Revert strategy matrix changes to have more flexibility #189
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | ||
| name: Proxy Testing | ||
| on: | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| schedule: | ||
| - cron: "0 9 * * 1" | ||
| workflow_dispatch: | ||
| inputs: | ||
| rancher_version: | ||
| description: "Rancher version" | ||
| rancher_chart_version: | ||
| description: "Rancher chart version" | ||
| run_all_versions: | ||
| description: "Run all supported versions if manually triggered" | ||
| required: false | ||
| default: false | ||
| type: boolean | ||
| workflow_call: | ||
| inputs: | ||
| rancher_version: | ||
| description: "Rancher tag version provided from check-rancher-tag workflow" | ||
| required: true | ||
| type: string | ||
| rancher_chart_version: | ||
| description: "Rancher chart version provided from check-rancher-tag workflow" | ||
| required: true | ||
| type: string | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| env: | ||
| CLOUD_PROVIDER_VERSION: "5.95.0" | ||
| HOSTNAME_PREFIX: "tfp-proxy" | ||
| LOCALS_PROVIDER_VERSION: "${{ vars.LOCALS_PROVIDER_VERSION }}" | ||
| PACKAGE: "proxy" | ||
| RKE_PROVIDER_VERSION: "${{ vars.RKE_PROVIDER_VERSION }}" | ||
| TEST_SUITE: "^TestTfpProxyProvisioningTestSuite$" | ||
| TIMEOUT: "5h" | ||
| jobs: | ||
| head: | ||
| if: | | ||
| github.event_name == 'schedule' || | ||
| github.event.inputs.run_all_versions == 'true' || | ||
| (github.event_name == 'workflow_dispatch' && startsWith(github.event.inputs.rancher_version, 'head')) | ||
| name: head | ||
| runs-on: ubuntu-latest | ||
| environment: latest | ||
| env: | ||
| RANCHER2_PROVIDER_VERSION: "${{ vars.RANCHER2_PROVIDER_VERSION_2_13 }}" | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.TFP_IAM_ROLE }} | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| - name: Get AWS credentials from Secrets Manager | ||
| uses: aws-actions/aws-secretsmanager-get-secrets@v2 | ||
| with: | ||
| secret-ids: | | ||
| AWS_ACCESS_KEY, ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| AWS_SECRET_KEY, ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| - name: "Fetch and Set DockerHub Credentials" | ||
| uses: rancher-eio/read-vault-secrets@main | ||
| with: | ||
| secrets: | | ||
| secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials username | DOCKERHUB_USERNAME ; | ||
| secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials password | DOCKERHUB_PASSWORD | ||
| - name: Mask Dockerhub Credentials | ||
| run: | | ||
| echo "::add-mask::${{ env.DOCKERHUB_USERNAME }}" | ||
| echo "::add-mask::${{ env.DOCKERHUB_PASSWORD }}" | ||
| - name: Whitelist Runner IP | ||
| uses: ./.github/actions/whitelist-runner-ip | ||
| with: | ||
| prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID }} | ||
| region: "${{ secrets.AWS_REGION }}" | ||
| - name: Set up SSH Keys | ||
| uses: ./.github/actions/setup-ssh-keys | ||
| with: | ||
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | ||
| ssh-private-key-name: ${{ secrets.SSH_PRIVATE_KEY_NAME }} | ||
| windows-ssh-private-key: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY }} | ||
| windows-ssh-private-key-name: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }} | ||
| - name: Uniquify hostname prefix | ||
| uses: ./.github/actions/uniquify-hostname | ||
| - name: Set Rancher version | ||
| uses: ./.github/actions/set-env-var | ||
| with: | ||
| key: RANCHER_VERSION | ||
| value: | | ||
| ${{ | ||
| github.event.inputs.rancher_version || | ||
| (github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_version) || | ||
| (github.event_name == 'schedule' && vars.RANCHER_VERSION_HEAD) || | ||
| (github.event.inputs.run_all_versions == 'true' && vars.RANCHER_VERSION_HEAD) | ||
| }} | ||
| - name: Set Rancher chart version | ||
| uses: ./.github/actions/set-env-var | ||
| with: | ||
| key: RANCHER_CHART_VERSION | ||
| value: | | ||
| ${{ | ||
| github.event.inputs.rancher_chart_version || | ||
| (github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_chart_version) || | ||
| (github.event_name == 'schedule' && vars.RELEASED_RANCHER_CHART_VERSION_2_12) || | ||
| (github.event.inputs.run_all_versions == 'true' && vars.RELEASED_RANCHER_CHART_VERSION_2_12) | ||
| }} | ||
| - name: Set Rancher repo | ||
| uses: ./.github/actions/set-rancher-repo | ||
| with: | ||
| rancher-version: ${{ env.RANCHER_VERSION }} | ||
| fallback-repo: ${{ secrets.RANCHER_REPO }} | ||
| - name: Get Qase ID | ||
| id: get-qase-id | ||
| uses: ./.github/actions/get-qase-id | ||
| with: | ||
| triggered_tag: ${{ github.event.inputs.rancher_version }} | ||
| qase_recurring_id: "${{ vars.QASE_RECURRING_TEST_RUN_ID_2_13 }}" | ||
| - name: Create config.yaml | ||
| run: | | ||
| cat > config.yaml <<EOF | ||
| rancher: | ||
| host: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}" | ||
| adminPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}" | ||
| insecure: true | ||
| cleanup: true | ||
| terraform: | ||
| cni: "${{ secrets.CNI }}" | ||
| defaultClusterRoleForProjectMembers: "true" | ||
| enableNetworkPolicy: false | ||
| provider: "${{ vars.PROVIDER_AMAZON }}" | ||
| privateKeyPath: "${{ secrets.SSH_PRIVATE_KEY_PATH }}" | ||
| resourcePrefix: "${{ env.HOSTNAME_PREFIX }}" | ||
| windowsPrivateKeyPath: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_PATH }}" | ||
| proxy: | ||
| proxyBastion: "" | ||
| privateRegistries: | ||
| url: "${{ secrets.PRIVATE_REGISTRY_URL }}" | ||
| username: "${{ env.DOCKERHUB_USERNAME }}" | ||
| password: "${{ env.DOCKERHUB_PASSWORD }}" | ||
| insecure: true | ||
| authConfigSecretName: "${{ secrets.AUTH_CONFIG_SECRET_NAME }}" | ||
| mirrorHostname: "${{ secrets.PRIVATE_REGISTRY_MIRROR_HOSTNAME }}" | ||
| mirrorEndpoint: "${{ secrets.PRIVATE_REGISTRY_MIRROR_ENDPOINT }}" | ||
| awsCredentials: | ||
| awsAccessKey: "$AWS_ACCESS_KEY" | ||
| awsSecretKey: "$AWS_SECRET_KEY" | ||
| awsConfig: | ||
| ami: "${{ secrets.AWS_AMI }}" | ||
| awsKeyName: "${{ secrets.SSH_PRIVATE_KEY_NAME }}" | ||
| awsInstanceType: "${{ vars.AWS_INSTANCE_TYPE }}" | ||
| awsVolumeType: "${{ vars.AWS_VOLUME_TYPE }}" | ||
| region: "${{ secrets.AWS_REGION }}" | ||
| awsSecurityGroups: [${{ secrets.AWS_SECURITY_GROUPS }}] | ||
| awsSecurityGroupNames: [${{ secrets.AWS_SECURITY_GROUP_NAMES }}] | ||
| awsSubnetID: "${{ secrets.AWS_SUBNET_ID }}" | ||
| awsVpcID: "${{ secrets.AWS_VPC_ID }}" | ||
| awsZoneLetter: "${{ vars.AWS_ZONE_LETTER }}" | ||
| awsRootSize: ${{ vars.AWS_ROOT_SIZE }} | ||
| awsRoute53Zone: "${{ secrets.AWS_ROUTE_53_ZONE }}" | ||
| awsUser: "${{ secrets.AWS_USER }}" | ||
| sshConnectionType: "${{ vars.SSH_CONNECTION_TYPE }}" | ||
| timeout: "${{ vars.TIMEOUT }}" | ||
| windowsAWSUser: "${{ secrets.AWS_WINDOWS_USER }}" | ||
| windows2019AMI: "${{ secrets.WINDOWS_2019_AMI }}" | ||
| windows2022AMI: "${{ secrets.WINDOWS_2022_AMI }}" | ||
| windows2019Password: "${{ secrets.AWS_WINDOWS_2019_PASSWORD }}" | ||
| windows2022Password: "${{ secrets.AWS_WINDOWS_2022_PASSWORD }}" | ||
| windowsInstanceType: "${{ vars.AWS_WINDOWS_INSTANCE_TYPE }}" | ||
| windowsKeyName: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }}" | ||
| ipAddressType: "${{ vars.IP_ADDRESS_TYPE }}" | ||
| loadBalancerType: "${{ vars.LOAD_BALANCER_TYPE }}" | ||
| targetType: "${{ vars.TARGET_TYPE }}" | ||
| standalone: | ||
| bootstrapPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}" | ||
| certManagerVersion: "${{ vars.CERT_MANAGER_VERSION }}" | ||
| certType: "${{ vars.CERT_TYPE }}" | ||
| chartVersion: "${{ env.RANCHER_CHART_VERSION }}" | ||
| osUser: "${{ secrets.OS_USER }}" | ||
| osGroup: "${{ secrets.OS_GROUP }}" | ||
| rancherChartRepository: "${{ secrets.RANCHER_HELM_CHART_URL }}" | ||
| rancherHostname: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}" | ||
| rancherImage: "${{ secrets.RANCHER_IMAGE }}" | ||
| rancherTagVersion: "${{ env.RANCHER_VERSION }}" | ||
| registryUsername: "${{ secrets.PRIVATE_REGISTRY_USERNAME }}" | ||
| registryPassword: "${{ secrets.PRIVATE_REGISTRY_PASSWORD }}" | ||
| repo: "${{ env.RANCHER_REPO }}" | ||
| rke2Version: "${{ vars.RKE2_VERSION_2_12 }}" | ||
| standaloneRegistry: | ||
| registryName: "${{ secrets.REGISTRY_NAME }}" | ||
| registryPassword: "${{ secrets.REGISTRY_PASSWORD }}" | ||
| registryUsername: "${{ secrets.REGISTRY_USERNAME }}" | ||
| terratest: | ||
| pathToRepo: "${{ secrets.PATH_TO_REPO }}" | ||
| etcdCount: ${{ vars.ETCD_COUNT }} | ||
| controlPlaneCount: ${{ vars.CP_COUNT }} | ||
| workerCount: ${{ vars.WORKER_COUNT }} | ||
| windowsNodeCount: ${{ vars.WINDOWS_NODE_COUNT }} | ||
| EOF | ||
| - name: Export CATTLE_TEST_CONFIG | ||
| run: echo "CATTLE_TEST_CONFIG=${{ github.workspace }}/config.yaml" >> $GITHUB_ENV | ||
| shell: bash | ||
| - name: Set up Go environment | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version-file: "./go.mod" | ||
| - name: Build Packages | ||
| run: ./.github/scripts/build-packages.sh | ||
| - name: Install gotestsum | ||
| run: go install gotest.tools/gotestsum@latest | ||
| - name: Set up Terraform | ||
| uses: hashicorp/setup-terraform@v2 | ||
| with: | ||
| terraform_version: "${{ vars.TERRAFORM_VERSION }}" | ||
| terraform_wrapper: false | ||
| - name: Setup Rancher2 Provider if RC is present | ||
| if: contains(env.RANCHER2_PROVIDER_VERSION, '-rc') | ||
| run: /home/runner/${{ secrets.PATH_TO_REPO }}/scripts/setup-provider.sh rancher2 v${{ env.RANCHER2_PROVIDER_VERSION }} | ||
| shell: bash | ||
| - name: Run Proxy Test Suite | ||
| uses: ./.github/actions/run-test-suite | ||
| with: | ||
| package: ${{ env.PACKAGE }} | ||
| path-to-repo: ${{ secrets.PATH_TO_REPO }} | ||
| test-suite: ${{ env.TEST_SUITE }} | ||
| timeout: ${{ env.TIMEOUT }} | ||
| - name: Refresh AWS credentials | ||
| if: always() | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.TFP_IAM_ROLE }} | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| - name: Revoke Runner IP | ||
| if: always() | ||
| uses: ./.github/actions/revoke-runner-ip | ||
| with: | ||
| prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID }} | ||
| region: "${{ secrets.AWS_REGION }}" | ||
| - name: Set job status output | ||
| if: always() | ||
| run: echo "job_status=${{ job.status }}" >> $GITHUB_OUTPUT | ||
| id: set-job-status | ||
| - name: Reporting Results to Qase | ||
| if: always() | ||
| uses: ./.github/actions/report-to-qase | ||
| with: | ||
| qase-test-run-id: ${{ steps.get-qase-id.outputs.id }} | ||
| qase-automation-token: ${{ secrets.QASE_TOKEN }} | ||
| - name: Reporting Results to Slack | ||
| if: always() | ||
| uses: ./.github/actions/report-to-slack | ||
| with: | ||
| job-status: ${{ steps.set-job-status.outputs.job_status }} | ||
| slack-channel: ${{ secrets.SLACK_CHANNEL }} | ||
| slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| v2-12: | ||
| if: | | ||
| github.event_name == 'schedule' || | ||
| github.event.inputs.run_all_versions == 'true' || | ||
| (github.event_name == 'workflow_dispatch' && startsWith(github.event.inputs.rancher_version, 'v2.12')) && contains(github.event.inputs.rancher_version, '-alpha') || | ||
| (github.event_name == 'workflow_call' && startsWith(inputs.rancher_version, 'v2.12.')) && contains(inputs.rancher_version, '-alpha') | ||
| name: ${{ github.event.inputs.rancher_version }} | ||
| runs-on: ubuntu-latest | ||
| environment: latest | ||
| env: | ||
| RANCHER2_PROVIDER_VERSION: "${{ vars.RANCHER2_PROVIDER_VERSION_2_12 }}" | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.TFP_IAM_ROLE }} | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| - name: Get AWS credentials from Secrets Manager | ||
| uses: aws-actions/aws-secretsmanager-get-secrets@v2 | ||
| with: | ||
| secret-ids: | | ||
| AWS_ACCESS_KEY, ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| AWS_SECRET_KEY, ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| - name: "Fetch and Set DockerHub Credentials" | ||
| uses: rancher-eio/read-vault-secrets@main | ||
| with: | ||
| secrets: | | ||
| secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials username | DOCKERHUB_USERNAME ; | ||
| secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials password | DOCKERHUB_PASSWORD | ||
| - name: Mask Dockerhub Credentials | ||
| run: | | ||
| echo "::add-mask::${{ env.DOCKERHUB_USERNAME }}" | ||
| echo "::add-mask::${{ env.DOCKERHUB_PASSWORD }}" | ||
| - name: Whitelist Runner IP | ||
| uses: ./.github/actions/whitelist-runner-ip | ||
| with: | ||
| prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID }} | ||
| region: "${{ secrets.AWS_REGION }}" | ||
| - name: Set up SSH Keys | ||
| uses: ./.github/actions/setup-ssh-keys | ||
| with: | ||
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | ||
| ssh-private-key-name: ${{ secrets.SSH_PRIVATE_KEY_NAME }} | ||
| windows-ssh-private-key: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY }} | ||
| windows-ssh-private-key-name: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }} | ||
| - name: Uniquify hostname prefix | ||
| uses: ./.github/actions/uniquify-hostname | ||
| - name: Set Rancher version | ||
| uses: ./.github/actions/set-env-var | ||
| with: | ||
| key: RANCHER_VERSION | ||
| value: | | ||
| ${{ | ||
| github.event.inputs.rancher_version || | ||
| (github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_version) || | ||
| (github.event_name == 'schedule' && vars.RANCHER_VERSION_2_12_HEAD) || | ||
| (github.event.inputs.run_all_versions == 'true' && vars.RANCHER_VERSION_2_12_HEAD) | ||
| }} | ||
| - name: Set Rancher chart version | ||
| uses: ./.github/actions/set-env-var | ||
| with: | ||
| key: RANCHER_CHART_VERSION | ||
| value: | | ||
| ${{ | ||
| github.event.inputs.rancher_chart_version || | ||
| (github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_chart_version) || | ||
| (github.event_name == 'schedule' && vars.RELEASED_RANCHER_CHART_VERSION_2_12) || | ||
| (github.event.inputs.run_all_versions == 'true' && vars.RELEASED_RANCHER_CHART_VERSION_2_12) | ||
| }} | ||
| - name: Set Rancher repo | ||
| uses: ./.github/actions/set-rancher-repo | ||
| with: | ||
| rancher-version: ${{ env.RANCHER_VERSION }} | ||
| fallback-repo: ${{ secrets.RANCHER_REPO }} | ||
| - name: Get Qase ID | ||
| id: get-qase-id | ||
| uses: ./.github/actions/get-qase-id | ||
| with: | ||
| triggered_tag: ${{ github.event.inputs.rancher_version }} | ||
| qase_recurring_id: "${{ vars.QASE_RECURRING_TEST_RUN_ID_2_12 }}" | ||
| - name: Create config.yaml | ||
| run: | | ||
| cat > config.yaml <<EOF | ||
| rancher: | ||
| host: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}" | ||
| adminPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}" | ||
| insecure: true | ||
| cleanup: true | ||
| terraform: | ||
| cni: "${{ secrets.CNI }}" | ||
| defaultClusterRoleForProjectMembers: "true" | ||
| enableNetworkPolicy: false | ||
| provider: "${{ vars.PROVIDER_AMAZON }}" | ||
| privateKeyPath: "${{ secrets.SSH_PRIVATE_KEY_PATH }}" | ||
| resourcePrefix: "${{ env.HOSTNAME_PREFIX }}" | ||
| windowsPrivateKeyPath: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_PATH }}" | ||
| proxy: | ||
| proxyBastion: "" | ||
| privateRegistries: | ||
| url: "${{ secrets.PRIVATE_REGISTRY_URL }}" | ||
| username: "${{ env.DOCKERHUB_USERNAME }}" | ||
| password: "${{ env.DOCKERHUB_PASSWORD }}" | ||
| insecure: true | ||
| authConfigSecretName: "${{ secrets.AUTH_CONFIG_SECRET_NAME }}" | ||
| mirrorHostname: "${{ secrets.PRIVATE_REGISTRY_MIRROR_HOSTNAME }}" | ||
| mirrorEndpoint: "${{ secrets.PRIVATE_REGISTRY_MIRROR_ENDPOINT }}" | ||
| awsCredentials: | ||
| awsAccessKey: "$AWS_ACCESS_KEY" | ||
| awsSecretKey: "$AWS_SECRET_KEY" | ||
| awsConfig: | ||
| ami: "${{ secrets.AWS_AMI }}" | ||
| awsKeyName: "${{ secrets.SSH_PRIVATE_KEY_NAME }}" | ||
| awsInstanceType: "${{ vars.AWS_INSTANCE_TYPE }}" | ||
| awsVolumeType: "${{ vars.AWS_VOLUME_TYPE }}" | ||
| region: "${{ secrets.AWS_REGION }}" | ||
| awsSecurityGroups: [${{ secrets.AWS_SECURITY_GROUPS }}] | ||
| awsSecurityGroupNames: [${{ secrets.AWS_SECURITY_GROUP_NAMES }}] | ||
| awsSubnetID: "${{ secrets.AWS_SUBNET_ID }}" | ||
| awsVpcID: "${{ secrets.AWS_VPC_ID }}" | ||
| awsZoneLetter: "${{ vars.AWS_ZONE_LETTER }}" | ||
| awsRootSize: ${{ vars.AWS_ROOT_SIZE }} | ||
| awsRoute53Zone: "${{ secrets.AWS_ROUTE_53_ZONE }}" | ||
| awsUser: "${{ secrets.AWS_USER }}" | ||
| sshConnectionType: "${{ vars.SSH_CONNECTION_TYPE }}" | ||
| timeout: "${{ vars.TIMEOUT }}" | ||
| windowsAWSUser: "${{ secrets.AWS_WINDOWS_USER }}" | ||
| windows2019AMI: "${{ secrets.WINDOWS_2019_AMI }}" | ||
| windows2022AMI: "${{ secrets.WINDOWS_2022_AMI }}" | ||
| windows2019Password: "${{ secrets.AWS_WINDOWS_2019_PASSWORD }}" | ||
| windows2022Password: "${{ secrets.AWS_WINDOWS_2022_PASSWORD }}" | ||
| windowsInstanceType: "${{ vars.AWS_WINDOWS_INSTANCE_TYPE }}" | ||
| windowsKeyName: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }}" | ||
| ipAddressType: "${{ vars.IP_ADDRESS_TYPE }}" | ||
| loadBalancerType: "${{ vars.LOAD_BALANCER_TYPE }}" | ||
| targetType: "${{ vars.TARGET_TYPE }}" | ||
| standalone: | ||
| bootstrapPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}" | ||
| certManagerVersion: "${{ vars.CERT_MANAGER_VERSION }}" | ||
| certType: "${{ vars.CERT_TYPE }}" | ||
| chartVersion: "${{ env.RANCHER_CHART_VERSION }}" | ||
| osUser: "${{ secrets.OS_USER }}" | ||
| osGroup: "${{ secrets.OS_GROUP }}" | ||
| rancherChartRepository: "${{ secrets.RANCHER_HELM_CHART_URL }}" | ||
| rancherHostname: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}" | ||
| rancherImage: "${{ secrets.RANCHER_IMAGE }}" | ||
| rancherTagVersion: "${{ env.RANCHER_VERSION }}" | ||
| registryUsername: "${{ secrets.PRIVATE_REGISTRY_USERNAME }}" | ||
| registryPassword: "${{ secrets.PRIVATE_REGISTRY_PASSWORD }}" | ||
| repo: "${{ env.RANCHER_REPO }}" | ||
| rke2Version: "${{ vars.RKE2_VERSION_2_12 }}" | ||
| standaloneRegistry: | ||
| registryName: "${{ secrets.REGISTRY_NAME }}" | ||
| registryPassword: "${{ secrets.REGISTRY_PASSWORD }}" | ||
| registryUsername: "${{ secrets.REGISTRY_USERNAME }}" | ||
| terratest: | ||
| pathToRepo: "${{ secrets.PATH_TO_REPO }}" | ||
| etcdCount: ${{ vars.ETCD_COUNT }} | ||
| controlPlaneCount: ${{ vars.CP_COUNT }} | ||
| workerCount: ${{ vars.WORKER_COUNT }} | ||
| windowsNodeCount: ${{ vars.WINDOWS_NODE_COUNT }} | ||
| EOF | ||
| - name: Export CATTLE_TEST_CONFIG | ||
| run: echo "CATTLE_TEST_CONFIG=${{ github.workspace }}/config.yaml" >> $GITHUB_ENV | ||
| shell: bash | ||
| - name: Set up Go environment | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version-file: "./go.mod" | ||
| - name: Build Packages | ||
| run: ./.github/scripts/build-packages.sh | ||
| - name: Install gotestsum | ||
| run: go install gotest.tools/gotestsum@latest | ||
| - name: Set up Terraform | ||
| uses: hashicorp/setup-terraform@v2 | ||
| with: | ||
| terraform_version: "${{ vars.TERRAFORM_VERSION }}" | ||
| terraform_wrapper: false | ||
| - name: Setup Rancher2 Provider if RC is present | ||
| if: contains(env.RANCHER2_PROVIDER_VERSION, '-rc') | ||
| run: /home/runner/${{ secrets.PATH_TO_REPO }}/scripts/setup-provider.sh rancher2 v${{ env.RANCHER2_PROVIDER_VERSION }} | ||
| shell: bash | ||
| - name: Run Proxy Test Suite | ||
| uses: ./.github/actions/run-test-suite | ||
| with: | ||
| package: ${{ env.PACKAGE }} | ||
| path-to-repo: ${{ secrets.PATH_TO_REPO }} | ||
| test-suite: ${{ env.TEST_SUITE }} | ||
| timeout: ${{ env.TIMEOUT }} | ||
| - name: Refresh AWS credentials | ||
| if: always() | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.TFP_IAM_ROLE }} | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| - name: Revoke Runner IP | ||
| if: always() | ||
| uses: ./.github/actions/revoke-runner-ip | ||
| with: | ||
| prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID }} | ||
| region: "${{ secrets.AWS_REGION }}" | ||
| - name: Set job status output | ||
| if: always() | ||
| run: echo "job_status=${{ job.status }}" >> $GITHUB_OUTPUT | ||
| id: set-job-status | ||
| - name: Reporting Results to Qase | ||
| if: always() | ||
| uses: ./.github/actions/report-to-qase | ||
| with: | ||
| qase-test-run-id: ${{ steps.get-qase-id.outputs.id }} | ||
| qase-automation-token: ${{ secrets.QASE_TOKEN }} | ||
| - name: Reporting Results to Slack | ||
| if: always() | ||
| uses: ./.github/actions/report-to-slack | ||
| with: | ||
| job-status: ${{ steps.set-job-status.outputs.job_status }} | ||
| slack-channel: ${{ secrets.SLACK_CHANNEL }} | ||
| slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| v2-11: | ||
| if: | | ||
| github.event_name == 'schedule' || | ||
| github.event.inputs.run_all_versions == 'true' || | ||
| (github.event_name == 'workflow_dispatch' && startsWith(github.event.inputs.rancher_version, 'v2.11')) && contains(github.event.inputs.rancher_version, '-alpha') || | ||
| (github.event_name == 'workflow_call' && startsWith(inputs.rancher_version, 'v2.11.')) && contains(inputs.rancher_version, '-alpha') | ||
| name: ${{ github.event.inputs.rancher_version }} | ||
| runs-on: ubuntu-latest | ||
| environment: staging | ||
| env: | ||
| RANCHER2_PROVIDER_VERSION: "${{ vars.RANCHER2_PROVIDER_VERSION_2_11 }}" | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.TFP_IAM_ROLE }} | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| - name: Get AWS credentials from Secrets Manager | ||
| uses: aws-actions/aws-secretsmanager-get-secrets@v2 | ||
| with: | ||
| secret-ids: | | ||
| AWS_ACCESS_KEY, ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| AWS_SECRET_KEY, ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| - name: "Fetch and Set DockerHub Credentials" | ||
| uses: rancher-eio/read-vault-secrets@main | ||
| with: | ||
| secrets: | | ||
| secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials username | DOCKERHUB_USERNAME ; | ||
| secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials password | DOCKERHUB_PASSWORD | ||
| - name: Mask Dockerhub Credentials | ||
| run: | | ||
| echo "::add-mask::${{ env.DOCKERHUB_USERNAME }}" | ||
| echo "::add-mask::${{ env.DOCKERHUB_PASSWORD }}" | ||
| - name: Whitelist Runner IP | ||
| uses: ./.github/actions/whitelist-runner-ip | ||
| with: | ||
| prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID_PRIME }} | ||
| region: "${{ secrets.AWS_REGION }}" | ||
| - name: Set up SSH Keys | ||
| uses: ./.github/actions/setup-ssh-keys | ||
| with: | ||
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | ||
| ssh-private-key-name: ${{ secrets.SSH_PRIVATE_KEY_NAME }} | ||
| windows-ssh-private-key: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY }} | ||
| windows-ssh-private-key-name: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }} | ||
| - name: Uniquify hostname prefix | ||
| uses: ./.github/actions/uniquify-hostname | ||
| - name: Set Rancher version | ||
| uses: ./.github/actions/set-env-var | ||
| with: | ||
| key: RANCHER_VERSION | ||
| value: | | ||
| ${{ | ||
| github.event.inputs.rancher_version || | ||
| (github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_version) || | ||
| (github.event_name == 'schedule' && vars.RANCHER_VERSION_2_11_HEAD) || | ||
| (github.event.inputs.run_all_versions == 'true' && vars.RANCHER_VERSION_2_11_HEAD) | ||
| }} | ||
| - name: Set Rancher chart version | ||
| uses: ./.github/actions/set-env-var | ||
| with: | ||
| key: RANCHER_CHART_VERSION | ||
| value: | | ||
| ${{ | ||
| github.event.inputs.rancher_chart_version || | ||
| (github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_chart_version) || | ||
| (github.event_name == 'schedule' && vars.RELEASED_RANCHER_CHART_VERSION_2_11) || | ||
| (github.event.inputs.run_all_versions == 'true' && vars.RELEASED_RANCHER_CHART_VERSION_2_11) | ||
| }} | ||
| - name: Set Rancher repo | ||
| uses: ./.github/actions/set-rancher-repo | ||
| with: | ||
| rancher-version: ${{ env.RANCHER_VERSION }} | ||
| fallback-repo: ${{ secrets.RANCHER_REPO }} | ||
| is-prime: true | ||
| - name: Set Rancher chart url | ||
| uses: ./.github/actions/set-rancher-chart-url | ||
| with: | ||
| rancher-repo: ${{ env.RANCHER_REPO }} | ||
| staging-chart-url: ${{ secrets.STAGING_RANCHER_HELM_CHART_URL }} | ||
| fallback-chart-url: ${{ secrets.RANCHER_HELM_CHART_URL }} | ||
| - name: Get Qase ID | ||
| id: get-qase-id | ||
| uses: ./.github/actions/get-qase-id | ||
| with: | ||
| triggered_tag: ${{ github.event.inputs.rancher_version }} | ||
| qase_recurring_id: "${{ vars.QASE_RECURRING_TEST_RUN_ID_2_11 }}" | ||
| - name: Create config.yaml | ||
| run: | | ||
| cat > config.yaml <<EOF | ||
| rancher: | ||
| host: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}" | ||
| adminPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}" | ||
| insecure: true | ||
| cleanup: true | ||
| terraform: | ||
| cni: "${{ secrets.CNI }}" | ||
| defaultClusterRoleForProjectMembers: "true" | ||
| enableNetworkPolicy: false | ||
| provider: "${{ vars.PROVIDER_AMAZON }}" | ||
| privateKeyPath: "${{ secrets.SSH_PRIVATE_KEY_PATH }}" | ||
| resourcePrefix: "${{ env.HOSTNAME_PREFIX }}" | ||
| windowsPrivateKeyPath: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_PATH }}" | ||
| proxy: | ||
| proxyBastion: "" | ||
| privateRegistries: | ||
| url: "${{ secrets.PRIVATE_REGISTRY_URL }}" | ||
| username: "${{ env.DOCKERHUB_USERNAME }}" | ||
| password: "${{ env.DOCKERHUB_PASSWORD }}" | ||
| insecure: true | ||
| authConfigSecretName: "${{ secrets.AUTH_CONFIG_SECRET_NAME }}" | ||
| mirrorHostname: "${{ secrets.PRIVATE_REGISTRY_MIRROR_HOSTNAME }}" | ||
| mirrorEndpoint: "${{ secrets.PRIVATE_REGISTRY_MIRROR_ENDPOINT }}" | ||
| awsCredentials: | ||
| awsAccessKey: "$AWS_ACCESS_KEY" | ||
| awsSecretKey: "$AWS_SECRET_KEY" | ||
| awsConfig: | ||
| ami: "${{ secrets.AWS_AMI }}" | ||
| awsKeyName: "${{ secrets.SSH_PRIVATE_KEY_NAME }}" | ||
| awsInstanceType: "${{ vars.AWS_INSTANCE_TYPE }}" | ||
| awsVolumeType: "${{ vars.AWS_VOLUME_TYPE }}" | ||
| region: "${{ secrets.AWS_REGION }}" | ||
| awsSecurityGroups: [${{ secrets.AWS_SECURITY_GROUPS_PRIME }}] | ||
| awsSecurityGroupNames: [${{ secrets.AWS_SECURITY_GROUP_NAMES_PRIME }}] | ||
| awsSubnetID: "${{ secrets.AWS_SUBNET_ID }}" | ||
| awsVpcID: "${{ secrets.AWS_VPC_ID }}" | ||
| awsZoneLetter: "${{ vars.AWS_ZONE_LETTER }}" | ||
| awsRootSize: ${{ vars.AWS_ROOT_SIZE }} | ||
| awsRoute53Zone: "${{ secrets.AWS_ROUTE_53_ZONE }}" | ||
| awsUser: "${{ secrets.AWS_USER }}" | ||
| sshConnectionType: "${{ vars.SSH_CONNECTION_TYPE }}" | ||
| timeout: "${{ vars.TIMEOUT }}" | ||
| windowsAWSUser: "${{ secrets.AWS_WINDOWS_USER }}" | ||
| windows2019AMI: "${{ secrets.WINDOWS_2019_AMI }}" | ||
| windows2022AMI: "${{ secrets.WINDOWS_2022_AMI }}" | ||
| windows2019Password: "${{ secrets.AWS_WINDOWS_2019_PASSWORD }}" | ||
| windows2022Password: "${{ secrets.AWS_WINDOWS_2022_PASSWORD }}" | ||
| windowsInstanceType: "${{ vars.AWS_WINDOWS_INSTANCE_TYPE }}" | ||
| windowsKeyName: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }}" | ||
| ipAddressType: "${{ vars.IP_ADDRESS_TYPE }}" | ||
| loadBalancerType: "${{ vars.LOAD_BALANCER_TYPE }}" | ||
| targetType: "${{ vars.TARGET_TYPE }}" | ||
| standalone: | ||
| bootstrapPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}" | ||
| certManagerVersion: "${{ vars.CERT_MANAGER_VERSION }}" | ||
| certType: "${{ vars.CERT_TYPE }}" | ||
| chartVersion: "${{ env.RANCHER_CHART_VERSION }}" | ||
| osUser: "${{ secrets.OS_USER }}" | ||
| osGroup: "${{ secrets.OS_GROUP }}" | ||
| rancherAgentImage: "${{ secrets.RANCHER_AGENT_IMAGE }}" | ||
| rancherChartRepository: "${{ env.RANCHER_HELM_CHART_URL }}" | ||
| rancherHostname: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}" | ||
| rancherImage: "${{ secrets.RANCHER_IMAGE }}" | ||
| rancherTagVersion: "${{ env.RANCHER_VERSION }}" | ||
| registryUsername: "${{ secrets.PRIVATE_REGISTRY_USERNAME }}" | ||
| registryPassword: "${{ secrets.PRIVATE_REGISTRY_PASSWORD }}" | ||
| repo: "${{ env.RANCHER_REPO }}" | ||
| rke2Version: "${{ vars.RKE2_VERSION_2_11 }}" | ||
| standaloneRegistry: | ||
| registryName: "${{ secrets.REGISTRY_NAME }}" | ||
| registryPassword: "${{ secrets.REGISTRY_PASSWORD }}" | ||
| registryUsername: "${{ secrets.REGISTRY_USERNAME }}" | ||
| terratest: | ||
| pathToRepo: "${{ secrets.PATH_TO_REPO }}" | ||
| etcdCount: ${{ vars.ETCD_COUNT }} | ||
| controlPlaneCount: ${{ vars.CP_COUNT }} | ||
| workerCount: ${{ vars.WORKER_COUNT }} | ||
| windowsNodeCount: ${{ vars.WINDOWS_NODE_COUNT }} | ||
| EOF | ||
| - name: Export CATTLE_TEST_CONFIG | ||
| run: echo "CATTLE_TEST_CONFIG=${{ github.workspace }}/config.yaml" >> $GITHUB_ENV | ||
| shell: bash | ||
| - name: Set up Go environment | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version-file: "./go.mod" | ||
| - name: Build Packages | ||
| run: ./.github/scripts/build-packages.sh | ||
| - name: Install gotestsum | ||
| run: go install gotest.tools/gotestsum@latest | ||
| - name: Set up Terraform | ||
| uses: hashicorp/setup-terraform@v2 | ||
| with: | ||
| terraform_version: ${{ vars.TERRAFORM_VERSION }} | ||
| terraform_wrapper: false | ||
| - name: Setup Rancher2 Provider if RC is present | ||
| if: contains(env.RANCHER2_PROVIDER_VERSION, '-rc') | ||
| run: /home/runner/${{ secrets.PATH_TO_REPO }}/scripts/setup-provider.sh rancher2 v${{ env.RANCHER2_PROVIDER_VERSION }} | ||
| shell: bash | ||
| - name: Run Proxy Test Suite | ||
| uses: ./.github/actions/run-test-suite | ||
| with: | ||
| package: ${{ env.PACKAGE }} | ||
| path-to-repo: ${{ secrets.PATH_TO_REPO }} | ||
| test-suite: ${{ env.TEST_SUITE }} | ||
| timeout: ${{ env.TIMEOUT }} | ||
| - name: Refresh AWS credentials | ||
| if: always() | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.TFP_IAM_ROLE }} | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| - name: Revoke Runner IP | ||
| if: always() | ||
| uses: ./.github/actions/revoke-runner-ip | ||
| with: | ||
| prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID_PRIME }} | ||
| region: "${{ secrets.AWS_REGION }}" | ||
| - name: Set job status output | ||
| if: always() | ||
| run: echo "job_status=${{ job.status }}" >> $GITHUB_OUTPUT | ||
| id: set-job-status | ||
| - name: Reporting Results to Qase | ||
| if: always() | ||
| uses: ./.github/actions/report-to-qase | ||
| with: | ||
| qase-test-run-id: ${{ steps.get-qase-id.outputs.id }} | ||
| qase-automation-token: ${{ secrets.QASE_TOKEN }} | ||
| - name: Reporting Results to Slack | ||
| if: always() | ||
| uses: ./.github/actions/report-to-slack | ||
| with: | ||
| job-status: ${{ steps.set-job-status.outputs.job_status }} | ||
| slack-channel: ${{ secrets.SLACK_CHANNEL }} | ||
| slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
