From f2ed826e20ccca0271359ee4ed963da53ef336b0 Mon Sep 17 00:00:00 2001 From: Julien Duchesne Date: Wed, 1 Nov 2023 21:25:37 -0400 Subject: [PATCH] Github Actions: Migrate Cloud pipelines Migrated: - Cloud instance pipeline that runs on every PR/pushes - Cloud API pipeline that runs on-demand Will do other pipelines in another PR. I timeboxed this --- .drone/drone.jsonnet | 59 --------- .drone/drone.yml | 114 +----------------- .drone/wait-for-instance.sh | 19 --- .github/workflows/acc-tests.yml | 39 ++++++ .github/workflows/cloud-acc-tests.yml | 34 ++++++ .github/workflows/comment-on-pr.yml | 9 +- .../workflows/{tests.yml => unit-tests.yml} | 2 +- 7 files changed, 79 insertions(+), 197 deletions(-) delete mode 100755 .drone/wait-for-instance.sh create mode 100644 .github/workflows/acc-tests.yml create mode 100644 .github/workflows/cloud-acc-tests.yml rename .github/workflows/{tests.yml => unit-tests.yml} (98%) diff --git a/.drone/drone.jsonnet b/.drone/drone.jsonnet index 7df95c872..e17da58a2 100644 --- a/.drone/drone.jsonnet +++ b/.drone/drone.jsonnet @@ -31,16 +31,6 @@ local fromSecret(secret) = { }; local secrets = { - // Grafana Cloud API test secrets - cloudOrg: secret('grafana-cloud-org', 'infra/data/ci/terraform-provider-grafana/cloud', 'cloud-org'), - cloudApiKey: secret('grafana-cloud-api-key', 'infra/data/ci/terraform-provider-grafana/cloud', 'cloud-api-key'), - - // Grafana Cloud Instance test secrets - cloudInstanceUrl: secret('grafana-cloud-instance-url', 'infra/data/ci/terraform-provider-grafana/cloud', 'cloud-instance-url'), - apiToken: secret('grafana-api-token', 'infra/data/ci/terraform-provider-grafana/cloud', 'api-key'), - smToken: secret('grafana-sm-token', 'infra/data/ci/terraform-provider-grafana/cloud', 'sm-access-token'), - onCallToken: secret('grafana-oncall-token', 'infra/data/ci/terraform-provider-grafana/cloud', 'oncall-access-token'), - // Grafana Enterprise enterpriseLicense: secret('grafana-enterprise-license', 'infra/data/ci/terraform-provider-grafana/enterprise', 'license.jwt'), }; @@ -115,55 +105,6 @@ local localTestPipeline( ); [ - pipeline( - 'cloud api tests', - steps=[ - installTerraformStep, - { - name: 'tests', - image: images.go, - commands: [ - 'make testacc-cloud-api', - ], - environment: { - GRAFANA_CLOUD_API_KEY: fromSecret(secrets.cloudApiKey), - GRAFANA_CLOUD_ORG: fromSecret(secrets.cloudOrg), - TF_ACC_TERRAFORM_PATH: terraformPath, - }, - }, - ] - ) - + withConcurrencyLimit(1) - + onPromoteTrigger, - - pipeline( - 'cloud instance tests', - steps=[ - installTerraformStep, - { - name: 'wait for instance', - image: images.go, - commands: ['.drone/wait-for-instance.sh $${GRAFANA_URL}'], - environment: { - GRAFANA_URL: fromSecret(secrets.cloudInstanceUrl), - }, - }, - { - name: 'tests', - image: images.go, - commands: ['make testacc-cloud-instance'], - environment: { - GRAFANA_URL: fromSecret(secrets.cloudInstanceUrl), - GRAFANA_AUTH: fromSecret(secrets.apiToken), - GRAFANA_SM_ACCESS_TOKEN: fromSecret(secrets.smToken), - GRAFANA_ONCALL_ACCESS_TOKEN: fromSecret(secrets.onCallToken), - TF_ACC_TERRAFORM_PATH: terraformPath, - }, - }, - ] - ) - + withConcurrencyLimit(1), - // Grafana Enterprise tests localTestPipeline( grafanaVersions[0], diff --git a/.drone/drone.yml b/.drone/drone.yml index 8d4a6e632..07da3f538 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -1,80 +1,4 @@ --- -concurrency: - limit: 1 -kind: pipeline -name: cloud api tests -platform: - arch: amd64 - os: linux -services: [] -steps: -- commands: - - cp /bin/terraform /drone/terraform-provider-grafana/terraform - - chmod a+x /drone/terraform-provider-grafana/terraform - image: hashicorp/terraform - name: download-terraform -- commands: - - make testacc-cloud-api - environment: - GRAFANA_CLOUD_API_KEY: - from_secret: grafana-cloud-api-key - GRAFANA_CLOUD_ORG: - from_secret: grafana-cloud-org - TF_ACC_TERRAFORM_PATH: /drone/terraform-provider-grafana/terraform - image: golang:1.21 - name: tests -trigger: - event: - - promote -type: docker -workspace: - path: /drone/terraform-provider-grafana ---- -concurrency: - limit: 1 -kind: pipeline -name: cloud instance tests -platform: - arch: amd64 - os: linux -services: [] -steps: -- commands: - - cp /bin/terraform /drone/terraform-provider-grafana/terraform - - chmod a+x /drone/terraform-provider-grafana/terraform - image: hashicorp/terraform - name: download-terraform -- commands: - - .drone/wait-for-instance.sh $${GRAFANA_URL} - environment: - GRAFANA_URL: - from_secret: grafana-cloud-instance-url - image: golang:1.21 - name: wait for instance -- commands: - - make testacc-cloud-instance - environment: - GRAFANA_AUTH: - from_secret: grafana-api-token - GRAFANA_ONCALL_ACCESS_TOKEN: - from_secret: grafana-oncall-token - GRAFANA_SM_ACCESS_TOKEN: - from_secret: grafana-sm-token - GRAFANA_URL: - from_secret: grafana-cloud-instance-url - TF_ACC_TERRAFORM_PATH: /drone/terraform-provider-grafana/terraform - image: golang:1.21 - name: tests -trigger: - branch: - - master - event: - - pull_request - - push -type: docker -workspace: - path: /drone/terraform-provider-grafana ---- kind: pipeline name: enterprise tests platform: @@ -327,49 +251,13 @@ type: docker workspace: path: /drone/terraform-provider-grafana --- -get: - name: api-key - path: infra/data/ci/terraform-provider-grafana/cloud -kind: secret -name: grafana-api-token ---- -get: - name: cloud-api-key - path: infra/data/ci/terraform-provider-grafana/cloud -kind: secret -name: grafana-cloud-api-key ---- -get: - name: cloud-instance-url - path: infra/data/ci/terraform-provider-grafana/cloud -kind: secret -name: grafana-cloud-instance-url ---- -get: - name: cloud-org - path: infra/data/ci/terraform-provider-grafana/cloud -kind: secret -name: grafana-cloud-org ---- get: name: license.jwt path: infra/data/ci/terraform-provider-grafana/enterprise kind: secret name: grafana-enterprise-license --- -get: - name: oncall-access-token - path: infra/data/ci/terraform-provider-grafana/cloud -kind: secret -name: grafana-oncall-token ---- -get: - name: sm-access-token - path: infra/data/ci/terraform-provider-grafana/cloud -kind: secret -name: grafana-sm-token ---- kind: signature -hmac: 061cdfaa7468af8377979354d7c30181a55d80187451663d4859d0354b5eea0c +hmac: b2a4d2fd6fbb38a3ea38005a45cfd6db865fb1e0997e5084e00261d05553a240 ... diff --git a/.drone/wait-for-instance.sh b/.drone/wait-for-instance.sh deleted file mode 100755 index 0143c6fee..000000000 --- a/.drone/wait-for-instance.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -set -euxo pipefail - -getStatus() { - curl -I -L -s -o /dev/null -w "%{http_code}" "${1}" -} - -status=$(getStatus "${1}") -i=0 -while [ "${status}" != "200" ]; do - if [ "${i}" -gt "30" ]; then - echo "instance never became ready" - exit 1 - fi - status=$(getStatus "${1}") - i=$((i+1)) - sleep 2 -done diff --git a/.github/workflows/acc-tests.yml b/.github/workflows/acc-tests.yml new file mode 100644 index 000000000..6390083b0 --- /dev/null +++ b/.github/workflows/acc-tests.yml @@ -0,0 +1,39 @@ +name: acceptance tests +on: + pull_request: {} + push: + branches: + - main + - master + +# These permissions are needed to assume roles from Github's OIDC. +permissions: + contents: read + id-token: write + +jobs: + cloudinstance: + concurrency: cloud-instance + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 + with: + go-version: '1.21' + - uses: hashicorp/setup-terraform@v3 + - name: Get Secrets + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + repo_secrets: | + GRAFANA_AUTH: cloud-instance-tests:auth + GRAFANA_ONCALL_ACCESS_TOKEN: cloud-instance-tests:oncall-token + GRAFANA_SM_ACCESS_TOKEN: cloud-instance-tests:sm-token + GRAFANA_URL: cloud-instance-tests:url + - uses: iFaxity/wait-on-action@v1.1.0 + with: + resource: ${{ env.GRAFANA_URL }} + interval: 2000 # 2s + timeout: 30000 # 30s + - run: make testacc-cloud-instance + + # TODO: Enterprise + OSS tests diff --git a/.github/workflows/cloud-acc-tests.yml b/.github/workflows/cloud-acc-tests.yml new file mode 100644 index 000000000..9aad0d1cc --- /dev/null +++ b/.github/workflows/cloud-acc-tests.yml @@ -0,0 +1,34 @@ +name: cloud acceptance tests +on: + workflow_dispatch: + inputs: + tests: + description: 'Tests to run (regex passed to -run)' + default: '.*' + +# These permissions are needed to assume roles from Github's OIDC. +permissions: + contents: read + id-token: write + +jobs: + cloud: + concurrency: cloud-api + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 + with: + go-version: '1.21' + - uses: hashicorp/setup-terraform@v3 + - name: Get Secrets + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + repo_secrets: | + GRAFANA_CLOUD_API_KEY=cloud-tests:api-key + GRAFANA_CLOUD_ORG=cloud-tests:org + - run: make testacc-cloud-api + env: + TESTARGS: -run='${{ github.event.inputs.tests }}' + + diff --git a/.github/workflows/comment-on-pr.yml b/.github/workflows/comment-on-pr.yml index aaa6d589c..b4865d9ae 100644 --- a/.github/workflows/comment-on-pr.yml +++ b/.github/workflows/comment-on-pr.yml @@ -1,3 +1,5 @@ +name: pr comment + on: pull_request_target: @@ -10,8 +12,5 @@ jobs: - uses: mshick/add-pr-comment@v2 with: message: | - In order to lower resource usage and have a faster runtime, PRs will not run Cloud tests automatically. To do so, a Grafana Labs employee must promote the Drone build. - - _For maintainers_, it's better to run only the Cloud tests you need, rather than all of them. You can do so by setting the following parameter when promoting: - - `TESTARGS='-run='` + In order to lower resource usage and have a faster runtime, PRs will not run Cloud tests automatically. + To do so, a Grafana Labs employee must trigger the `cloud acceptance tests` workflow manually. diff --git a/.github/workflows/tests.yml b/.github/workflows/unit-tests.yml similarity index 98% rename from .github/workflows/tests.yml rename to .github/workflows/unit-tests.yml index bb505079c..a34b4583e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/unit-tests.yml @@ -1,4 +1,4 @@ -name: tests +name: unit tests on: pull_request: {} push: