Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add E2E test workflow. #4

Merged
merged 3 commits into from
Nov 7, 2023
Merged

Add E2E test workflow. #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5ebe752
Add E2E test workflow.
dhaus67 Nov 3, 2023
9a23446
Address review comments.
dhaus67 Nov 6, 2023
9bd175a
Only run E2E tests for roxbot commits.
dhaus67 Nov 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
110 changes: 110 additions & 0 deletions .github/workflows/e2e.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
name: E2E

on:
push:
branches:
- main
paths-ignore:
- 'dist/**'
schedule:
- cron: '0 5 * * 0'

jobs:
e2e:
if: github.event_name == 'push' && github_actor == 'roxbot'
name: E2E
runs-on: ubuntu-latest
permissions:
id-token: write # Required for the central-login action which we will test.
contents: read
env:
USE_GKE_GCLOUD_AUTH_PLUGIN: "True"
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: stackrox/stackrox
path: stackrox
fetch-depth: 0 # Required since we need to calculate the latest image tag with the existing tags.

- name: Setup kubectl
uses: azure/setup-kubectl@v3

- name: Setup infractl
uses: stackrox/actions/infra/install-infractl@main

- name: Setup GCloud auth
uses: "google-github-actions/auth@v1"
with:
credentials_json: "${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }}"

- name: Setup GCloud auth plugin
uses: "google-github-actions/setup-gcloud@v1"
with:
install_components: "gke-gcloud-auth-plugin"

- name: Create GKE infra cluster
uses: stackrox/actions/infra/[email protected]
with:
token: ${{ secrets.INFRA_TOKEN }}
flavor: gke-default
name: central-login-${{ github.run_id }}
lifespan: 20m
wait: "true"
no-slack: "true"

- name: Deploy Central to infra cluster
env:
CLUSTER_NAME: central-login-${{ github.run_id }}
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts
run: |
# Fetch the artifacts for the GKE cluster.
infractl artifacts --download-dir=${ARTIFACTS_DIR} ${CLUSTER_NAME}

# Setup context for GKE cluster.
echo "KUBECONFIG=${ARTIFACTS_DIR}/kubeconfig" >> $GITHUB_ENV
export KUBECONFIG=${ARTIFACTS_DIR}/kubeconfig

# Kill port-forwards from earlier runs.
pkill -f kubectl'.*port-forward.*' || true
janisz marked this conversation as resolved.
Show resolved Hide resolved
pkill -9 -f kubectl'.*port-forward.*' || true

# Deploy Central via deploy scripts.
cd stackrox
MONITORING_SUPPORT=false ./deploy/central.sh
kubectl set env -n stackrox deploy/central ROX_AUTH_MACHINE_TO_MACHINE=true

# Kill port-forwards from the initial deploy.
pkill -f kubectl'.*port-forward.*' || true
pkill -9 -f kubectl'.*port-forward.*' || true

./deploy/k8s/central-deploy/central/scripts/port-forward.sh 8000
dhaus67 marked this conversation as resolved.
Show resolved Hide resolved

echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_ENV

- name: Wait for Central to be ready
run: |
cd stackrox
export USE_MIDSTREAM_IMAGES=false # Required for wait_for_api to be set.
source "tests/e2e/lib.sh"
wait_for_api

- name: Add machine to machine configuration in Central
run: |
curl -u admin:${ROX_PASSWORD} \
https://localhost:8000/v1/auth/m2m \
janisz marked this conversation as resolved.
Show resolved Hide resolved
-k -d '{"config": {"type": "GITHUB_ACTIONS", "tokenExpirationDuration": "5m", "mappings":[{"key":"sub","valueExpression":"repo:stackrox/central-login.*", "role":"Analyst"}]}}'

- name: Run central-login action
uses: ./
with:
endpoint: https://localhost:8000
skip-tls-verify: true

- name: Fetch roxctl and run roxctl central whoami
run: |
curl -k -u admin:${ROX_PASSWORD} https://localhost:8000/api/cli/download/roxctl-linux --output ./roxctl
dhaus67 marked this conversation as resolved.
Show resolved Hide resolved
chmod +x ./roxctl
echo $ROX_ENDPOINT
./roxctl central whoami
janisz marked this conversation as resolved.
Show resolved Hide resolved
13 changes: 12 additions & 1 deletion src/main.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ async function run(): Promise<void> {

// Additionally, also set the Central API endpoint as environment variable for other jobs to use.
// This does not need to be marked as a secret.
core.exportVariable('ROX_ENDPOINT', parsedURL.toString())
// The HTTPS scheme has to be stripped, as this is not expected to be set by roxctl for the endpoint.
core.exportVariable('ROX_ENDPOINT', getHostWithPort(parsedURL))

core.info(
'Successfully set the variable ROX_API_TOKEN and ROX_ENDPOINT to the access token and ' +
Expand Down Expand Up @@ -68,4 +69,14 @@ async function obtainAccessToken(
return response.data['accessToken']
}

function getHostWithPort(url: URL): string {
let host = url.host
// If the port is not given, assume HTTPs and port 443 (the port will be omitted if HTTPS is used as scheme _and_
// the port is the default 443 port).
if (url.port === '') {
host = `${host}:443`
}
return host
}

run()