-
Notifications
You must be signed in to change notification settings - Fork 0
72 lines (63 loc) · 2.34 KB
/
e2e.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
name: E2E
on:
pull_request:
push:
branches:
- main
schedule:
- cron: '0 5 * * 0'
jobs:
e2e:
if: contains(github.event.pull_request.labels.*.name, 'e2e') || github.ref == 'refs/heads/main'
name: E2E
runs-on: ubuntu-latest
permissions:
id-token: write # Required for the central-login action which we will test.
steps:
- uses: actions/checkout@v4
- name: Setup infractl
uses: stackrox/actions/infra/install-infractl@main
- name: Create GKE infra cluster
uses: stackrox/actions/infra/[email protected]
with:
token: ${{ secrets.INFRA_TOKEN }}
flavor: qa-demo
name: central-login-${{ github.run_id }}
lifespan: 1h
args: main-image=quay.io/stackrox-io/main:latest
wait: "true"
no-slack: "true"
- name: Setup environment from cluster artifacts
env:
CLUSTER_NAME: central-login-${{ github.run_id }}
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts
run: |
# Fetch the artifacts for the GKE cluster.
infractl artifacts --download-dir=${ARTIFACTS_DIR} ${CLUSTER_NAME} >/dev/null
# Set both URL and admin password.
ROX_PASSWORD=$(cat ${ARTIFACTS_DIR}/admin-password)
ROX_URL=$(cat ${ARTIFACTS_DIR}/url)
echo "::add-mask::$ROX_PASSWORD"
echo "::add-mask::$ROX_URL"
echo "ROX_PASSWORD=$ROX_PASSWORD" >> $GITHUB_ENV
echo "ROX_URL=$ROX_URL" >> $GITHUB_ENV
- name: Add machine to machine configuration in Central
run: |
curl -u admin:${ROX_PASSWORD} \
${ROX_URL}/v1/auth/m2m \
-k -d '{"config": {"type": "GITHUB_ACTIONS", "tokenExpirationDuration": "5m", "mappings":[{"key":"sub","valueExpression":"repo:stackrox/central-login.*", "role":"Analyst"}]}}'
- name: Run central-login action
uses: ./
with:
endpoint: ${{ env.ROX_URL }}
skip-tls-verify: true
- name: Install roxctl
uses: stackrox/roxctl-installer-action@v1
with:
central-endpoint: ${{ env.ROX_URL }}
central-token: ${{ env.ROX_API_TOKEN }}
skip-tls-verify: true
- name: Check the current user with roxctl
run: |
roxctl central whoami