Skip to content

ci: use GitHub app for ephemeral tokens (#160) #317

ci: use GitHub app for ephemeral tokens (#160)

ci: use GitHub app for ephemeral tokens (#160) #317

Workflow file for this run

name: e2e
on:
push:
branches:
- main
paths-ignore:
- '*.md'
- '*.asciidoc'
- 'docs/**'
pull_request:
paths-ignore:
- '*.md'
- '*.asciidoc'
- 'docs/**'
permissions:
contents: read
id-token: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
env:
# (keep_serverless-staging-oblt, keep_serverless-qa-oblt or serverless-production-oblt)
SERVERLESS_PROJECT: serverless-production-oblt
# NOTE: if you add a new job and it's a mandatory check then
# update e2e-docs.yml
jobs:
test:
# If no PR event or if a PR event that's caused by a non-fork and non dependabot actor
if: github.event_name != 'pull_request' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false && github.actor != 'dependabot[bot]' )
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Bootstrap Action Workspace
id: bootstrap
uses: ./.github/workflows/bootstrap
- uses: elastic/oblt-actions/google/auth@v1
- name: Get token
id: get_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }}
private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }}
permissions: >-
{
"contents": "read"
}
repositories: >-
["observability-test-environments"]
- uses: elastic/oblt-actions/oblt-cli/cluster-credentials@v1
with:
github-token: ${{ steps.get_token.outputs.token }}
cluster-name: ${{ env.SERVERLESS_PROJECT }}
- uses: google-github-actions/get-secretmanager-secrets@95a0b09b8348ef3d02c68c6ba5662a037e78d713 # v2.1.4
with:
export_to_environment: true
secrets: |-
E2E__BROWSEREMAIL:elastic-observability/elastic-cloud-observability-team-pro-username
E2E__BROWSERPASSWORD:elastic-observability/elastic-cloud-observability-team-pro-password
- name: End-to-end tests
run: ./build.sh test --test-suite=e2e
env:
E2E__ENDPOINT: "${{env.ELASTIC_APM_SERVER_URL}}"
E2E__AUTHORIZATION: "Authorization=ApiKey ${{env.ELASTIC_APM_API_KEY}}"
- name: Upload Playwright traces
uses: actions/upload-artifact@v4
if: always()
with:
name: playwright-traces
path: .artifacts/playwright-traces/*-screenshot.jpeg
retention-days: 1