-
Notifications
You must be signed in to change notification settings - Fork 93
111 lines (100 loc) · 4.09 KB
/
test_integration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: "Integration Tests"
on:
push:
schedule:
- cron: "0 0 * * MON"
workflow_dispatch:
jobs:
test-integration:
name: "Pytest Integration"
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
strategy:
matrix:
provider:
- aws
# - do
# - gcp
fail-fast: false
steps:
- name: "Checkout Infrastructure"
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.11
- name: Install Nebari
run: |
pip install .[dev]
conda install --quiet --yes conda-build
playwright install
- name: Retrieve secret from Vault
uses: hashicorp/vault-action@v2.5.0
with:
method: jwt
url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"
namespace: "admin/quansight"
role: "repository-nebari-dev-nebari-role"
secrets: |
kv/data/repository/nebari-dev/nebari/amazon_web_services/nebari-dev-ci role_name | AWS_ROLE_ARN;
kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci project_id | PROJECT_ID;
kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci workload_identity_provider | GCP_WORKFLOW_PROVIDER;
kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci service_account_name | GCP_SERVICE_ACCOUNT;
kv/data/repository/nebari-dev/nebari/azure/nebari-dev-ci/github-nebari-dev-repo-ci tenant_id | ARM_TENANT_ID;
kv/data/repository/nebari-dev/nebari/azure/nebari-dev-ci/github-nebari-dev-repo-ci subscription_id | ARM_SUBSCRIPTION_ID;
kv/data/repository/nebari-dev/nebari/shared_secrets DIGITALOCEAN_TOKEN | DIGITALOCEAN_TOKEN;
kv/data/repository/nebari-dev/nebari/cloudflare/internal-devops@quansight.com/nebari-dev-ci token | CLOUDFLARE_TOKEN;
- name: 'Authenticate to GCP'
if: ${{ matrix.provider == 'gcp' }}
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
create_credentials_file: 'true'
workload_identity_provider: ${{ env.GCP_WORKFLOW_PROVIDER }}
service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
- name: Set required environment variables
if: ${{ matrix.provider == 'gcp' }}
run: |
echo "GOOGLE_CREDENTIALS=${{ env.GOOGLE_APPLICATION_CREDENTIALS }}" >> $GITHUB_ENV
- name: Authenticate to AWS
if: ${{ matrix.provider == 'aws' }}
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
role-session-name: github-action
aws-region: us-west-2
- name: Set Environment AWS
if: ${{ matrix.provider == 'aws' }}
run: |
echo "AWS_REGION=us-west-2" >> $GITHUB_ENV
- name: Set Environment DO
if: ${{ matrix.provider == 'do' }}
run: |
echo "SPACES_ACCESS_KEY_ID=${{ secrets.SPACES_ACCESS_KEY_ID }}" >> $GITHUB_ENV
echo "SPACES_SECRET_ACCESS_KEY=${{ secrets.SPACES_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV
echo "NEBARI_K8S_VERSION"=1.25.12-do.0 >> $GITHUB_ENV
# - name: Integration Tests
# run: |
# pytest --version
# pytest tests/tests_integration/ -vvv -s -m ${{ matrix.provider }}
- name: Cloud Nuke AWS
if: ${{ matrix.provider == 'aws' && always()}}
run: |
set -ex
mkdir -p bin
pushd bin
wget https://github.com/gruntwork-io/cloud-nuke/releases/download/v0.32.0/cloud-nuke_linux_amd64
mv cloud-nuke_linux_amd64 cloud-nuke
chmod +x cloud-nuke
echo "$PWD" >> $GITHUB_PATH
popd
- name: Cloud Nuke Run
if: ${{ matrix.provider == 'aws' && always()}}
run: |
./tests/scripts/nuke-aws.sh
env:
DISABLE_TELEMETRY: TRUE