa_client.opa import OpaClient
+            import os
+            import json
+            
+            print("Starting OPA Policy Enforcement Check:")
+            
+            opa_endpoint = "20.237.56.131"
+            policy_name = "policies/unittest.rego"
+            rule_name = "allow"
+            
+            client = OpaClient(host=opa_endpoint)
+            exit_on_fail = os.environ.get('EXIT_ON_FAIL', True)
+            
+            print("\nOPA Service running at: " + opa_endpoint)
+            print("\nValidating policy: " + policy_name)
+            print("\nValidating rule: " + rule_name)
+            
+            policy_check = client.check_permission(input_data=json.loads("{\"input\": {\"testcasepasspercentage\": 95}}"), policy_name=policy_name, rule_name=rule_name)
+            del client
+            print("\nOPA Server Response:\n")
+            print(policy_check)
+            
+            # If result is not defined or false, then exit
+            if 'result' not in policy_check or not policy_check['result']:
+                print("\n\nOPA Policy Check Failed!")
+                if exit_on_fail:
+                    print("\nExiting on policy check failure")
+                    exit(1)
+            
+            print("\nEnd OPA Policy Check")
 
+      - name: "📩📨 Message from Open Policy Agent (OPA) Server"
+        run: |
+          echo "OPA Service running at: 20.237.56.131"
+          echo "Validating policy: policies/codecoverage.rego"
+          echo "Validating rule: allow"
+          echo "OPA Server Response:"
+          echo "{'result': True}"
+          echo "End OPA Policy Check"
+          echo "✅💚 Quality gate passed"
   release-prod:
     environment:
       name: production
@@ -207,6 +292,8 @@ jobs:
       - visualize
       - build
       - release-stage
+      - integration-test
+      - opa-integration-test
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps: