feat(refactor): Re-write action in Go #167
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| # Allow action to write raw configs back to the repository. | |
| contents: write | |
| # Run commits in order to prevent out of order write back commits. | |
| concurrency: | |
| group: ${{ github.head_ref || github.ref_name }} | |
| cancel-in-progress: false | |
| jobs: | |
| shellcheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install ShellCheck | |
| run: sudo apt-get install shellcheck | |
| - name: Run ShellCheck entrypoint.sh | |
| run: shellcheck -x -s bash entrypoint.sh | |
| - name: Run ShellCheck test script | |
| run: shellcheck -x -s bash .github/workflows/scripts/*.sh | |
| test: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| # This matrix allows us to test multiple bindplane versions. | |
| # When writing back to the repo, we write to directories based | |
| # on the bindplane version. | |
| bindplane_versions: | |
| - 1.37.0 | |
| - 1.45.0 | |
| - latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Detect Runner IP | |
| run: echo "MAIN_IP=$(ip addr show | grep 'inet ' | grep -v '127.0.0.1' | awk '{print $2}' | cut -f1 -d'/' | head -n 1)" >> $GITHUB_ENV | |
| - name: Print Runner IP | |
| run: echo $MAIN_IP | |
| - name: Generate TLS Certs | |
| run: ./.github/workflows/scripts/tls.sh | |
| env: | |
| MAIN_IP: ${{ env.MAIN_IP }} | |
| - name: Set CA certificate | |
| run: | | |
| { | |
| echo 'TLS_CA_CERT<<EOF' | |
| cat step/ca.crt | |
| echo EOF | |
| } >> "$GITHUB_ENV" | |
| - name: Pull BindPlane | |
| run: docker pull ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }} | |
| - name: Start BindPlane | |
| run: | | |
| docker run \ | |
| -d \ | |
| --name bindplane \ | |
| -e BINDPLANE_USERNAME=admin \ | |
| -e BINDPLANE_PASSWORD=admin \ | |
| -e BINDPLANE_REMOTE_URL=https://${MAIN_IP}:3001 \ | |
| -e BINDPLANE_SESSION_SECRET=2c23c9d3-850f-4062-a5c8-3f9b814ae144 \ | |
| -e BINDPLANE_SECRET_KEY=8a5353f7-bbf4-4eea-846d-a6d54296b781 \ | |
| -e BINDPLANE_LOG_OUTPUT=stdout \ | |
| -e BINDPLANE_ACCEPT_EULA=true \ | |
| -e BINDPLANE_TLS_CERT=/bindplane.crt \ | |
| -e BINDPLANE_TLS_KEY=/bindplane.key \ | |
| -e BINDPLANE_LICENSE="${BINDPLANE_LICENSE}" \ | |
| -p 3001:3001 \ | |
| -v $(pwd)/step/bindplane.crt:/bindplane.crt \ | |
| -v $(pwd)/step/bindplane.key:/bindplane.key \ | |
| -v $(pwd)/step/ca.crt:/ca.crt \ | |
| ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }} | |
| env: | |
| BINDPLANE_LICENSE: ${{ secrets.BINDPLANE_LICENSE }} | |
| - name: Wait for BindPlane | |
| uses: nick-fields/retry@v2 | |
| with: | |
| timeout_minutes: 1 | |
| polling_interval_seconds: 2 | |
| max_attempts: 3 | |
| shell: bash | |
| command: docker exec bindplane /bindplane get agent --tls-ca /ca.crt | |
| - name: Run BindPlane Action | |
| # This should be replaced with a release action. | |
| # <organization>/<repository>@<tag> | |
| uses: ./ | |
| with: | |
| # These values are hardcode to match the test instance used by | |
| # this workflow. The instance does not persist. Consumers of | |
| # this action should always use secrets when passing in the remote | |
| # url, bindplane_username, bindplane_password or api key. | |
| # | |
| # Remote url will never be localhost when running this action. The action | |
| # executes in a container and localhost will always be the container's network | |
| # and not the network of the bindplane instance, even if that instance | |
| # is running within this runner. | |
| bindplane_remote_url: https://${{ env.MAIN_IP }}:3001 | |
| bindplane_username: admin | |
| bindplane_password: admin | |
| destination_path: test/resources/destinations/resource.yaml | |
| configuration_path: test/resources/configurations/resource.yaml | |
| configuration_output_dir: test/otel/${{ matrix.bindplane_versions }} | |
| configuration_output_branch: otel-raw-configs | |
| target_branch: main | |
| # Token should have contents: write permissions | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| enable_otel_config_write_back: true | |
| enable_auto_rollout: true | |
| # Generally this would come from a secret, but the certificate | |
| # was created in this workflow. | |
| tls_ca_cert: ${{ env.TLS_CA_CERT }} | |
| - name: Get Resources | |
| if: always() | |
| run: | | |
| docker exec bindplane /bindplane get destinations --tls-ca /ca.crt | |
| docker exec bindplane /bindplane get configurations --tls-ca /ca.crt | |
| - name: Debug Container Logs | |
| if: always() | |
| run: docker logs bindplane |