mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-03 20:40:45 -05:00
aa1349f5a5
* actions(runners): add backup self-hosted runner types We've previously added backup runner types for various self-hosted runners but were not exhaustive. This change adds at least one backup instance type to each specified on-demand runner type. Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
162 lines
7.2 KiB
YAML
162 lines
7.2 KiB
YAML
---
|
|
name: Vault UI Tests
|
|
|
|
# cancel existing runs of the same workflow on the same ref
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
test_filter:
|
|
type: string
|
|
description: "A filter to limit the ui tests to. Will be appended to the ember test command as '-f=<filter>'"
|
|
required: false
|
|
storage_backend:
|
|
type: string
|
|
description: "The storage backend to use, either 'raft' or 'consul'"
|
|
default: raft
|
|
workflow_dispatch:
|
|
inputs:
|
|
test_filter:
|
|
type: string
|
|
description: "A filter to limit the ui tests to. Will be appended to the ember test command as '-f=<filter>'"
|
|
required: false
|
|
storage_backend:
|
|
description: "The storage backend to use, either 'raft' or 'consul'"
|
|
required: true
|
|
default: raft
|
|
type: choice
|
|
options:
|
|
- raft
|
|
- consul
|
|
|
|
jobs:
|
|
get-metadata:
|
|
name: Get metadata
|
|
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
|
|
outputs:
|
|
is-ent-branch: ${{ steps.metadata.outputs.is-ent-branch }}
|
|
is-ent-repo: ${{ steps.metadata.outputs.is-ent-repo }}
|
|
runs-on: ${{ steps.get-outputs.outputs.runs-on }}
|
|
vault_edition: ${{ steps.get-outputs.outputs.vault_edition }}
|
|
steps:
|
|
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
- uses: ./.github/actions/metadata
|
|
id: metadata
|
|
- id: get-outputs
|
|
run: |
|
|
if [[ '${{ steps.metadata.outputs.is-ent-repo }}' == 'true' ]]; then
|
|
echo "runs-on=['self-hosted', 'ondemand', 'os=linux', 'type=m8a.4xlarge;m7a.4xlarge;m5d.4xlarge']" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "runs-on=\"custom-linux-xl-vault-latest\"" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
if [[ '${{ steps.metadata.outputs.is-ent-branch }}' == 'true' ]]; then
|
|
echo "detected vault_edition=ent"
|
|
echo "vault_edition=ent" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "detected vault_edition=ce"
|
|
echo "vault_edition=oss" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
run-ui-tests:
|
|
name: Run UI Tests
|
|
needs: get-metadata
|
|
runs-on: ${{ fromJSON(needs.get-metadata.outputs.runs-on) }}
|
|
permissions: write-all
|
|
timeout-minutes: 90
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
# Pass in enos variables
|
|
ENOS_VAR_aws_region: us-east-1
|
|
ENOS_VAR_aws_ssh_keypair_name: ${{ github.event.repository.name }}-ci-ssh-key
|
|
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
|
|
ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
|
|
ENOS_VAR_vault_license_path: ./support/vault.hclic
|
|
GOPRIVATE: github.com/hashicorp
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
- uses: ./.github/actions/set-up-go
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
- uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
- name: Set Up Git
|
|
run: git config --global url."https://${{ secrets.elevated_github_token }}:@github.com".insteadOf "https://github.com"
|
|
- name: Set Up Node
|
|
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
|
with:
|
|
node-version-file: './ui/package.json'
|
|
cache: pnpm
|
|
cache-dependency-path: ui/pnpm-lock.yaml
|
|
- name: Install PNPM
|
|
uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
|
|
with:
|
|
package_json_file: './ui/package.json'
|
|
- name: Set Up Terraform
|
|
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
|
|
with:
|
|
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
|
|
terraform_wrapper: false
|
|
- name: Prepare scenario dependencies
|
|
run: |
|
|
mkdir -p ./enos/support/terraform-plugin-cache
|
|
echo "${{ secrets.SSH_KEY_PRIVATE_CI }}" > ./enos/support/private_key.pem
|
|
chmod 600 ./enos/support/private_key.pem
|
|
- name: Set Up Vault Enterprise License
|
|
if: ${{ needs.get-metadata.outputs.is-ent-branch == 'true' }}
|
|
run: echo "${{ secrets.VAULT_LICENSE }}" > ./enos/support/vault.hclic || true
|
|
- name: Check Chrome Installed
|
|
id: chrome-check
|
|
run: echo "chrome-version=$(chrome --version 2> /dev/null || google-chrome --version 2> /dev/null || google-chrome-stable --version 2> /dev/null || echo 'not-installed')" >> "$GITHUB_OUTPUT"
|
|
- name: Install Chrome Dependencies
|
|
if: steps.chrome-check.outputs.chrome-version == 'not-installed'
|
|
run: |
|
|
sudo apt update
|
|
sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2
|
|
- name: Install Chrome
|
|
if: steps.chrome-check.outputs.chrome-version == 'not-installed'
|
|
uses: browser-actions/setup-chrome@b94431e051d1c52dcbe9a7092a4f10f827795416 # v2.1.0
|
|
- name: Installed Chrome Version
|
|
run: |
|
|
echo "Installed Chrome Version = [$(chrome --version 2> /dev/null || google-chrome --version 2> /dev/null || google-chrome-stable --version 2> /dev/null)]"
|
|
- name: Configure AWS credentials from Test account
|
|
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI_09042025 }}
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI_09042025 }}
|
|
aws-region: us-east-1
|
|
role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }}
|
|
role-skip-session-tagging: true
|
|
role-duration-seconds: 3600
|
|
- name: Set Up Cluster
|
|
id: setup_cluster
|
|
env:
|
|
ENOS_VAR_ui_run_tests: false
|
|
# Continue once and retry to handle occasional blips when creating infrastructure.
|
|
continue-on-error: true
|
|
run: enos scenario launch --timeout 60m0s --chdir ./enos ui edition:${{ needs.get-metadata.outputs.vault_edition }} backend:${{ inputs.storage_backend }}
|
|
- name: Retry Set Up Cluster
|
|
id: setup_cluster_retry
|
|
if: steps.setup_cluster.outcome == 'failure'
|
|
env:
|
|
ENOS_VAR_ui_run_tests: false
|
|
run: enos scenario launch --timeout 60m0s --chdir ./enos ui edition:${{ needs.get-metadata.outputs.vault_edition }} backend:${{ inputs.storage_backend }}
|
|
- name: Run UI Tests
|
|
id: run_ui_tests
|
|
env:
|
|
ENOS_VAR_ui_test_filter: "${{ inputs.test_filter }}"
|
|
run: enos scenario run --timeout 60m0s --chdir ./enos ui edition:${{ needs.get-metadata.outputs.vault_edition }} backend:${{ inputs.storage_backend }}
|
|
- name: Ensure scenario has been destroyed
|
|
if: ${{ always() }}
|
|
run: enos scenario destroy --timeout 60m0s --chdir ./enos ui edition:${{ needs.get-metadata.outputs.vault_edition }} backend:${{ inputs.storage_backend }}
|
|
- name: Clean up Enos runtime directories
|
|
if: ${{ always() }}
|
|
run: |
|
|
rm -rf /tmp/enos*
|
|
rm -rf ./enos/support
|
|
rm -rf ./enos/.enos
|