Migrate 'xray_repository_config' to Plugin Framework #65
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| types: [opened,synchronize] | |
| paths: | |
| - '**.go' | |
| workflow_dispatch: | |
| name: Terraform & OpenTofu Acceptance Tests | |
| jobs: | |
| acceptance-tests-matrix: | |
| name: ${{ matrix.cli }} | |
| runs-on: ubuntu-latest | |
| environment: development | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| cli: [terraform, tofu] | |
| outputs: | |
| artifactory_version: ${{ steps.get_versions.outputs.rt_version }} | |
| xray_version: ${{ steps.get_versions.outputs.xray_version }} | |
| tf_version: ${{ steps.get_terraform_cli_version.outputs.version }} | |
| tofu_version: ${{ steps.get_opentofu_cli_version.outputs.version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Unshallow | |
| run: git fetch --prune --unshallow | |
| - name: Install Helm | |
| uses: azure/[email protected] | |
| - name: Get Artifactory and Xray versions | |
| id: get_versions | |
| env: | |
| XRAY_VERSION: ${{ vars.XRAY_VERSION }} | |
| run: | | |
| helm repo add jfrog https://charts.jfrog.io/ | |
| helm repo update | |
| RT_HELM_CHART_VERSION=$(helm search repo | grep "jfrog/artifactory " | awk '{$1=$1};1' | cut -f2 -d " ") | |
| ARTIFACTORY_VERSION=$(helm search repo | grep "jfrog/artifactory " | awk '{$1=$1};1' | cut -f3 -d " ") | |
| echo "rt_version=$ARTIFACTORY_VERSION" >> "$GITHUB_OUTPUT" | |
| XRAY_HELM_CHART_VERSION=$(helm search repo | grep "jfrog/xray" | awk '{$1=$1};1' | cut -f2 -d " ") | |
| XRAY_VERSION=${XRAY_VERSION:=$(helm search repo | grep "jfrog/xray" | awk '{$1=$1};1' | cut -f3 -d " ")} | |
| echo "XRAY_VERSION=$XRAY_VERSION" >> "$GITHUB_ENV" | |
| echo "xray_version=$XRAY_VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Authenticate with Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GKE_SERVICE_ACCOUNT_JSON }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| with: | |
| install_components: gke-gcloud-auth-plugin | |
| - name: Setup kubectl | |
| uses: azure/setup-kubectl@v4 | |
| - name: Setup k8s cluster | |
| id: create_cluster | |
| env: | |
| GKE_ZONE: ${{ vars.GKE_ZONE }} | |
| GKE_PROJECT: ${{ vars.GKE_PROJECT }} | |
| MACHINE_TYPE: ${{ vars.GKE_MACHINE_TYPE }} | |
| NUM_NODES: ${{ vars.GKE_NUM_NODES }} # default is 3 | |
| run: | | |
| export GKE_CLUSTER=tf-provider-xray-${{ matrix.cli }}-$(date +%s) | |
| echo "GKE_CLUSTER=$GKE_CLUSTER" >> "$GITHUB_ENV" | |
| echo "Whitelist Pipelines Node CIDR to be able to run Artifactory and Xray tests. Same variable is used in gke/create_cluster step to restrict access to the control plane." | |
| export WHITELIST_CIDR=$(curl -s ifconfig.me)/32 | |
| echo "WHITELIST_CIDR=$WHITELIST_CIDR" >> "$GITHUB_ENV" | |
| echo "Creating GKE cluster ${GKE_CLUSTER} using default authentication" | |
| gcloud container clusters create "$GKE_CLUSTER" --zone "$GKE_ZONE" \ | |
| --node-locations "$GKE_ZONE" --num-nodes "${NUM_NODES:-5}" --enable-autoscaling \ | |
| --machine-type "$MACHINE_TYPE" \ | |
| --disk-size 50Gi \ | |
| --min-nodes 1 --max-nodes 5 --project "$GKE_PROJECT" | |
| # --enable-master-authorized-networks \ | |
| # --master-authorized-networks "$WHITELIST_CIDR" | |
| # add your NAT CIDR to whitelist local or CI/CD NAT IP. Set WHITELIST_CIDR in CI/CD to add CIDR to the list automatically. | |
| gcloud container clusters get-credentials "$GKE_CLUSTER" --zone "$GKE_ZONE" --project "$GKE_PROJECT" | |
| - name: Install Artifactory | |
| id: install_artifactory | |
| env: | |
| ARTIFACTORY_LICENSE: ${{ secrets.ARTIFACTORY_LICENSE }} | |
| run: | | |
| echo "Creating Artifactory License Secret" | |
| echo $ARTIFACTORY_LICENSE > ${{ runner.temp }}/artifactory.cluster.license | |
| kubectl create secret generic artifactory-license --from-file=${{ runner.temp }}/artifactory.cluster.license | |
| MASTER_KEY=$(openssl rand -hex 32) | |
| echo "::add-mask::$MASTER_KEY" | |
| echo "MASTER_KEY=$MASTER_KEY" >> "$GITHUB_ENV" | |
| JOIN_KEY=$(openssl rand -hex 32) | |
| echo "::add-mask::$JOIN_KEY" | |
| echo "JOIN_KEY=$JOIN_KEY" >> "$GITHUB_ENV" | |
| helm upgrade --install artifactory jfrog/artifactory \ | |
| --set artifactory.masterKey=$MASTER_KEY \ | |
| --set artifactory.joinKey=$JOIN_KEY \ | |
| --set artifactory.license.secret=artifactory-license \ | |
| --set artifactory.license.dataKey=artifactory.cluster.license \ | |
| --set artifactory.persistence.size=50Gi \ | |
| --set nginx.service.ssloffload=true \ | |
| --set postgresql.persistence.size=50Gi | |
| # --set nginx.service.loadBalancerSourceRanges="{$WHITELIST_CIDR}" \ | |
| echo "Waiting for Artifactory roll out" | |
| kubectl rollout status deployment/artifactory-artifactory-nginx | |
| kubectl rollout status statefulset/artifactory | |
| SERVICE_IP=$(kubectl get svc --namespace default artifactory-artifactory-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') | |
| JFROG_URL=http://$SERVICE_IP | |
| echo "JFROG_URL=$JFROG_URL" >> "$GITHUB_ENV" | |
| echo "JFrog URL: $JFROG_URL" | |
| - name: Get access token | |
| id: get_access_token | |
| run: | | |
| echo "Get cookie to generate Access token" | |
| COOKIES=$(curl -s -c - "${JFROG_URL}/ui/api/v1/ui/auth/login?_spring_security_remember_me=false" \ | |
| --header "accept: application/json, text/plain, */*" \ | |
| --header "content-type: application/json;charset=UTF-8" \ | |
| --header "x-requested-with: XMLHttpRequest" \ | |
| -d '{"user":"admin","password":"${{ secrets.ARTIFACTORY_PASSWORD }}","type":"login"}' | grep FALSE) | |
| REFRESHTOKEN=$(echo $COOKIES | grep REFRESHTOKEN | awk '{print $7}') | |
| ACCESSTOKEN=$(echo $COOKIES | grep ACCESSTOKEN | awk '{print $14}') | |
| JFROG_ACCESS_TOKEN=$(curl -s -g --request GET "${JFROG_URL}/ui/api/v1/system/security/token?services[]=all" \ | |
| --header "accept: application/json, text/plain, */*" \ | |
| --header "x-requested-with: XMLHttpRequest" \ | |
| --header "cookie: ACCESSTOKEN=${ACCESSTOKEN}; REFRESHTOKEN=${REFRESHTOKEN}") | |
| echo "::add-mask::$JFROG_ACCESS_TOKEN" | |
| echo "JFROG_ACCESS_TOKEN=$JFROG_ACCESS_TOKEN" >> "$GITHUB_ENV" | |
| - name: Install Xray | |
| id: install_xray | |
| run: | | |
| helm upgrade --install xray jfrog/xray \ | |
| --version $XRAY_VERSION | |
| --set postgresql.persistence.size=200Gi \ | |
| --set xray.jfrogUrl=http://artifactory-artifactory-nginx \ | |
| --set xray.masterKey=$MASTER_KEY \ | |
| --set xray.joinKey=$JOIN_KEY \ | |
| --set xray.serviceAccount.create=true \ | |
| --set xray.rbac.create=true | |
| kubectl rollout status statefulset/xray-postgresql | |
| kubectl rollout status statefulset/xray-rabbitmq | |
| kubectl rollout status statefulset/xray | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.21 | |
| - name: Install Terraform CLI | |
| uses: hashicorp/setup-terraform@v3 | |
| if: ${{ matrix.cli == 'terraform' }} | |
| - name: Get Terraform CLI version | |
| id: get_terraform_cli_version | |
| if: ${{ matrix.cli == 'terraform' }} | |
| run: | | |
| TF_VERSION=$(terraform -v -json | jq -r .terraform_version) | |
| echo $TF_VERSION | |
| echo "version=$TF_VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Install OpenTofu CLI | |
| uses: opentofu/setup-opentofu@v1 | |
| if: ${{ matrix.cli == 'tofu' }} | |
| with: | |
| tofu_wrapper: false | |
| - name: Get OpenTofu CLI version | |
| id: get_opentofu_cli_version | |
| if: ${{ matrix.cli == 'tofu' }} | |
| run: | | |
| echo "TF_ACC_TERRAFORM_PATH=$(which tofu)" >> "$GITHUB_ENV" | |
| echo "TF_ACC_PROVIDER_NAMESPACE=hashicorp" >> "$GITHUB_ENV" | |
| echo "TF_ACC_PROVIDER_HOST=registry.opentofu.org" >> "$GITHUB_ENV" | |
| TOFU_VERSION=$(tofu -v -json | jq -r .terraform_version) | |
| echo $TOFU_VERSION | |
| echo "version=$TOFU_VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Install GoReleaser | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| install-only: true | |
| - name: Execute acceptance tests | |
| env: | |
| JFROG_JAS_DISABLED: true | |
| run: make acceptance -e TARGET_ARCH=linux_amd64 | |
| - name: Install provider | |
| run: | | |
| export PROVIDER_VERSION=$(git describe --tags --abbrev=0 | sed -n 's/v\([0-9]*\).\([0-9]*\).\([0-9]*\)/\1.\2.\3/p') | |
| cat sample.tf | sed -e "s/version =.*/version = \"${PROVIDER_VERSION}\"/g" > sample.tf.tmp | |
| cp sample.tf.tmp sample.tf && rm sample.tf.tmp | |
| TERRAFORM_CLI=${{ matrix.cli }} make install | |
| - name: Send workflow status to Slack | |
| uses: slackapi/[email protected] | |
| if: always() | |
| with: | |
| payload: | | |
| { | |
| "text": "${{ github.workflow }} https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ github.job }} ${{ matrix.cli }} GitHub Action result: ${{ job.status == 'success' && ':white_check_mark:' || ':x:' }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}", | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "${{ github.workflow }} <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ github.job }}|${{ matrix.cli }} GitHub Action result>: ${{ job.status == 'success' && ':white_check_mark:' || ':x:' }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_PR_WEBHOOK }} | |
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
| - name: Delete GKE cluster | |
| if: always() && steps.create_cluster.conclusion == 'success' | |
| env: | |
| GKE_ZONE: ${{ vars.GKE_ZONE }} | |
| GKE_PROJECT: ${{ vars.GKE_PROJECT }} | |
| run: | | |
| echo "Deleting GKE cluster ${GKE_CLUSTER} using default authentication" | |
| gcloud container clusters delete "${GKE_CLUSTER}" --zone "${GKE_ZONE}" --project "${GKE_PROJECT}" --quiet | |
| echo "GKE cluster ${GKE_CLUSTER} was successfully deleted" | |
| update-changelog: | |
| runs-on: ubuntu-latest | |
| needs: [acceptance-tests-matrix] | |
| if: | | |
| always() && | |
| (github.event_name == 'pull_request' && needs.acceptance-tests-matrix.result == 'success') | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Update CHANGELOG and push commit | |
| env: | |
| ARTIFACTORY_VERSION: ${{ needs.acceptance-tests-matrix.outputs.artifactory_version }} | |
| XRAY_VERSION: ${{ needs.acceptance-tests-matrix.outputs.xray_version }} | |
| TERRAFORM_VERSION: ${{ needs.acceptance-tests-matrix.outputs.tf_version }} | |
| OPENTOFU_VERSION: ${{ needs.acceptance-tests-matrix.outputs.tofu_version }} | |
| run: | | |
| echo "Adding Artifactory version to CHANGELOG.md" | |
| sed -i -E "0,/(##\s.+\..+\..+\s\(.+\)).*/ s/(##\s.+\..+\..+\s\(.+\)).*/\1. Tested on Artifactory $ARTIFACTORY_VERSION and Xray $XRAY_VERSION with Terraform $TERRAFORM_VERSION and OpenTofu $OPENTOFU_VERSION/" CHANGELOG.md | |
| head -10 CHANGELOG.md | |
| git add CHANGELOG.md | |
| export REGEX="Changes to be committed*" | |
| export GIT_STATUS=$(git status) | |
| if [[ ${GIT_STATUS} =~ ${REGEX} ]]; then | |
| echo "Commiting changes" | |
| git config --global user.name 'JFrog CI' | |
| git config --global user.email '[email protected]' | |
| git config --get user.name | |
| git config --get user.email | |
| git commit --author="JFrog CI <[email protected]>" -m "JFrog Pipelines - Add Artifactory version to CHANGELOG.md" | |
| git push | |
| else | |
| echo "There is nothing to commit: Artifactory version hadn't changed." | |
| fi | |
| - name: Send workflow status to Slack | |
| uses: slackapi/[email protected] | |
| if: success() | |
| with: | |
| payload: | | |
| { | |
| "text": "Terraform Provider Platform. A new PR was submitted by ${{ github.event.pull_request.user.login }} - ${{ github.event.pull_request.html_url }}, branch ${{ github.event.pull_request.base.ref }}. Changes tested successfully. <@U01H1SLSPA8> or <@UNDRUL1EU> please, review and merge.", | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "<http://github.com/${{ github.repository }}|Terraform Provider Platform>. A new PR was submitted by *${{ github.event.pull_request.user.login }}* - <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>, branch *${{ github.event.pull_request.base.ref }}*. Changes tested successfully. <@U01H1SLSPA8> or <@UNDRUL1EU> please, review and merge." | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_PR_WEBHOOK }} | |
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK |