Add E2E test workflow. #10
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: E2E | ||
on: | ||
# TODO(dhaus): Temporary to test the workflow. | ||
pull_request: | ||
push: | ||
branches: | ||
- main | ||
paths-ignore: | ||
- 'dist/**' | ||
schedule: | ||
- cron: '0 5 * * 0' | ||
jobs: | ||
e2e: | ||
if: github.event_name == 'push' || !github.event.pull_request.head.repo.fork | ||
name: E2E | ||
runs-on: ubuntu-latest | ||
env: | ||
USE_GKE_GCLOUD_AUTH_PLUGIN: "True" | ||
ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/checkout@v4 | ||
with: | ||
repository: stackrox/stackrox | ||
path: stackrox | ||
fetch-depth: 0 # Required since we need to calculate the latest image tag with the existing tags. | ||
- name: Setup kubectl | ||
uses: azure/setup-kubectl@v3 | ||
- name: Setup infractl | ||
uses: stackrox/actions/infra/install-infractl@main | ||
- name: Setup GCloud auth | ||
uses: "google-github-actions/auth@v1" | ||
with: | ||
credentials_json: "${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }}" | ||
- name: Setup GCloud auth plugin | ||
uses: "google-github-actions/setup-gcloud@v1" | ||
with: | ||
install_components: "gke-gcloud-auth-plugin" | ||
- name: Create GKE infra cluster | ||
uses: stackrox/actions/infra/create-cluster@v1.0.9 | ||
with: | ||
token: ${{ secrets.INFRA_TOKEN }} | ||
flavor: gke-default | ||
name: central-login-${{ github.run_id }} | ||
lifespan: 20m | ||
wait: "true" | ||
no-slack: "true" | ||
- name: Deploy Central to infra cluster | ||
env: | ||
CLUSTER_NAME: central-login-${{ github.run_id }} | ||
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | ||
run: | | ||
# Fetch the artifacts for the GKE cluster. | ||
infractl artifacts --download-dir=${ARTIFACTS_DIR} ${CLUSTER_NAME} | ||
# Setup context for GKE cluster. | ||
export KUBECONFIG=${ARTIFACTS_DIR}/kubeconfig | ||
# Deploy Central via deploy scripts. | ||
cd stackrox | ||
./deploy/central.sh | ||
kubectl set env -n stackrox deploy/central ROX_AUTH_MACHINE_TO_MACHINE=true | ||
# Sleep to ensure Central pods are restarted | ||
sleep 60 | ||
./deploy/k8s/central-deploy/central/scripts/port-forward.sh 8000 | ||
echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT | ||
- name: Wait for Central to be ready | ||
env: | ||
USE_MIDSTREAM_IMAGES: false | ||
run: | | ||
cd stackrox | ||
export KUBECONFIG=${ARTIFCATS_DIR}/kubeconfig | ||
source "tests/e2e/lib.sh" | ||
wait_for_api | ||
- name: Add machine to machine configuration in Central | ||
run: | | ||
curl -u admin:${ROX_PASSWORD} \ | ||
https://localhost:8000/v1/auth/m2m \ | ||
-k -d '{"config": {"type": "GITHUB_ACTIONS", "tokenExpirationDuration": "5m", "mappings":[{"key":"sub","valueExpression":"repo:stackrox/central-login.*", "role":"Analyst"}]}}' | ||
- name: Run central-login action | ||
uses: ./ | ||
with: | ||
endpoint: https://localhost:8000 | ||
skip-tls-verify: true | ||
- name: Fetch roxctl and run roxctl central whoami | ||
run: | | ||
curl -k -u admin:${ROX_PASSWORD} https://localhost:8000/api/cli/download/roxctl-linux --output ./roxctl | ||
chmod +x ./roxctl | ||
./roxctl central whoami |