Universal NRP Test #825
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Universal NRP Test | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| # policy-package-url: | |
| # description: 'Policy Package URL to test' | |
| # required: false | |
| # default: '' | |
| # policy-package-short-name: | |
| # description: 'Policy Package short name' | |
| # required: false | |
| # default: 'PolicyPackage' | |
| # resource-count: | |
| # description: 'Number of policies to test' | |
| # required: true | |
| # type: number | |
| # default: 0 | |
| policyPackageList: | |
| description: 'List of policy packages to test' | |
| required: false | |
| default: '[]' | |
| pull_request: | |
| schedule: | |
| - cron: '0 20 * * *' # Every day at 12pm PST (UTC-8) | |
| jobs: | |
| package: | |
| name: Package | |
| if: ${{ inputs.policyPackageList == '[]' }} | |
| uses: ./.github/workflows/package-build.yml | |
| strategy: | |
| matrix: | |
| target: | |
| [ | |
| { os: ubuntu, version: 14.04, arch: amd64, dist: trusty, package-type: DEB }, | |
| ] | |
| with: | |
| target: ${{ matrix.target.os }}-${{ matrix.target.version }} | |
| arch: ${{ matrix.target.arch }} | |
| artifact: nrp-test-package | |
| package-type: ${{ matrix.target.package-type }} | |
| machine-config: true | |
| release: ${{ github.event_name == 'pull_request' && false || true }} | |
| generate-matrix: | |
| name: Generate Matrix | |
| needs: package | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.matrix.outputs.matrix }} | |
| if: ${{ always() }} | |
| steps: | |
| - name: Generate Matrix | |
| id: matrix | |
| run: | | |
| # OSConfig Test Matrix | |
| # "target": [ | |
| # { "os": "centos", "version": 8, "package-type": "RPM", "tag": "" }, | |
| # { "os": "debian", "version": 10, "package-type": "DEB", "tag": "" }, | |
| # { "os": "debian", "version": 11, "package-type": "DEB", "tag": "" }, | |
| # { "os": "mariner", "version": 2, "package-type": "RPM", "tag": "" }, | |
| # { "os": "oraclelinux", "version": 8, "package-type": "RPM", "tag": "" }, | |
| # { "os": "rhel", "version": 8, "package-type": "RPM", "tag": "" }, | |
| # { "os": "rhel", "version": 9, "package-type": "RPM", "tag": "" }, | |
| # { "os": "rockylinux", "version": 9, "package-type": "RPM", "tag": "" }, | |
| # { "os": "sles", "version": 15, "package-type": "RPM", "tag": "" }, | |
| # { "os": "ubuntu", "version": "20.04", "package-type": "DEB", "tag": "" }, | |
| # { "os": "ubuntu", "version": "22.04", "package-type": "DEB", "tag": "" } | |
| matrix="$(cat <<'EOL' | |
| { | |
| "target": [ | |
| { "os": "ubuntu", "version": "20.04", "package-type": "DEB", "tag": "" }, | |
| { "os": "ubuntu", "version": "22.04", "package-type": "DEB", "tag": "" } | |
| ], | |
| "policy-package": [], | |
| "arch": ["amd64"], | |
| "mode": ["Audit", "Remediate"] | |
| } | |
| EOL | |
| )" | |
| if [[ '${{ inputs.policyPackageList }}' == "[]" ]]; then | |
| policyPackages="$(cat <<'EOL' | |
| [ | |
| { "name": "LinuxSshServerSecurityBaseline", "short-name": "SSH", "resource-count": 20 }, | |
| { "name": "AzureLinuxBaseline", "short-name": "ASB", "resource-count": 168 } | |
| ] | |
| EOL | |
| )" | |
| else | |
| policyPackages="$(cat <<'EOL' | |
| ${{ inputs.policyPackageList }} | |
| EOL | |
| )" | |
| fi | |
| matrix="$(echo $matrix | jq --argjson policyPackages "$policyPackages" '.["policy-package"] += $policyPackages')" | |
| echo matrix=$matrix >> $GITHUB_OUTPUT | |
| test: | |
| name: Test | |
| needs: [package, generate-matrix] | |
| if: ${{ always() }} | |
| runs-on: [self-hosted, 1ES.Pool=ci-pool, '1ES.ImageOverride=${{ matrix.target.os }}-${{ matrix.target.version }}'] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.generate-matrix.outputs.matrix) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| if: ${{ inputs.policyPackageList == '[]' }} | |
| id: download | |
| with: | |
| name: nrp-test-package | |
| - name: Normalize variables | |
| id: normalize | |
| run: | | |
| # Normalize the distronames + architectures to match the published packages | |
| output=${{ matrix.target.os }}-${{ matrix.target.version }}_${{ matrix.policy-package.short-name }}-${{ matrix.mode }} | |
| echo name=${output} >> $GITHUB_OUTPUT | |
| # Get the Policy Package URL | |
| if ["${{ inputs.policyPackageList }}" == "[]"]; then | |
| echo PolicyPackagePath=${{ steps.package.outputs.artifact-url }} >> $GITHUB_OUTPUT | |
| else | |
| wget -O PolicyPackage.zip ${{ matrix.policy-package.policy-package-url }} | |
| echo PolicyPackagePath=$(pwd)/PolicyPackage.zip >> $GITHUB_OUTPUT | |
| fi | |
| - name: Run Guest Configuration Test | |
| run: | | |
| script="./universalNRPTest.ps1" | |
| cat >$script <<EOL | |
| Install-Module -Name GuestConfiguration -Force | |
| Install-Module Pester -Force -SkipPublisherCheck | |
| Import-Module Pester -Passthru | |
| \$params = @{ | |
| PolicyPackage = '${{ steps.normalize.outputs.PolicyPackagePath }}' | |
| SkipRemediation = if ('${{ matrix.mode }}' -eq 'Audit') { \$true } else { \$false } | |
| ResourceCount = ${{ matrix.policy-package.resource-count }} | |
| } | |
| \$container = New-PesterContainer -Path ./src/tests/universal-nrp-e2e/UniversalNRP.Tests.ps1 -Data \$params | |
| \$pesterConfig = [PesterConfiguration]@{ | |
| Run = @{ | |
| Exit = \$true | |
| Container = \$container | |
| } | |
| Output = @{ | |
| Verbosity = 'Detailed' | |
| } | |
| TestResult = @{ | |
| Enabled = \$true | |
| OutputFormat = 'JUnitXml' | |
| OutputPath = '${{ steps.normalize.outputs.name }}-testResults.xml' | |
| } | |
| Should = @{ | |
| ErrorAction = 'Continue' | |
| } | |
| Filter = @{ | |
| Tag = '${{ matrix.tag }}' | |
| } | |
| }; | |
| Invoke-Pester -Configuration \$pesterConfig | |
| EOL | |
| sudo LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/omi/lib/ pwsh -Command $script | |
| ls -l | |
| # if command -v lsb_release &>/dev/null; then | |
| # [[ $(lsb_release -is) == "Ubuntu" ]] && sudo chmod 644 *testResults.xml | |
| # else | |
| # echo "lsb_release not found" | |
| # fi | |
| stat *testResults.xml | |
| - name: Stage OSConfig Logs | |
| if: success() || failure() | |
| run: | | |
| mkdir osconfig-logs | |
| stat /var/log/osconfig_nrp.log | |
| cp -r /var/log/osconfig* osconfig-logs/ | |
| - uses: actions/upload-artifact@v4 | |
| if: success() || failure() | |
| with: | |
| name: ${{ steps.normalize.outputs.name }}_report | |
| path: '${{ steps.download.outputs.download-path }}/*testResults.xml' | |
| - uses: actions/upload-artifact@v4 | |
| if: success() || failure() | |
| with: | |
| name: ${{ steps.normalize.outputs.name }}_logs | |
| path: osconfig-logs/osconfig* | |
| # See for more details: https://github.com/marketplace/actions/publish-test-results | |
| report: | |
| name: Report | |
| needs: test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| checks: write | |
| pull-requests: write | |
| if: always() | |
| steps: | |
| - name: Download Test Report Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: universal-nrp-test | |
| pattern: '*_report' | |
| merge-multiple: true | |
| - name: Publish Test Results | |
| uses: EnricoMi/publish-unit-test-result-action@v2 | |
| with: | |
| files: 'universal-nrp-test/*testResults.xml' |