From 31f938c127a20f7b22643dc20d09d6ef87659389 Mon Sep 17 00:00:00 2001 From: Raj Karkar <69803383+rajkarkar-crest@users.noreply.github.com> Date: Mon, 5 Sep 2022 17:50:21 +0530 Subject: [PATCH] feat: Added support for ESCU test-type (#93) Added support for ESCU test-type --- .../workflows/reusable-build-test-release.yml | 189 ++++++++++++++++++ 1 file changed, 189 insertions(+) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 50d84543..51e8bd2a 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -309,6 +309,7 @@ jobs: name: package-deployment path: build/package/deployment** if: always() + security-virustotal: continue-on-error: true name: security-virustotal @@ -326,6 +327,7 @@ jobs: vt_api_key: ${{ secrets.VT_API_KEY }} files: | build/package/* + test-inventory: runs-on: ubuntu-latest # Map a step output to a job output @@ -336,6 +338,7 @@ jobs: modinput_functional: ${{ steps.testset.outputs.modinput_functional }} requirement_test: ${{ steps.testset.outputs.requirement_test }} scripted_inputs: ${{ steps.testset.outputs.scripted_inputs }} + escu: ${{ steps.testset.outputs.escu }} steps: - uses: actions/checkout@v3 - id: testset @@ -1592,6 +1595,183 @@ jobs: path: "${{ needs.setup.outputs.directory-path }}/test-results/*.xml" reporter: java-junit + run-escu-tests: + if: ${{ needs.test-inventory.outputs.escu == 'true' && ( github.base_ref == 'main' || github.ref_name == 'main' || github.base_ref == 'develop' || github.ref_name == 'develop' ) }} + needs: + - build + - test-inventory + - setup + - meta + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + splunk: ${{ fromJson(needs.meta.outputs.matrix_latestSplunk) }} + container: + image: ghcr.io/splunk/workflow-engine-base:2.0.3 + env: + ARGO_SERVER: ${{ needs.setup.outputs.argo-server }} + ARGO_HTTP1: ${{ needs.setup.outputs.argo-http1 }} + ARGO_SECURE: ${{ needs.setup.outputs.argo-secure }} + ARGO_BASE_HREF: ${{ needs.setup.outputs.argo-href }} + ARGO_NAMESPACE: ${{ needs.setup.outputs.argo-namespace }} + SPLUNK_VERSION_BASE: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} + TEST_TYPE: "escu" + steps: + - uses: actions/checkout@v3 + with: + submodules: recursive + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_DEFAULT_REGION }} + - name: Read secrets from AWS Secrets Manager into environment variables + id: get-argo-token + run: | + ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') + echo "::set-output name=argo-token::$ARGO_TOKEN" + - name: create job name + id: create-job-name + shell: bash + run: | + RANDOM_STRING=$(head -3 /dev/urandom | tr -cd '[:lower:]' | cut -c -4) + JOB_NAME=${{ needs.setup.outputs.job-name }}-${RANDOM_STRING} + JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} + JOB_NAME=${JOB_NAME//[_.]/-} + JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') + echo "::set-output name=job-name::$JOB_NAME" + - name: get escu detections + id: get-escu-detections + run: | + RUN_TEST=false + # shellcheck disable=SC2002 + DETECTIONS=$(cat tests/escu/.escu_detections | tr '\n' ',' | tr -d "[:space:]") + if [ -z "$DETECTIONS" ] + then + echo "Detection list is empty." + else + RUN_TEST=true + fi + DETECTIONS="-tf $DETECTIONS" + echo "::set-output name=escu-detections::$DETECTIONS" + echo "::set-output name=escu-test-run::$RUN_TEST" + - name: run-tests + id: run-tests + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + env: + ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} + uses: splunk/wfe-test-runner-action@v1.6.1 + with: + splunk: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} + test-type: ${{ env.TEST_TYPE }} + test-args: ${{ steps.get-escu-detections.outputs.escu-detections }} + job-name: ${{ steps.create-job-name.outputs.job-name }} + labels: ${{ needs.setup.outputs.labels }} + workflow-tmpl-name: ${{ needs.setup.outputs.argo-workflow-tmpl-name }} + workflow-template-ns: ${{ needs.setup.outputs.argo-namespace }} + delay-destroy: "No" + addon-url: ${{ needs.setup.outputs.addon-upload-path }} + addon-name: ${{ needs.setup.outputs.addon-name }} + vendor-version: ${{ matrix.vendor-version.image }} + sc4s-version: "No" + - name: Check if pod was deleted + id: is-pod-deleted + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + shell: bash + env: + ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} + run: | + set -o xtrace + if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then + echo "::set-output name=retry-workflow::true" + fi + - name: Retrying workflow + id: retry-wf + shell: bash + env: + ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + run: | + set -o xtrace + set +e + if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] + then + WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) + echo "::set-output name=workflow-name::$WORKFLOW_NAME" + argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." + else + echo "No retry required" + argo wait "${{ steps.run-tests.outputs.workflow-name }}" -n workflows + argo watch "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | grep "test-addon" + fi + - name: check if workflow completed + env: + ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + shell: bash + run: | + set +e + # shellcheck disable=SC2157 + if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then + WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} + else + WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" + fi + ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') + echo "Status of workflow:" "$ARGO_STATUS" + while [ "$ARGO_STATUS" == "Running" ] || [ "$ARGO_STATUS" == "Pending" ] + do + echo "... argo Workflow ${WORKFLOW_NAME} is running, waiting for it to complete." + argo wait "${WORKFLOW_NAME}" -n workflows || true + ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') + done + - name: pull artifacts from s3 bucket + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + run: | + echo "pulling artifacts" + aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/artifacts-${{ steps.create-job-name.outputs.job-name }}/${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ + tar -xf ${{ needs.setup.outputs.directory-path }}/${{ steps.create-job-name.outputs.job-name }}.tgz -C ${{ needs.setup.outputs.directory-path }} + - name: pull logs from s3 bucket + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + run: | + # shellcheck disable=SC2157 + if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then + WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} + else + WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" + fi + echo "pulling logs" + mkdir -p ${{ needs.setup.outputs.directory-path }}/argo-logs + aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/${WORKFLOW_NAME}/ ${{ needs.setup.outputs.directory-path }}/argo-logs/ --recursive + - uses: actions/upload-artifact@v3 + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + with: + name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} ${{ steps.os-name-version.outputs.os-name }} ${{ steps.os-name-version.outputs.os-version }} tests artifacts + path: | + ${{ needs.setup.outputs.directory-path }}/test-results + - uses: actions/upload-artifact@v3 + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + with: + name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} ${{ steps.os-name-version.outputs.os-name }} ${{ steps.os-name-version.outputs.os-version }} tests logs + path: | + ${{ needs.setup.outputs.directory-path }}/argo-logs + - name: Upload results + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + uses: actions/upload-artifact@v3 + with: + name: escu-test-result + path: | + ${{ needs.setup.outputs.directory-path }}/test-results/escu-result.xml + - name: Test Report + uses: dorny/test-reporter@v1 + if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} + with: + name: splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} test report + path: "${{ needs.setup.outputs.directory-path }}/test-results/*.xml" + reporter: java-junit + validate-pr-title: name: Validate PR title if: github.event_name == 'pull_request' @@ -1650,6 +1830,7 @@ jobs: if: always() && needs.pre-publish.result == 'success' && github.event_name != 'pull_request' && github.event_name != 'schedule' needs: - pre-publish + - run-escu-tests runs-on: ubuntu-latest steps: - name: Checkout @@ -1703,6 +1884,14 @@ jobs: with: name: cim-field-report path: download/artifacts/deployment + - name: Download escu-test-results + id: download-escu-xml + if: ${{ steps.semantic.outputs.new_release_published == 'true' }} + continue-on-error: true + uses: actions/download-artifact@v3 + with: + name: escu-test-result + path: download/artifacts/deployment - name: List of assets if: ${{ steps.semantic.outputs.new_release_published == 'true' }} run: |