-
Notifications
You must be signed in to change notification settings - Fork 1.8k
95 lines (84 loc) · 3.72 KB
/
aws-e2e-tests-non-root.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: AWS E2E Tests (Non-root)
run-name: AWS E2E Tests (Non-root) - ${{ github.run_id }} - @${{ github.actor }}
on:
pull_request:
merge_group:
env:
TEST_KUBE: true
TEST_AWS_DB: true
AWS_REGION: us-west-2
GHA_ASSUME_ROLE: arn:aws:iam::307493967395:role/tf-aws-e2e-gha-role
KUBERNETES_SERVICE_ASSUME_ROLE: arn:aws:iam::307493967395:role/tf-eks-discovery-ci-cluster-kubernetes-service-access-role
KUBE_DISCOVERY_SERVICE_ASSUME_ROLE: arn:aws:iam::307493967395:role/tf-eks-discovery-ci-cluster-discovery-service-access-role
EKS_CLUSTER_NAME: gha-discovery-ci-eks-us-west-2-307493967395
RDS_ACCESS_ROLE: arn:aws:iam::307493967395:role/ci-database-e2e-tests-rds-access
RDS_DISCOVERY_ROLE: arn:aws:iam::307493967395:role/ci-database-e2e-tests-rds-discovery
RDS_POSTGRES_INSTANCE_NAME: ci-database-e2e-tests-rds-postgres-instance-us-west-2-307493967395
RDS_MYSQL_INSTANCE_NAME: ci-database-e2e-tests-rds-mysql-instance-us-west-2-307493967395
RDS_MARIADB_INSTANCE_NAME: ci-database-e2e-tests-rds-mariadb-instance-us-west-2-307493967395
REDSHIFT_SERVERLESS_ACCESS_ROLE: arn:aws:iam::307493967395:role/ci-database-e2e-tests-redshift-serverless-access
REDSHIFT_SERVERLESS_DISCOVERY_ROLE: arn:aws:iam::307493967395:role/ci-database-e2e-tests-redshift-serverless-discovery
REDSHIFT_SERVERLESS_ENDPOINT_NAME: ci-database-e2e-tests-redshift-serverless-workgroup-rss-access-us-west-2-307493967395
REDSHIFT_SERVERLESS_IAM_DB_USER: ci-database-e2e-tests-redshift-serverless-user
REDSHIFT_SERVERLESS_WORKGROUP_NAME: ci-database-e2e-tests-redshift-serverless-workgroup-us-west-2-307493967395
DISCOVERY_MATCHER_LABELS: "*=*"
jobs:
changes:
name: Check for relevant changes
runs-on: ubuntu-latest
permissions:
pull-requests: read
outputs:
changed: ${{ steps.changes.outputs.changed }}
steps:
- name: Checkout
if: ${{ github.event_name == 'merge_group' }}
uses: actions/checkout@v4
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: changes
with:
base: ${{ github.event.pull_request.base.ref || github.event.merge_group.base_ref }}
ref: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref }}
filters: |
changed:
- '.github/workflows/aws-e2e-tests-non-root.yaml'
- '**.go'
- 'go.mod'
- 'go.sum'
- 'build.assets/Makefile'
- 'build.assets/Dockerfile*'
- 'Makefile'
test:
name: AWS E2E Tests (Non-root)
needs: changes
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.changed == 'true'}}
runs-on: ubuntu-22.04-16core
permissions:
contents: read
packages: read
id-token: write
container:
image: ghcr.io/gravitational/teleport-buildbox:teleport15
env:
WEBASSETS_SKIP_BUILD: 1
options: --cap-add=SYS_ADMIN --privileged
steps:
- name: Checkout Teleport
uses: actions/checkout@v4
- name: Prepare workspace
uses: ./.github/actions/prepare-workspace
- name: Chown
run: |
mkdir -p $(go env GOMODCACHE)
mkdir -p $(go env GOCACHE)
chown -Rf ci:ci ${GITHUB_WORKSPACE} $(go env GOMODCACHE) $(go env GOCACHE)
continue-on-error: true
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.GHA_ASSUME_ROLE }}
- name: Run tests
timeout-minutes: 10
run: |
runuser -u ci -g ci make e2e-aws RDPCLIENT_SKIP_BUILD=1