ci: add openshift on-demand cluster tests (#1816)

.github/actions/chart-test/action.yml

@@ -0,0 +1,207 @@
+name: 'Camunda Chart Helm Tests Action'
+description: 'A reusable action for Camunda Helm chart integration tests'
+
+inputs:
+  platform:
+    description: "Plaform on which we run the tests"
+    required: true
+  type:
+    description: "Type of the plaform on which we run the tests"
+    required: true
+  identifier:
+    description: 'The unique identifier used in the deployment hostname.'
+    required: true
+  caller-git-ref:
+    description: "Caller of this action git reference"
+    default: 'main'
+  test-enabled:
+    description: "Enable the tests"
+    default: 'true'
+  deployment-ttl:
+    description: |
+      Define a ttl for the lifespan of the deployment
+    required: false
+    default: ""
+  flow:
+    description: "Test scenario to perform (install, upgrade)."
+    default: 'install'
+  extra-values:
+    description: 'Pass extra values to the Helm chart.'
+    default: ""
+  ingress-hostname-base:
+    description: "Hostname base for the tests"
+    required: true
+  chart-dir:
+    description: A reference for the Camunda Helm chart directory which allows to test unreleased chagnes from Git repo.
+    required: true
+  gh-token:
+    required: true
+    description: "Github Token used to handle deployments (requires administration:write)"
+  wildcard-certs-secret-path:
+    default: ".github/config/external-secret.yaml"
+    description: "Path of the secrets containing the wildcard certificates for the ingress"
+
+runs:
+  using: 'composite'
+  steps:
+
+    - name: Print workflow inputs
+      shell: bash
+      run: |
+        echo "Tests inputs:"
+        echo "identifier: ${{ inputs.identifier }}"
+        echo "chart-dir: ${{ inputs.chart-dir }}"
+        echo "caller-git-ref: ${{ inputs.caller-git-ref }}"
+        echo "deployment-ttl: ${{ inputs.deployment-ttl }}"
+        echo "platform: ${{ inputs.platform }}"
+        echo "flow: ${{ inputs.flow }}"
+        echo "test-enabled: ${{ inputs.test-enabled }}"
+        echo "extra-values: ${{ inputs.extra-values }}"
+
+    - name: Install dependencies
+      uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
+
+    - name: Set workflow vars
+      id: vars
+      uses: ./.github/actions/workflow-vars
+      with:
+        setup-flow: ${{ inputs.flow }}
+        ingress-hostname-base: ${{ inputs.ingress-hostname-base }}
+        platform: ${{ inputs.platform }}
+        deployment-ttl: ${{ inputs.deployment-ttl }}
+        type: ${{ inputs.type }}
+        identifier-base: ${{ inputs.identifier }}
+        chart-dir: ${{ inputs.chart-dir }}
+
+    - name: Set test type vars
+      id: test-type-vars
+      uses: ./.github/actions/test-type-vars
+      with:
+        chart-dir: "${{ inputs.chart-dir }}"
+
+    - name: Add Helm repos and dependencies
+      shell: bash
+      run: |
+        export chartPath="charts/${{ inputs.chart-dir }}"
+        make helm.repos-add
+        make helm.dependency-update
+
+    - name: Create test namespace
+      shell: bash
+      run: |
+        echo $TEST_NAMESPACE
+        kubectl delete ns --ignore-not-found=true \
+          -l "github-id=${{ steps.vars.outputs.identifier }},test-flow=${{ inputs.flow }}"
+        kubectl create ns $TEST_NAMESPACE
+        kubectl label ns $TEST_NAMESPACE github-run-id=$GITHUB_WORKFLOW_RUN_ID
+        kubectl label ns $TEST_NAMESPACE github-job-id=$GITHUB_WORKFLOW_JOB_ID
+        kubectl label ns $TEST_NAMESPACE github-id=${{ inputs.identifier }}
+        kubectl label ns $TEST_NAMESPACE test-flow=${{ inputs.flow }}
+        kubectl label ns $TEST_NAMESPACE github-org=$(dirname $GITHUB_REPOSITORY)
+        kubectl label ns $TEST_NAMESPACE github-repo=$(basename $GITHUB_REPOSITORY)
+        kubectl annotate ns $TEST_NAMESPACE cleaner/ttl=1d
+        kubectl annotate ns $TEST_NAMESPACE github-workflow-run-url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
+ 
+    - name: Copy PRs wildcard certificate
+      shell: bash
+      run: |
+        kubectl apply -n $TEST_NAMESPACE -f ${{ inputs.wildcard-certs-secret-path }}
+        timeout 300 bash -c '
+        until kubectl get externalsecret -n "$TEST_NAMESPACE" -o json | jq -e ".items | all(.status.conditions[]? | select(.type==\"Ready\").status == \"True\")" > /dev/null; do
+          echo "Waiting for ExternalSecrets to be ready";
+          sleep 10;
+        done'
+
+    - name: Start GitHub deployment
+      uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1
+      id: deployment
+      with:
+        step: start
+        token: ${{ inputs.gh-token }}
+        env: ${{ steps.vars.outputs.identifier }}
+        ref: ${{ inputs.caller-git-ref }}
+
+    - name: Pre setup
+      shell: bash
+      env:
+        TEST_CHART_FLOW: ${{ inputs.flow }}
+      run: |
+        timeout 5m task -d ${CI_TASKS_BASE_DIR}/chart-full-setup setup.pre
+
+        echo "Extra values from workflow:"
+        echo "${{ inputs.extra-values }}" > /tmp/extra-values-file.yaml
+        cat /tmp/extra-values-file.yaml
+
+    - name: 🌟 Setup Camunda chart 🌟
+      shell: bash
+      env:
+        TEST_CHART_FLOW: ${{ inputs.flow }}
+        TEST_HELM_EXTRA_ARGS: >-
+          --set global.ingress.host=${{ steps.vars.outputs.ingress-host }} --values /tmp/extra-values-file.yaml
+      run: |
+        task -d ${CI_TASKS_BASE_DIR}/chart-full-setup setup.exec
+
+    - name: Post setup
+      shell: bash
+      run: timeout 5m task -d ${CI_TASKS_BASE_DIR}/chart-full-setup setup.post
+
+    - name: Pre Upgrade
+      shell: bash
+      if: inputs.flow == 'upgrade'
+      run: task -d ${CI_TASKS_BASE_DIR}/chart-full-setup upgrade.pre
+
+    - name: 🌟 Upgrade Camunda chart 🌟
+      shell: bash
+      if: inputs.flow == 'upgrade'
+      env:
+        TEST_HELM_EXTRA_ARGS: >-
+          --set global.ingress.host=${{ steps.vars.outputs.ingress-host }} --values /tmp/extra-values-file.yaml
+      run: task -d ${CI_TASKS_BASE_DIR}/chart-full-setup upgrade.exec
+
+    - name: Update GitHub deployment status
+      uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1
+      with:
+        step: finish
+        token:  ${{ inputs.gh-token }}
+        status: ${{ job.status }}
+        deployment_id: ${{ steps.deployment.outputs.deployment_id }}
+        env_url: https://${{ steps.vars.outputs.ingress-host }}
+        env: ${{ steps.vars.outputs.identifier }}
+        ref: ${{ inputs.caller-git-ref }}
+
+    - name: ⭐️ Run Preflight TestSuite ⭐️
+      shell: bash
+      if: inputs.test-enabled == 'true'
+      run: timeout 10m task -d ${CI_TASKS_BASE_DIR}/chart-full-setup test.preflight
+
+    - name: ⭐️ Run Core TestSuite ⭐️
+      shell: bash
+      if: inputs.test-enabled == 'true'
+      run: timeout 20m task -d ${CI_TASKS_BASE_DIR}/chart-full-setup test.core
+
+    - name: 🚨 Get failed Pods info 🚨
+      if: failure()
+      uses: ./.github/actions/failed-pods-info
+
+    - name: Cleanup GitHub deployment
+      if: always() && (inputs.deployment-ttl == '' || inputs.type != 'kubernetes')
+      uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1
+      with:
+        step: delete-env
+        token: ${{ inputs.gh-token }}
+        env: ${{ steps.vars.outputs.identifier }}
+        ref: ${{ inputs.caller-git-ref }}
+
+    - name: Cleanup test namespace
+      shell: bash
+      if: always()
+      run: |
+        if [ "${{ inputs.deployment-ttl }}" != "" ]; then
+          if [ "${{ inputs.type }}" == "kubernetes" ]; then
+            kubectl annotate ns $TEST_NAMESPACE cleaner/ttl=${{ inputs.deployment-ttl }} --overwrite=true
+          else
+            kubectl annotate ns $TEST_NAMESPACE cleaner/ttl=1s --overwrite=true
+          fi
+        else
+          kubectl annotate ns $TEST_NAMESPACE cleaner/ttl=1s --overwrite=true
+        fi