-
Notifications
You must be signed in to change notification settings - Fork 0
111 lines (92 loc) · 3.7 KB
/
e2e.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: E2E
on:
# TODO(dhaus): Temporary to test the workflow.
pull_request:
push:
branches:
- main
paths-ignore:
- 'dist/**'
schedule:
- cron: '0 5 * * 0'
jobs:
e2e:
if: github.event_name == 'push' || !github.event.pull_request.head.repo.fork
name: E2E
runs-on: ubuntu-latest
env:
USE_GKE_GCLOUD_AUTH_PLUGIN: "True"
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: stackrox/stackrox
path: stackrox
fetch-depth: 0 # Required since we need to calculate the latest image tag with the existing tags.
- name: Setup kubectl
uses: azure/setup-kubectl@v3
- name: Setup infractl
uses: stackrox/actions/infra/install-infractl@main
- name: Setup GCloud auth
uses: "google-github-actions/auth@v1"
with:
credentials_json: "${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }}"
- name: Setup GCloud auth plugin
uses: "google-github-actions/setup-gcloud@v1"
with:
install_components: "gke-gcloud-auth-plugin"
- name: Create GKE infra cluster
uses: stackrox/actions/infra/[email protected]
with:
token: ${{ secrets.INFRA_TOKEN }}
flavor: gke-default
name: central-login-${{ github.run_id }}
lifespan: 20m
wait: "true"
no-slack: "true"
- name: Deploy Central to infra cluster
env:
CLUSTER_NAME: central-login-${{ github.run_id }}
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts
run: |
# Fetch the artifacts for the GKE cluster.
infractl artifacts --download-dir=${ARTIFACTS_DIR} ${CLUSTER_NAME}
# Setup context for GKE cluster.
echo "KUBECONFIG=${ARTIFACTS_DIR}/kubeconfig" >> $GITHUB_ENV
export KUBECONFIG=${ARTIFACTS_DIR}/kubeconfig
# Kill port-forwards from ealier runs
pkill -f kubectl'.*port-forward.*' || true
pkill -9 -f kubectl'.*port-forward.*' || true
# Deploy Central via deploy scripts.
cd stackrox
MONITORING_SUPPORT=false ./deploy/central.sh
kubectl set env -n stackrox deploy/central ROX_AUTH_MACHINE_TO_MACHINE=true
# Sleep to ensure Central pods are restarted
sleep 60
# Kill port-forwards from ealier runs
pkill -f kubectl'.*port-forward.*' || true
pkill -9 -f kubectl'.*port-forward.*' || true
./deploy/k8s/central-deploy/central/scripts/port-forward.sh 8000
echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_ENV
- name: Wait for Central to be ready
run: |
cd stackrox
export USE_MIDSTREAM_IMAGES=false # Required for wait_for_api to be set.
source "tests/e2e/lib.sh"
wait_for_api
- name: Add machine to machine configuration in Central
run: |
curl -u admin:${ROX_PASSWORD} \
https://localhost:8000/v1/auth/m2m \
-k -d '{"config": {"type": "GITHUB_ACTIONS", "tokenExpirationDuration": "5m", "mappings":[{"key":"sub","valueExpression":"repo:stackrox/central-login.*", "role":"Analyst"}]}}'
- name: Run central-login action
uses: ./
with:
endpoint: https://localhost:8000
skip-tls-verify: true
- name: Fetch roxctl and run roxctl central whoami
run: |
curl -k -u admin:${ROX_PASSWORD} https://localhost:8000/api/cli/download/roxctl-linux --output ./roxctl
chmod +x ./roxctl
./roxctl central whoami