-
Notifications
You must be signed in to change notification settings - Fork 0
141 lines (124 loc) · 4.75 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: CI
on:
pull_request:
push:
branches:
- main
permissions:
# Allow action to write raw configs back to the repository.
contents: write
# Run commits in order to prevent out of order write back commits.
concurrency:
group: ${{ github.head_ref || github.ref_name }}
cancel-in-progress: false
jobs:
shellcheck:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install ShellCheck
run: sudo apt-get install shellcheck
- name: Run ShellCheck entrypoint.sh
run: shellcheck -x -s bash entrypoint.sh
- name: Run ShellCheck test script
run: shellcheck -x -s bash .github/workflows/scripts/*.sh
test:
runs-on: ubuntu-20.04
strategy:
matrix:
# This matrix allows us to test multiple bindplane versions.
# When writing back to the repo, we write to directories based
# on the bindplane version.
bindplane_versions:
- 1.37.0
- 1.45.0
- latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect Runner IP
run: echo "MAIN_IP=$(ip addr show | grep 'inet ' | grep -v '127.0.0.1' | awk '{print $2}' | cut -f1 -d'/' | head -n 1)" >> $GITHUB_ENV
- name: Print Runner IP
run: echo $MAIN_IP
- name: Generate TLS Certs
run: ./.github/workflows/scripts/tls.sh
env:
MAIN_IP: ${{ env.MAIN_IP }}
- name: Set CA certificate
run: |
{
echo 'TLS_CA_CERT<<EOF'
cat step/ca.crt
echo EOF
} >> "$GITHUB_ENV"
- name: Pull BindPlane
run: docker pull ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }}
- name: Start BindPlane
run: |
docker run \
-d \
--name bindplane \
-e BINDPLANE_USERNAME=admin \
-e BINDPLANE_PASSWORD=admin \
-e BINDPLANE_REMOTE_URL=https://${MAIN_IP}:3001 \
-e BINDPLANE_SESSION_SECRET=2c23c9d3-850f-4062-a5c8-3f9b814ae144 \
-e BINDPLANE_SECRET_KEY=8a5353f7-bbf4-4eea-846d-a6d54296b781 \
-e BINDPLANE_LOG_OUTPUT=stdout \
-e BINDPLANE_ACCEPT_EULA=true \
-e BINDPLANE_TLS_CERT=/bindplane.crt \
-e BINDPLANE_TLS_KEY=/bindplane.key \
-p 3001:3001 \
-v $(pwd)/step/bindplane.crt:/bindplane.crt \
-v $(pwd)/step/bindplane.key:/bindplane.key \
-v $(pwd)/step/ca.crt:/ca.crt \
ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }}
- name: Wait for BindPlane
uses: nick-fields/retry@v2
with:
timeout_minutes: 1
polling_interval_seconds: 2
max_attempts: 3
shell: bash
command: docker exec bindplane /bindplane get agent --tls-ca /ca.crt
- name: Run BindPlane Action
# This should be replaced with a release action.
# <organization>/<repository>@<tag>
uses: ./
with:
# These values are hardcode to match the test instance used by
# this workflow. The instance does not persist. Consumers of
# this action should always use secrets when passing in the remote
# url, bindplane_username, bindplane_password or api key.
#
# Remote url will never be localhost when running this action. The action
# executes in a container and localhost will always be the container's network
# and not the network of the bindplane instance, even if that instance
# is running within this runner.
bindplane_remote_url: http://${{ env.MAIN_IP }}:3001
bindplane_username: admin
bindplane_password: admin
destination_path: test/resources/destinations/resource.yaml
configuration_path: test/resources/configurations/resource.yaml
configuration_output_dir: test/otel/${{ matrix.bindplane_versions }}
configuration_output_branch: otel-raw-configs
target_branch: main
# Token should have contents: write permissions
token: ${{ secrets.GITHUB_TOKEN }}
enable_otel_config_write_back: true
enable_auto_rollout: true
# Generally this would come from a secret, but the certificate
# was created in this workflow.
tls_ca_cert: ${{ env.TLS_CA_CERT }}
- name: Get Resources
if: always()
run: |
docker exec bindplane /bindplane get destinations --tls-ca /ca.crt
docker exec bindplane /bindplane get configurations --tls-ca /ca.crt
- name: Debug Container Logs
if: always()
run: docker logs bindplane