From 4c2d9ff390192f933d1c5ae9b4ad3ec2b91b549b Mon Sep 17 00:00:00 2001 From: bloodearnest Date: Thu, 22 Aug 2024 11:45:27 +0100 Subject: [PATCH] Add scheduled CI task to validate local job-server setup This required updating the setup scripts to skip the need to have `SOCIAL_AUTH_*` properly configured. The local job-server still runs fine w/o it, but it wouldn't be able to actually log users in from github. There's a CI jobs that is meant to notify #team-rap slack channel when this happens, but for reasons I am not sure of, it does seem to work. Seems like fixing it will mean addressing fact that our slack bot token setup is undocumented and unclear. --- .github/workflows/job-server.yml | 38 ++++++++++++++++++++++++++++++++ job-server/justfile | 12 +++++----- job-server/local-setup.sh | 7 ++++-- 3 files changed, 50 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/job-server.yml diff --git a/.github/workflows/job-server.yml b/.github/workflows/job-server.yml new file mode 100644 index 00000000..e3a6cc4f --- /dev/null +++ b/.github/workflows/job-server.yml @@ -0,0 +1,38 @@ +--- +name: Local job-server setup CI + +on: + schedule: + # every day at 2:37am + - cron: "37 2 * * *" + +jobs: + test-local-job-server: + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + - uses: "opensafely-core/setup-action@v1" + with: + python-version: "3.11" + install-just: true + + - name: "Test local job server setup" + # this should download, configure and successfully launch a local job-server + # we test it to make sure we catch breaking changes in job-server configuration we need to update. + run: | + just _dotenv # we don't need a full devenv + just job-server/configure username + just job-server/create-workspace test-workspace + + - name: "Notify Slack on Failure" + # TODO: 2024-08-27 this does not work, gives the error "not_in_channel", despite all our bots being in the channel + if: failure() && github.ref_name == 'main' + uses: zuplo/github-action-slack-notify-build@cf8e7e66a21d76a8125ea9648979c30920195552 # v2 + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + with: + channel_id: "C069YDR4NCA" + status: "Airlock local job-server integration test failure" + color: danger + diff --git a/job-server/justfile b/job-server/justfile index b8a4fcc7..b689aec3 100644 --- a/job-server/justfile +++ b/job-server/justfile @@ -15,11 +15,13 @@ check: test -f .env.jobserver || error . .env.jobserver - if test "$SOCIAL_AUTH_GITHUB_KEY" = "test" -o -z "$SOCIAL_AUTH_GITHUB_KEY"; then - error "SOCIAL_AUTH_GITHUB_KEY not set properly" - fi - if test "$SOCIAL_AUTH_GITHUB_SECRET" = "test" -o -z "$SOCIAL_AUTH_GITHUB_SECRET"; then - error "SOCIAL_AUTH_GITHUB_SECRET not set properly" + if test -z "${CI:-}"; then + if test "$SOCIAL_AUTH_GITHUB_KEY" = "test" -o -z "$SOCIAL_AUTH_GITHUB_KEY"; then + error "SOCIAL_AUTH_GITHUB_KEY not set properly" + fi + if test "$SOCIAL_AUTH_GITHUB_SECRET" = "test" -o -z "$SOCIAL_AUTH_GITHUB_SECRET"; then + error "SOCIAL_AUTH_GITHUB_SECRET not set properly" + fi fi # enable local airlock config to point to local job-server diff --git a/job-server/local-setup.sh b/job-server/local-setup.sh index 023bb04a..ae312fc9 100755 --- a/job-server/local-setup.sh +++ b/job-server/local-setup.sh @@ -36,10 +36,13 @@ fi # setup github social logins # this only needs to be done very rarely, and bw client is a faff, so add a check to only if needed -if test "$SOCIAL_AUTH_GITHUB_KEY" = "test" -o -z "$SOCIAL_AUTH_GITHUB_KEY"; then +if test -n "${CI:-}"; then + echo "Skipping job-server SOCIAL_AUTH setup as it is CI" +elif test "$SOCIAL_AUTH_GITHUB_KEY" = "test" -o -z "$SOCIAL_AUTH_GITHUB_KEY"; then tmp=$(mktemp) if ! command -v bw > /dev/null; then - echo "bitwarden client bw not found" + echo "bitwarden cli client bw not found" + echo "We need it to automatically setup job-server's SOCIAL_AUTH_GITHUB_KEY as one time thing" exit 1 fi if bw status | grep -q unauthenticated; then