forked from DataBiosphere/jade-data-repo
-
Notifications
You must be signed in to change notification settings - Fork 0
97 lines (92 loc) · 4.03 KB
/
alpha-integration-tests.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: DataRepo Alpha Integration Tests
env:
GOOGLE_APPLICATION_CREDENTIALS: /tmp/jade-dev-account.json
GOOGLE_SA_CERT: /tmp/jade-dev-account.pem
GOOGLE_CLOUD_PROJECT: terra-datarepo-alpha
GOOGLE_CLOUD_DATA_PROJECT: terra-datarepo-alpha-data
IT_JADE_API_URL: https://data.alpha.envs-terra.bio
PGHOST: 127.0.0.1
PGPASSWORD: postgres
DB_DATAREPO_URI: "jdbc:postgresql://${PGHOST}:5432/datarepo"
DB_STAIRWAY_URI: "jdbc:postgresql://${PGHOST}:5432/stairway"
on:
# Jenkins will kick this job off manually after Alpha is deployed
workflow_dispatch: {}
jobs:
alpha-integration-test:
runs-on: ubuntu-latest
# run a local Postgres container in Docker for the basic check tests
services:
postgres:
image: postgres:11
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- name: "Checkout code"
uses: actions/checkout@v2
- name: "Import Vault alpha secrets"
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.ALPHA_ROLE_ID }}
secretId: ${{ secrets.ALPHA_SECRET_ID }}
secrets: |
secret/dsde/datarepo/alpha/datarepo-api-sa key | B64_APPLICATION_CREDENTIALS ;
- name: "Perform IAM policy cleanup"
run: |
# write vault tokens
base64 --decode <<< ${B64_APPLICATION_CREDENTIALS} > ${GOOGLE_APPLICATION_CREDENTIALS}
jq -r .private_key ${GOOGLE_APPLICATION_CREDENTIALS} > ${GOOGLE_SA_CERT}
gcloud auth activate-service-account --key-file ${GOOGLE_APPLICATION_CREDENTIALS}
# retrieve all iam policies for the data project
BINDINGS=$(gcloud projects get-iam-policy ${GOOGLE_CLOUD_DATA_PROJECT} --format=json)
# remove any policies that start with group:policy- or deleted:group:policy-
# group policies need to be cleared out to avoid hitting 250 iam policy limit
# that are created during test runs
OK_BINDINGS=$(echo ${BINDINGS} | jq 'del(.bindings[] | select(.role=="roles/bigquery.jobUser") | .members[] | select(startswith("group:policy-") or startswith("deleted:group:policy-")))')
# overwrite the iam policy without the group and deleted policies
echo ${OK_BINDINGS} | jq '.' > policy.json
gcloud projects set-iam-policy ${GOOGLE_CLOUD_DATA_PROJECT} policy.json
- name: "Import Vault dev secrets"
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.ROLE_ID }}
secretId: ${{ secrets.SECRET_ID }}
secrets: |
secret/dsde/datarepo/dev/sa-key-b64 sa | B64_APPLICATION_CREDENTIALS ;
- name: "Build and run alpha integration tests"
run: |
# write vault tokens
base64 --decode <<< ${B64_APPLICATION_CREDENTIALS} > ${GOOGLE_APPLICATION_CREDENTIALS}
jq -r .private_key ${GOOGLE_APPLICATION_CREDENTIALS} > ${GOOGLE_SA_CERT}
# check that postgres is ready
pg_isready -h ${PGHOST} -p 5432
psql -U postgres -f ./db/create-data-repo-db
# disable snapshotByQueryHappyPathTest
FILE="./src/test/java/bio/terra/service/snapshot/SnapshotTest.java"
NR=$(awk "/snapshotByQueryHappyPathTest/{print NR-1}" ${FILE})
sed -i \
-e "s/^import org.junit.Test;/import org.junit.Ignore;\nimport org.junit.Test;/" \
-e "${NR}s/@Test/@Ignore\n @Test/" ${FILE}
# run integration tests
./gradlew assemble
./gradlew testIntegration --scan
- name: "Notify Slack"
if: always()
uses: broadinstitute/action-slack@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
channel: "#dsde-qa"
username: "Data Repo tests"
text: "Alpha integration tests"