fix!: remove unnecessary tests (#34)
Signed-off-by: matttrach <matt.trachier@suse.com>
This commit is contained in:
Matt Trachier
GitHub
parent
174a462fcd
commit
10338a31d4
|
|
@ -6,10 +6,7 @@ on:
|
||||||
- main
|
- main
|
||||||
|
|
||||||
env:
|
env:
|
||||||
AWS_REGION: us-west-2
|
|
||||||
AWS_ROLE: arn:aws:iam::270074865685:role/terraform-module-ci-test
|
|
||||||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||||
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
|
|
||||||
|
|
||||||
permissions: write-all
|
permissions: write-all
|
||||||
|
|
||||||
|
|
@ -21,43 +18,6 @@ jobs:
|
||||||
id: release-please
|
id: release-please
|
||||||
with:
|
with:
|
||||||
release-type: terraform-module
|
release-type: terraform-module
|
||||||
- name: Install Let's Encrypt Roots and Intermediate Certificates
|
|
||||||
if: steps.release-please.outputs.pr
|
|
||||||
run: |
|
|
||||||
# https://letsencrypt.org/certificates/
|
|
||||||
sudo apt-get update -y
|
|
||||||
sudo apt-get install -y ca-certificates wget openssl libssl-dev
|
|
||||||
wget https://letsencrypt.org/certs/isrgrootx1.pem # rsa
|
|
||||||
sudo cp isrgrootx1.pem /usr/local/share/ca-certificates/
|
|
||||||
wget https://letsencrypt.org/certs/isrg-root-x2.pem # ecdsa
|
|
||||||
sudo cp isrg-root-x2.pem /usr/local/share/ca-certificates/
|
|
||||||
wget https://letsencrypt.org/certs/2024/r11.pem
|
|
||||||
sudo cp r11.pem /usr/local/share/ca-certificates/
|
|
||||||
wget https://letsencrypt.org/certs/2024/r10.pem
|
|
||||||
sudo cp r10.pem /usr/local/share/ca-certificates/
|
|
||||||
wget https://letsencrypt.org/certs/2024/e5.pem
|
|
||||||
sudo cp e5.pem /usr/local/share/ca-certificates/
|
|
||||||
wget https://letsencrypt.org/certs/2024/e6.pem
|
|
||||||
sudo cp e6.pem /usr/local/share/ca-certificates/
|
|
||||||
sudo update-ca-certificates
|
|
||||||
- name: Verify Lets Encrypt CA Functionality
|
|
||||||
if: steps.release-please.outputs.pr
|
|
||||||
run: |
|
|
||||||
# Function to check if Let's Encrypt CA is effectively used by openssl
|
|
||||||
check_letsencrypt_ca() {
|
|
||||||
# Try to verify a known Let's Encrypt certificate (you can use any valid one)
|
|
||||||
if openssl s_client -showcerts -connect letsencrypt.org:443 < /dev/null | openssl x509 -noout -issuer | grep -q "Let's Encrypt"; then
|
|
||||||
return 0 # Success
|
|
||||||
else
|
|
||||||
return 1 # Failure
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
if check_letsencrypt_ca; then
|
|
||||||
echo "Let's Encrypt CA is functioning correctly."
|
|
||||||
else
|
|
||||||
echo "Error: Let's Encrypt CA is not being used for verification."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
- uses: actions/github-script@v7
|
- uses: actions/github-script@v7
|
||||||
if: steps.release-please.outputs.pr
|
if: steps.release-please.outputs.pr
|
||||||
with:
|
with:
|
||||||
|
|
@ -74,15 +34,6 @@ jobs:
|
||||||
with:
|
with:
|
||||||
token: ${{secrets.GITHUB_TOKEN}}
|
token: ${{secrets.GITHUB_TOKEN}}
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- id: aws-creds
|
|
||||||
uses: aws-actions/configure-aws-credentials@v4
|
|
||||||
if: steps.release-please.outputs.pr
|
|
||||||
with:
|
|
||||||
role-to-assume: ${{env.AWS_ROLE}}
|
|
||||||
role-session-name: ${{github.run_id}}
|
|
||||||
aws-region: ${{env.AWS_REGION}}
|
|
||||||
role-duration-seconds: 7200 # 2 hours
|
|
||||||
output-credentials: true
|
|
||||||
- name: install-nix
|
- name: install-nix
|
||||||
if: steps.release-please.outputs.pr
|
if: steps.release-please.outputs.pr
|
||||||
run: |
|
run: |
|
||||||
|
|
@ -94,15 +45,9 @@ jobs:
|
||||||
if: steps.release-please.outputs.pr
|
if: steps.release-please.outputs.pr
|
||||||
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
|
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
|
||||||
env:
|
env:
|
||||||
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
|
|
||||||
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
|
|
||||||
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
|
|
||||||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||||
GITHUB_OWNER: rancher
|
GITHUB_OWNER: rancher
|
||||||
IDENTIFIER: ${{github.run_id}}
|
IDENTIFIER: ${{github.run_id}}
|
||||||
ZONE: ${{secrets.ZONE}}
|
|
||||||
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
|
|
||||||
RANCHER_INSECURE: false
|
|
||||||
run: |
|
run: |
|
||||||
./run_tests.sh
|
./run_tests.sh
|
||||||
- uses: actions/github-script@v7
|
- uses: actions/github-script@v7
|
||||||
|
|
|
||||||
29
run_tests.sh
29
run_tests.sh
|
|
@ -103,35 +103,6 @@ if [ "$rerun_failed" = true ] && [ -f "/tmp/${IDENTIFIER}_failed_tests.txt" ]; t
|
||||||
run_tests true
|
run_tests true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Clearing leftovers with Id $IDENTIFIER in $AWS_REGION..."
|
|
||||||
sleep 60
|
|
||||||
|
|
||||||
if [ -n "$IDENTIFIER" ]; then
|
|
||||||
attempts=0
|
|
||||||
# shellcheck disable=SC2143
|
|
||||||
while [ -n "$(leftovers -d --iaas=aws --aws-region="$AWS_REGION" --filter="Id:$IDENTIFIER" | grep -v 'AccessDenied')" ] && [ $attempts -lt 3 ]; do
|
|
||||||
leftovers --iaas=aws --aws-region="$AWS_REGION" --filter="Id:$IDENTIFIER" --no-confirm | grep -v 'AccessDenied' || true
|
|
||||||
sleep 10
|
|
||||||
attempts=$((attempts + 1))
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ $attempts -eq 3 ]; then
|
|
||||||
echo "Warning: Failed to clear all resources after 3 attempts."
|
|
||||||
fi
|
|
||||||
|
|
||||||
attempts=0
|
|
||||||
# shellcheck disable=SC2143
|
|
||||||
while [ -n "$(leftovers -d --iaas=aws --aws-region="$AWS_REGION" --type="ec2-key-pair" --filter="tf-$IDENTIFIER" | grep -v 'AccessDenied')" ] && [ $attempts -lt 3 ]; do
|
|
||||||
leftovers --iaas=aws --aws-region="$AWS_REGION" --type="ec2-key-pair" --filter="tf-$IDENTIFIER" --no-confirm | grep -v 'AccessDenied' || true
|
|
||||||
sleep 10
|
|
||||||
attempts=$((attempts + 1))
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ $attempts -eq 3 ]; then
|
|
||||||
echo "Warning: Failed to clear all EC2 key pairs after 3 attempts."
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "/tmp/${IDENTIFIER}_failed_tests.txt" ]; then
|
if [ -f "/tmp/${IDENTIFIER}_failed_tests.txt" ]; then
|
||||||
echo "done, test failed"
|
echo "done, test failed"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue