-
Notifications
You must be signed in to change notification settings - Fork 4
185 lines (164 loc) · 5.62 KB
/
testing.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
name: E2E Testing
on:
push:
paths-ignore:
- '**.md'
pull_request:
paths-ignore:
- '**.md'
branches:
- main
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
docker-build:
name: Tagged Docker release to Google Artifact Registry
runs-on: ubuntu-latest
if: github.event_name == 'push'
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: checkout
name: Checkout
uses: actions/checkout@v4
- id: commit
uses: prompt/actions-commit-hash@v3
- id: auth
name: Authenticate with Google Cloud
uses: google-github-actions/auth@v0
with:
token_format: access_token
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROVIDER_NAME }}
service_account: ${{ secrets.SVC_ACCOUNT_EMAIL }}
access_token_lifetime: 300s
- name: Login to Artifact Registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.GCP_REGION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- id: docker-push-tagged
name: Tag Docker image and push to Google Artifact Registry
uses: docker/build-push-action@v5
with:
push: true
tags: |
${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_GAR_REPO }}/ansible-helm-apigee-hybrid-deployer:${{ steps.commit.outputs.short }}
${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_GAR_REPO }}/ansible-helm-apigee-hybrid-deployer:latest
deploy-control-plane:
name: Deploy Apigee Hybrid Control Plane
runs-on: ubuntu-latest
if: github.event_name == 'push'
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: checkout
name: Checkout
uses: actions/checkout@v4
- id: auth
name: Authenticate with Google Cloud
uses: google-github-actions/auth@v0
with:
token_format: access_token
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROVIDER_NAME }}
service_account: ${{ secrets.SVC_ACCOUNT_EMAIL }}
access_token_lifetime: 300s
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.2
terraform_wrapper: false
- name: Run Terraform
id: init
run: |
bash deploy_terraform.sh ${{ github.workspace }}/test/terraform/control-plane
shell: bash
working-directory: ./test/scripts
env:
TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
GCP_REGION: ${{ secrets.GCP_REGION }}
deploy-runtime-plane-gke:
name: Deploy GKE Cluster
runs-on: ubuntu-latest
if: github.event_name == 'push'
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: checkout
name: Checkout
uses: actions/checkout@v4
- id: auth
name: Authenticate with Google Cloud
uses: google-github-actions/auth@v0
with:
token_format: access_token
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROVIDER_NAME }}
service_account: ${{ secrets.SVC_ACCOUNT_EMAIL }}
access_token_lifetime: 300s
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.2
terraform_wrapper: false
- name: Run Terraform
id: init
run: |
bash deploy_terraform.sh ${{ github.workspace }}/test/terraform/runtime-plane-gke
shell: bash
working-directory: ./test/scripts
env:
TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
GCP_REGION: ${{ secrets.GCP_REGION }}
deploy-runtime-plane:
name: Deploy Apigee Hybrid Single DC
runs-on: self-hosted
if: github.event_name == 'push'
needs:
- docker-build
- deploy-runtime-plane-gke
- deploy-control-plane
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: checkout
name: Checkout
uses: actions/checkout@v4
- id: commit
uses: prompt/actions-commit-hash@v3
- id: auth
name: Authenticate with Google Cloud
uses: google-github-actions/auth@v0
with:
token_format: access_token
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROVIDER_NAME }}
service_account: ${{ secrets.SVC_ACCOUNT_EMAIL }}
access_token_lifetime: 300s
create_credentials_file: true
- name: Login to Artifact Registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.GCP_REGION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Run Ansible Playbook
id: init
run: |
bash run_playbook.sh \
${{ github.workspace }} \
${{ steps.commit.outputs.short }}
shell: bash
working-directory: ./test/scripts
env:
TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
GCP_REGION: ${{ secrets.GCP_REGION }}
GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.auth.outputs.credentials_file_path }}
GCP_GAR_REPO: ${{ secrets.GCP_GAR_REPO }}
GCP_ACCESS_TOKEN: ${{ steps.auth.outputs.access_token }}