Proxy Testing #192

Workflow file for this run

.github/workflows/proxy-test.yaml at 8211647

	---
	name: Proxy Testing

	on:
	schedule:
	- cron: "0 9 * * 1"
	workflow_dispatch:
	inputs:
	rancher_version:
	description: "Rancher version"
	rancher_chart_version:
	description: "Rancher chart version"
	run_all_versions:
	description: "Run all supported versions if manually triggered"
	required: false
	default: false
	type: boolean
	workflow_call:
	inputs:
	rancher_version:
	description: "Rancher tag version provided from check-rancher-tag workflow"
	required: true
	type: string
	rancher_chart_version:
	description: "Rancher chart version provided from check-rancher-tag workflow"
	required: true
	type: string

	permissions:
	id-token: write
	contents: read

	env:
	CLOUD_PROVIDER_VERSION: "5.95.0"
	HOSTNAME_PREFIX: "tfp-proxy"
	LOCALS_PROVIDER_VERSION: "${{ vars.LOCALS_PROVIDER_VERSION }}"
	PACKAGE: "proxy"
	RKE_PROVIDER_VERSION: "${{ vars.RKE_PROVIDER_VERSION }}"
	TEST_SUITE: "^TestTfpProxyProvisioningTestSuite$"
	TIMEOUT: "5h"

	jobs:
	head:
	if: \|
	github.event_name == 'schedule' \|\|
	github.event.inputs.run_all_versions == 'true' \|\|
	(github.event_name == 'workflow_dispatch' && startsWith(github.event.inputs.rancher_version, 'head'))
	name: head
	runs-on: ubuntu-latest
	environment: latest
	env:
	RANCHER2_PROVIDER_VERSION: "${{ vars.RANCHER2_PROVIDER_VERSION_2_13 }}"

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.TFP_IAM_ROLE }}
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Get AWS credentials from Secrets Manager
	uses: aws-actions/aws-secretsmanager-get-secrets@v2
	with:
	secret-ids: \|
	AWS_ACCESS_KEY, ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_KEY, ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: "Fetch and Set DockerHub Credentials"
	uses: rancher-eio/read-vault-secrets@main
	with:
	secrets: \|
	secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials username \| DOCKERHUB_USERNAME ;
	secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials password \| DOCKERHUB_PASSWORD

	- name: Mask Dockerhub Credentials
	run: \|
	echo "::add-mask::${{ env.DOCKERHUB_USERNAME }}"
	echo "::add-mask::${{ env.DOCKERHUB_PASSWORD }}"

	- name: Whitelist Runner IP
	uses: ./.github/actions/whitelist-runner-ip
	with:
	prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID }}
	region: "${{ secrets.AWS_REGION }}"

	- name: Set up SSH Keys
	uses: ./.github/actions/setup-ssh-keys
	with:
	ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
	ssh-private-key-name: ${{ secrets.SSH_PRIVATE_KEY_NAME }}
	windows-ssh-private-key: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY }}
	windows-ssh-private-key-name: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }}

	- name: Uniquify hostname prefix
	uses: ./.github/actions/uniquify-hostname

	- name: Set Rancher version
	uses: ./.github/actions/set-env-var
	with:
	key: RANCHER_VERSION
	value: \|
	${{
	github.event.inputs.rancher_version \|\|
	(github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_version) \|\|
	(github.event_name == 'schedule' && vars.RANCHER_VERSION_HEAD) \|\|
	(github.event.inputs.run_all_versions == 'true' && vars.RANCHER_VERSION_HEAD)
	}}

	- name: Set Rancher chart version
	uses: ./.github/actions/set-env-var
	with:
	key: RANCHER_CHART_VERSION
	value: \|
	${{
	github.event.inputs.rancher_chart_version \|\|
	(github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_chart_version) \|\|
	(github.event_name == 'schedule' && vars.RELEASED_RANCHER_CHART_VERSION_2_12) \|\|
	(github.event.inputs.run_all_versions == 'true' && vars.RELEASED_RANCHER_CHART_VERSION_2_12)
	}}

	- name: Set Rancher repo
	uses: ./.github/actions/set-rancher-repo
	with:
	rancher-version: ${{ env.RANCHER_VERSION }}
	fallback-repo: ${{ secrets.RANCHER_REPO }}

	- name: Get Qase ID
	id: get-qase-id
	uses: ./.github/actions/get-qase-id
	with:
	triggered_tag: ${{ github.event.inputs.rancher_version }}
	qase_recurring_id: "${{ vars.QASE_RECURRING_TEST_RUN_ID_2_13 }}"

	- name: Create config.yaml
	run: \|
	cat > config.yaml <<EOF
	rancher:
	host: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}"
	adminPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}"
	insecure: true
	cleanup: true
	terraform:
	cni: "${{ secrets.CNI }}"
	defaultClusterRoleForProjectMembers: "true"
	enableNetworkPolicy: false
	provider: "${{ vars.PROVIDER_AMAZON }}"
	privateKeyPath: "${{ secrets.SSH_PRIVATE_KEY_PATH }}"
	resourcePrefix: "${{ env.HOSTNAME_PREFIX }}"
	windowsPrivateKeyPath: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_PATH }}"
	proxy:
	proxyBastion: ""
	privateRegistries:
	url: "${{ secrets.PRIVATE_REGISTRY_URL }}"
	username: "${{ env.DOCKERHUB_USERNAME }}"
	password: "${{ env.DOCKERHUB_PASSWORD }}"
	insecure: true
	authConfigSecretName: "${{ secrets.AUTH_CONFIG_SECRET_NAME }}"
	mirrorHostname: "${{ secrets.PRIVATE_REGISTRY_MIRROR_HOSTNAME }}"
	mirrorEndpoint: "${{ secrets.PRIVATE_REGISTRY_MIRROR_ENDPOINT }}"
	awsCredentials:
	awsAccessKey: "$AWS_ACCESS_KEY"
	awsSecretKey: "$AWS_SECRET_KEY"
	awsConfig:
	ami: "${{ secrets.AWS_AMI }}"
	awsKeyName: "${{ secrets.SSH_PRIVATE_KEY_NAME }}"
	awsInstanceType: "${{ vars.AWS_INSTANCE_TYPE }}"
	awsVolumeType: "${{ vars.AWS_VOLUME_TYPE }}"
	region: "${{ secrets.AWS_REGION }}"
	awsSecurityGroups: [${{ secrets.AWS_SECURITY_GROUPS }}]
	awsSecurityGroupNames: [${{ secrets.AWS_SECURITY_GROUP_NAMES }}]
	awsSubnetID: "${{ secrets.AWS_SUBNET_ID }}"
	awsVpcID: "${{ secrets.AWS_VPC_ID }}"
	awsZoneLetter: "${{ vars.AWS_ZONE_LETTER }}"
	awsRootSize: ${{ vars.AWS_ROOT_SIZE }}
	awsRoute53Zone: "${{ secrets.AWS_ROUTE_53_ZONE }}"
	awsUser: "${{ secrets.AWS_USER }}"
	sshConnectionType: "${{ vars.SSH_CONNECTION_TYPE }}"
	timeout: "${{ vars.TIMEOUT }}"
	windowsAWSUser: "${{ secrets.AWS_WINDOWS_USER }}"
	windows2019AMI: "${{ secrets.WINDOWS_2019_AMI }}"
	windows2022AMI: "${{ secrets.WINDOWS_2022_AMI }}"
	windows2019Password: "${{ secrets.AWS_WINDOWS_2019_PASSWORD }}"
	windows2022Password: "${{ secrets.AWS_WINDOWS_2022_PASSWORD }}"
	windowsInstanceType: "${{ vars.AWS_WINDOWS_INSTANCE_TYPE }}"
	windowsKeyName: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }}"
	ipAddressType: "${{ vars.IP_ADDRESS_TYPE }}"
	loadBalancerType: "${{ vars.LOAD_BALANCER_TYPE }}"
	targetType: "${{ vars.TARGET_TYPE }}"
	standalone:
	bootstrapPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}"
	certManagerVersion: "${{ vars.CERT_MANAGER_VERSION }}"
	certType: "${{ vars.CERT_TYPE }}"
	chartVersion: "${{ env.RANCHER_CHART_VERSION }}"
	osUser: "${{ secrets.OS_USER }}"
	osGroup: "${{ secrets.OS_GROUP }}"
	rancherChartRepository: "${{ secrets.RANCHER_HELM_CHART_URL }}"
	rancherHostname: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}"
	rancherImage: "${{ secrets.RANCHER_IMAGE }}"
	rancherTagVersion: "${{ env.RANCHER_VERSION }}"
	registryUsername: "${{ secrets.PRIVATE_REGISTRY_USERNAME }}"
	registryPassword: "${{ secrets.PRIVATE_REGISTRY_PASSWORD }}"
	repo: "${{ env.RANCHER_REPO }}"
	rke2Version: "${{ vars.RKE2_VERSION_2_12 }}"
	standaloneRegistry:
	registryName: "${{ secrets.REGISTRY_NAME }}"
	registryPassword: "${{ secrets.REGISTRY_PASSWORD }}"
	registryUsername: "${{ secrets.REGISTRY_USERNAME }}"
	terratest:
	pathToRepo: "${{ secrets.PATH_TO_REPO }}"
	etcdCount: ${{ vars.ETCD_COUNT }}
	controlPlaneCount: ${{ vars.CP_COUNT }}
	workerCount: ${{ vars.WORKER_COUNT }}
	windowsNodeCount: ${{ vars.WINDOWS_NODE_COUNT }}
	EOF

	- name: Export CATTLE_TEST_CONFIG
	run: echo "CATTLE_TEST_CONFIG=${{ github.workspace }}/config.yaml" >> $GITHUB_ENV
	shell: bash

	- name: Set up Go environment
	uses: actions/setup-go@v5
	with:
	go-version-file: "./go.mod"

	- name: Build Packages
	run: ./.github/scripts/build-packages.sh

	- name: Install gotestsum
	run: go install gotest.tools/gotestsum@latest

	- name: Set up Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: "${{ vars.TERRAFORM_VERSION }}"
	terraform_wrapper: false

	- name: Setup Rancher2 Provider if RC is present
	if: contains(env.RANCHER2_PROVIDER_VERSION, '-rc')
	run: /home/runner/${{ secrets.PATH_TO_REPO }}/scripts/setup-provider.sh rancher2 v${{ env.RANCHER2_PROVIDER_VERSION }}
	shell: bash

	- name: Run Proxy Test Suite
	uses: ./.github/actions/run-test-suite
	with:
	package: ${{ env.PACKAGE }}
	path-to-repo: ${{ secrets.PATH_TO_REPO }}
	test-suite: ${{ env.TEST_SUITE }}
	timeout: ${{ env.TIMEOUT }}

	- name: Refresh AWS credentials
	if: always()
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.TFP_IAM_ROLE }}
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Revoke Runner IP
	if: always()
	uses: ./.github/actions/revoke-runner-ip
	with:
	prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID }}
	region: "${{ secrets.AWS_REGION }}"

	- name: Set job status output
	if: always()
	run: echo "job_status=${{ job.status }}" >> $GITHUB_OUTPUT
	id: set-job-status

	- name: Reporting Results to Qase
	if: always()
	uses: ./.github/actions/report-to-qase
	with:
	qase-test-run-id: ${{ steps.get-qase-id.outputs.id }}
	qase-automation-token: ${{ secrets.QASE_TOKEN }}

	- name: Reporting Results to Slack
	if: always()
	uses: ./.github/actions/report-to-slack
	with:
	job-status: ${{ steps.set-job-status.outputs.job_status }}
	slack-channel: ${{ secrets.SLACK_CHANNEL }}
	slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}

	v2-12:
	if: \|
	github.event_name == 'schedule' \|\|
	github.event.inputs.run_all_versions == 'true' \|\|
	(github.event_name == 'workflow_dispatch' && startsWith(github.event.inputs.rancher_version, 'v2.12')) && contains(github.event.inputs.rancher_version, '-alpha') \|\|
	(github.event_name == 'workflow_call' && startsWith(inputs.rancher_version, 'v2.12.')) && contains(inputs.rancher_version, '-alpha')
	name: ${{ github.event.inputs.rancher_version }}
	runs-on: ubuntu-latest
	environment: latest
	env:
	RANCHER2_PROVIDER_VERSION: "${{ vars.RANCHER2_PROVIDER_VERSION_2_12 }}"

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.TFP_IAM_ROLE }}
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Get AWS credentials from Secrets Manager
	uses: aws-actions/aws-secretsmanager-get-secrets@v2
	with:
	secret-ids: \|
	AWS_ACCESS_KEY, ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_KEY, ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: "Fetch and Set DockerHub Credentials"
	uses: rancher-eio/read-vault-secrets@main
	with:
	secrets: \|
	secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials username \| DOCKERHUB_USERNAME ;
	secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials password \| DOCKERHUB_PASSWORD

	- name: Mask Dockerhub Credentials
	run: \|
	echo "::add-mask::${{ env.DOCKERHUB_USERNAME }}"
	echo "::add-mask::${{ env.DOCKERHUB_PASSWORD }}"

	- name: Whitelist Runner IP
	uses: ./.github/actions/whitelist-runner-ip
	with:
	prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID }}
	region: "${{ secrets.AWS_REGION }}"

	- name: Set up SSH Keys
	uses: ./.github/actions/setup-ssh-keys
	with:
	ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
	ssh-private-key-name: ${{ secrets.SSH_PRIVATE_KEY_NAME }}
	windows-ssh-private-key: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY }}
	windows-ssh-private-key-name: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }}

	- name: Uniquify hostname prefix
	uses: ./.github/actions/uniquify-hostname

	- name: Set Rancher version
	uses: ./.github/actions/set-env-var
	with:
	key: RANCHER_VERSION
	value: \|
	${{
	github.event.inputs.rancher_version \|\|
	(github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_version) \|\|
	(github.event_name == 'schedule' && vars.RANCHER_VERSION_2_12_HEAD) \|\|
	(github.event.inputs.run_all_versions == 'true' && vars.RANCHER_VERSION_2_12_HEAD)
	}}

	- name: Set Rancher chart version
	uses: ./.github/actions/set-env-var
	with:
	key: RANCHER_CHART_VERSION
	value: \|
	${{
	github.event.inputs.rancher_chart_version \|\|
	(github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_chart_version) \|\|
	(github.event_name == 'schedule' && vars.RELEASED_RANCHER_CHART_VERSION_2_12) \|\|
	(github.event.inputs.run_all_versions == 'true' && vars.RELEASED_RANCHER_CHART_VERSION_2_12)
	}}

	- name: Set Rancher repo
	uses: ./.github/actions/set-rancher-repo
	with:
	rancher-version: ${{ env.RANCHER_VERSION }}
	fallback-repo: ${{ secrets.RANCHER_REPO }}

	- name: Get Qase ID
	id: get-qase-id
	uses: ./.github/actions/get-qase-id
	with:
	triggered_tag: ${{ github.event.inputs.rancher_version }}
	qase_recurring_id: "${{ vars.QASE_RECURRING_TEST_RUN_ID_2_12 }}"

	- name: Create config.yaml
	run: \|
	cat > config.yaml <<EOF
	rancher:
	host: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}"
	adminPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}"
	insecure: true
	cleanup: true
	terraform:
	cni: "${{ secrets.CNI }}"
	defaultClusterRoleForProjectMembers: "true"
	enableNetworkPolicy: false
	provider: "${{ vars.PROVIDER_AMAZON }}"
	privateKeyPath: "${{ secrets.SSH_PRIVATE_KEY_PATH }}"
	resourcePrefix: "${{ env.HOSTNAME_PREFIX }}"
	windowsPrivateKeyPath: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_PATH }}"
	proxy:
	proxyBastion: ""
	privateRegistries:
	url: "${{ secrets.PRIVATE_REGISTRY_URL }}"
	username: "${{ env.DOCKERHUB_USERNAME }}"
	password: "${{ env.DOCKERHUB_PASSWORD }}"
	insecure: true
	authConfigSecretName: "${{ secrets.AUTH_CONFIG_SECRET_NAME }}"
	mirrorHostname: "${{ secrets.PRIVATE_REGISTRY_MIRROR_HOSTNAME }}"
	mirrorEndpoint: "${{ secrets.PRIVATE_REGISTRY_MIRROR_ENDPOINT }}"
	awsCredentials:
	awsAccessKey: "$AWS_ACCESS_KEY"
	awsSecretKey: "$AWS_SECRET_KEY"
	awsConfig:
	ami: "${{ secrets.AWS_AMI }}"
	awsKeyName: "${{ secrets.SSH_PRIVATE_KEY_NAME }}"
	awsInstanceType: "${{ vars.AWS_INSTANCE_TYPE }}"
	awsVolumeType: "${{ vars.AWS_VOLUME_TYPE }}"
	region: "${{ secrets.AWS_REGION }}"
	awsSecurityGroups: [${{ secrets.AWS_SECURITY_GROUPS }}]
	awsSecurityGroupNames: [${{ secrets.AWS_SECURITY_GROUP_NAMES }}]
	awsSubnetID: "${{ secrets.AWS_SUBNET_ID }}"
	awsVpcID: "${{ secrets.AWS_VPC_ID }}"
	awsZoneLetter: "${{ vars.AWS_ZONE_LETTER }}"
	awsRootSize: ${{ vars.AWS_ROOT_SIZE }}
	awsRoute53Zone: "${{ secrets.AWS_ROUTE_53_ZONE }}"
	awsUser: "${{ secrets.AWS_USER }}"
	sshConnectionType: "${{ vars.SSH_CONNECTION_TYPE }}"
	timeout: "${{ vars.TIMEOUT }}"
	windowsAWSUser: "${{ secrets.AWS_WINDOWS_USER }}"
	windows2019AMI: "${{ secrets.WINDOWS_2019_AMI }}"
	windows2022AMI: "${{ secrets.WINDOWS_2022_AMI }}"
	windows2019Password: "${{ secrets.AWS_WINDOWS_2019_PASSWORD }}"
	windows2022Password: "${{ secrets.AWS_WINDOWS_2022_PASSWORD }}"
	windowsInstanceType: "${{ vars.AWS_WINDOWS_INSTANCE_TYPE }}"
	windowsKeyName: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }}"
	ipAddressType: "${{ vars.IP_ADDRESS_TYPE }}"
	loadBalancerType: "${{ vars.LOAD_BALANCER_TYPE }}"
	targetType: "${{ vars.TARGET_TYPE }}"
	standalone:
	bootstrapPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}"
	certManagerVersion: "${{ vars.CERT_MANAGER_VERSION }}"
	certType: "${{ vars.CERT_TYPE }}"
	chartVersion: "${{ env.RANCHER_CHART_VERSION }}"
	osUser: "${{ secrets.OS_USER }}"
	osGroup: "${{ secrets.OS_GROUP }}"
	rancherChartRepository: "${{ secrets.RANCHER_HELM_CHART_URL }}"
	rancherHostname: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}"
	rancherImage: "${{ secrets.RANCHER_IMAGE }}"
	rancherTagVersion: "${{ env.RANCHER_VERSION }}"
	registryUsername: "${{ secrets.PRIVATE_REGISTRY_USERNAME }}"
	registryPassword: "${{ secrets.PRIVATE_REGISTRY_PASSWORD }}"
	repo: "${{ env.RANCHER_REPO }}"
	rke2Version: "${{ vars.RKE2_VERSION_2_12 }}"
	standaloneRegistry:
	registryName: "${{ secrets.REGISTRY_NAME }}"
	registryPassword: "${{ secrets.REGISTRY_PASSWORD }}"
	registryUsername: "${{ secrets.REGISTRY_USERNAME }}"
	terratest:
	pathToRepo: "${{ secrets.PATH_TO_REPO }}"
	etcdCount: ${{ vars.ETCD_COUNT }}
	controlPlaneCount: ${{ vars.CP_COUNT }}
	workerCount: ${{ vars.WORKER_COUNT }}
	windowsNodeCount: ${{ vars.WINDOWS_NODE_COUNT }}
	EOF

	- name: Export CATTLE_TEST_CONFIG
	run: echo "CATTLE_TEST_CONFIG=${{ github.workspace }}/config.yaml" >> $GITHUB_ENV
	shell: bash

	- name: Set up Go environment
	uses: actions/setup-go@v5
	with:
	go-version-file: "./go.mod"

	- name: Build Packages
	run: ./.github/scripts/build-packages.sh

	- name: Install gotestsum
	run: go install gotest.tools/gotestsum@latest

	- name: Set up Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: "${{ vars.TERRAFORM_VERSION }}"
	terraform_wrapper: false

	- name: Setup Rancher2 Provider if RC is present
	if: contains(env.RANCHER2_PROVIDER_VERSION, '-rc')
	run: /home/runner/${{ secrets.PATH_TO_REPO }}/scripts/setup-provider.sh rancher2 v${{ env.RANCHER2_PROVIDER_VERSION }}
	shell: bash

	- name: Run Proxy Test Suite
	uses: ./.github/actions/run-test-suite
	with:
	package: ${{ env.PACKAGE }}
	path-to-repo: ${{ secrets.PATH_TO_REPO }}
	test-suite: ${{ env.TEST_SUITE }}
	timeout: ${{ env.TIMEOUT }}

	- name: Refresh AWS credentials
	if: always()
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.TFP_IAM_ROLE }}
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Revoke Runner IP
	if: always()
	uses: ./.github/actions/revoke-runner-ip
	with:
	prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID }}
	region: "${{ secrets.AWS_REGION }}"

	- name: Set job status output
	if: always()
	run: echo "job_status=${{ job.status }}" >> $GITHUB_OUTPUT
	id: set-job-status

	- name: Reporting Results to Qase
	if: always()
	uses: ./.github/actions/report-to-qase
	with:
	qase-test-run-id: ${{ steps.get-qase-id.outputs.id }}
	qase-automation-token: ${{ secrets.QASE_TOKEN }}

	- name: Reporting Results to Slack
	if: always()
	uses: ./.github/actions/report-to-slack
	with:
	job-status: ${{ steps.set-job-status.outputs.job_status }}
	slack-channel: ${{ secrets.SLACK_CHANNEL }}
	slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}

	v2-11:
	if: \|
	github.event_name == 'schedule' \|\|
	github.event.inputs.run_all_versions == 'true' \|\|
	(github.event_name == 'workflow_dispatch' && startsWith(github.event.inputs.rancher_version, 'v2.11')) && contains(github.event.inputs.rancher_version, '-alpha') \|\|
	(github.event_name == 'workflow_call' && startsWith(inputs.rancher_version, 'v2.11.')) && contains(inputs.rancher_version, '-alpha')
	name: ${{ github.event.inputs.rancher_version }}
	runs-on: ubuntu-latest
	environment: staging
	env:
	RANCHER2_PROVIDER_VERSION: "${{ vars.RANCHER2_PROVIDER_VERSION_2_11 }}"

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.TFP_IAM_ROLE }}
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Get AWS credentials from Secrets Manager
	uses: aws-actions/aws-secretsmanager-get-secrets@v2
	with:
	secret-ids: \|
	AWS_ACCESS_KEY, ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_KEY, ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: "Fetch and Set DockerHub Credentials"
	uses: rancher-eio/read-vault-secrets@main
	with:
	secrets: \|
	secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials username \| DOCKERHUB_USERNAME ;
	secret/data/github/repo/${{ github.repository }}/dockerhub/org-token/credentials password \| DOCKERHUB_PASSWORD

	- name: Mask Dockerhub Credentials
	run: \|
	echo "::add-mask::${{ env.DOCKERHUB_USERNAME }}"
	echo "::add-mask::${{ env.DOCKERHUB_PASSWORD }}"

	- name: Whitelist Runner IP
	uses: ./.github/actions/whitelist-runner-ip
	with:
	prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID_PRIME }}
	region: "${{ secrets.AWS_REGION }}"

	- name: Set up SSH Keys
	uses: ./.github/actions/setup-ssh-keys
	with:
	ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
	ssh-private-key-name: ${{ secrets.SSH_PRIVATE_KEY_NAME }}
	windows-ssh-private-key: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY }}
	windows-ssh-private-key-name: ${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }}

	- name: Uniquify hostname prefix
	uses: ./.github/actions/uniquify-hostname

	- name: Set Rancher version
	uses: ./.github/actions/set-env-var
	with:
	key: RANCHER_VERSION
	value: \|
	${{
	github.event.inputs.rancher_version \|\|
	(github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_version) \|\|
	(github.event_name == 'schedule' && vars.RANCHER_VERSION_2_11_HEAD) \|\|
	(github.event.inputs.run_all_versions == 'true' && vars.RANCHER_VERSION_2_11_HEAD)
	}}

	- name: Set Rancher chart version
	uses: ./.github/actions/set-env-var
	with:
	key: RANCHER_CHART_VERSION
	value: \|
	${{
	github.event.inputs.rancher_chart_version \|\|
	(github.event_name == 'workflow_dispatch' && github.event.inputs.rancher_chart_version) \|\|
	(github.event_name == 'schedule' && vars.RELEASED_RANCHER_CHART_VERSION_2_11) \|\|
	(github.event.inputs.run_all_versions == 'true' && vars.RELEASED_RANCHER_CHART_VERSION_2_11)
	}}

	- name: Set Rancher repo
	uses: ./.github/actions/set-rancher-repo
	with:
	rancher-version: ${{ env.RANCHER_VERSION }}
	fallback-repo: ${{ secrets.RANCHER_REPO }}
	is-prime: true

	- name: Set Rancher chart url
	uses: ./.github/actions/set-rancher-chart-url
	with:
	rancher-repo: ${{ env.RANCHER_REPO }}
	staging-chart-url: ${{ secrets.STAGING_RANCHER_HELM_CHART_URL }}
	fallback-chart-url: ${{ secrets.RANCHER_HELM_CHART_URL }}

	- name: Get Qase ID
	id: get-qase-id
	uses: ./.github/actions/get-qase-id
	with:
	triggered_tag: ${{ github.event.inputs.rancher_version }}
	qase_recurring_id: "${{ vars.QASE_RECURRING_TEST_RUN_ID_2_11 }}"

	- name: Create config.yaml
	run: \|
	cat > config.yaml <<EOF
	rancher:
	host: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}"
	adminPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}"
	insecure: true
	cleanup: true
	terraform:
	cni: "${{ secrets.CNI }}"
	defaultClusterRoleForProjectMembers: "true"
	enableNetworkPolicy: false
	provider: "${{ vars.PROVIDER_AMAZON }}"
	privateKeyPath: "${{ secrets.SSH_PRIVATE_KEY_PATH }}"
	resourcePrefix: "${{ env.HOSTNAME_PREFIX }}"
	windowsPrivateKeyPath: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_PATH }}"
	proxy:
	proxyBastion: ""
	privateRegistries:
	url: "${{ secrets.PRIVATE_REGISTRY_URL }}"
	username: "${{ env.DOCKERHUB_USERNAME }}"
	password: "${{ env.DOCKERHUB_PASSWORD }}"
	insecure: true
	authConfigSecretName: "${{ secrets.AUTH_CONFIG_SECRET_NAME }}"
	mirrorHostname: "${{ secrets.PRIVATE_REGISTRY_MIRROR_HOSTNAME }}"
	mirrorEndpoint: "${{ secrets.PRIVATE_REGISTRY_MIRROR_ENDPOINT }}"
	awsCredentials:
	awsAccessKey: "$AWS_ACCESS_KEY"
	awsSecretKey: "$AWS_SECRET_KEY"
	awsConfig:
	ami: "${{ secrets.AWS_AMI }}"
	awsKeyName: "${{ secrets.SSH_PRIVATE_KEY_NAME }}"
	awsInstanceType: "${{ vars.AWS_INSTANCE_TYPE }}"
	awsVolumeType: "${{ vars.AWS_VOLUME_TYPE }}"
	region: "${{ secrets.AWS_REGION }}"
	awsSecurityGroups: [${{ secrets.AWS_SECURITY_GROUPS_PRIME }}]
	awsSecurityGroupNames: [${{ secrets.AWS_SECURITY_GROUP_NAMES_PRIME }}]
	awsSubnetID: "${{ secrets.AWS_SUBNET_ID }}"
	awsVpcID: "${{ secrets.AWS_VPC_ID }}"
	awsZoneLetter: "${{ vars.AWS_ZONE_LETTER }}"
	awsRootSize: ${{ vars.AWS_ROOT_SIZE }}
	awsRoute53Zone: "${{ secrets.AWS_ROUTE_53_ZONE }}"
	awsUser: "${{ secrets.AWS_USER }}"
	sshConnectionType: "${{ vars.SSH_CONNECTION_TYPE }}"
	timeout: "${{ vars.TIMEOUT }}"
	windowsAWSUser: "${{ secrets.AWS_WINDOWS_USER }}"
	windows2019AMI: "${{ secrets.WINDOWS_2019_AMI }}"
	windows2022AMI: "${{ secrets.WINDOWS_2022_AMI }}"
	windows2019Password: "${{ secrets.AWS_WINDOWS_2019_PASSWORD }}"
	windows2022Password: "${{ secrets.AWS_WINDOWS_2022_PASSWORD }}"
	windowsInstanceType: "${{ vars.AWS_WINDOWS_INSTANCE_TYPE }}"
	windowsKeyName: "${{ secrets.WINDOWS_SSH_PRIVATE_KEY_NAME }}"
	ipAddressType: "${{ vars.IP_ADDRESS_TYPE }}"
	loadBalancerType: "${{ vars.LOAD_BALANCER_TYPE }}"
	targetType: "${{ vars.TARGET_TYPE }}"
	standalone:
	bootstrapPassword: "${{ secrets.RANCHER_ADMIN_PASSWORD }}"
	certManagerVersion: "${{ vars.CERT_MANAGER_VERSION }}"
	certType: "${{ vars.CERT_TYPE }}"
	chartVersion: "${{ env.RANCHER_CHART_VERSION }}"
	osUser: "${{ secrets.OS_USER }}"
	osGroup: "${{ secrets.OS_GROUP }}"
	rancherAgentImage: "${{ secrets.RANCHER_AGENT_IMAGE }}"
	rancherChartRepository: "${{ env.RANCHER_HELM_CHART_URL }}"
	rancherHostname: "${{ env.HOSTNAME_PREFIX }}.${{ secrets.AWS_ROUTE_53_ZONE }}"
	rancherImage: "${{ secrets.RANCHER_IMAGE }}"
	rancherTagVersion: "${{ env.RANCHER_VERSION }}"
	registryUsername: "${{ secrets.PRIVATE_REGISTRY_USERNAME }}"
	registryPassword: "${{ secrets.PRIVATE_REGISTRY_PASSWORD }}"
	repo: "${{ env.RANCHER_REPO }}"
	rke2Version: "${{ vars.RKE2_VERSION_2_11 }}"
	standaloneRegistry:
	registryName: "${{ secrets.REGISTRY_NAME }}"
	registryPassword: "${{ secrets.REGISTRY_PASSWORD }}"
	registryUsername: "${{ secrets.REGISTRY_USERNAME }}"
	terratest:
	pathToRepo: "${{ secrets.PATH_TO_REPO }}"
	etcdCount: ${{ vars.ETCD_COUNT }}
	controlPlaneCount: ${{ vars.CP_COUNT }}
	workerCount: ${{ vars.WORKER_COUNT }}
	windowsNodeCount: ${{ vars.WINDOWS_NODE_COUNT }}
	EOF

	- name: Export CATTLE_TEST_CONFIG
	run: echo "CATTLE_TEST_CONFIG=${{ github.workspace }}/config.yaml" >> $GITHUB_ENV
	shell: bash

	- name: Set up Go environment
	uses: actions/setup-go@v5
	with:
	go-version-file: "./go.mod"

	- name: Build Packages
	run: ./.github/scripts/build-packages.sh

	- name: Install gotestsum
	run: go install gotest.tools/gotestsum@latest

	- name: Set up Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: ${{ vars.TERRAFORM_VERSION }}
	terraform_wrapper: false

	- name: Setup Rancher2 Provider if RC is present
	if: contains(env.RANCHER2_PROVIDER_VERSION, '-rc')
	run: /home/runner/${{ secrets.PATH_TO_REPO }}/scripts/setup-provider.sh rancher2 v${{ env.RANCHER2_PROVIDER_VERSION }}
	shell: bash

	- name: Run Proxy Test Suite
	uses: ./.github/actions/run-test-suite
	with:
	package: ${{ env.PACKAGE }}
	path-to-repo: ${{ secrets.PATH_TO_REPO }}
	test-suite: ${{ env.TEST_SUITE }}
	timeout: ${{ env.TIMEOUT }}

	- name: Refresh AWS credentials
	if: always()
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.TFP_IAM_ROLE }}
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Revoke Runner IP
	if: always()
	uses: ./.github/actions/revoke-runner-ip
	with:
	prefix-list-id: ${{ secrets.AWS_MANAGED_PREFIX_LIST_ID_PRIME }}
	region: "${{ secrets.AWS_REGION }}"

	- name: Set job status output
	if: always()
	run: echo "job_status=${{ job.status }}" >> $GITHUB_OUTPUT
	id: set-job-status

	- name: Reporting Results to Qase
	if: always()
	uses: ./.github/actions/report-to-qase
	with:
	qase-test-run-id: ${{ steps.get-qase-id.outputs.id }}
	qase-automation-token: ${{ secrets.QASE_TOKEN }}

	- name: Reporting Results to Slack
	if: always()
	uses: ./.github/actions/report-to-slack
	with:
	job-status: ${{ steps.set-job-status.outputs.job_status }}
	slack-channel: ${{ secrets.SLACK_CHANNEL }}
	slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Proxy Testing #192

Workflow file

Proxy Testing #192

Uh oh!

Jobs

Run details

Workflow file for this run