Add E2E test workflow. #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: E2E | |
| on: | |
| # TODO(dhaus): Temporary to test the workflow. | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'dist/**' | |
| schedule: | |
| - cron: '0 5 * * 0' | |
| jobs: | |
| e2e: | |
| if: github.event_name == 'push' || !github.event.pull_request.head.repo.fork | |
| name: E2E | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Checkout stackrox repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: stackrox/stackrox | |
| path: stackrox | |
| - name: Install kubectl | |
| run: sudo snap install kubectl --classic | |
| - name: Setup infractl | |
| uses: stackrox/actions/infra/install-infractl@main | |
| - name: Create infra GKE cluster | |
| uses: stackrox/actions/infra/create-cluster@v1.0.9 | |
| with: | |
| token: ${{ secrets.INFRA_TOKEN }} | |
| flavor: gke-default | |
| name: central-login-${{ github.run_id }} | |
| lifespan: 15m | |
| wait: "true" | |
| - name: Deploy Stackrox to GKE | |
| env: | |
| CLUSTER_NAME: central-login-${{ github.run_id }} | |
| ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts | |
| INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | |
| run: | | |
| # Fetch the artifacts for the GKE cluster. | |
| infractl artifacts --download-dir=${ARTIFACTS_DIR} ${CLUSTER_NAME} | |
| # Setup context for GKE cluster. | |
| echo "KUBECONFIG=${ARTIFACTS_DIR}/kubeconfig" >> $GITHUB_OUTPUT | |
| export KUBECONFIG=${ARTIFACTS_DIR}/kubeconfig | |
| # Deploy Central via deploy scripts. | |
| cd stackrox | |
| ./deploy/central.sh | |
| kubectl set env -n stackrox deploy/central ROX_AUTH_MACHINE_TO_MACHINE=true | |
| # Sleep to ensure Central pods are restarted | |
| sleep 60 | |
| ./deploy/k8s/central-deploy/scripts/port-forward.sh 8000 | |
| echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT | |
| - name: Wait for API | |
| env: | |
| USE_MIDSTREAM_IMAGES: false | |
| run: | | |
| cd stackrox | |
| echo $KUBECONFIG | |
| source "tests/e2e/lib.sh" | |
| wait_for_api | |
| - name: Configure M2M configuration | |
| run: | | |
| curl -u admin:${ROX_PASSWORD} \ | |
| https://localhost:8000/v1/auth/m2m \ | |
| -k -d '{"config": {"type": "GITHUB_ACTIONS", "tokenExpirationDuration": "5m", "mappings":[{"key":"sub","valueExpression":"repo:stackrox/central-login.*", "role":"Analyst"}]}}' | |
| - name: Run Central-login action | |
| uses: ./ | |
| with: | |
| endpoint: https://localhost:8000 | |
| skip-tls-verify: true | |
| - name: Fetch roxctl and run roxctl central whoami | |
| run: | | |
| curl -k -u admin:${ROX_PASSWORD} https://localhost:8000/api/cli/download/roxctl-linux --output ./roxctl | |
| chmod +x ./roxctl | |
| ./roxctl central whoami |