vault-k8s/.github/actions/integration-test/action.yml at ada980703bf4b9c40e1f9b9b4b593c0899fe1e5e · hashicorp/vault-k8s · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

name: Integration test
description: Run the integration tests against a single version of k8s and Vault
inputs:
  k8s-version:
    description: 'Kubernetes version to use for the kind cluster'
    required: true
  version:
    description: 'Vault K8s version to use for the tests'
    required: true
  vault-version:
    description: 'Vault version to use for the tests'
    required: true
  tarball-file:
    description: 'Name of the tarball file artifact to download'
    required: true
  kind-cluster-name:
    description: 'Name of the kind cluster to create and test against'
    default: 'vault-k8s'
  bats-version:
    description: 'Version of bats to run tests with'
    default: '1.11.0'
  vault-license:
    description: 'Vault license to use for enterprise tests'
    required: true
runs:
  using: "composite"
  steps:
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
    - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
    - run: sudo npm install -g bats@${{ inputs.bats-version }}
      shell: bash
    - run: bats -v
      shell: bash

    - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
      with:
        python-version: '3.10'
    - run: pip install yq
      shell: bash

    # Checkout this repo.
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        path: "vault-k8s"

    # Checkout vault-helm for acceptance test code.
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        repository: "hashicorp/vault-helm"
        ref: "v0.29.1"
        path: "vault-helm"

    - name: Create Kind Cluster
      uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
      with:
        cluster_name: ${{ inputs.kind-cluster-name }}
        config: vault-helm/test/kind/config.yaml
        node_image: kindest/node:v${{ inputs.k8s-version }}
        version: "v0.26.0"

    - name: Create kind export log root
      id: create_kind_export_log_root
      shell: bash
      run: |
        vault_flavor=community
        log_artifact_name="kind-${{ inputs.kind-cluster-name }}-$(git rev-parse --short ${{ github.sha }})-${{ inputs.k8s-version }}-${{ inputs.vault-version }}-${vault_flavor}-helm-logs"
        log_root="/tmp/${log_artifact_name}"
        mkdir -p "${log_root}"
        echo "log_root=${log_root}" >> $GITHUB_OUTPUT
        echo "log_artifact_name=${log_artifact_name}" >> $GITHUB_OUTPUT

    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
      with:
        name: ${{ inputs.tarball-file }}

    - name: Load vault-k8s ${{ inputs.version }} image
      shell: bash
      run: |
        [ -n "${{ inputs.tarball-file }}" ] || (echo "inputs.tarball-file not set" >&2 ; exit 1)
        docker image load --input "${{ inputs.tarball-file }}"
        kind load docker-image --name ${{ inputs.kind-cluster-name }} hashicorp/vault-k8s:"${{ inputs.version }}"

    - name: Makefile tests
      shell: bash
      working-directory: vault-k8s
      run: make deploy exercise teardown VERSION="${{ inputs.version }}" VAULT_VERSION="${{ inputs.vault-version }}"

    - name: bats tests
      shell: bash
      working-directory: vault-helm
      env:
        VAULT_LICENSE_CI: ${{ inputs.vault-license }}
      run: |
        # assumes Python based yq :(
        yq --in-place --yaml-roundtrip '.injector.image.tag |= "${{ inputs.version }}"' ./values.yaml
        yq --in-place --yaml-roundtrip '.server.image.tag |= "${{ inputs.vault-version }}"' ./values.yaml
        yq --in-place --yaml-roundtrip '.injector.agentImage.tag |= "${{ inputs.vault-version }}"' ./values.yaml
        bats ./test/acceptance -t --filter injector

    - name: export kind cluster logs
      if: always()
      shell: bash
      run: |
       kind export logs --name ${{ inputs.kind-cluster-name }} ${{ steps.create_kind_export_log_root.outputs.log_root }}

    - name: Store kind cluster logs
      if: success()
      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
      with:
        name: ${{ steps.create_kind_export_log_root.outputs.log_artifact_name }}
        path: ${{ steps.create_kind_export_log_root.outputs.log_root }}

    - name: Store kind cluster logs failure
      if: failure()
      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
      with:
        name: ${{ steps.create_kind_export_log_root.outputs.log_artifact_name }}-failed
        path: ${{ steps.create_kind_export_log_root.outputs.log_root }}