Skip to content

Fix tf state

Fix tf state #398

Workflow file for this run

name: Run pr tests
on:
pull_request:
branches:
- master
jobs:
version-incremented: # checks that version has been incremented in node, python, and deployment. And that they match.
name: Are version numbers incremented
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
with:
fetch-depth: 0 # Required due to get git tag list due to the way Git works
- uses: actions/setup-python@v3
with:
python-version: '3.10'
- name: Check versions
run: python release_utils/check-tag-incremented.py
shell: sh
lint-gh-actions:
name: Lint GH Actions workflows
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: reviewdog/action-actionlint@v1
plan-terraform: # https://learn.hashicorp.com/tutorials/terraform/github-actions?in=terraform/automation
name: Run Terraform Validate and Plan
runs-on: ubuntu-latest
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
HCLOUD_TOKEN: ${{ secrets.HETZNER_API_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_BUCKET_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_BUCKET_KEY }}
B2_APPLICATION_KEY_ID: ${{ secrets.B2_MASTER_KEY_ID }}
B2_APPLICATION_KEY: ${{ secrets.B2_MASTER_KEY }}
TF_VAR_pw_hash: ${{ secrets.NODE_ROOT_USER_PW_HASH }}
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
- id: fmt
run: terraform fmt -check
- id: init
run: terraform init
working-directory: deploy/terraform
- id: validate
run: terraform validate -no-color
working-directory: deploy/terraform
- id: plan
run: terraform plan -no-color -input=false
working-directory: deploy/terraform
continue-on-error: true
- name: Update Pull Request
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `## Terraform Lint/Plan Results
#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
# Fetch kubeconfig for lint-kustomization job:
# How to fetch Terraform variables from CLI
# https://learn.hashicorp.com/tutorials/terraform/outputs
- name: Get node IPv4 address # GITHUB DOESNT SUPPORT IPV6 FFS
id: tf_ip_addr
run: terraform output -raw ipv4_address
working-directory: deploy/terraform
- uses: hashicorp/setup-terraform@v2
with:
terraform_wrapper: false
- name: Get SSH key
run: terraform output -raw ssh_key > "$HOME/id_ed25519"
working-directory: deploy/terraform
- name: chmod SSH key
run: chmod 700 "$HOME/id_ed25519"
- name: Download kubeconfig file
run: |
scp \
-qo "StrictHostKeyChecking=no" \
-i "$HOME/id_ed25519" \
root@${{ steps.tf_ip_addr.outputs.stdout }}:/etc/rancher/k3s/k3s.yaml .
- name: Set kubeconfig server URL and store kubeconfig in step output
uses: mikefarah/yq@master
with:
cmd: yq -i '.clusters[0].cluster.server = "https://${{ steps.tf_ip_addr.outputs.stdout }}:6443"' 'k3s.yaml'
- name: Send kubeconfig to lint-kustomization job # https://stackoverflow.com/a/57877438
uses: actions/upload-artifact@v3
with:
name: "kubeconfig"
path: "k3s.yaml"
lint-kustomization:
name: Lint Kustomize/Kubernetes
runs-on: ubuntu-latest
needs: plan-terraform # Needs kubeconfig from terraform
steps:
- uses: actions/[email protected]
- uses: actions/setup-python@v3
with:
python-version: '3.10'
- name: 'Build tmeit.se manifests'
uses: stefanprodan/kube-tools@v1
with:
kustomize: '4.5.7'
command: |-
kustomize build deploy/kubernetes/tmeit-se -o tmeit-rendered-with-jobs.yaml
- name: Remove Job manifests from test # Jobs are immutable and if we do kubectl apply with one without deleting it on the cluster, the api will throw an error
run: python release_utils/remove-job-manifests.py
shell: sh
- name: Receive kubeconfig from plan-terraform job # https://stackoverflow:com/a/57877438
uses: actions/download-artifact@v3
with:
name: "kubeconfig"
- name: Copy kubeconfig to correct location
run: mkdir "$HOME/.kube/" && mv k3s.yaml "$HOME/.kube/config"
- name: 'lint prod manifests' # NOTE: latest version of kubectl can be found here https://dl.k8s.io/release/stable.txt
run: |
curl -LO "https://dl.k8s.io/release/v1.25.3/bin/linux/amd64/kubectl"
curl -LO "https://dl.k8s.io/v1.25.3/bin/linux/amd64/kubectl.sha256"
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
chmod +x kubectl
kubectl apply --dry-run=server --server-side=true --force-conflicts -f tmeit-rendered.yaml
test-containerfile: # Build containers to test that they build properly
name: Build app containers
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- name: Build containers
uses: redhat-actions/buildah-build@v2
with:
image: tmeit-app
context: '.'
containerfiles: |-
containerfiles/tmeit-app.Containerfile
containerfiles/tmeit-run-migrations.Containerfile
containerfiles/tmeit-worker.Containerfile
containerfiles/db-backup-agent.Containerfile
test-app: # Run app tests
name: Test app
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- name: Build test container
uses: redhat-actions/buildah-build@v2
with:
image: tmeit-app-test
context: '.'
containerfiles: containerfiles/tmeit-app-test.Containerfile
- name: run test
run: podman run tmeit-app-test
test-migrations: # Run migrations and insert dummy data. Also make sure there are no migrations needed to be done
name: Test migrations
runs-on: ubuntu-latest
services:
postgres: # Run a postgres container alongside test to be tested on (The name of this key is also the hostname)
image: postgres:15beta1
env:
POSTGRES_USER: tmeit_backend
POSTGRES_PASSWORD: test # Make sure this matches back/db_migrations/scripts/pr-migration-tests.sh
POSTGRES_DB: tmeit_backend
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- uses: actions/[email protected]
- name: Build tester container
run: |
docker build . -f containerfiles/create-test-db.Containerfile -t create-test-db
docker build . -f containerfiles/test-migrations.Containerfile -t test-migrations
- name: Test migrations
run: docker run --network ${{ job.container.network }} test-migrations