Skip to content

Commit

Permalink
init
Browse files Browse the repository at this point in the history 
Signed-off-by: vinayada1 <[email protected]>
  • Loading branch information
@vinayada1
vinayada1 committed Mar 27, 2024
1 parent ea43fb0 commit 34dfce5
Showing 1 changed file with 115 additions and 3 deletions.
118 changes: 115 additions & 3 deletions .github/workflows/functional-test-noncloud.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,14 @@ permissions:
packages: write # Required for uploading the package

on:
schedule:
# Run every 4 hours on weekdays.
- cron: "30 0,4,8,12,16,20 * * 1-5"
# Run every 12 hours on weekends.
- cron: "30 0,12 * * 0,6"
# Dispatch on external events
repository_dispatch:
types: [de-functional-test]
pull_request:
branches:
- main
Expand All @@ -45,16 +53,26 @@ env:
DAPR_DASHBOARD_VER: '0.14.0'
# Kubectl version
KUBECTL_VER: 'v1.25.0'
# Azure Keyvault CSI driver chart version
AZURE_KEYVAULT_CSI_DRIVER_VER: '1.4.2'
# Azure workload identity webhook chart version
AZURE_WORKLOAD_IDENTITY_WEBHOOK_VER: '1.1.0'
# Container registry for storing container images
CONTAINER_REGISTRY: ghcr.io/radius-project/dev
# Container registry for storing Bicep recipe artifacts
BICEP_RECIPE_REGISTRY: ghcr.io/radius-project/dev
# The radius functional test timeout
FUNCTIONALTEST_TIMEOUT: 60m
# The Azure Location to store test resources
AZURE_LOCATION: westus3
# The base directory for storing test logs
RADIUS_CONTAINER_LOG_BASE: dist/container_logs
# The Radius helm chart location.
RADIUS_CHART_LOCATION: deploy/Chart/
# The region for AWS resources
AWS_REGION: 'us-west-2'
# The AWS account ID
AWS_ACCOUNT_ID: '${{ secrets.FUNCTEST_AWS_ACCOUNT_ID }}'
# The current GitHub action link
ACTION_LINK: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
# Server where terraform test modules are deployed
Expand All @@ -68,6 +86,7 @@ jobs:
build:
name: Build Radius for test
runs-on: ubuntu-latest
if: github.event_name == 'repository_dispatch' || (github.event_name == 'schedule' && github.repository == 'radius-project/radius') || github.event_name == 'workflow_run'
env:
DE_IMAGE: 'ghcr.io/radius-project/deployment-engine'
DE_TAG: 'latest'
Expand Down Expand Up @@ -159,6 +178,7 @@ jobs:
echo "UNIQUE_ID=${UNIQUE_ID}" >> $GITHUB_OUTPUT
echo "CHECKOUT_REPO=${{ env.CHECKOUT_REPO }}" >> $GITHUB_OUTPUT
echo "CHECKOUT_REF=${{ env.CHECKOUT_REF }}" >> $GITHUB_OUTPUT
echo "AZURE_TEST_RESOURCE_GROUP=radtest-${UNIQUE_ID}" >> $GITHUB_OUTPUT
echo "RAD_CLI_ARTIFACT_NAME=rad_cli_linux_amd64" >> $GITHUB_OUTPUT
echo "PR_NUMBER=${{ env.PR_NUMBER }}" >> $GITHUB_OUTPUT
echo "DE_IMAGE=${{ env.DE_IMAGE }}" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -190,6 +210,8 @@ jobs:
* gotestsum ${{ env.GOTESTSUM_VER }}
* KinD: ${{ env.KIND_VER }}
* Dapr: ${{ env.DAPR_VER }}
* Azure KeyVault CSI driver: ${{ env.AZURE_KEYVAULT_CSI_DRIVER_VER }}
* Azure Workload identity webhook: ${{ env.AZURE_WORKLOAD_IDENTITY_WEBHOOK_VER }}
* Bicep recipe location `${{ env.BICEP_RECIPE_REGISTRY }}/test/testrecipes/test-bicep-recipes/<name>:${{ env.REL_VERSION }}`
* Terraform recipe location `${{ env.TF_RECIPE_MODULE_SERVER_URL }}/<name>.zip` (in cluster)
* applications-rp test image location: `${{ env.CONTAINER_REGISTRY }}/applications-rp:${{ env.REL_VERSION }}`
Expand Down Expand Up @@ -311,6 +333,7 @@ jobs:
CHECKOUT_REPO: ${{ needs.build.outputs.CHECKOUT_REPO }}
CHECKOUT_REF: ${{ needs.build.outputs.CHECKOUT_REF }}
PR_NUMBER: ${{ needs.build.outputs.PR_NUMBER }}
AZURE_TEST_RESOURCE_GROUP: radtest-${{ needs.build.outputs.UNIQUE_ID }}-${{ matrix.name }}
RAD_CLI_ARTIFACT_NAME: ${{ needs.build.outputs.RAD_CLI_ARTIFACT_NAME }}
BICEP_RECIPE_TAG_VERSION: ${{ needs.build.outputs.REL_VERSION }}
DE_IMAGE: ${{ needs.build.outputs.DE_IMAGE }}
Expand Down Expand Up @@ -365,6 +388,12 @@ jobs:
with:
name: ${{ env.RAD_CLI_ARTIFACT_NAME }}
path: bin
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_SP_TESTS_APPID }}
tenant-id: ${{ secrets.AZURE_SP_TESTS_TENANTID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID_TESTS }}
- uses: marocchino/sticky-pull-request-comment@v2
continue-on-error: true
with:
Expand All @@ -374,18 +403,73 @@ jobs:
append: true
message: |
:hourglass: Starting ${{ matrix.name }} functional tests...
- name: Create azure resource group - ${{ env.AZURE_TEST_RESOURCE_GROUP }}
run: |
current_time=$(date +%s)
az group create \
--location ${{ env.AZURE_LOCATION }} \
--name $RESOURCE_GROUP \
--subscription ${{ secrets.AZURE_SUBSCRIPTIONID_TESTS }} \
--tags creationTime=$current_time
while [ $(az group exists --name $RESOURCE_GROUP) = false ]; do sleep 2; done
env:
RESOURCE_GROUP: ${{ env.AZURE_TEST_RESOURCE_GROUP }}
- uses: azure/setup-helm@v3
with:
version: ${{ env.HELM_VER }}
- name: Create KinD cluster
run: |
curl -sSLo "kind" "https://github.com/kubernetes-sigs/kind/releases/download/${{ env.KIND_VER }}/kind-linux-amd64"
chmod +x ./kind
# Populate the following environment variables for Azure workload identity from secrets.
# AZURE_OIDC_ISSUER_PUBLIC_KEY
# AZURE_OIDC_ISSUER_PRIVATE_KEY
# AZURE_OIDC_ISSUER
eval "export $(echo "${{ secrets.FUNCTEST_AZURE_OIDC_JSON }}" | jq -r 'to_entries | map("\(.key)=\(.value)") | @sh')"
AUTHKEY=$(echo -n "${{ github.actor }}:${{ secrets.GH_RAD_CI_BOT_PAT }}" | base64)
echo "{\"auths\":{\"ghcr.io\":{\"auth\":\"${AUTHKEY}\"}}}" > "./ghcr_secret.json"
# Create KinD cluster with OIDC Issuer keys
echo $AZURE_OIDC_ISSUER_PUBLIC_KEY | base64 -d > sa.pub
echo $AZURE_OIDC_ISSUER_PRIVATE_KEY | base64 -d > sa.key
cat <<EOF | ./kind create cluster --name radius --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraMounts:
- hostPath: ./sa.pub
containerPath: /etc/kubernetes/pki/sa.pub
- hostPath: ./sa.key
containerPath: /etc/kubernetes/pki/sa.key
- hostPath: ./ghcr_secret.json
containerPath: /var/lib/kubelet/config.json
kubeadmConfigPatches:
- |
kind: ClusterConfiguration
apiServer:
extraArgs:
service-account-issuer: $AZURE_OIDC_ISSUER
service-account-key-file: /etc/kubernetes/pki/sa.pub
service-account-signing-key-file: /etc/kubernetes/pki/sa.key
controllerManager:
extraArgs:
service-account-private-key-file: /etc/kubernetes/pki/sa.key
EOF
- name: Install dapr into cluster
run: |
wget -q https://raw.githubusercontent.com/dapr/cli/master/install/install.sh -O - | /bin/bash -s ${{ env.DAPR_VER }}
dapr init -k --wait --timeout 600 --runtime-version ${{ env.DAPR_VER }} --dashboard-version ${{ env.DAPR_DASHBOARD_VER }}
- name: Install Azure Keyvault CSI driver chart
run: |
helm repo add csi-secrets-store-provider-azure https://azure.github.io/secrets-store-csi-driver-provider-azure/charts
helm install csi csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --version ${{ env.AZURE_KEYVAULT_CSI_DRIVER_VER }}
- name: Install azure workload identity webhook chart
run: |
helm repo add azure-workload-identity https://azure.github.io/azure-workload-identity/charts
helm install workload-identity-webhook azure-workload-identity/workload-identity-webhook --namespace radius-default --create-namespace --version ${{ env.AZURE_WORKLOAD_IDENTITY_WEBHOOK_VER }} --set azureTenantID=${{ secrets.AZURE_SP_TESTS_TENANTID }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
Expand Down Expand Up @@ -431,6 +515,17 @@ jobs:
rad env create kind-radius --namespace default
rad env switch kind-radius
echo "*** Configuring Azure provider ***"
rad env update kind-radius --azure-subscription-id ${{ secrets.AZURE_SUBSCRIPTIONID_TESTS }} \
--azure-resource-group ${{ env.AZURE_TEST_RESOURCE_GROUP }}
rad credential register azure --client-id ${{ secrets.AZURE_SP_TESTS_APPID }} \
--client-secret ${{ secrets.INTEGRATION_TEST_SP_PASSWORD }} \
--tenant-id ${{ secrets.AZURE_SP_TESTS_TENANTID }}
echo "*** Configuring AWS provider ***"
rad env update kind-radius --aws-region ${{ env.AWS_REGION }} --aws-account-id ${{ secrets.FUNCTEST_AWS_ACCOUNT_ID }}
rad credential register aws \
--access-key-id ${{ secrets.FUNCTEST_AWS_ACCESS_KEY_ID }} --secret-access-key ${{ secrets.FUNCTEST_AWS_SECRET_ACCESS_KEY }}
- uses: marocchino/sticky-pull-request-comment@v2
if: failure() && env.PR_NUMBER != ''
continue-on-error: true
Expand All @@ -444,26 +539,43 @@ jobs:
- name: Publish Terraform test recipes
run: |
make publish-test-terraform-recipes
- name: Run functional tests that do not require cloud resources
- name: Run functional tests with no cloud resources
run: |
# Ensure rad cli is in path before running tests.
export PATH=$GITHUB_WORKSPACE/bin:$PATH
cd $GITHUB_WORKSPACE
which rad || { echo "cannot find rad"; exit 1; }
# Populate the following test environment variables from JSON secret.
# AZURE_MONGODB_RESOURCE_ID
# AZURE_COSMOS_MONGODB_ACCOUNT_ID
# AZURE_TABLESTORAGE_RESOURCE_ID
# AZURE_SERVICEBUS_RESOURCE_ID
# AZURE_REDIS_RESOURCE_ID
# AZURE_MSSQL_RESOURCE_ID
# AZURE_MSSQL_USERNAME
# AZURE_MSSQL_PASSWORD
eval "export $(echo "${{ secrets.FUNCTEST_PREPROVISIONED_RESOURCE_JSON }}" | jq -r 'to_entries | map("\(.key)=\(.value)") | @sh')"
make test-functional-${{ matrix.name }}-noncloud
env:
DOCKER_REGISTRY: ${{ env.CONTAINER_REGISTRY }}
TEST_TIMEOUT: ${{ env.FUNCTIONALTEST_TIMEOUT }}
RADIUS_CONTAINER_LOG_PATH: ${{ github.workspace }}/${{ env.RADIUS_CONTAINER_LOG_BASE }}
AWS_ACCESS_KEY_ID: ${{ secrets.FUNCTEST_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.FUNCTEST_AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ env.AWS_REGION }}
RADIUS_SAMPLES_REPO_ROOT: ${{ github.workspace }}/samples
# Test_MongoDB_Recipe_Parameters is using the following environment variable.
INTEGRATION_TEST_RESOURCE_GROUP_NAME: ${{ env.AZURE_TEST_RESOURCE_GROUP }}
BICEP_RECIPE_REGISTRY: ${{ env.BICEP_RECIPE_REGISTRY }}
BICEP_RECIPE_TAG_VERSION: ${{ env.BICEP_RECIPE_TAG_VERSION }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: azure/setup-kubectl@v3
if: always()
with:
version: ${{ env.KUBECTL_VER }}
- name: Collect Pod details
if: always()
run: |
Expand Down Expand Up @@ -575,7 +687,7 @@ jobs:
status: completed
conclusion: ${{ steps.get_test_status.outputs.test_status }}
output: |
{"summary":"Non Cloud Functional Test run completed. See links for more information.","title":"Functional Test Run"}
{"summary":"Functional Test run completed. See links for more information.","title":"Functional Test Run"}
details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
report-failure:
name: Report test failure
Expand All @@ -590,7 +702,7 @@ jobs:
script: |
github.rest.issues.create({
...context.repo,
title: `Scheduled noncloud functional test failed - Run ID: ${context.runId}`,
title: `Scheduled functional test failed - Run ID: ${context.runId}`,
labels: ['bug', 'test-failure'],
body: `## Bug information \n\nThis bug is generated automatically if the scheduled functional test fails. The Radius functional test operates on a schedule of every 4 hours during weekdays and every 12 hours over the weekend. It's important to understand that the test may fail due to workflow infrastructure issues, like network problems, rather than the flakiness of the test itself. For the further investigation, please visit [here](${process.env.ACTION_LINK}).`
})

0 comments on commit 34dfce5

Please sign in to comment.