-
Notifications
You must be signed in to change notification settings - Fork 4
216 lines (188 loc) · 7.9 KB
/
run-e2e-tests.yml
File metadata and controls
216 lines (188 loc) · 7.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
name: Run e2e Tests
on:
workflow_call:
inputs:
apigee_environment:
required: true
type: string
environment:
required: true
type: string
sub_environment:
required: true
type: string
workflow_dispatch:
inputs:
apigee_environment:
type: choice
description: Select the Apigee proxy environment
options:
- internal-dev
- int
- ref
- prod
environment:
type: string
description: Select the backend environment
options:
- dev
- preprod
- prod
sub_environment:
type: string
description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments
env:
APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }}
ENVIRONMENT: ${{ inputs.environment }}
SUB_ENVIRONMENT: ${{ inputs.sub_environment }}
SERVICE_BASE_PATH: ${{ startsWith(inputs.sub_environment, 'pr-') && format('immunisation-fhir-api/FHIR/R4-{0}', inputs.sub_environment) || 'immunisation-fhir-api/FHIR/R4' }}
PROXY_NAME: ${{ startsWith(inputs.sub_environment, 'pr-') && format('immunisation-fhir-api-{0}', inputs.sub_environment) || format('immunisation-fhir-api-{0}', inputs.apigee_environment) }}
STATUS_API_KEY: ${{ secrets.STATUS_API_KEY }}
permissions:
id-token: write
contents: read
jobs:
wait-for-deployment:
runs-on: ubuntu-latest
environment: ${{ inputs.apigee_environment }}
steps:
- name: Wait for API to be available
run: |
endpoint=""
if [[ ${APIGEE_ENVIRONMENT} =~ "prod" ]]; then
endpoint="https://api.service.nhs.uk/${SERVICE_BASE_PATH}/_status"
else
endpoint="https://${APIGEE_ENVIRONMENT}.api.service.nhs.uk/${SERVICE_BASE_PATH}/_status"
fi
counter=0
while [[ ${counter} -lt 31 ]]; do
response=$(curl -H "apikey: ${STATUS_API_KEY}" -s "${endpoint}")
response_code=$(jq -r '.checks.healthcheck.responseCode' <<< "${response}")
response_body=$(jq -r '.checks.healthcheck.outcome' <<< "${response}")
status=$(jq -r '.status' <<< "${response}")
if [[ "${response_code}" -eq 200 ]] && [[ "${response_body}" == "OK" ]] && [[ "${status}" == "pass" ]]; then
echo "Status test successful"
break
else
echo "Waiting for ${endpoint} to return a 200 response with 'OK' body..."
((counter=counter+1)) # Increment counter by 1
echo "Attempt ${counter}"
sleep 30
fi
done
if [[ ${counter} -eq 31 ]]; then
echo "Status test failed: Maximum number of attempts reached"
echo "Last response received:"
echo "${response}"
exit 1
fi
e2e-tests:
runs-on: ubuntu-latest
needs: [wait-for-deployment]
environment: ${{ inputs.apigee_environment }}
env:
APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }}
SOURCE_COMMIT_ID: ${{ github.sha }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
- name: Connect to AWS
if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops
role-session-name: github-actions
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
with:
terraform_version: "1.12.2"
- name: Terraform Init
if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
working-directory: terraform
run: make init
- name: Set Terraform workspace
if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
working-directory: terraform
run: make workspace
- name: Read Terraform outputs
if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
working-directory: terraform
run: |
echo "IMMS_DELTA_TABLE_NAME=$(make -s output name=imms_delta_table_name)" >> $GITHUB_ENV
echo "AWS_DOMAIN_NAME=$(make -s output name=service_domain_name)" >> $GITHUB_ENV
echo "DYNAMODB_TABLE_NAME=$(make -s output name=dynamodb_table_name)" >> $GITHUB_ENV
echo "AWS_SQS_QUEUE_NAME=$(make -s output name=aws_sqs_queue_name)" >> $GITHUB_ENV
echo "AWS_SNS_TOPIC_NAME=$(make -s output name=aws_sns_topic_name)" >> $GITHUB_ENV
- name: Install poetry
run: pip install poetry==2.1.4
- uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c
with:
python-version: 3.11
cache: "poetry"
cache-dependency-path: "e2e/poetry.lock"
- name: Install e2e test dependencies
working-directory: e2e
run: poetry install --no-root
- name: Get Apigee access token
if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
working-directory: e2e
env:
APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD }}
APIGEE_BASIC_AUTH_TOKEN: ${{ secrets.APIGEE_BASIC_AUTH_TOKEN }}
APIGEE_OTP_KEY: ${{ secrets.APIGEE_OTP_KEY }}
run: |
CODE=$(poetry run python utils/compute_totp_code.py "$APIGEE_OTP_KEY")
echo "::add-mask::$CODE"
echo "Requesting access token from Apigee..."
response=$(curl -s -X POST "https://login.apigee.com/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Accept: application/json;charset=utf-8" \
-H "Authorization: Basic $APIGEE_BASIC_AUTH_TOKEN" \
-d "username=$APIGEE_USERNAME&password=$APIGEE_PASSWORD&mfa_token=$CODE&grant_type=password")
token=$(jq -e -r '.access_token' <<< "$response")
echo "::add-mask::$token"
echo "APIGEE_ACCESS_TOKEN=$token" >> $GITHUB_ENV
- name: Run proxy deployment e2e test suite
working-directory: e2e
run: poetry run python -m unittest test_deployment
- name: Run proxy e2e test suite
if: ${{ vars.RUN_PROXY_E2E_TESTS == 'true' }}
working-directory: e2e
run: poetry run python -m unittest test_proxy
- name: Run sandbox e2e test suite
if: ${{ vars.RUN_SANDBOX_E2E_TESTS == 'true' }}
working-directory: e2e
run: poetry run python -m unittest test_proxy.TestProxyHealthcheck
- name: Run full e2e test suite
if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
working-directory: e2e
run: poetry run python -m unittest
batch-e2e-tests:
needs: [wait-for-deployment, e2e-tests]
# Only actually depend on wait-for-deployment, but run after e2e-tests
if: ${{ !cancelled() && needs.wait-for-deployment.result == 'success' && vars.RUN_BATCH_E2E_TESTS == 'true' }}
runs-on: ubuntu-latest
environment: ${{ inputs.apigee_environment }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
- name: Connect to AWS
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops
role-session-name: github-actions
- name: Install poetry
run: pip install poetry==2.1.4
- uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c
with:
python-version: 3.11
cache: "poetry"
cache-dependency-path: "e2e_batch/poetry.lock"
- name: Install e2e test dependencies
working-directory: e2e_batch
run: poetry install --no-root
- name: Run batch e2e test suite
working-directory: e2e_batch
env:
ENVIRONMENT: ${{ inputs.sub_environment }}
run: poetry run python -m unittest -c -v