-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (117 loc) · 4.45 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: CI
on:
pull_request:
push:
branches:
- main
permissions:
# Allow action to write raw configs back to the repository.
contents: write
# Run commits in order to prevent out of order write back commits.
concurrency:
group: ${{ github.head_ref || github.ref_name }}
cancel-in-progress: false
jobs:
shellcheck:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install ShellCheck
run: sudo apt-get install shellcheck
- name: Run ShellCheck
run: shellcheck -x -s bash entrypoint.sh
test:
runs-on: ubuntu-20.04
strategy:
matrix:
# This matrix allows us to test multiple bindplane versions.
# When writing back to the repo, we write to directories based
# on the bindplane version.
bindplane_versions:
- 1.45.0
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect Runner IP
run: echo "MAIN_IP=$(ip addr show | grep 'inet ' | grep -v '127.0.0.1' | awk '{print $2}' | cut -f1 -d'/' | head -n 1)" >> $GITHUB_ENV
- name: Print Runner IP
run: echo $MAIN_IP
- name: Generate TLS Certs
run: ./.github/workflows/scripts/tls.sh
- name: Set CA certificate
run: |
{
echo 'TLS_CA_CERT<<EOF'
cat /tmp/step/ca.crt
echo EOF
} >> "$GITHUB_ENV"
- name: Pull BindPlane
run: docker pull ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }}
- name: Start BindPlane
run: |
docker run \
-d \
--name bindplane \
-e BINDPLANE_USERNAME=admin \
-e BINDPLANE_PASSWORD=admin \
-e BINDPLANE_REMOTE_URL=https://${MAIN_IP}:3001 \
-e BINDPLANE_SESSION_SECRET=2c23c9d3-850f-4062-a5c8-3f9b814ae144 \
-e BINDPLANE_SECRET_KEY=8a5353f7-bbf4-4eea-846d-a6d54296b781 \
-e BINDPLANE_LOG_OUTPUT=stdout \
-e BINDPLANE_ACCEPT_EULA=true \
-e BINDPLANE_TLS_CERT=/bindplane.crt \
-e BINDPLANE_TLS_KEY=/bindplane.key \
-p 3001:3001 \
-v /tmp/step/bindplane.crt:/bindplane.crt \
-v /tmp/step/bindplane.key:/bindplane.key \
ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }}
- name: Wait for BindPlane
uses: nick-fields/retry@v2
with:
timeout_minutes: 1
polling_interval_seconds: 5
max_attempts: 10
shell: bash
command: docker exec bindplane /bindplane get agent
- name: Run BindPlane Action
# This should be replaced with a release action.
# <organization>/<repository>@<tag>
uses: ./
with:
# These values are hardcode to match the test instance used by
# this workflow. The instance does not persist. Consumers of
# this action should always use secrets when passing in the remote
# url, bindplane_username, bindplane_password or api key.
#
# Remote url will never be localhost when running this action. The action
# executes in a container and localhost will always be the container's network
# and not the network of the bindplane instance, even if that instance
# is running within this runner.
bindplane_remote_url: http://${{ env.MAIN_IP }}:3001
bindplane_username: admin
bindplane_password: admin
destination_path: test/resources/destinations/resource.yaml
configuration_path: test/resources/configurations/resource.yaml
configuration_output_dir: test/otel/${{ matrix.bindplane_versions }}
configuration_output_branch: otel-raw-configs
target_branch: main
# Token should have contents: write permissions
token: ${{ secrets.GITHUB_TOKEN }}
enable_otel_config_write_back: true
enable_auto_rollout: true
# Generally this would come from a secret, but the certificate
# was created in this workflow.
tls_ca_cert: ${{ env.TLS_CA_CERT }}
- name: Get Resources
if: always()
run: |
docker exec bindplane /bindplane get destinations
docker exec bindplane /bindplane get configurations
- name: Debug Container Logs
if: always()
run: docker logs bindplane