-
-
Notifications
You must be signed in to change notification settings - Fork 238
154 lines (135 loc) · 5.57 KB
/
testinfra-ami-build.yml
File metadata and controls
154 lines (135 loc) · 5.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: Testinfra Integration Tests Nix
on:
workflow_dispatch:
workflow_call:
secrets:
DEV_AWS_ROLE:
description: 'AWS role for dev environment'
required: true
NIX_SIGN_SECRET_KEY:
description: 'Nix signing secret key'
required: true
permissions:
contents: write
id-token: write
jobs:
prepare:
runs-on: blacksmith-2vcpu-ubuntu-2404
outputs:
postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }}
steps:
- name: Checkout Repo
uses: supabase/postgres/.github/actions/shared-checkout@HEAD
- name: Install nix
uses: ./.github/actions/nix-install-ephemeral
- name: Set PostgreSQL versions
id: set-versions
run: |
VERSIONS=$(nix run nixpkgs#yq -- -r '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -r -s -c 'split("\n")[:-1]')
echo "postgres_versions=$VERSIONS" >> "$GITHUB_OUTPUT"
test-ami-nix:
needs: prepare
strategy:
fail-fast: false
matrix:
postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }}
include:
- runner: blacksmith-2vcpu-ubuntu-2404-arm
arch: arm64
ubuntu_release: noble
ubuntu_version: 24.04
mcpu: neoverse-n1
runs-on: ${{ matrix.runner }}
timeout-minutes: 150
steps:
- name: Checkout Repo
uses: supabase/postgres/.github/actions/shared-checkout@HEAD
- name: Debug AWS role secret
run: |
echo "Checking DEV_AWS_ROLE secret availability..."
if [ -z "${{ secrets.DEV_AWS_ROLE }}" ]; then
echo "❌ DEV_AWS_ROLE is empty or not available"
else
echo "✅ DEV_AWS_ROLE is available"
fi
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
with:
role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
aws-region: "ap-southeast-1"
output-credentials: true
role-duration-seconds: 7200
- name: Install nix
uses: ./.github/actions/nix-install-ephemeral
with:
push-to-cache: 'true'
aws-region: "ap-southeast-1"
env:
DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
- id: args
uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8 # v4.50.1
with:
cmd: yq 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml'
- run: docker context create builders
- uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
with:
endpoint: builders
- name: Build AMI
id: build-ami
uses: ./.github/actions/build-ami
with:
postgres_version: ${{ matrix.postgres_version }}
region: ap-southeast-1
ami_regions: '["ap-southeast-1"]'
git_sha: ${{ github.sha }}
ami_name_prefix: "supabase-postgres-${{ github.run_id }}"
- name: Run tests
timeout-minutes: 10
env:
AMI_ID: ${{ steps.build-ami.outputs.stage2_ami_id }}
EXECUTION_ID: ${{ steps.build-ami.outputs.execution_id }}
run: |
# TODO: use poetry for pkg mgmt
pip3 install boto3 "boto3-stubs[essential]" docker ec2instanceconnectcli pytest "pytest-testinfra[paramiko,docker]" requests
pytest -vv -s testinfra/test_ami_nix.py
- name: Cleanup resources on build cancellation
if: ${{ cancelled() }}
run: |
EXECUTION_ID="${{ steps.build-ami.outputs.execution_id }}"
INSTANCE_IDS=$(aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text)
if [ -n "$INSTANCE_IDS" ]; then
echo "Terminating packer build instances: $INSTANCE_IDS"
echo "$INSTANCE_IDS" | xargs -r aws ec2 terminate-instances --region ap-southeast-1 --instance-ids
else
echo "No packer build instances to clean up"
fi
- name: Cleanup resources after build
if: ${{ always() }}
run: |
EXECUTION_ID="${{ steps.build-ami.outputs.execution_id }}"
INSTANCE_IDS=$(aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:testinfra-run-id,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text)
if [ -n "$INSTANCE_IDS" ]; then
echo "Terminating testinfra instances: $INSTANCE_IDS"
echo "$INSTANCE_IDS" | xargs -r aws ec2 terminate-instances --region ap-southeast-1 --instance-ids || true
else
echo "No testinfra instances to clean up"
fi
- name: Cleanup stage 2 AMI
if: always()
run: |
EXECUTION_ID="${{ steps.build-ami.outputs.execution_id }}"
STAGE2_AMI_IDS=$(aws ec2 describe-images \
--region ap-southeast-1 \
--owners self \
--filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" \
--query 'Images[*].ImageId' \
--output text)
if [ -n "$STAGE2_AMI_IDS" ]; then
for ami_id in $STAGE2_AMI_IDS; do
echo "Deregistering stage 2 AMI: $ami_id"
aws ec2 deregister-image --region ap-southeast-1 --image-id "$ami_id" || true
done
else
echo "No stage 2 AMI to clean up"
fi