Skip to content

Bump quarkus-vault.version from 3.4.0 to 3.5.0 #198

Bump quarkus-vault.version from 3.4.0 to 3.5.0

Bump quarkus-vault.version from 3.4.0 to 3.5.0 #198

name: Job testing an end to end scenario with simple application. It tests all steps from kind and vault installation.
on:
workflow_dispatch:
pull_request:
branches: [ main ]
paths-ignore:
- '*.md' # Ignores .md files at the root of the repository
- '**/*.md' # Ignores .md files within subdirectories
push:
branches: [ main ]
paths-ignore:
- '*.md' # Ignores .md files at the root of the repository
- '**/*.md' # Ignores .md files within subdirectories
env:
# Variable used to disable the pv tool which is not working here as pseudo tty is not supported by GitHub steps
PSEUDO_TTY: "false"
jobs:
e2e-atomic-fruits-vault:
runs-on: ubuntu-latest
strategy:
matrix:
java-version: [ 17 ]
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ matrix.java-version }}
cache: 'maven'
- name: Setup Kubernetes using kind and deploy a local container registry
env:
REGISTRY_NAME: kind-registry
REGISTRY_PORT: 5000
run: |
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/registry.sh" | bash -s install
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s install
# Adding registry name to the /etc/hosts file
echo "127.0.0.1 $REGISTRY_NAME" | sudo tee -a /etc/hosts
# Exporting the registry location for subsequent jobs
echo "KIND_REGISTRY=${REGISTRY_NAME}:${REGISTRY_PORT}" >> $GITHUB_ENV
- name: Build primaza, generate image, Helm chart and push image
env:
REGISTRY_GROUP: local
PRIMAZA_GITHUB_REPO: ${{ github.event.pull_request.head.repo.full_name }}
GITHUB_SHA_COMMIT: ${{ github.sha }}
PRIMAZA_IMAGE_NAME: $KIND_REGISTRY/local/primaza-app
PRIMAZA_NAMESPACE: primaza
PRIMAZA_URL: primaza.127.0.0.1.nip.io
# Variable needed by the helm chart to configure primaza vault client
VAULT_URL: http://vault-internal.vault:8200
run: |
./scripts/primaza.sh build
- name: Deploy primaza helm chart
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
PRIMAZA_IMAGE_NAME: $KIND_REGISTRY/local/primaza-app
PRIMAZA_NAMESPACE: primaza
# Variable needed by the helm chart to configure primaza vault client
VAULT_URL: http://vault-internal.vault:8200
run: |
./scripts/primaza.sh localdeploy
./scripts/primaza.sh isAlive
- name: Load the data such as cluster, services & credential
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
PRIMAZA_NAMESPACE: primaza
run: |
./scripts/data/cluster.sh url=$PRIMAZA_URL kube_context=kind kind_url="https://kubernetes.default.svc" environment=dev ns_to_exclude="default,kube-system,ingress,pipelines-as-code,local-path-storage,crossplane-system,primaza,tekton-pipelines,tekton-pipelines-resolvers,vault"
./scripts/data/services.sh url=$PRIMAZA_URL service_name=postgresql version=14.5 type=postgresql endpoint=tcp:5432 helm_repo="https://charts.bitnami.com/bitnami&helmChart=postgresql&helmChartVersion=11.9.13"
./scripts/data/services.sh url=$PRIMAZA_URL service_name=mysql version=8.0 type=mysql endpoint=tcp:3306
./scripts/data/services.sh url=$PRIMAZA_URL service_name=activemq-artemis version=2.26 type=activemq endpoint=tcp:8161
./scripts/data/services.sh url=$PRIMAZA_URL service_name=mariadb version=10.9 type=mariadb endpoint=tcp:3306
./scripts/data/credentials.sh url=$PRIMAZA_URL credential_type=vault credential_name=fruits_database-vault-creds service_name=postgresql vault_kv=primaza/fruits
- name: Installing Vault
run: |
./scripts/vault.sh
- name: Installing Postgresql DB and Atomic fruits
env:
ATOMIC_FRUITS_NAMESPACE: app
run: |
./scripts/atomic-fruits.sh installdb
# Wait till postgresql pod is ready
kubectl wait -n $ATOMIC_FRUITS_NAMESPACE pod/postgresql-0 --for=condition=ready --timeout=300s
# Install the atomic fruits helm chart from Halkyion repo
./scripts/atomic-fruits.sh deploy
- name: Creating the Primaza fruits Vault KV key
run: |
source ./scripts/common.sh
# Login as user bob and password sinclair
./scripts/vault.sh loginAsUser bob sinclair
# Register the primaza KV entries
note "vault kv put -mount=secret primaza/fruits username=healthy password=healthy database=fruits_database"
./scripts/vault.sh vaultExec "vault kv put -mount=secret primaza/fruits username=healthy password=healthy database=fruits_database"
- name: Wait until atomic-fruits is registered in Primaza
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
run: |
source ./scripts/common.sh
max_retries=5
retry_delay=5
retry_attempt=1
function discover_atomic_fruits() {
APPLICATION=$(curl -H 'Accept: application/json' -s "$PRIMAZA_URL/applications/name/atomic-fruits")
if [[ $(echo "$APPLICATION" | jq -r '.name') == "atomic-fruits" ]]; then
return 0
else
return 1
fi
}
while [ $retry_attempt -le $max_retries ]; do
note "Attempt $retry_attempt of $max_retries"
if discover_atomic_fruits; then
note "Primaza discovered the atomic-fruits application: $APPLICATION."
note "Getting the application id for atomic-fruits"
APPLICATION_ID=$(echo "$APPLICATION" | jq -r '.id')
echo "atomic-fruits application id: $APPLICATION_ID"
./scripts/data/claims.sh url=$PRIMAZA_URL claim_name=fruits-claim description=postgresql-fruits-db requested_service=postgresql-14.5 application_id=$APPLICATION_ID
exit 0
else
warn "Primaza didn't yet discovered the atomic-fruits application: $APPLICATION."
sleep $retry_delay
fi
done
- name: Bind application
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
PRIMAZA_NAMESPACE: primaza
run: |
./scripts/data/bind_application.sh application_name=atomic-fruits claim_name=fruits-claim
- id: wait-for-atomic-fruits
name: atomic-fruits should now be up and running
env:
PRIMAZA_URL: primaza.127.0.0.1.nip.io
ATOMIC_FRUITS_NAMESPACE: app
run: |
source ./scripts/common.sh
# When the condition met and that the atomic fruits deployment is available,
# that means that the application is now bound with the service,
# so we're good !
kubectl wait --timeout=300s --for=condition=available deployment atomic-fruits -n $ATOMIC_FRUITS_NAMESPACE
CLAIM_STATUS=$(curl -s http://$PRIMAZA_URL/claims/name/fruits-claim | jq -r .status)
if [[ "$CLAIM_STATUS" == "bound" ]]; then
exit 0
else
error "Status of the claim: fruits-claim is: $CLAIM_STATUS"
exit 1
fi
- name: (Only if it failed) Log Primaza traces at failures
if: failure()
run: |
./scripts/primaza.sh log
- name: (Only if it failed) Log Atomic Fruits traces at failures
if: failure()
env:
ATOMIC_FRUITS_NAMESPACE: app
run: |
source ./scripts/common.sh
log BLUE "List of the pods deployed on the cluster"
kubectl get pods -A
log BLUE "Description of the atomic-fruits deployment resource"
kubectl get deployment atomic-fruits -o yaml -n $ATOMIC_FRUITS_NAMESPACE
log BLUE "Logs of the atomic-fruits deployment resource"
kubectl logs deploy/atomic-fruits --all-containers=true -n $ATOMIC_FRUITS_NAMESPACE
POD_NAME=$(kubectl get pod -l app.kubernetes.io/name=atomic-fruits -n $ATOMIC_FRUITS_NAMESPACE -o name)
log BLUE "Information of the Atomic-fruits pod"
kubectl describe $POD_NAME -n $ATOMIC_FRUITS_NAMESPACE
log BLUE "Logs of atomic-fruits running pod"
kubectl logs $POD_NAME -n $ATOMIC_FRUITS_NAMESPACE
log BLUE "Logs of atomic-fruits terminated pod"
kubectl logs -p $POD_NAME -n $ATOMIC_FRUITS_NAMESPACE