Bump quarkus-vault.version from 3.4.0 to 3.5.0 #198
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Job testing an end to end scenario with simple application. It tests all steps from kind and vault installation. | |
on: | |
workflow_dispatch: | |
pull_request: | |
branches: [ main ] | |
paths-ignore: | |
- '*.md' # Ignores .md files at the root of the repository | |
- '**/*.md' # Ignores .md files within subdirectories | |
push: | |
branches: [ main ] | |
paths-ignore: | |
- '*.md' # Ignores .md files at the root of the repository | |
- '**/*.md' # Ignores .md files within subdirectories | |
env: | |
# Variable used to disable the pv tool which is not working here as pseudo tty is not supported by GitHub steps | |
PSEUDO_TTY: "false" | |
jobs: | |
e2e-atomic-fruits-vault: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
java-version: [ 17 ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: ${{ matrix.java-version }} | |
cache: 'maven' | |
- name: Setup Kubernetes using kind and deploy a local container registry | |
env: | |
REGISTRY_NAME: kind-registry | |
REGISTRY_PORT: 5000 | |
run: | | |
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/registry.sh" | bash -s install | |
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s install | |
# Adding registry name to the /etc/hosts file | |
echo "127.0.0.1 $REGISTRY_NAME" | sudo tee -a /etc/hosts | |
# Exporting the registry location for subsequent jobs | |
echo "KIND_REGISTRY=${REGISTRY_NAME}:${REGISTRY_PORT}" >> $GITHUB_ENV | |
- name: Build primaza, generate image, Helm chart and push image | |
env: | |
REGISTRY_GROUP: local | |
PRIMAZA_GITHUB_REPO: ${{ github.event.pull_request.head.repo.full_name }} | |
GITHUB_SHA_COMMIT: ${{ github.sha }} | |
PRIMAZA_IMAGE_NAME: $KIND_REGISTRY/local/primaza-app | |
PRIMAZA_NAMESPACE: primaza | |
PRIMAZA_URL: primaza.127.0.0.1.nip.io | |
# Variable needed by the helm chart to configure primaza vault client | |
VAULT_URL: http://vault-internal.vault:8200 | |
run: | | |
./scripts/primaza.sh build | |
- name: Deploy primaza helm chart | |
env: | |
PRIMAZA_URL: primaza.127.0.0.1.nip.io | |
PRIMAZA_IMAGE_NAME: $KIND_REGISTRY/local/primaza-app | |
PRIMAZA_NAMESPACE: primaza | |
# Variable needed by the helm chart to configure primaza vault client | |
VAULT_URL: http://vault-internal.vault:8200 | |
run: | | |
./scripts/primaza.sh localdeploy | |
./scripts/primaza.sh isAlive | |
- name: Load the data such as cluster, services & credential | |
env: | |
PRIMAZA_URL: primaza.127.0.0.1.nip.io | |
PRIMAZA_NAMESPACE: primaza | |
run: | | |
./scripts/data/cluster.sh url=$PRIMAZA_URL kube_context=kind kind_url="https://kubernetes.default.svc" environment=dev ns_to_exclude="default,kube-system,ingress,pipelines-as-code,local-path-storage,crossplane-system,primaza,tekton-pipelines,tekton-pipelines-resolvers,vault" | |
./scripts/data/services.sh url=$PRIMAZA_URL service_name=postgresql version=14.5 type=postgresql endpoint=tcp:5432 helm_repo="https://charts.bitnami.com/bitnami&helmChart=postgresql&helmChartVersion=11.9.13" | |
./scripts/data/services.sh url=$PRIMAZA_URL service_name=mysql version=8.0 type=mysql endpoint=tcp:3306 | |
./scripts/data/services.sh url=$PRIMAZA_URL service_name=activemq-artemis version=2.26 type=activemq endpoint=tcp:8161 | |
./scripts/data/services.sh url=$PRIMAZA_URL service_name=mariadb version=10.9 type=mariadb endpoint=tcp:3306 | |
./scripts/data/credentials.sh url=$PRIMAZA_URL credential_type=vault credential_name=fruits_database-vault-creds service_name=postgresql vault_kv=primaza/fruits | |
- name: Installing Vault | |
run: | | |
./scripts/vault.sh | |
- name: Installing Postgresql DB and Atomic fruits | |
env: | |
ATOMIC_FRUITS_NAMESPACE: app | |
run: | | |
./scripts/atomic-fruits.sh installdb | |
# Wait till postgresql pod is ready | |
kubectl wait -n $ATOMIC_FRUITS_NAMESPACE pod/postgresql-0 --for=condition=ready --timeout=300s | |
# Install the atomic fruits helm chart from Halkyion repo | |
./scripts/atomic-fruits.sh deploy | |
- name: Creating the Primaza fruits Vault KV key | |
run: | | |
source ./scripts/common.sh | |
# Login as user bob and password sinclair | |
./scripts/vault.sh loginAsUser bob sinclair | |
# Register the primaza KV entries | |
note "vault kv put -mount=secret primaza/fruits username=healthy password=healthy database=fruits_database" | |
./scripts/vault.sh vaultExec "vault kv put -mount=secret primaza/fruits username=healthy password=healthy database=fruits_database" | |
- name: Wait until atomic-fruits is registered in Primaza | |
env: | |
PRIMAZA_URL: primaza.127.0.0.1.nip.io | |
run: | | |
source ./scripts/common.sh | |
max_retries=5 | |
retry_delay=5 | |
retry_attempt=1 | |
function discover_atomic_fruits() { | |
APPLICATION=$(curl -H 'Accept: application/json' -s "$PRIMAZA_URL/applications/name/atomic-fruits") | |
if [[ $(echo "$APPLICATION" | jq -r '.name') == "atomic-fruits" ]]; then | |
return 0 | |
else | |
return 1 | |
fi | |
} | |
while [ $retry_attempt -le $max_retries ]; do | |
note "Attempt $retry_attempt of $max_retries" | |
if discover_atomic_fruits; then | |
note "Primaza discovered the atomic-fruits application: $APPLICATION." | |
note "Getting the application id for atomic-fruits" | |
APPLICATION_ID=$(echo "$APPLICATION" | jq -r '.id') | |
echo "atomic-fruits application id: $APPLICATION_ID" | |
./scripts/data/claims.sh url=$PRIMAZA_URL claim_name=fruits-claim description=postgresql-fruits-db requested_service=postgresql-14.5 application_id=$APPLICATION_ID | |
exit 0 | |
else | |
warn "Primaza didn't yet discovered the atomic-fruits application: $APPLICATION." | |
sleep $retry_delay | |
fi | |
done | |
- name: Bind application | |
env: | |
PRIMAZA_URL: primaza.127.0.0.1.nip.io | |
PRIMAZA_NAMESPACE: primaza | |
run: | | |
./scripts/data/bind_application.sh application_name=atomic-fruits claim_name=fruits-claim | |
- id: wait-for-atomic-fruits | |
name: atomic-fruits should now be up and running | |
env: | |
PRIMAZA_URL: primaza.127.0.0.1.nip.io | |
ATOMIC_FRUITS_NAMESPACE: app | |
run: | | |
source ./scripts/common.sh | |
# When the condition met and that the atomic fruits deployment is available, | |
# that means that the application is now bound with the service, | |
# so we're good ! | |
kubectl wait --timeout=300s --for=condition=available deployment atomic-fruits -n $ATOMIC_FRUITS_NAMESPACE | |
CLAIM_STATUS=$(curl -s http://$PRIMAZA_URL/claims/name/fruits-claim | jq -r .status) | |
if [[ "$CLAIM_STATUS" == "bound" ]]; then | |
exit 0 | |
else | |
error "Status of the claim: fruits-claim is: $CLAIM_STATUS" | |
exit 1 | |
fi | |
- name: (Only if it failed) Log Primaza traces at failures | |
if: failure() | |
run: | | |
./scripts/primaza.sh log | |
- name: (Only if it failed) Log Atomic Fruits traces at failures | |
if: failure() | |
env: | |
ATOMIC_FRUITS_NAMESPACE: app | |
run: | | |
source ./scripts/common.sh | |
log BLUE "List of the pods deployed on the cluster" | |
kubectl get pods -A | |
log BLUE "Description of the atomic-fruits deployment resource" | |
kubectl get deployment atomic-fruits -o yaml -n $ATOMIC_FRUITS_NAMESPACE | |
log BLUE "Logs of the atomic-fruits deployment resource" | |
kubectl logs deploy/atomic-fruits --all-containers=true -n $ATOMIC_FRUITS_NAMESPACE | |
POD_NAME=$(kubectl get pod -l app.kubernetes.io/name=atomic-fruits -n $ATOMIC_FRUITS_NAMESPACE -o name) | |
log BLUE "Information of the Atomic-fruits pod" | |
kubectl describe $POD_NAME -n $ATOMIC_FRUITS_NAMESPACE | |
log BLUE "Logs of atomic-fruits running pod" | |
kubectl logs $POD_NAME -n $ATOMIC_FRUITS_NAMESPACE | |
log BLUE "Logs of atomic-fruits terminated pod" | |
kubectl logs -p $POD_NAME -n $ATOMIC_FRUITS_NAMESPACE |