e2e_test.yaml

name: End-to-End Test

on:
  pull_request:

jobs:
  build-charm:
    name: Build Charm
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Remove Unnecessary Components
        run: |
          rm -rf .git
          rm -rf .github

      - name: Write lxd-profile.yaml
        run: |
          cat << EOF > ./lxd-profile.yaml
          config:
            security.nesting: true
            security.privileged: true
            raw.lxc: |
              lxc.apparmor.profile=unconfined
              lxc.mount.auto=proc:rw sys:rw cgroup:rw
              lxc.cgroup.devices.allow=a
              lxc.cap.drop=
          devices:
            kmsg:
              path: /dev/kmsg
              source: /dev/kmsg
              type: unix-char
          EOF

      - name: Cache github-runner Charm
        uses: actions/cache@v3
        id: cache-charm
        with:
          path: github-runner_ubuntu-22.04-amd64.charm
          key: github-runner-charm-${{ hashFiles('**/*') }}

      - name: Setup LXD
        if: steps.cache-charm.outputs.cache-hit != 'true'
        uses: canonical/setup-lxd@main

      - name: Install charmcraft
        if: steps.cache-charm.outputs.cache-hit != 'true'
        run: sudo snap install charmcraft --classic

      - name: Pack github-runner Charm
        if: steps.cache-charm.outputs.cache-hit != 'true'
        run: charmcraft pack || ( cat ~/.local/state/charmcraft/log/* && exit 1 )

      - name: Upload github-runner Charm
        uses: actions/upload-artifact@v3
        with:
          name: dangerous-test-only-github-runner_ubuntu-22.04-amd64.charm
          path: github-runner_ubuntu-22.04-amd64.charm

  run-id:
    name: Generate Run ID
    runs-on: ubuntu-latest
    outputs:
      run-id: ${{ steps.run-id.outputs.run-id }}
    steps:
      - name: Generate Run ID
        id: run-id
        run: |
          echo "run-id=e2e-$(LC_ALL=C tr -dc 'a-z' < /dev/urandom | head -c8)" >> $GITHUB_OUTPUT

  deploy-e2e-test-runner:
    name: Deploy End-to-End Test Runner
    runs-on: ubuntu-latest
    needs: [ build-charm, run-id ]
    steps:
      - name: Setup Lxd Juju Controller
        uses: charmed-kubernetes/actions-operator@main
        with:
          juju-channel: 3.1/stable
          provider: lxd

      - name: Install GitHub Cli
        run: which gh || sudo apt install gh -y

      - name: Create Testing Juju Model
        run: juju add-model testing

      - name: Set Testing Model Proxy Configuration
        run: |
          juju model-config juju-http-proxy=$http_proxy
          juju model-config juju-https-proxy=$https_proxy
          juju model-config juju-no-proxy=$no_proxy

      - name: Change Testing Model Logging Level
        run: juju model-config logging-config="<root>=INFO;unit=DEBUG"

      - name: Download github-runner Charm
        uses: actions/download-artifact@v3
        with:
          name: dangerous-test-only-github-runner_ubuntu-22.04-amd64.charm

      - name: Enable br_netfilter
        run: sudo modprobe br_netfilter

      - name: Deploy github-runner Charm
        run: |
          cp github-runner_ubuntu-22.04-amd64.charm /home/$USER/github-runner_ubuntu-22.04-amd64.charm
          juju deploy /home/$USER/github-runner_ubuntu-22.04-amd64.charm \
            ${{ needs.run-id.outputs.run-id }} \
            --base ubuntu@22.04 \
            --config path=${{ secrets.E2E_TESTING_REPO }} \
            --config token=${{ secrets.E2E_TESTING_TOKEN }} \
            --config virtual-machines=1 \
            --config denylist=10.0.0.0/8 \
            --config test-mode=insecure

      - name: Watch github-runner
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        timeout-minutes: 30
        run: |
          juju debug-log --replay --tail &
          
          while :; do
            JOBS=$(gh api \
            -H "Accept: application/vnd.github+json" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
            /repos/${{ secrets.E2E_TESTING_REPO }}/actions/runs/$GITHUB_RUN_ID/attempts/$GITHUB_RUN_ATTEMPT/jobs)
            CONCLUSION=$(echo $JOBS | jq -r '.jobs[] | select(.name == "End-to-End Test") | .conclusion')
            STATUS=$(echo $JOBS | jq -r '.jobs[] | select(.name == "End-to-End Test") | .status')
            if [[ $STATUS != "queued" && $STATUS != "in_progress" ]]; then
              break
            fi
            sleep 10
          done
          if [[ $STATUS != "completed" || $CONCLUSION != "success" ]]; then
            echo "test workflow failed with status: $STATUS, conclusion: $CONCLUSION"
            kill $(jobs -p)
            exit 1
          fi

      - name: Show Firewall Rules
        run: |
          juju ssh ${{ needs.run-id.outputs.run-id }}/0 sudo nft list ruleset

  e2e-test:
    name: End-to-End Test
    needs: [ build-charm, run-id ]
    runs-on: [ self-hosted, linux, x64, "${{ needs.run-id.outputs.run-id }}" ]
    steps:
      # below is a series of simple tests to assess the functionality of the newly spawned runner.
      - name: Echo hello world
        run: echo "hello world"
      - name: File permission for /usr/local/bin
        run: ls -ld /usr/local/bin | grep drwxrwxrwx
      - name: Test file permission for /usr/local/bin
        run: touch /usr/local/bin/test_file
      # "Install microk8s" step will test if the proxies settings are correct.
      - name: Proxy set in /etc/environment
        run: cat /etc/environment
      # "Update apt in python docker container" step will test docker default proxy settings due to
      # pulling the python image.
      - name: Proxy set in docker daemon
        run: |
          [[ -z "${http_proxy}" && -z "${HTTP_PROXY}" ]] \
            || sudo cat /etc/systemd/system/docker.service.d/http-proxy.conf | grep HTTP_PROXY
      # "Update apt in python docker container" step will test docker client default proxy settings.
      - name: Proxy set in docker client
        run: |
          [[ -z "${http_proxy}" && -z "${HTTP_PROXY}" ]] \
            || cat /home/ubuntu/.docker/config.json | grep httpProxy
      - name: Install microk8s
        run: sudo snap install microk8s --classic
      - name: Wait for microk8s
        timeout-minutes: 10
        run: sudo microk8s status --wait-ready
      - name: Deploy nginx for testing
        run: sudo microk8s kubectl create deployment nginx --image=nginx
      - name: Wait for nginx to be ready
        run: sudo microk8s kubectl rollout status deployment/nginx --timeout=30m
      - name: Update apt in python docker container
        run: docker run python:3.10-slim apt update
      - name: Docker version
        run: docker version
      - name: pip version
        run: python3 -m pip --version
      - name: npm version
        run: npm --version
      - name: shellcheck version
        run: shellcheck --version
      - name: jq version
        run: jq --version
      - name: yq version
        run: yq --version
      - name: install check-jsonschema
        run: python3 -m pip install check-jsonschema
      # Test program installed by pip. The directory `~/.local/bin` need to be added to PATH.
      - name: test check-jsonschema
        run: check-jsonschema --version
      - name: Test Firewall
        run: |
          HOST_IP=$(ip route | grep default | cut -f 3 -d" ")
          [ $((ping $HOST_IP -c 5 || :) | grep "Destination Port Unreachable" | wc -l) -eq 5 ]