-
Notifications
You must be signed in to change notification settings - Fork 11
123 lines (113 loc) · 4.41 KB
/
e2e-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: E2E Tests
on:
push:
branches:
- main
create:
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
workflow_dispatch: {}
permissions:
id-token: write
contents: read
env:
GO_VERSION: '1.22.7'
jobs:
detect-noop:
runs-on: ubuntu-latest
outputs:
noop: ${{ steps.noop.outputs.should_skip }}
steps:
- name: Detect No-op Changes
id: noop
uses: fkirc/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
do_not_skip: '["workflow_dispatch", "schedule", "push"]'
concurrent_skipping: false
e2e-tests:
strategy:
# disable fail-fast to continue the in-progress pipeline when one failed job is detected to
# get test results for all scenarios.
fail-fast: false
matrix:
network-setting: [shared-vnet, peered-vnet, dynamic-ip-allocation]
include:
- network-setting: shared-vnet
enable-traffic-manager: true
- network-setting: peered-vnet
enable-traffic-manager: false
- network-setting: dynamic-ip-allocation
enable-traffic-manager: false
runs-on: ubuntu-latest
needs: [
detect-noop,
]
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Prepare e2e variables
run: |
echo "AZURE_RESOURCE_GROUP="fleet-networking-e2e-$RANDOM"" >> $GITHUB_ENV
# Reference: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure
- name: 'OIDC Login to Azure Public Cloud'
uses: azure/login@v2
with:
client-id: ${{ secrets.E2E_AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.E2E_AZURE_SUBSCRIPTION_ID }}
# Note (chenyu1):
#
# After a recent update, GitHub Actions has set the GitHub ID token expiration time
# to 5 minutes for security reasons; as most of our E2E steps cannot finish within
# the time range, expiration errors will occur.
#
# As a temporary mitigation, we will add a step to fetch token periodically (every
# 4 minutes) to be exact.
#
# This should no longer be necessary after the Azure CLI supports ID token refresh.
- name: Fetch token every 4 minutes
run: |
while true; do
# $ACTIONS_ID_TOKEN_REQUEST_TOKEN and $ACTIONS_ID_TOKEN_REQUEST_URL env vars are provided by
# GitHub Actions automatically.
REQUEST_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN
REQUEST_URI=$ACTIONS_ID_TOKEN_REQUEST_URL
FED_TOKEN=$(curl -H "Authorization: bearer $REQUEST_TOKEN" "${REQUEST_URI}&audience=api://AzureADTokenExchange" | jq .value -r)
echo "FED_TOKEN=$FED_TOKEN" >> $GITHUB_ENV
az login --service-principal -u ${{ secrets.E2E_AZURE_CLIENT_ID }} -t ${{ secrets.AZURE_TENANT_ID }} --federated-token $FED_TOKEN --output none
sleep 240
done &
- name: Setup e2e Environment
run: |
make e2e-setup
env:
AZURE_SUBSCRIPTION_ID: ${{ secrets.E2E_AZURE_SUBSCRIPTION_ID }}
AZURE_NETWORK_SETTING: ${{ matrix.network-setting }}
AZURE_RESOURCE_GROUP: ${{ env.AZURE_RESOURCE_GROUP }}
ENABLE_TRAFFIC_MANAGER: ${{ matrix.enable-traffic-manager }}
- name: Run e2e tests
run: |
make e2e-tests
env:
AZURE_SUBSCRIPTION_ID: ${{ secrets.E2E_AZURE_SUBSCRIPTION_ID }}
AZURE_NETWORK_SETTING: ${{ matrix.network-setting }}
AZURE_RESOURCE_GROUP: ${{ env.AZURE_RESOURCE_GROUP }}
ENABLE_TRAFFIC_MANAGER: ${{ matrix.enable-traffic-manager }}
AZURE_CLIENT_ID: ${{ secrets.E2E_AZURE_CLIENT_ID}}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
FED_TOKEN: ${{ env.FED_TOKEN }}
- name: Cleanup e2e
if: always()
run: |
make e2e-cleanup
env:
AZURE_CLIENT_ID: ${{ secrets.E2E_AZURE_CLIENT_ID}}
AZURE_CLIENT_SECRET: ${{ secrets.E2E_AZURE_CLIENT_SECRET }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_RESOURCE_GROUP: ${{ env.AZURE_RESOURCE_GROUP }}