Stage online install #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Stage online install | |
on: | |
workflow_dispatch: | |
env: | |
DO_PAT: ${{secrets.DIGITALOCEAN_ACCESS_TOKEN}} | |
AWS_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}} | |
AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}} | |
REGION: ${{secrets.DIGITALOCEAN_REGION}} | |
MOUNT_POINT: "/opt/rkub" | |
BUCKET: "rkub-github-action-${{ github.run_id }}" | |
#BUCKET: "terraform-backend-github" | |
CONTROLLER_COUNT: "1" | |
WORKER_COUNT: "1" | |
SIZE: "s-2vcpu-4gb" | |
AIRGAP: "false" | |
jobs: | |
bucket: | |
name: Bucket | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Set up S3cmd cli tool | |
uses: s3-actions/s3cmd@main | |
with: | |
provider: digitalocean | |
region: ${{secrets.DIGITALOCEAN_REGION}} | |
access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}} | |
secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}} | |
- name: Create Space Bucket | |
run: | | |
sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg | |
if [[ $BUCKET != "terraform-backend-github" ]]; then s3cmd mb s3://${BUCKET}; fi | |
sleep 10 | |
deploy: | |
name: Deploy | |
runs-on: ubuntu-latest | |
needs: [ Bucket ] | |
timeout-minutes: 20 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./test | |
steps: | |
- name: Checkout files | |
uses: actions/checkout@v4 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: "1.7.3" | |
- name: Terraform Init | |
id: init | |
run: | | |
cd ./DO/infra | |
terraform init -backend-config="bucket=${BUCKET}" | |
- name: Terraform Validate | |
id: validate | |
run: | | |
cd ./DO/infra | |
terraform validate -no-color | |
- name: Terraform Plan | |
id: plan | |
run: | | |
cd ./DO/infra | |
terraform plan -out=terraform.tfplan \ | |
-var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \ | |
-var "token=${DO_PAT}" \ | |
-var "worker_count=${WORKER_COUNT}" \ | |
-var "controller_count=${CONTROLLER_COUNT}" \ | |
-var "instance_size=${SIZE}" \ | |
-var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \ | |
-var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \ | |
-var "mount_point=${MOUNT_POINT}" \ | |
-var "airgap=${AIRGAP}" \ | |
-var "terraform_backend_bucket_name=${BUCKET}" | |
continue-on-error: true | |
- name: Terraform Plan Status | |
if: steps.plan.outcome == 'failure' | |
run: exit 1 | |
- name: Terraform Apply | |
run: | | |
cd ./DO/infra | |
terraform apply terraform.tfplan | |
# No relative path allowed | |
- name: Inventory artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: inventory | |
path: | | |
${{ github.workspace }}/test/inventory/hosts.ini | |
if-no-files-found: error | |
retention-days: 1 | |
- name: Save Secret | |
id: save_secret | |
run: | | |
echo "SSH_PRIVATE_KEY=$( cat ${{ github.workspace }}/test/DO/infra/.key.private )" >> $GITHUB_ENV | |
reachable: | |
name: Reachable | |
runs-on: ubuntu-latest | |
needs: [ Deploy ] | |
timeout-minutes: 10 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./test | |
steps: | |
- name: Checkout files | |
uses: actions/checkout@v4 | |
- name: Download inventory | |
uses: actions/download-artifact@v4 | |
with: | |
name: inventory | |
- name: Check if inventory present | |
run: | | |
ls -la ${{ github.workspace }}/inventory | |
ls -la ${{ github.workspace }}/test | |
ls -la ${{ github.workspace }}/ | |
cat ${{ github.workspace }}/hosts.ini | |
- name: Get key and hosts.ini | |
run: | | |
cp ${{ github.workspace }}/hosts.ini inventory/hosts.ini | |
echo "${{ env.SSH_PRIVATE_KEY }}"" > DO/infra/.key.private | |
shell: bash | |
- name: Set up Python | |
id: setup_python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip3 install ansible | |
ansible --version | |
- name: Test if reachable | |
run: | | |
ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m ping -u root | |
- name: Wait for cloud-init to finish | |
run: | | |
ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m shell -a "cloud-init status --wait" -u root -v | |
install: | |
name: Install | |
runs-on: ubuntu-latest | |
needs: [ Reachable ] | |
timeout-minutes: 60 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./test | |
steps: | |
- name: Checkout files | |
uses: actions/checkout@v4 | |
- name: Install requirements | |
run: | | |
cd .. | |
make prerequis | |
- name: Download inventory | |
uses: actions/download-artifact@v4 | |
with: | |
name: inventory | |
- name: Get key and hosts.ini | |
run: | | |
cp ${{ github.workspace }}/hosts.ini inventory/hosts.ini | |
cp ${{ github.workspace }}/.key.private DO/infra/.key.private | |
cp ${{ github.workspace }}/.key.pub DO/infra/.key.pub | |
shell: bash | |
- name: Run playbook install.yml | |
run: | | |
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/install.yml -e "airgap=false" -e "method=tarball" | |
#- name: Run playbook rancher.yml | |
# run: | | |
# ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/rancher.yml | |
#- name: Run playbook longhorn.yml | |
# run: | | |
# ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/longhorn.yml | |
#- name: Run playbook neuvector.yml | |
# run: | | |
# ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/neuvector.yml | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
needs: [ Install ] | |
timeout-minutes: 10 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./test | |
steps: | |
- name: Checkout files | |
uses: actions/checkout@v4 | |
- name: Download inventory | |
uses: actions/download-artifact@v4 | |
with: | |
name: inventory | |
- name: Get key and hosts.ini | |
run: | | |
cp ${{ github.workspace }}/hosts.ini inventory/hosts.ini | |
cp ${{ github.workspace }}/.key.private DO/infra/.key.private | |
cp ${{ github.workspace }}/.key.pub DO/infra/.key.pub | |
shell: bash | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
python3 -m pip install -U pytest-testinfra ansible pytest-sugar pytest | |
ansible --version | |
- name: Run Python Tests | |
run: | | |
export DEFAULT_PRIVATE_KEY_FILE=.key | |
python3 -m pytest --hosts=RKE2_CONTROLLERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible basic_server_tests.py | |
python3 -m pytest --hosts=RKE2_WORKERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible basic_agent_tests.py | |
delay: | |
name: Delay | |
runs-on: ubuntu-latest | |
needs: [ Test ] | |
if: always() | |
steps: | |
- name: Delay 10min | |
uses: whatnick/wait-action@master | |
with: | |
time: '600s' | |
cleanup: | |
name: Cleanup | |
runs-on: ubuntu-latest | |
needs: [ Delay ] | |
if: always() | |
timeout-minutes: 30 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./test/DO/infra | |
steps: | |
- name: Checkout files | |
uses: actions/checkout@v4 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: "1.7.3" | |
- name: Terraform Init | |
id: init | |
run: | | |
terraform init -backend-config="bucket=${BUCKET}" | |
continue-on-error: true | |
- name: Terraform plan delete stack | |
id: plan | |
run: | | |
terraform plan -destroy -out=terraform.tfplan \ | |
-var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \ | |
-var "token=${DO_PAT}" \ | |
-var "worker_count=${WORKER_COUNT}" \ | |
-var "controller_count=${CONTROLLER_COUNT}" \ | |
-var "instance_size=${SIZE}" \ | |
-var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \ | |
-var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \ | |
-var "mount_point=${MOUNT_POINT}" \ | |
-var "airgap=false" \ | |
-var "terraform_backend_bucket_name=${BUCKET}" | |
continue-on-error: true | |
- name: Terraform Apply | |
run: | | |
terraform apply terraform.tfplan | |
continue-on-error: true | |
- name: Set up S3cmd cli tool | |
uses: s3-actions/s3cmd@main | |
with: | |
provider: digitalocean | |
region: ${{secrets.DIGITALOCEAN_REGION}} | |
access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}} | |
secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}} | |
- name: Remove Space bucket | |
run: | | |
sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg | |
if [[ $BUCKET != "terraform-backend-github" ]]; then s3cmd rb s3://${BUCKET} --recursive; fi | |
sleep 10 |