Skip to content
post_tests

post_tests #1320

Sign in to view logs

post_tests

post_tests #1320

Workflow file for this run

.github/workflows/post_tests.yml at ead5f49
name: post_tests
on:
# checkov:skip=CKV_GHA_7:The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty.
workflow_dispatch:
inputs:
posts:
type: choice
description: Select post
default: 2024-12-14-secure-cheap-amazon-eks-auto
options:
- 2022-11-27-cheapest-amazon-eks
- 2022-12-24-amazon-eks-karpenter-tests 2022-11-27-cheapest-amazon-eks
- 2023-03-08-trivy-operator-grafana 2022-11-27-cheapest-amazon-eks
- 2023-03-20-velero-and-cert-manager 2022-11-27-cheapest-amazon-eks
- 2023-04-01-secrets-store-csi-driver-reloader 2023-03-20-velero-and-cert-manager 2022-11-27-cheapest-amazon-eks
- 2023-06-06-my-favourite-krew-plugins-kubectl 2022-11-27-cheapest-amazon-eks
- 2023-08-03-cilium-amazon-eks
- 2023-09-25-secure-cheap-amazon-eks
- 2024-04-27-exploit-vulnerability-wordpress-plugin-kali-linux-1
- 2024-05-03-secure-cheap-amazon-eks-with-pod-identities
- 2023-03-20-velero-and-cert-manager 2024-05-03-secure-cheap-amazon-eks-with-pod-identities
- 2024-05-09-exploit-vulnerability-wordpress-plugin-kali-linux-2
- 2024-07-07-detect-a-hacker-attacks-eks-vm
- 2024-12-12-terraform-keep-sorted
- 2024-12-14-secure-cheap-amazon-eks-auto
action:
type: choice
description: Select action
default: build + destroy
options:
- build
- destroy
- build + destroy
env:
AWS_DEFAULT_REGION: us-east-1
AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }}
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
CLUSTER_FQDN: k01.k8s.mylabs.dev
CLUSTER_NAME: k01
TAGS: "product_id='12345',used_for=dev,[email protected],cluster=k01.k8s.mylabs.dev"
permissions: read-all
jobs:
post-pipeline:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
name: "${{ inputs.action }} | ${{ inputs.posts }}"
concurrency:
group: post_tests
timeout-minutes: 100
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 7000
role-session-name: GitHubOidcFederatedRole
aws-region: ${{ env.AWS_DEFAULT_REGION }}
mask-aws-account-id: true
- name: Check out repository code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: "${{ inputs.action }} | ${{ inputs.posts }}"
env:
GH_TOKEN: ${{ github.token }}
GH_ACTION: ${{ inputs.action }}
GH_INPUTS: ${{ inputs.posts }}
run: |
set -euxo pipefail
export TMP_DIR="${PWD}"
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
POST_FILES_ARRAY=()
# shellcheck disable=SC2043
for POST_FILE in ${GH_INPUTS}; do
POST_FILES_ARRAY+=("$(find "${PWD}/_posts" -type f -name "*${POST_FILE}*.md")")
done
if grep -Eq '(^| )eksctl ' "${POST_FILES_ARRAY[@]}" && ! command -v eksctl &> /dev/null ; then
echo "*** Installing eksctl"
brew install eksctl
(
echo "<https://${CLUSTER_FQDN}>"
echo '```'
echo "export AWS_DEFAULT_REGION=\"${AWS_DEFAULT_REGION}\""
# shellcheck disable=SC2028
echo "eval \"\$(aws sts assume-role --role-arn \"\${AWS_ROLE_TO_ASSUME}\" --role-session-name \"\$USER@\$(hostname -f)-k8s-\$(date +%s)\" --duration-seconds 36000 | jq -r '.Credentials | \"export AWS_ACCESS_KEY_ID=\(.AccessKeyId)\\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)\\nexport AWS_SESSION_TOKEN=\(.SessionToken)\\n\"')\""
echo "export KUBECONFIG=\"/tmp/kubeconfig-${CLUSTER_NAME}.conf\""
echo "aws eks update-kubeconfig --region \"${AWS_DEFAULT_REGION}\" --name \"${CLUSTER_NAME}\" --kubeconfig \"\$KUBECONFIG\""
echo '```'
) | tee -a "${GITHUB_STEP_SUMMARY}"
fi
if grep -Eq '(^| )copilot ' "${POST_FILES_ARRAY[@]}" && ! command -v copilot &> /dev/null ; then
echo "*** Installing copilot"
brew install copilot
fi
if grep -Eq '(^| )cilium ' "${POST_FILES_ARRAY[@]}" && ! command -v cilium &> /dev/null ; then
echo "*** Installing cilium"
brew install cilium-cli
fi
if grep -Eq '(^| )rain ' "${POST_FILES_ARRAY[@]}" && ! command -v rain &> /dev/null ; then
echo "*** Installing rain"
brew install rain
fi
if grep -Eq '(^| )velero ' "${POST_FILES_ARRAY[@]}" && ! command -v velero &> /dev/null ; then
echo "*** Installing velero"
brew install velero
fi
if [[ "${GH_ACTION}" =~ 'build' ]]; then
echo -e "********************\n*** Create\n********************"
for (( idx=${#POST_FILES_ARRAY[@]}-1 ; idx>=0 ; idx-- )); do
echo "*** ${POST_FILES_ARRAY[idx]} | build"
# shellcheck disable=SC1090
source <(echo "set -euxo pipefail" ; sed -n "/^\s*\`\`\`bash$/,/^\s*\`\`\`$/p" "${POST_FILES_ARRAY[idx]}" | sed 's/^\s*```*//')
done
fi
if [[ "${GH_ACTION}" =~ 'destroy' ]]; then
echo -e "********************\n*** Destroy\n********************"
if eksctl get clusters --name="${CLUSTER_NAME}" &> /dev/null; then
export KUBECONFIG="${TMP_DIR}/${CLUSTER_FQDN}/kubeconfig-${CLUSTER_NAME}.conf"
aws eks update-kubeconfig --region "${AWS_DEFAULT_REGION}" --name "${CLUSTER_NAME}" --kubeconfig "${KUBECONFIG}" || true
fi
for POST_FILE in "${POST_FILES_ARRAY[@]}"; do
echo "*** ${POST_FILE} | destroy"
# shellcheck disable=SC1090
source <(echo "set -euxo pipefail" ; sed -n "/^\`\`\`sh$/,/^\`\`\`$/p" "${POST_FILE}" | sed "/^\`\`\`*/d") || true
done
fi