From 2f215fb5c43eb5ca17e60ecaf4a9ce2ac034200a Mon Sep 17 00:00:00 2001 From: Julien Duchesne Date: Thu, 2 Nov 2023 10:27:17 -0400 Subject: [PATCH] Github Actions: OSS and Enterprise tests Everything is now in Github Actions! The new approach is also much nicer. Instead of having a different workflow for local testing and CI, CI now uses the `make testacc-oss-docker[-tls]` targets. These same targets can be run locally the same way. --- .drone/drone.jsonnet | 160 ------------------- .drone/drone.yml | 263 ------------------------------- .github/workflows/acc-tests.yml | 44 +++++- .github/workflows/unit-tests.yml | 4 - GNUmakefile | 51 +++--- docker-compose.tls.yml | 32 ---- docker-compose.yml | 50 +++--- testdata/main.go | 2 +- 8 files changed, 101 insertions(+), 505 deletions(-) delete mode 100644 .drone/drone.jsonnet delete mode 100644 .drone/drone.yml delete mode 100644 docker-compose.tls.yml diff --git a/.drone/drone.jsonnet b/.drone/drone.jsonnet deleted file mode 100644 index e17da58a2..000000000 --- a/.drone/drone.jsonnet +++ /dev/null @@ -1,160 +0,0 @@ -local grafanaVersions = ['10.2.0', '10.1.5', '9.5.13', '8.5.27']; -local images = { - go: 'golang:1.21', - terraform: 'hashicorp/terraform', - grafana(version): 'grafana/grafana:' + version, - grafanaEnterprise(version): 'grafana/grafana-enterprise:' + version, -}; - -local workspace = '/drone/terraform-provider-grafana'; -local terraformPath = workspace + '/terraform'; -local installTerraformStep = { - name: 'download-terraform', - image: images.terraform, - commands: [ - 'cp /bin/terraform ' + terraformPath, - 'chmod a+x ' + terraformPath, - ], -}; - -local secret(name, vaultPath, vaultKey) = { - kind: 'secret', - name: name, - get: { - path: vaultPath, - name: vaultKey, - }, -}; - -local fromSecret(secret) = { - from_secret: secret.name, -}; - -local secrets = { - // Grafana Enterprise - enterpriseLicense: secret('grafana-enterprise-license', 'infra/data/ci/terraform-provider-grafana/enterprise', 'license.jwt'), -}; - -local pipeline(name, steps, services=[]) = { - kind: 'pipeline', - type: 'docker', - name: name, - workspace: { - path: workspace, - }, - platform: { - os: 'linux', - arch: 'amd64', - }, - steps: steps, - services: services, - trigger: { - branch: ['master'], - event: ['pull_request', 'push'], - }, -}; - -local withConcurrencyLimit(limit) = { - concurrency: { limit: limit }, -}; - -local onPromoteTrigger = { - trigger: { - event: ['promote'], - }, -}; - -local localTestPipeline( - version, - name='oss tests: %s' % version, - makeTarget='testacc-oss', - providerEnvMixin={}, - grafanaEnvMixin={}, - grafanaImage=images.grafana, - ) = - pipeline( - name, - steps=[ - installTerraformStep, - { - name: 'tests', - image: images.go, - commands: [ - 'sleep 5', // https://docs.drone.io/pipeline/docker/syntax/services/#initialization - 'make %s' % makeTarget, - ], - environment: { - GRAFANA_URL: 'http://grafana:3000', - GRAFANA_AUTH: 'admin:admin', - GRAFANA_VERSION: version, - TF_ACC_TERRAFORM_PATH: terraformPath, - } + providerEnvMixin, - }, - ], - services=[ - { - name: 'grafana', - image: grafanaImage(version), - environment: { - // Prevents error="database is locked" - GF_SERVER_ROOT_URL: 'http://grafana:3000', - GF_DATABASE_URL: 'sqlite3:///var/lib/grafana/grafana.db?cache=private&mode=rwc&_journal_mode=WAL', - } + grafanaEnvMixin, - }, - ], - ); - -[ - // Grafana Enterprise tests - localTestPipeline( - grafanaVersions[0], - name='enterprise tests', - makeTarget='testacc-enterprise', - grafanaEnvMixin={ GF_ENTERPRISE_LICENSE_TEXT: fromSecret(secrets.enterpriseLicense) }, - grafanaImage=images.grafanaEnterprise - ), - - // Grafana OSS tests behind a TLS proxy tests - // This is the equivalent of `make testacc-docker-tls` - local certPath = workspace + '/testdata'; - localTestPipeline( - grafanaVersions[0], - name='tls proxy tests', - providerEnvMixin={ - GRAFANA_URL: 'https://mtls-proxy:3001', - GRAFANA_TLS_KEY: '%s/client.key' % certPath, - GRAFANA_TLS_CERT: '%s/client.crt' % certPath, - GRAFANA_CA_CERT: '%s/ca.crt' % certPath, - TESTARGS: '-run ".*_basic"', // Tests are slower behind the proxy, let's just run the basic (smaller) ones - } - ) + { - steps: [ - { - name: 'generate certs', - image: images.go, - commands: [ - 'cd %s && go run . && ls -lah' % certPath, - ], - depends_on: ['clone'], - }, - { - name: 'mtls-proxy', - image: 'squareup/ghostunnel:v1.5.2', - detach: true, - command: [ - 'server', - '--listen=0.0.0.0:3001', - '--target=grafana:3000', - '--unsafe-target', - '--key=%s/grafana.key' % certPath, - '--cert=%s/grafana.crt' % certPath, - '--cacert=%s/ca.crt' % certPath, - '--allow-cn=client', - ], - depends_on: ['generate certs'], - }, - ] + std.map(function(s) s { depends_on: ['generate certs'] }, super.steps), - }, -] -+ [localTestPipeline(version) for version in grafanaVersions] -+ std.objectValuesAll(secrets) diff --git a/.drone/drone.yml b/.drone/drone.yml deleted file mode 100644 index 07da3f538..000000000 --- a/.drone/drone.yml +++ /dev/null @@ -1,263 +0,0 @@ ---- -kind: pipeline -name: enterprise tests -platform: - arch: amd64 - os: linux -services: -- environment: - GF_DATABASE_URL: sqlite3:///var/lib/grafana/grafana.db?cache=private&mode=rwc&_journal_mode=WAL - GF_ENTERPRISE_LICENSE_TEXT: - from_secret: grafana-enterprise-license - GF_SERVER_ROOT_URL: http://grafana:3000 - image: grafana/grafana-enterprise:10.2.0 - name: grafana -steps: -- commands: - - cp /bin/terraform /drone/terraform-provider-grafana/terraform - - chmod a+x /drone/terraform-provider-grafana/terraform - image: hashicorp/terraform - name: download-terraform -- commands: - - sleep 5 - - make testacc-enterprise - environment: - GRAFANA_AUTH: admin:admin - GRAFANA_URL: http://grafana:3000 - GRAFANA_VERSION: 10.2.0 - TF_ACC_TERRAFORM_PATH: /drone/terraform-provider-grafana/terraform - image: golang:1.21 - name: tests -trigger: - branch: - - master - event: - - pull_request - - push -type: docker -workspace: - path: /drone/terraform-provider-grafana ---- -kind: pipeline -name: tls proxy tests -platform: - arch: amd64 - os: linux -services: -- environment: - GF_DATABASE_URL: sqlite3:///var/lib/grafana/grafana.db?cache=private&mode=rwc&_journal_mode=WAL - GF_SERVER_ROOT_URL: http://grafana:3000 - image: grafana/grafana:10.2.0 - name: grafana -steps: -- commands: - - cd /drone/terraform-provider-grafana/testdata && go run . && ls -lah - depends_on: - - clone - image: golang:1.21 - name: generate certs -- command: - - server - - --listen=0.0.0.0:3001 - - --target=grafana:3000 - - --unsafe-target - - --key=/drone/terraform-provider-grafana/testdata/grafana.key - - --cert=/drone/terraform-provider-grafana/testdata/grafana.crt - - --cacert=/drone/terraform-provider-grafana/testdata/ca.crt - - --allow-cn=client - depends_on: - - generate certs - detach: true - image: squareup/ghostunnel:v1.5.2 - name: mtls-proxy -- commands: - - cp /bin/terraform /drone/terraform-provider-grafana/terraform - - chmod a+x /drone/terraform-provider-grafana/terraform - depends_on: - - generate certs - image: hashicorp/terraform - name: download-terraform -- commands: - - sleep 5 - - make testacc-oss - depends_on: - - generate certs - environment: - GRAFANA_AUTH: admin:admin - GRAFANA_CA_CERT: /drone/terraform-provider-grafana/testdata/ca.crt - GRAFANA_TLS_CERT: /drone/terraform-provider-grafana/testdata/client.crt - GRAFANA_TLS_KEY: /drone/terraform-provider-grafana/testdata/client.key - GRAFANA_URL: https://mtls-proxy:3001 - GRAFANA_VERSION: 10.2.0 - TESTARGS: -run ".*_basic" - TF_ACC_TERRAFORM_PATH: /drone/terraform-provider-grafana/terraform - image: golang:1.21 - name: tests -trigger: - branch: - - master - event: - - pull_request - - push -type: docker -workspace: - path: /drone/terraform-provider-grafana ---- -kind: pipeline -name: 'oss tests: 10.2.0' -platform: - arch: amd64 - os: linux -services: -- environment: - GF_DATABASE_URL: sqlite3:///var/lib/grafana/grafana.db?cache=private&mode=rwc&_journal_mode=WAL - GF_SERVER_ROOT_URL: http://grafana:3000 - image: grafana/grafana:10.2.0 - name: grafana -steps: -- commands: - - cp /bin/terraform /drone/terraform-provider-grafana/terraform - - chmod a+x /drone/terraform-provider-grafana/terraform - image: hashicorp/terraform - name: download-terraform -- commands: - - sleep 5 - - make testacc-oss - environment: - GRAFANA_AUTH: admin:admin - GRAFANA_URL: http://grafana:3000 - GRAFANA_VERSION: 10.2.0 - TF_ACC_TERRAFORM_PATH: /drone/terraform-provider-grafana/terraform - image: golang:1.21 - name: tests -trigger: - branch: - - master - event: - - pull_request - - push -type: docker -workspace: - path: /drone/terraform-provider-grafana ---- -kind: pipeline -name: 'oss tests: 10.1.5' -platform: - arch: amd64 - os: linux -services: -- environment: - GF_DATABASE_URL: sqlite3:///var/lib/grafana/grafana.db?cache=private&mode=rwc&_journal_mode=WAL - GF_SERVER_ROOT_URL: http://grafana:3000 - image: grafana/grafana:10.1.5 - name: grafana -steps: -- commands: - - cp /bin/terraform /drone/terraform-provider-grafana/terraform - - chmod a+x /drone/terraform-provider-grafana/terraform - image: hashicorp/terraform - name: download-terraform -- commands: - - sleep 5 - - make testacc-oss - environment: - GRAFANA_AUTH: admin:admin - GRAFANA_URL: http://grafana:3000 - GRAFANA_VERSION: 10.1.5 - TF_ACC_TERRAFORM_PATH: /drone/terraform-provider-grafana/terraform - image: golang:1.21 - name: tests -trigger: - branch: - - master - event: - - pull_request - - push -type: docker -workspace: - path: /drone/terraform-provider-grafana ---- -kind: pipeline -name: 'oss tests: 9.5.13' -platform: - arch: amd64 - os: linux -services: -- environment: - GF_DATABASE_URL: sqlite3:///var/lib/grafana/grafana.db?cache=private&mode=rwc&_journal_mode=WAL - GF_SERVER_ROOT_URL: http://grafana:3000 - image: grafana/grafana:9.5.13 - name: grafana -steps: -- commands: - - cp /bin/terraform /drone/terraform-provider-grafana/terraform - - chmod a+x /drone/terraform-provider-grafana/terraform - image: hashicorp/terraform - name: download-terraform -- commands: - - sleep 5 - - make testacc-oss - environment: - GRAFANA_AUTH: admin:admin - GRAFANA_URL: http://grafana:3000 - GRAFANA_VERSION: 9.5.13 - TF_ACC_TERRAFORM_PATH: /drone/terraform-provider-grafana/terraform - image: golang:1.21 - name: tests -trigger: - branch: - - master - event: - - pull_request - - push -type: docker -workspace: - path: /drone/terraform-provider-grafana ---- -kind: pipeline -name: 'oss tests: 8.5.27' -platform: - arch: amd64 - os: linux -services: -- environment: - GF_DATABASE_URL: sqlite3:///var/lib/grafana/grafana.db?cache=private&mode=rwc&_journal_mode=WAL - GF_SERVER_ROOT_URL: http://grafana:3000 - image: grafana/grafana:8.5.27 - name: grafana -steps: -- commands: - - cp /bin/terraform /drone/terraform-provider-grafana/terraform - - chmod a+x /drone/terraform-provider-grafana/terraform - image: hashicorp/terraform - name: download-terraform -- commands: - - sleep 5 - - make testacc-oss - environment: - GRAFANA_AUTH: admin:admin - GRAFANA_URL: http://grafana:3000 - GRAFANA_VERSION: 8.5.27 - TF_ACC_TERRAFORM_PATH: /drone/terraform-provider-grafana/terraform - image: golang:1.21 - name: tests -trigger: - branch: - - master - event: - - pull_request - - push -type: docker -workspace: - path: /drone/terraform-provider-grafana ---- -get: - name: license.jwt - path: infra/data/ci/terraform-provider-grafana/enterprise -kind: secret -name: grafana-enterprise-license ---- -kind: signature -hmac: b2a4d2fd6fbb38a3ea38005a45cfd6db865fb1e0997e5084e00261d05553a240 - -... diff --git a/.github/workflows/acc-tests.yml b/.github/workflows/acc-tests.yml index edb8df111..b5ef220ca 100644 --- a/.github/workflows/acc-tests.yml +++ b/.github/workflows/acc-tests.yml @@ -35,5 +35,45 @@ jobs: interval: 2000 # 2s timeout: 30000 # 30s - run: make testacc-cloud-instance - - # TODO: Enterprise + OSS tests + + local: + strategy: + fail-fast: false # Let all versions run, even if one fails + matrix: + # OSS tests, run on all versions + version: ['10.2.0', '10.1.5', '9.5.13', '8.5.27'] + with_enterprise_license: [false] + with_tls_proxy: [false] + runner: ['ubuntu-latest-16-cores'] + include: + # TLS proxy tests, run only on latest version + - version: '10.2.0' + with_enterprise_license: false + with_tls_proxy: true + runner: 'ubuntu-latest' # Smaller instance for TLS proxy tests + # Enterprise tests, run only on latest version + - version: '10.2.0' + with_enterprise_license: true + with_tls_proxy: false + runner: 'ubuntu-latest' # Smaller instance for TLS proxy tests + name: ${{ matrix.version }}${{ matrix.with_enterprise_license && ' - Enterprise' || '' }}${{ matrix.with_tls_proxy && ' - TLS Proxy' || '' }} + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 + with: + go-version: '1.21' + - uses: hashicorp/setup-terraform@v3 + - uses: KengoTODA/actions-setup-docker-compose@v1 + with: + version: '2.23.0' + - name: Get Enterprise License + uses: grafana/shared-workflows/actions/get-vault-secrets@main + if: matrix.with_enterprise_license + with: + repo_secrets: | + GF_ENTERPRISE_LICENSE_TEXT=enterprise:license + - run: make testacc-${{ matrix.with_enterprise_license && 'enterprise' || 'oss' }}-docker${{ matrix.with_tls_proxy && '-tls' || '' }} + env: + GRAFANA_VERSION: ${{ matrix.version }} + TESTARGS: ${{ matrix.with_tls_proxy && '-run ".*_basic"' || '' }} # Run subset of tests for TLS proxy, it's slower diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index a34b4583e..8519953f9 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -20,8 +20,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: hashicorp/setup-terraform@v3 - with: - terraform_wrapper: false - name: terraform fmt run: terraform fmt -recursive -check || (echo "Terraform files aren't formatted. Run 'terraform fmt -recursive && go generate'"; exit 1;) @@ -53,6 +51,4 @@ jobs: with: go-version: '1.21' - uses: hashicorp/setup-terraform@v3 - with: - terraform_wrapper: false - run: go test ./... diff --git a/GNUmakefile b/GNUmakefile index 35772235d..9be6ca35c 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -19,38 +19,45 @@ testacc-cloud-api: testacc-cloud-instance: TF_ACC_CLOUD_INSTANCE=true make testacc -testacc-docker: - make -C testdata generate - docker-compose -f ./docker-compose.yml stop +testacc-oss-docker: + GRAFANA_VERSION=$(GRAFANA_VERSION) docker compose up --force-recreate --detach --remove-orphans --wait + + GRAFANA_VERSION=$(GRAFANA_VERSION) \ + GRAFANA_URL="http://$$(docker compose port grafana 3000)" \ + GRAFANA_AUTH="admin:admin" \ + make testacc-oss + + docker compose down + +testacc-enterprise-docker: + GRAFANA_IMAGE=grafana/grafana-enterprise GRAFANA_VERSION=$(GRAFANA_VERSION) docker compose up --force-recreate --detach --remove-orphans --wait + GRAFANA_VERSION=$(GRAFANA_VERSION) \ - docker-compose \ - -f ./docker-compose.yml \ - run --rm -e TESTARGS="$(TESTARGS)" \ - grafana-provider \ - make testacc-oss + GRAFANA_URL="http://$$(docker compose port grafana 3000)" \ + GRAFANA_AUTH="admin:admin" \ + make testacc-enterprise + + docker compose down -testacc-docker-tls: +testacc-oss-docker-tls: make -C testdata generate - docker-compose -f ./docker-compose.yml -f ./docker-compose.tls.yml stop + GRAFANA_VERSION=$(GRAFANA_VERSION) docker compose --profile tls up --force-recreate --detach --remove-orphans --wait + GRAFANA_VERSION=$(GRAFANA_VERSION) \ - docker-compose \ - -f ./docker-compose.yml \ - -f ./docker-compose.tls.yml \ - run --rm -e TESTARGS="$(TESTARGS)" \ - grafana-provider \ - make testacc-oss + GRAFANA_URL="https://$$(docker compose port mtls-proxy 3001)" \ + GRAFANA_AUTH="admin:admin" \ + GRAFANA_TLS_KEY=$$(pwd)/testdata/client.key \ + GRAFANA_TLS_CERT=$$(pwd)/testdata/client.crt \ + GRAFANA_CA_CERT=$$(pwd)/testdata/ca.crt \ + make testacc-oss + + docker compose --profile tls down release: @test $${RELEASE_VERSION?Please set environment variable RELEASE_VERSION} @git tag $$RELEASE_VERSION @git push origin $$RELEASE_VERSION -DRONE_DOCKER := docker run --rm -e DRONE_SERVER -e DRONE_TOKEN -v ${PWD}:${PWD} -w "${PWD}" drone/cli:1.6.1 -drone: - $(DRONE_DOCKER) jsonnet --stream --source .drone/drone.jsonnet --target .drone/drone.yml --format - $(DRONE_DOCKER) lint .drone/drone.yml - $(DRONE_DOCKER) sign --save grafana/terraform-provider-grafana .drone/drone.yml - golangci-lint: docker run \ --rm \ diff --git a/docker-compose.tls.yml b/docker-compose.tls.yml deleted file mode 100644 index 5fd42aa72..000000000 --- a/docker-compose.tls.yml +++ /dev/null @@ -1,32 +0,0 @@ -version: '3' - -services: - - grafana-provider: - environment: - - GRAFANA_URL=https://mtls-proxy:3001 - - GRAFANA_TLS_KEY=/go/src/github.com/grafana/terraform-provider-grafana/testdata/client.key - - GRAFANA_TLS_CERT=/go/src/github.com/grafana/terraform-provider-grafana/testdata/client.crt - - GRAFANA_CA_CERT=/go/src/github.com/grafana/terraform-provider-grafana/testdata/ca.crt - ports: - - 3000 - depends_on: - - mtls-proxy - - mtls-proxy: - image: squareup/ghostunnel:v1.5.2 - command: | - server - --listen 0.0.0.0:3001 - --target grafana:3000 - --unsafe-target - --key /certs/grafana.key - --cert /certs/grafana.crt - --cacert /certs/ca.crt - --allow-cn client - volumes: - - ./testdata:/certs - ports: - - 3001:3001 - networks: - - grafana-provider-test diff --git a/docker-compose.yml b/docker-compose.yml index 64e8f6b4c..d63f4b5e1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,26 +1,34 @@ version: '3' - -networks: - grafana-provider-test: - driver: bridge - services: - - grafana-provider: - image: golang:1.21 + grafana: + ports: + - 3000 + image: ${GRAFANA_IMAGE:-grafana/grafana}:${GRAFANA_VERSION} environment: - - GRAFANA_URL=http://grafana:3000 - - GRAFANA_AUTH=admin:admin - - GRAFANA_VERSION - working_dir: /go/src/github.com/grafana/terraform-provider-grafana - volumes: - - .:/go/src/github.com/grafana/terraform-provider-grafana + - GF_SERVER_ROOT_URL=http://0.0.0.0:3000 + - GF_ENTERPRISE_LICENSE_TEXT=${GF_ENTERPRISE_LICENSE_TEXT:-} + healthcheck: + test: wget --no-verbose --tries=1 --spider http://0.0.0.0:3000/api/health || exit 1 # Use wget because older versions of Grafana don't have curl + interval: 10s + retries: 10 + start_period: 10s + mtls-proxy: + profiles: + - "tls" depends_on: - grafana - networks: - - grafana-provider-test - - grafana: - image: grafana/grafana:${GRAFANA_VERSION} - networks: - - grafana-provider-test + image: squareup/ghostunnel:v1.5.2 + command: | + server + --listen 0.0.0.0:3001 + --target grafana:3000 + --unsafe-target + --key /certs/grafana.key + --cert /certs/grafana.crt + --cacert /certs/ca.crt + --allow-cn client + volumes: + - ./testdata:/certs + ports: + - 3001 + diff --git a/testdata/main.go b/testdata/main.go index 9e10baac7..342274104 100644 --- a/testdata/main.go +++ b/testdata/main.go @@ -72,7 +72,7 @@ func makeCerts() error { crt.SubjectKeyId = []byte{1, 2, 3, 4, 6} crt.KeyUsage = x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature crt.IsCA = false - crt.IPAddresses = []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback} + crt.IPAddresses = []net.IP{net.IPv4(127, 0, 0, 1), net.IPv4(0, 0, 0, 0), net.IPv6loopback} crtPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) if err != nil {