diff --git a/.github/workflows/comment.yaml b/.github/workflows/comment.yaml deleted file mode 100644 index 26ac226df..000000000 --- a/.github/workflows/comment.yaml +++ /dev/null @@ -1,12 +0,0 @@ -name: Comment on the pull request - -on: - workflow_run: - workflows: ["Tests"] - types: - - completed - -jobs: - comment-on-pr: - uses: canonical/operator-workflows/.github/workflows/comment.yaml@main - secrets: inherit diff --git a/.github/workflows/e2e_test.yaml b/.github/workflows/e2e_test.yaml deleted file mode 100644 index 8e9d78381..000000000 --- a/.github/workflows/e2e_test.yaml +++ /dev/null @@ -1,494 +0,0 @@ -name: End-to-End Test - -on: - pull_request: - -jobs: - build-charm: - name: Build Charm - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Remove Unnecessary Components - run: | - rm -rf .git - rm -rf .github - - - name: Write lxd-profile.yaml - run: | - cat << EOF > ./lxd-profile.yaml - config: - security.nesting: true - security.privileged: true - raw.lxc: | - lxc.apparmor.profile=unconfined - lxc.mount.auto=proc:rw sys:rw cgroup:rw - lxc.cgroup.devices.allow=a - lxc.cap.drop= - devices: - kmsg: - path: /dev/kmsg - source: /dev/kmsg - type: unix-char - EOF - - - name: Cache github-runner Charm - uses: actions/cache@v3 - id: cache-charm - with: - path: github-runner_ubuntu-22.04-amd64.charm - key: github-runner-charm-${{ hashFiles('**/*') }} - - - name: Setup LXD - if: steps.cache-charm.outputs.cache-hit != 'true' - uses: canonical/setup-lxd@main - - - name: Install charmcraft - if: steps.cache-charm.outputs.cache-hit != 'true' - run: sudo snap install charmcraft --classic - - - name: Pack github-runner Charm - if: steps.cache-charm.outputs.cache-hit != 'true' - run: charmcraft pack || ( cat ~/.local/state/charmcraft/log/* && exit 1 ) - - - name: Upload github-runner Charm - uses: actions/upload-artifact@v3 - with: - name: dangerous-test-only-github-runner_ubuntu-22.04-amd64.charm - path: github-runner_ubuntu-22.04-amd64.charm - - run-id: - name: Generate Run ID - runs-on: ubuntu-latest - outputs: - run-id: ${{ steps.run-id.outputs.run-id }} - steps: - - name: Generate Run ID - id: run-id - run: | - echo "run-id=e2e-$(LC_ALL=C tr -dc 'a-z' < /dev/urandom | head -c4)" >> $GITHUB_OUTPUT - - deploy-e2e-test-runner: - name: Deploy End-to-End Test Runner (${{ matrix.event.name }}) - runs-on: ubuntu-latest - needs: [build-charm, run-id] - strategy: - matrix: - event: - - name: pull_request - abbreviation: pr - - name: workflow_dispatch - abbreviation: wd - - name: push - abbreviation: push - - name: schedule - abbreviation: sd - - name: issues - abbreviation: is - steps: - - name: Setup Lxd Juju Controller - uses: charmed-kubernetes/actions-operator@main - with: - juju-channel: 3.1/stable - provider: lxd - - - name: Install GitHub Cli - run: which gh || sudo apt install gh -y - - - name: Create Testing Juju Model - run: juju add-model testing - - - name: Set Testing Model Proxy Configuration - run: | - juju model-config juju-http-proxy=$http_proxy - juju model-config juju-https-proxy=$https_proxy - juju model-config juju-no-proxy=$no_proxy - - - name: Change Testing Model Logging Level - run: juju model-config logging-config="=INFO;unit=DEBUG" - - - name: Download github-runner Charm - uses: actions/download-artifact@v3 - with: - name: dangerous-test-only-github-runner_ubuntu-22.04-amd64.charm - - - name: Enable br_netfilter - run: sudo modprobe br_netfilter - - - name: Generate Runner Name - id: runner-name - run: echo name=${{ matrix.event.abbreviation }}-${{ needs.run-id.outputs.run-id }} >> $GITHUB_OUTPUT - - - name: Copy github-runner Charm - run: | - cp github-runner_ubuntu-22.04-amd64.charm /home/$USER/github-runner_ubuntu-22.04-amd64.charm - - - name: Deploy github-runner Charm (Pull Request, Workflow Dispatch and Push) - if: matrix.event.name == 'workflow_dispatch' || matrix.event.name == 'push' || matrix.event.name == 'pull_request' - run: | - juju deploy /home/$USER/github-runner_ubuntu-22.04-amd64.charm \ - ${{ steps.runner-name.outputs.name }} \ - --base ubuntu@22.04 \ - --config path=${{ secrets.E2E_TESTING_REPO }} \ - --config token=${{ secrets.E2E_TESTING_TOKEN }} \ - --config virtual-machines=1 \ - --config denylist=10.0.0.0/8 \ - --config test-mode=insecure - - - name: Checkout branch (Issues, Schedule) - if: matrix.event.name == 'issues' || matrix.event.name == 'schedule' - uses: actions/checkout@v4 - with: - ref: ${{ github.head_ref }} - token: ${{ secrets.E2E_TESTING_TOKEN }} - - name: Create temporary orphan branch (Issues, Schedule) - if: matrix.event.name == 'issues' || matrix.event.name == 'schedule' - run: | - # We dont need all content for the test, so create an orphan branch. - git checkout --orphan ${{ steps.runner-name.outputs.name }} - git reset - - WF_FILE=".github/workflows/schedule_issues_test.yaml" - # Replace workflow event in schedule_issues_test.yaml - if [[ ${{ matrix.event.name }} == 'schedule' ]]; then - sed -i "s/workflow_dispatch:/schedule:\n - cron: '*\/5 * * * *'/" $WF_FILE - else - sed -i "s/workflow_dispatch:/issues:\n types: [opened]/" $WF_FILE - fi - git add $WF_FILE - git config user.name github-actions - git config user.email github-actions@github.com - git commit -m"Add ${{matrix.event.name}} workflow" - git push origin ${{ steps.runner-name.outputs.name }} - - name: Deploy github-runner Charm (Issues, Schedule) - if: matrix.event.name == 'issues' || matrix.event.name == 'schedule' - env: - GH_TOKEN: ${{ secrets.E2E_TESTING_TOKEN }} - run: | - # GitHub does not allow to create multiple forks of the same repo under the same user, - # so we need to create a new repository and push the branch to it. - gh api \ - --method POST \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /user/repos \ - -f name=${{ steps.runner-name.outputs.name }} - - TESTING_REPO=${{ secrets.E2E_TESTING_TOKEN_ORG }}/${{ steps.runner-name.outputs.name }} - - # Create registration token in order to allow listing of runner binaries - gh api \ - --method POST \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - repos/${TESTING_REPO}/actions/runners/registration-token - - # Push the orphan branch to the newly created repo. - git pull origin ${{ steps.runner-name.outputs.name }} - git remote add testing https://github.com/${TESTING_REPO}.git - git push testing ${{ steps.runner-name.outputs.name }}:main - - juju deploy /home/$USER/github-runner_ubuntu-22.04-amd64.charm \ - ${{ steps.runner-name.outputs.name }} \ - --base ubuntu@22.04 \ - --config path=$TESTING_REPO \ - --config token=${{ secrets.E2E_TESTING_TOKEN }} \ - --config virtual-machines=1 \ - --config denylist=10.0.0.0/8 \ - --config test-mode=insecure - - - name: Watch github-runner (Pull Request) - if: matrix.event.name == 'pull_request' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - timeout-minutes: 30 - run: | - juju debug-log --replay --tail & - - while :; do - JOBS=$(gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${{ secrets.E2E_TESTING_REPO }}/actions/runs/$GITHUB_RUN_ID/attempts/$GITHUB_RUN_ATTEMPT/jobs) - CONCLUSION=$(echo $JOBS | jq -r '.jobs[] | select(.name == "End-to-End Test") | .conclusion') - STATUS=$(echo $JOBS | jq -r '.jobs[] | select(.name == "End-to-End Test") | .status') - if [[ $STATUS != "queued" && $STATUS != "in_progress" ]]; then - break - fi - sleep 10 - done - if [[ $STATUS != "completed" || $CONCLUSION != "success" ]]; then - echo "test workflow failed with status: $STATUS, conclusion: $CONCLUSION" - kill $(jobs -p) - exit 1 - fi - - - name: Watch github-runner (Workflow Dispatch and Push) - if: matrix.event.name == 'workflow_dispatch' || matrix.event.name == 'push' - env: - GH_TOKEN: ${{ secrets.E2E_TESTING_TOKEN }} - run: | - juju debug-log --replay --tail & - - # Base any future branches on the current branch - REF_SHA=$(gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${{ secrets.E2E_TESTING_REPO }}/git/ref/heads/$GITHUB_HEAD_REF \ - --jq .object.sha) - - # Create a temporary reference/branch - # For push, this should trigger the "Push Event Tests" workflow automatically - # because the test is run for branches matching the pattern "push-e2e-*" - gh api \ - --method POST \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${{ secrets.E2E_TESTING_REPO }}/git/refs \ - -f ref='refs/heads/${{ steps.runner-name.outputs.name }}' \ - -f sha=$REF_SHA - - # For workflow_dispatch, we need to trigger the "Workflow Dispatch Tests" workflow manually - if ${{ matrix.event.name == 'workflow_dispatch' }}; then - gh workflow run workflow_dispatch_test.yaml \ - -R ${{ secrets.E2E_TESTING_REPO }} \ - --ref ${{ steps.runner-name.outputs.name }} \ - -f runner=${{ steps.runner-name.outputs.name }} - fi - - get-workflow-status() { - # Search recent workflow runs for the one designated by the run-id ref - output=$(gh run list \ - -R ${{ secrets.E2E_TESTING_REPO }} \ - -L 100 \ - --json headBranch,status \ - --jq '[.[] | select(.headBranch=="${{ steps.runner-name.outputs.name }}")]') - - # Workflows that have not started have no status - if [ $(echo "$output" | jq 'length') -eq 0 ] - then - echo "not_started" - else - # Parse output with jq to get the status field of the first object - status=$(echo "$output" | jq -r '.[0].status') - echo "$status" - fi - } - - # Wait for the workflow to start while checking its status - for i in {1..360} - do - status=$(get-workflow-status) - echo "workflow status: $status" - if [[ $status != "not_started" && $status != "queued" && $status != "in_progress" ]]; then - break - fi - sleep 10 - done - - # Make sure the workflow was completed or else consider it failed - conclusion=$(gh run list \ - -R ${{ secrets.E2E_TESTING_REPO }} \ - -L 100 \ - --json headBranch,conclusion \ - --jq '.[] | select(.headBranch=="${{ steps.runner-name.outputs.name }}") | .conclusion') - - if [[ $status != "completed" || $conclusion != "success" ]]; then - echo "test workflow failed with status: $status, conclusion: $conclusion" - kill $(jobs -p) - exit 1 - else - echo "Workflow completed with status: $status, conclusion: $conclusion, run-id: ${{ steps.runner-name.outputs.name }}" - kill $(jobs -p) - fi - - - name: Watch github-runner (Issues, Schedule) - if: matrix.event.name == 'issues' || matrix.event.name == 'schedule' - env: - GH_TOKEN: ${{ secrets.E2E_TESTING_TOKEN }} - run: | - juju debug-log --replay --tail & - - TESTING_REPO=${{ secrets.E2E_TESTING_TOKEN_ORG }}/${{ steps.runner-name.outputs.name }} - - # For issues, we need to trigger the workflow by opening an issue - if ${{ matrix.event.name == 'issues' }}; then - gh api \ - --method POST \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${TESTING_REPO}/issues \ - -f title="Test issue ${{ steps.runner-name.outputs.name }}" - fi - - get-workflow-status() { - # Search recent workflow runs for the one designated by the run-id ref - output=$(gh run list \ - -R ${TESTING_REPO} \ - -L 100 \ - --json headBranch,status,createdAt \ - --jq '[.[] | select(.headBranch=="main")] | sort_by(.createdAt)') - - # Workflows that have not started have no status - if [ $(echo "$output" | jq 'length') -eq 0 ] - then - echo "not_started" - else - # Parse output with jq to get the status field of the first object - status=$(echo "$output" | jq -r '.[0].status') - echo "$status" - fi - } - - # Wait for the workflow to start while checking its status - for i in {1..360} - do - status=$(get-workflow-status) - echo "workflow status: $status" - if [[ $status != "not_started" && $status != "queued" && $status != "in_progress" ]]; then - break - fi - sleep 10 - done - - # Make sure the workflow was completed or else consider it failed - runs=$(gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${TESTING_REPO}/actions/runs \ - --jq '[.workflow_runs[] | select(.head_branch=="main")] | sort_by(.created_at)') - conclusion=$(echo $runs | jq -r '.[0].conclusion') - wf_run_id=$(echo $runs | jq -r '.[0].id') - - logs_filename=${{matrix.event.name}}-workflow-logs.zip - # We retrieve the logs because the testing repo is deleted at the end of the test - gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${TESTING_REPO}/actions/runs/${wf_run_id}/logs > ${logs_filename} \ - || (echo "Failed to retrieve logs from schedule tests" && rm ${logs_filename}) - - - if [[ $status != "completed" || $conclusion != "success" ]]; then - echo "test workflow failed with status: $status, conclusion: $conclusion" - kill $(jobs -p) - exit 1 - else - echo "Workflow completed with status: $status, conclusion: $conclusion, run-id: ${{ steps.runner-name.outputs.name }}" - kill $(jobs -p) - fi - - name: Upload test logs (Issues, Schedule) - if: always() && (matrix.event.name == 'issues' || matrix.event.name == 'schedule') - uses: actions/upload-artifact@v3 - with: - name: ${{matrix.event.name}}-workflow-logs.zip - path: ${{matrix.event.name}}-workflow-logs.zip - if-no-files-found: ignore - - - name: Show Firewall Rules - run: | - juju ssh ${{ steps.runner-name.outputs.name }}/0 sudo nft list ruleset - - - name: Clean Up (Workflow Dispatch and Push) - if: always() && (matrix.event.name == 'workflow_dispatch' || matrix.event.name == 'push') - env: - GH_TOKEN: ${{ github.token }} - run: | - gh api \ - --method DELETE \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "/repos/${{ secrets.E2E_TESTING_REPO }}/git/refs/heads/${{ steps.runner-name.outputs.name }}" - echo "Deleted ref ${{ steps.runner-name.outputs.name }}" - - - name: Clean Up (Issues, Schedule) - if: always() && (matrix.event.name == 'issues' || matrix.event.name == 'schedule') - env: - GH_TOKEN: ${{ secrets.E2E_TESTING_TOKEN }} - run: | - set +e - - gh api \ - --method DELETE \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "/repos/${{ secrets.E2E_TESTING_REPO }}/git/refs/heads/${{ steps.runner-name.outputs.name }}" \ - && echo "Deleted ref ${{ steps.runner-name.outputs.name }}" - - TESTING_REPO=${{ secrets.E2E_TESTING_TOKEN_ORG }}/${{ steps.runner-name.outputs.name }} - - set -e - - gh api \ - --method DELETE \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "/repos/${TESTING_REPO}" - - echo "Deleted repo ${TESTING_REPO}" - - e2e-test: - name: End-to-End Test - needs: [build-charm, run-id] - runs-on: [self-hosted, linux, x64, "pr-${{ needs.run-id.outputs.run-id }}"] - steps: - # Snapd can have some issues in privileged LXD containers without setting - # security.nesting=True and this. - - name: Fix snap issue in privileged LXD containers - run: ln -s /bin/true /usr/local/bin/udevadm - # Below is a series of simple tests to assess the functionality of the newly spawned runner. - - name: Echo hello world - run: echo "hello world" - - name: File permission for /usr/local/bin - run: ls -ld /usr/local/bin | grep drwxrwxrwx - - name: Test file permission for /usr/local/bin - run: touch /usr/local/bin/test_file - # "Install microk8s" step will test if the proxies settings are correct. - - name: Proxy set in /etc/environment - run: cat /etc/environment - # "Update apt in python docker container" step will test docker default proxy settings due to - # pulling the python image. - - name: Proxy set in docker daemon - run: | - [[ -z "${http_proxy}" && -z "${HTTP_PROXY}" ]] \ - || sudo cat /etc/systemd/system/docker.service.d/http-proxy.conf | grep HTTP_PROXY - # "Update apt in python docker container" step will test docker client default proxy settings. - - name: Proxy set in docker client - run: | - [[ -z "${http_proxy}" && -z "${HTTP_PROXY}" ]] \ - || cat /home/ubuntu/.docker/config.json | grep httpProxy - - name: Install microk8s - run: sudo snap install microk8s --classic - - name: Wait for microk8s - timeout-minutes: 10 - run: microk8s status --wait-ready - - name: Deploy nginx for testing - run: microk8s kubectl create deployment nginx --image=nginx - - name: Wait for nginx to be ready - run: microk8s kubectl rollout status deployment/nginx --timeout=30m - - name: Update apt in python docker container - run: docker run python:3.10-slim apt-get update - - name: Docker version - run: docker version - - name: Check python alias for python3 - run: python --version - - name: pip version - run: python3 -m pip --version - - name: npm version - run: npm --version - - name: shellcheck version - run: shellcheck --version - - name: jq version - run: jq --version - - name: yq version - run: yq --version - - name: install check-jsonschema - run: python3 -m pip install check-jsonschema - # `check-jsonschema` is installed using pip. The directory `~/.local/bin` needs to be added to PATH. - - name: test check-jsonschema - run: check-jsonschema --version - - name: Test Firewall - run: | - HOST_IP=$(ip route | grep default | cut -f 3 -d" ") - [ $((ping $HOST_IP -c 5 || :) | grep "Destination Port Unreachable" | wc -l) -eq 5 ] diff --git a/.github/workflows/integration_tests.yaml b/.github/workflows/integration_tests.yaml deleted file mode 100644 index 256589ab2..000000000 --- a/.github/workflows/integration_tests.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: integration-tests - -on: - pull_request: - -jobs: - integration-tests-juju2: - name: Integration test with juju 2.9 - uses: canonical/operator-workflows/.github/workflows/integration_test.yaml@main - secrets: inherit - with: - juju-channel: 2.9/stable - pre-run-script: scripts/pre-integration-test.sh - provider: lxd - test-tox-env: integration-juju2.9 - modules: '["test_charm_fork_repo", "test_charm_no_runner", "test_charm_scheduled_events", "test_charm_one_runner", "test_charm_metrics", "test_self_hosted_runner", "test_charm_with_proxy"]' - integration-tests-juju3: - name: Integration test with juju 3.1 - uses: canonical/operator-workflows/.github/workflows/integration_test.yaml@main - secrets: inherit - with: - juju-channel: 3.1/stable - pre-run-script: scripts/pre-integration-test.sh - provider: lxd - test-tox-env: integration-juju3.1 - modules: '["test_charm_fork_repo", "test_charm_no_runner", "test_charm_scheduled_events", "test_charm_one_runner", "test_charm_metrics", "test_self_hosted_runner", "test_charm_with_proxy"]' diff --git a/.github/workflows/promote_charm.yaml b/.github/workflows/promote_charm.yaml deleted file mode 100644 index 829288dcb..000000000 --- a/.github/workflows/promote_charm.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: Promote charm - -on: - workflow_dispatch: - inputs: - origin-channel: - type: choice - description: 'Origin Channel' - options: - - latest/beta - - latest/edge - destination-channel: - type: choice - description: 'Destination Channel' - options: - - latest/stable - - latest/beta - secrets: - CHARMHUB_TOKEN: - required: true - -jobs: - promote-charm: - uses: canonical/operator-workflows/.github/workflows/promote_charm.yaml@main - with: - origin-channel: ${{ github.event.inputs.origin-channel }} - destination-channel: ${{ github.event.inputs.destination-channel }} - secrets: inherit diff --git a/.github/workflows/publish_charm.yaml b/.github/workflows/publish_charm.yaml deleted file mode 100644 index 514dcc76b..000000000 --- a/.github/workflows/publish_charm.yaml +++ /dev/null @@ -1,13 +0,0 @@ -name: Publish to edge - -on: - push: - branches: - - main - -jobs: - publish-to-edge: - uses: canonical/operator-workflows/.github/workflows/publish_charm.yaml@main - secrets: inherit - with: - channel: latest/edge diff --git a/.github/workflows/push_test.yaml b/.github/workflows/push_test.yaml deleted file mode 100644 index 4bffcd337..000000000 --- a/.github/workflows/push_test.yaml +++ /dev/null @@ -1,14 +0,0 @@ -name: Push Event Tests - -on: - push: - branches: - - push-e2e-* - -jobs: - push-event-tests: - runs-on: [self-hosted, linux, x64, "${{ github.ref_name }}"] - steps: - - name: Echo runner name - run: | - echo "Hello, runner: ${{ github.ref_name }}" diff --git a/.github/workflows/schedule_issues_test.yaml b/.github/workflows/schedule_issues_test.yaml deleted file mode 100644 index 5e4e6ea2f..000000000 --- a/.github/workflows/schedule_issues_test.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: Issues and Schedule Event Tests - -on: - workflow_dispatch: # Replaced by end-to-end test to match 'issues' or 'schedule' - -jobs: - - extract-runner-name: - runs-on: ubuntu-latest - outputs: - name: ${{ steps.extract-runner-name.outputs.name }} - steps: - - name: Extract runner name - id: extract-runner-name - run: | - REPO=${{ github.repository }} - RUNNER_NAME=${REPO#${{ github.repository_owner }}/} - echo name=$RUNNER_NAME >> $GITHUB_OUTPUT - - issues-schedule-event-tests: - needs: [ extract-runner-name ] - runs-on: [ self-hosted, linux, x64, "${{ needs.extract-runner-name.outputs.name }}" ] - steps: - - name: Echo runner name - run: | - echo "Hello, runner: ${{ needs.extract-runner-name.outputs.name }}" diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 99e540d31..4ef68ac59 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -5,7 +5,16 @@ on: jobs: unit-tests: - uses: canonical/operator-workflows/.github/workflows/test.yaml@main - secrets: inherit - with: - self-hosted-runner: false + runs-on: [self-hosted, stg-gh-deploy] + steps: + - uses: actions/checkout@v4.1.1 + - run: echo test + - run: ls -la + - run: ./test.sh + env: + VAULT_APPROLE_ROLE_ID: ${{ secrets.VAULT_APPROLE_ROLE_ID }} + VAULT_APPROLE_SECRET_ID: ${{ secrets.VAULT_APPROLE_SECRET_ID }} + JUJU_CONTROLLER: ${{ secrets.DEPLOY_JUJU_CONTROLLER }} + JUJU_MODEL: ${{ secrets.DEPLOY_JUJU_MODEL }} + VAULT_ADDR: ${{ secrets.DEPLOY_VAULT_ADDR }} + PRODSTACK: ${{ secrets.DEPLOY_PRODSTACK }} diff --git a/.github/workflows/workflow_dispatch_failure_test.yaml b/.github/workflows/workflow_dispatch_failure_test.yaml deleted file mode 100644 index 1cbdb3d85..000000000 --- a/.github/workflows/workflow_dispatch_failure_test.yaml +++ /dev/null @@ -1,23 +0,0 @@ -name: Workflow Dispatch Failure Tests 2a34f8b1-41e4-4bcb-9bbf-7a74e6c482f7 - -# This workflow is for testing only. -# Self-hosted runner managed by the charm is setup to fail this workflow at pre-job step. - -on: - # Manually dispatched workflow action - workflow_dispatch: - inputs: - runner: - description: 'Self hosted gh runner' - required: true - -jobs: - workflow-dispatch-tests: - runs-on: [self-hosted, linux, x64, "${{ inputs.runner }}"] - steps: - - name: Echo input variable and message - run: | - echo "Hello, runner: ${{ inputs.runner }}" - - name: Always echo a message - if: always() - run: echo "Should not echo if pre-job script failed" diff --git a/.github/workflows/workflow_dispatch_test.yaml b/.github/workflows/workflow_dispatch_test.yaml deleted file mode 100644 index 4c9d5ec50..000000000 --- a/.github/workflows/workflow_dispatch_test.yaml +++ /dev/null @@ -1,20 +0,0 @@ -name: Workflow Dispatch Tests - -on: - # Manually dispatched workflow action - workflow_dispatch: - inputs: - runner: - description: 'Self hosted gh runner' - required: true - -jobs: - workflow-dispatch-tests: - runs-on: [self-hosted, linux, x64, "${{ inputs.runner }}"] - steps: - - name: Echo input variable and message - run: | - echo "Hello, runner: ${{ inputs.runner }}" - - name: Always echo a message - if: always() - run: echo "Should not echo if pre-job script failed" diff --git a/test.sh b/test.sh new file mode 100755 index 000000000..092e34c93 --- /dev/null +++ b/test.sh @@ -0,0 +1,83 @@ +#!/bin/bash --login + +# These need to be set as environment variables +MISSING_ENV="false" +if [ -z ${VAULT_APPROLE_ROLE_ID+x} ]; then + echo "VAULT_APPROLE_ROLE_ID needs to be set" + MISSING_ENV="true" +fi +if [ -z ${VAULT_APPROLE_SECRET_ID+x} ]; then + echo "VAULT_APPROLE_SECRET_ID needs to be set" + MISSING_ENV="true" +fi +if [ -z ${JUJU_CONTROLLER+x} ]; then + echo "JUJU_CONTROLLER needs to be set" + MISSING_ENV="true" +fi +if [ -z ${JUJU_MODEL+x} ]; then + echo "JUJU_MODEL needs to be set" + MISSING_ENV="true" +fi +if [ -z ${PRODSTACK+x} ]; then + echo "PRODSTACK needs to be set" + MISSING_ENV="true" +fi +if [ -z ${VAULT_ADDR+x} ]; then + echo "VAULT_ADDR needs to be set" + MISSING_ENV="true" +fi + +if [ ${MISSING_ENV} = "true" ]; then + exit 1 +fi + +export TF_VAR_login_approle_role_id=${VAULT_APPROLE_ROLE_ID} +export TF_VAR_login_approle_secret_id=${VAULT_APPROLE_SECRET_ID} +export VAULT_SECRET_PATH_ROLE=secret/${PRODSTACK}/roles/${JUJU_MODEL##*/} +export VAULT_SECRET_PATH_COMMON=secret/${PRODSTACK}/juju/common + +# Ensure we remove any juju config on any kind of exit +trap "[ -d "${HOME}/.local/share/juju" ] && rm -rf ${HOME}/.local/share/juju/*" EXIT + +sudo snap install juju --channel=3.1/stable +sudo snap install vault + +function vault_auth(){ + if [ -z "${VAULT_TOKEN}" ] || ([ -n "${VAULT_TOKEN}" ] && ! vault token lookup > /dev/null 2>&1 ); then + if [ -n "$TERM" -a "$TERM" != "unknown" ]; then + echo "Authenticating to vault" + fi + VAULT_TOKEN=$(vault write -f -field=token auth/approle/login role_id=${VAULT_APPROLE_ROLE_ID} secret_id=${VAULT_APPROLE_SECRET_ID}) + export VAULT_TOKEN + fi +} + +function load_juju_controller_config(){ + vault_auth + vault read -field=controller_config "${VAULT_SECRET_PATH_COMMON}"/controllers/"${JUJU_CONTROLLER}" | base64 -d - > "${HOME}/.local/share/juju/controllers.yaml" +} + +function load_juju_account_config(){ + vault_auth + USERNAME=$(vault read -field=username "${VAULT_SECRET_PATH_ROLE}"/juju) || return + PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}"/juju) || return + # Watch out for tabs vs spaces when editing the below. First character in each line is a tab + # which is ignored by the heredoc, to prevent script indentation affecting the written file. + cat <<- EOF > "${HOME}/.local/share/juju/accounts.yaml" + controllers: + ${JUJU_CONTROLLER?}: + user: ${USERNAME} + password: ${PASSWORD} + EOF +} + +# Remove any existing juju config before pulling from Vault +[ -d "${HOME}/.local/share/juju" ] && rm -rf ${HOME}/.local/share/juju/* +mkdir -p ${HOME}/.local/share/juju + +echo "Pulling Juju controller config from Vault" +load_juju_controller_config +echo "Pulling Juju account config from Vault" +load_juju_account_config + +juju status