qa-dev #118
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# qa-dev workflow is for attaching to an arbitrary api-server specified in the vars secrets | |
name: qa-dev | |
concurrency: | |
group: dev-ec2 | |
on: | |
workflow_dispatch: | |
inputs: | |
deployment_size: | |
description: 'deployment size: small | medium | large | xlarge' | |
required: true | |
default: 'small' | |
type: string | |
pr_or_branch: | |
description: 'pull request number or branch name' | |
required: true | |
default: 'main' | |
debug_pause: | |
description: 'time in minutes to pause before tearing down the infra for debugging' | |
required: false | |
default: '0' | |
jobs: | |
deploy-ec2: | |
name: deploy-ec2-e2e | |
runs-on: ubuntu-latest | |
timeout-minutes: 90 | |
strategy: | |
fail-fast: false | |
env: | |
AWS_REGION: "us-east-1" | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
ANSIBLE_VAULT_PASSWORD_FILE: "vault-secret.txt" | |
ANSIBLE_PRIVATE_KEY_FILE: "nexodus.pem" | |
ANSIBLE_HOST_KEY_CHECKING: "false" | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Determine if pr_or_branch is a PR number | |
id: check_pr | |
run: | | |
if [[ "${{ github.event.inputs.pr_or_branch }}" =~ ^[0-9]+$ ]]; then | |
echo "is_pr=true" >> "$GITHUB_OUTPUT" | |
else | |
echo "is_pr=false" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Fetch and checkout PR | |
if: steps.check_pr.outputs.is_pr == 'true' | |
run: | | |
git fetch origin pull/${{ github.event.inputs.pr_or_branch }}/head:pr-${{ github.event.inputs.pr_or_branch }} | |
git checkout pr-${{ github.event.inputs.pr_or_branch }} | |
- name: Checkout branch | |
if: steps.check_pr.outputs.is_pr == 'false' | |
run: git checkout ${{ github.event.inputs.pr_or_branch }} | |
- name: Setup Go | |
uses: ./.github/actions/setup-go-env | |
- name: Build | |
run: | | |
make dist/nexd-linux-amd64 | |
make dist/nexctl-linux-amd64 | |
- name: Copy Binaries to S3 | |
run: | | |
aws s3 cp ./dist/nexd-linux-amd64 s3://nexodus-io/ec2-e2e/ | |
aws s3 cp ./dist/nexctl-linux-amd64 s3://nexodus-io/ec2-e2e/ | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install Ansible and Dependencies | |
run: pip3.10 install boto boto3 ansible-vault ansible-core==2.13.3 | |
- name: Install amazon.aws Ansible library | |
run: ansible-galaxy collection install amazon.aws | |
- name: Set Deployment Size to Small | |
if: github.event.inputs.deployment_size == 'small' | |
run: | | |
echo "${{ secrets.ANSIBLE_VARS_SMALL }}" > ./ops/ansible/aws/vars.yml | |
- name: Set Deployment Size to Medium | |
if: github.event.inputs.deployment_size == 'medium' | |
run: | | |
echo "${{ secrets.ANSIBLE_VARS_MEDIUM }}" > ./ops/ansible/aws/vars.yml | |
- name: Set Deployment Size to Large | |
if: github.event.inputs.deployment_size == 'large' | |
run: | | |
echo "${{ secrets.ANSIBLE_VARS_LARGE }}" > ./ops/ansible/aws/vars.yml | |
- name: Set Deployment Size to XLarge | |
if: github.event.inputs.deployment_size == 'xlarge' | |
run: | | |
echo "${{ secrets.ANSIBLE_VARS_XLARGE }}" > ./ops/ansible/aws/vars.yml | |
- name: Create Ansible Secrets | |
run: | | |
echo "${{ secrets.ANSIBLE_SSH_KEY }}" > nexodus.pem | |
chmod 0400 nexodus.pem | |
echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > vault-secret.txt | |
chmod 0400 vault-secret.txt | |
echo "${{ secrets.ROOT_CA }}" > ./ops/ansible/aws/rootCA.pem | |
chmod 0400 ops/ansible/aws/rootCA.pem | |
- name: Initialize the api-server Images | |
run: | | |
mkdir -p ./ops/ansible/aws/nexd-logs/api-server | |
ansible-playbook -vv ./hack/e2e-scripts/aws-e2e-pr-build.yml \ | |
--private-key nexodus.pem \ | |
--extra-vars "target_host=${{ vars.EC2_API_SERVER_ADDR }}" \ | |
--extra-vars "pr_or_branch=${{ github.event.inputs.pr_or_branch }}" \ | |
--extra-vars "ansible_user=ubuntu" \ | |
--extra-vars "debug_pause=${{ github.event.inputs.debug_pause }}" | |
- name: Deploy EC2 Agent Nodes | |
run: | | |
ansible-playbook -vv ./ops/ansible/aws/deploy-ec2.yml \ | |
-i ./ops/ansible/aws/inventory.txt \ | |
--private-key nexodus.pem \ | |
--vault-password-file vault-secret.txt \ | |
--extra-vars "controller_address=${{ vars.EC2_API_SERVER_ADDR }}" | |
- name: Mesh Connectivity Results | |
run: | | |
set -e | |
/bin/sh -c 'cat ./ops/ansible/aws/*-connectivity-results.txt > ./ops/ansible/aws/mesh-connectivity-results.txt' | |
cat ./ops/ansible/aws/mesh-connectivity-results.txt | |
if grep -iq 'Unreachable' ./ops/ansible/aws/mesh-connectivity-results.txt || grep -iq 'Failed' ./ops/ansible/aws/mesh-connectivity-results.txt; then | |
echo "Connectivity results contain 'Unreachable or Failed' nodes, check the connectivity results and artifacts for details. Failing the job" | |
exit 1 | |
else | |
echo "Connectivity results do not contain any 'Unreachable' nodes" | |
fi | |
- name: Gather api-server Server Logs | |
if: always() | |
run: | | |
ansible-playbook -vv \ | |
./hack/e2e-scripts/aws-e2e-pr-gather.yml \ | |
--private-key nexodus.pem \ | |
-e "target_host=${{ vars.EC2_API_SERVER_ADDR }} ansible_user=ubuntu" | |
- name: Terminate EC2 Instances | |
if: always() | |
run: | | |
ansible-playbook -vv ./ops/ansible/aws/terminate-instances.yml | |
- name: Upload nexd and api-server Logs to Artifacts | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: dev-ec2-artifacts | |
path: ./ops/ansible/aws/nexd-logs/ | |
retention-days: 10 |