Fix secret cleanup issue #1792
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: E2E Tests on Kind | |
on: | |
workflow_dispatch: # yamllint disable-line | |
pull_request_target: | |
types: [opened, synchronize, reopened] | |
paths: | |
- '**.go' | |
jobs: | |
e2e-tests: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
name: e2e tests | |
runs-on: ubuntu-latest | |
env: | |
# https://github.com/google/go-containerregistry/pull/125 allows insecure registry for | |
# '*.local' hostnames. This works both for `ko` and our own tag-to-digest resolution logic, | |
# thus allowing us to test without bypassing tag-to-digest resolution. | |
REGISTRY_NAME: registry.local | |
REGISTRY_PORT: 5000 | |
KO_DOCKER_REPO: registry.local:5000/ko | |
CONTROLLER_DOMAIN_URL: controller.paac-127-0-0-1.nip.io | |
TEST_GITHUB_REPO_OWNER_GITHUBAPP: openshift-pipelines/pipelines-as-code-e2e-tests | |
# TEST_GITHUB_REPO_OWNER_WEBHOOK: pac/pac-test-webhooks | |
KUBECONFIG: /home/runner/.kube/config.kind | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache/go-build | |
~/.cache/pip | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Install and run gosmee | |
run: | | |
go install -v github.com/chmouel/gosmee@main | |
nohup gosmee client --saveDir /tmp/gosmee-replay ${{ secrets.PYSMEE_URL }} http://${CONTROLLER_DOMAIN_URL} & | |
- name: Install ko | |
run: curl -sfL https://github.com/google/ko/releases/download/v0.14.1/ko_0.14.1_Linux_x86_64.tar.gz -o-|tar xvzf - -C /usr/local/bin ko | |
- name: Start installing cluster | |
run: | | |
export PAC_DIR=${PWD} | |
export TEST_GITEA_SMEEURL="${{ secrets.TEST_GITEA_SMEEURL }}" | |
bash -x ./hack/dev/kind/install.sh | |
- name: Create PAC github-app-secret | |
run: | | |
kubectl delete secret -n pipelines-as-code pipelines-as-code-secret || true | |
kubectl -n pipelines-as-code create secret generic pipelines-as-code-secret \ | |
--from-literal github-private-key="${{ secrets.APP_PRIVATE_KEY }}" \ | |
--from-literal github-application-id=${{ secrets.APPLICATION_ID }} \ | |
--from-literal webhook.secret=${{ secrets.WEBHOOK_SECRET }} | |
# Disable Bitbucket Cloud Source IP check, since we should be god here. | |
kubectl patch configmap -n pipelines-as-code -p "{\"data\":{\"bitbucket-cloud-check-source-ip\": \"false\"}}" \ | |
--type merge pipelines-as-code | |
# restart controller | |
kubectl -n pipelines-as-code delete pod -l app.kubernetes.io/name=controller | |
# wait for controller to start | |
i=0 | |
for tt in pipelines-as-code-controller;do | |
while true;do | |
[[ ${i} == 120 ]] && exit 1 | |
ep=$(kubectl get ep -n pipelines-as-code ${tt} -o jsonpath='{.subsets[*].addresses[*].ip}') | |
[[ -n ${ep} ]] && break | |
sleep 2 | |
i=$((i+1)) | |
done | |
done | |
- name: Run E2E Tests | |
run: | | |
# Nothing specific to webhook here it just that repo is private in that org and that's what we want to test | |
export TEST_GITHUB_PRIVATE_TASK_URL="https://github.com/openshift-pipelines/pipelines-as-code-e2e-tests-private/blob/main/remote_task.yaml" | |
export TEST_GITHUB_PRIVATE_TASK_NAME="task-remote" | |
export GO_TEST_FLAGS="-v -race -failfast" | |
export TEST_BITBUCKET_CLOUD_API_URL=https://api.bitbucket.org/2.0 | |
export TEST_BITBUCKET_CLOUD_E2E_REPOSITORY=cboudjna/pac-e2e-tests | |
export TEST_BITBUCKET_CLOUD_TOKEN=${{ secrets.BITBUCKET_CLOUD_TOKEN }} | |
export TEST_BITBUCKET_CLOUD_USER=cboudjna | |
export TEST_EL_URL="http://${CONTROLLER_DOMAIN_URL}" | |
export TEST_EL_WEBHOOK_SECRET="${{ secrets.WEBHOOK_SECRET }}" | |
export TEST_GITEA_API_URL="http://localhost:3000" | |
## This is the URL used to forward requests from the webhook to the paac controller | |
## badly named! | |
export TEST_GITEA_SMEEURL="${{ secrets.TEST_GITEA_SMEEURL }}" | |
export TEST_GITEA_USERNAME=pac | |
export TEST_GITEA_PASSWORD=pac | |
export TEST_GITEA_REPO_OWNER=pac/pac | |
export TEST_GITHUB_API_URL=api.github.com | |
export TEST_GITHUB_REPO_INSTALLATION_ID="${{ secrets.INSTALLATION_ID }}" | |
export TEST_GITHUB_REPO_OWNER_GITHUBAPP=openshift-pipelines/pipelines-as-code-e2e-tests | |
export TEST_GITHUB_REPO_OWNER_WEBHOOK=openshift-pipelines/pipelines-as-code-e2e-tests-webhook | |
export TEST_GITHUB_TOKEN="${{ secrets.GH_APPS_TOKEN }}" | |
export TEST_GITLAB_API_URL="https://gitlab.com" | |
export TEST_GITLAB_PROJECT_ID="34405323" | |
export TEST_GITLAB_TOKEN=${{ secrets.GITLAB_TOKEN }} | |
# https://gitlab.com/gitlab-com/alliances/ibm-red-hat/sandbox/openshift-pipelines/pac-e2e-tests | |
make test-e2e | |
# - name: Setup tmate session | |
# uses: mxschmitt/action-tmate@v3 | |
- name: Collect logs | |
if: ${{ always() }} | |
run: | | |
mkdir -p /tmp/logs | |
kind export logs /tmp/logs | |
[[ -d /tmp/gosmee-replay ]] && cp -a /tmp/gosmee-replay /tmp/logs/ | |
kubectl get pipelineruns -A -o yaml > /tmp/logs/pac-pipelineruns.yaml | |
kubectl get repositories.pipelinesascode.tekton.dev -A -o yaml > /tmp/logs/pac-repositories.yaml | |
kubectl get configmap -n pipelines-as-code -o yaml > /tmp/logs/pac-configmap | |
kubectl get events -A > /tmp/logs/events | |
- name: Upload artifacts | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: logs | |
path: /tmp/logs |