fix: modification de l'action cypress pour lire les variables du vault (

#947) * fix: modification de l'action cypress pour lire les variables du vault * fix: ajout command avec redirection des logs
mission-apprentissage · Dec 21, 2023 · 5617729 · 5617729
1 parent 005137b
commit 5617729
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 2 deletions.
diff --git a/.bin/commands.sh b/.bin/commands.sh
@@ -19,6 +19,7 @@ function Help() {
    echo "  seed:es                                    Seed Elasticsearch with data"
    echo "  deploy:log:encrypt                         Encrypt Github ansible logs"
    echo "  deploy:log:dencrypt                        Decrypt Github ansible logs"
+   echo "  cypress:set-env                            Create Cypress env file"
    echo
    echo
 }
@@ -84,3 +85,6 @@ function deploy:log:decrypt() {
   "${SCRIPT_DIR}/deploy-log-decrypt.sh" "$@"
 }
 
+function cypress:set-env() {
+  "${SCRIPT_DIR}/set-cypress-env.sh" "$@"
+}
diff --git a/.bin/scripts/set-cypress-env.sh b/.bin/scripts/set-cypress-env.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+if [ -z "${1:-}" ]; then
+  read -p "Veuillez renseigner le type de plateforme (recette|preview): " PLATFORM
+else
+  readonly PLATFORM="$1"
+  shift
+fi
+
+if [[ -z "${ANSIBLE_VAULT_PASSWORD_FILE:-}" ]]; then
+  ansible_extra_opts+=("--vault-password-file" "${SCRIPT_DIR}/get-vault-password-client.sh")
+else
+  echo "Récupération de la passphrase depuis l'environnement variable ANSIBLE_VAULT_PASSWORD_FILE" 
+fi
+
+readonly VAULT_FILE="${ROOT_DIR}/.infra/vault/vault.yml"
+CYPRESS_ENV_FILE="${ROOT_DIR}/cypress.${PLATFORM}.env"
+
+function setCypressEnv() {
+  echo "writing Cypress env variables to $CYPRESS_ENV_FILE"
+  echo "" > $CYPRESS_ENV_FILE
+  ansible-vault view "${ansible_extra_opts[@]}" "$VAULT_FILE" | yq -o=shell '.vault' | grep -E "^CYPRESS_" >> $CYPRESS_ENV_FILE
+  ansible-vault view "${ansible_extra_opts[@]}" "$VAULT_FILE" | yq -o=shell ".vault.$PLATFORM" | grep -E "^CYPRESS_" >> $CYPRESS_ENV_FILE
+}
+
+setCypressEnv 2> /tmp/setCypressEnv.log
diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml
@@ -21,13 +21,21 @@ on:
         description: host name of the mailpit
         type: string
         required: true
+      environment:
+        description: platform type. Values are 'recette'|'preview'
+        type: string
+        required: true
     secrets:
       CODECOV_TOKEN:
         description: Code coverrage token
         required: true
       SLACK_WEBHOOK:
         description: Webhook slack
         required: true
+      VAULT_PWD:
+        description: vault password
+        required: true
+
 jobs:
   cypress:
     concurrency:
@@ -63,8 +71,18 @@ jobs:
       - name: Install dependencies
         run: yarn install
 
+      - name: Create vault pwd file
+        run: echo ${{ secrets.VAULT_PWD }} > .infra/.vault_pwd.txt
+
+      - name: Prepare env variables for cypress
+        run: .bin/mna-lba cypress:set-env ${{ inputs.environment }}
+        env:
+          ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
+
       - name: Run cypress e2e tests
-        run: yarn e2e:headless --env ui=${{inputs.cypress_host}},server=${{inputs.cypress_host}},smtp=${{inputs.smtp_host}}
+        run: |
+          source cypress.${{ inputs.environment }}.env
+          yarn e2e:headless --env ui=${{inputs.cypress_host}},server=${{inputs.cypress_host}},smtp=${{inputs.smtp_host}}
 
       - name: Notify failure on Slack
         uses: ravsamhq/notify-slack-action@v2

diff --git a/.github/workflows/deploy_preview.yml b/.github/workflows/deploy_preview.yml
@@ -166,6 +166,8 @@ jobs:
     with:
       cypress_host: "https://${{ github.event.issue.number }}.labonnealternance-preview.apprentissage.beta.gouv.fr"
       smtp_host: "https://smtp.labonnealternance-preview.apprentissage.beta.gouv.fr"
+      environment: preview
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
       SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      VAULT_PWD: ${{ secrets.VAULT_PWD }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -149,6 +149,8 @@ jobs:
     with:
       cypress_host: "https://labonnealternance-recette.apprentissage.beta.gouv.fr"
       smtp_host: "https://labonnealternance-recette.apprentissage.beta.gouv.fr/smtp"
+      environment: recette
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
       SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      VAULT_PWD: ${{ secrets.VAULT_PWD }}
diff --git a/.talismanrc b/.talismanrc
@@ -3,10 +3,16 @@ fileignoreconfig:
   checksum: 49afe4f96fa13b38cf799d931085437d540b4c62eb05b2f15bc12cd3fb43268b
 - filename: .bin/scripts/seed-update.sh
   checksum: 707139e7844412ee81d2796abfb2dac00dd90a9a65eb3b5f2cdede7571e96ef2
+- filename: .bin/scripts/set-cypress-env.sh
+  checksum: 4463ed7c1d5b82a8b152248b953778f37771bfba72865ee0e8af3b61cf3c38da
 - filename: .bin/scripts/setup-local-env.sh
   checksum: 47323f5183f73a794449666a816d5b797c7a5ed4c7ad219c3c885a57e2fcf1e9
+- filename: .github/workflows/cypress.yml
+  checksum: 39f98fb68fdebf6a36959706adb43a8219a4b7781ac35329f957dc1cfa8b6de0
+- filename: .github/workflows/deploy_preview.yml
+  checksum: f54398af24ac144eafc27e69d18c78b1844e0a23b317bd79748ac6d3412ba0ef
 - filename: .github/workflows/release.yml
-  checksum: 872bbf42d5b8bd22f900fff9eb6e907abbbeec5ee70f988563c4b6bb315e3f3d
+  checksum: ffd104ff02d60abf3183694209c5191a0bb7479ce37d8243778275351b4d2228
 - filename: .infra/env.ini
   checksum: 60d461050d64c0b87831d6918a8696a8dd2f69cd86b4e6d94b40c3b7b285c320
 - filename: .infra/files/configs/mongodb/mongod.conf