Merge pull request #99 from equinix-labs/fix-keyscan #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'integration' | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- 'LICENSE' | |
- '**.md' | |
jobs: | |
integrate: | |
name: Integration Tests | |
runs-on: ubuntu-latest | |
timeout-minutes: 180 | |
env: | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
TF_IN_AUTOMATION: 1 | |
TF_VERSION: 1.7.5 | |
TF_VAR_create_project: false | |
TF_VAR_metal_bastion_plan: "m3.small.x86" | |
TF_VAR_metal_nutanix_os: "nutanix_lts_6_5_poc" | |
TF_VAR_metal_nutanix_plan: "m3.large.x86" | |
TF_VAR_nutanix_node_count: 1 | |
TF_VAR_skip_cluster_creation: false | |
TF_VAR_cluster_subnet: "192.168.96.0/22" | |
TF_VAR_cluster_gateway: "192.168.96.1" | |
TF_VAR_metal_metro: "sl" | |
TF_VAR_metal_organization_id: ${{ secrets.METAL_ORGANIZATION_ID }} | |
steps: | |
- name: Checkout from GitHub | |
uses: actions/checkout@v4 | |
- name: Add SHORT_SHA env property with commit short SHA | |
run: echo "SHORT_SHA=`echo ${{ github.event.pull_request.head.sha }} | cut -c1-8`" >> $GITHUB_ENV | |
- name: Install Terraform | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: ${{ env.TF_VERSION }} | |
- name: Initialize Terraform, Modules, and Plugins | |
id: init | |
run: terraform init -input=false | |
- name: Create temporary project | |
id: metal-project | |
uses: equinix-labs/[email protected] | |
with: | |
userToken: ${{ secrets.METAL_AUTH_TOKEN }} | |
- name: Terraform Project Variables | |
run: | | |
echo TF_VAR_metal_auth_token=$TF_VAR_metal_auth_token >> $GITHUB_ENV | |
echo TF_VAR_metal_project_id=$TF_VAR_metal_project_id >> $GITHUB_ENV | |
echo TF_VAR_cluster_name=nutanix-$SHORT_SHA >> $GITHUB_ENV | |
env: | |
TF_VAR_metal_auth_token: ${{ steps.metal-project.outputs.projectToken }} | |
TF_VAR_metal_project_id: ${{ steps.metal-project.outputs.projectID }} | |
- name: Set up SSH | |
run: | | |
mkdir -p $HOME/.ssh | |
chmod 700 $HOME/.ssh | |
echo $PROJECT_PRIVATE_SSH_KEY | base64 -d > $HOME/.ssh/id_rsa | |
echo $PROJECT_PUBLIC_SSH_KEY > $HOME/.ssh/id_rsa.pub | |
chmod 600 $HOME/.ssh/id_rsa* | |
eval "$(ssh-agent -a $SSH_AUTH_SOCK)" | |
ssh-add $HOME/.ssh/id_rsa | |
env: | |
PROJECT_PRIVATE_SSH_KEY: ${{ steps.metal-project.outputs.projectSSHPrivateKeyBase64 }} | |
PROJECT_PUBLIC_SSH_KEY: ${{ steps.metal-project.outputs.projectSSHPublicKey }} | |
- name: Terraform Plan | |
id: plan | |
timeout-minutes: 120 | |
run: terraform plan -out=tfplan -input=false | |
- name: Terraform Apply | |
id: apply | |
timeout-minutes: 120 | |
run: | | |
terraform apply -input=false tfplan | |
ssh-add $(terraform output -raw ssh_private_key) | |
ssh-keyscan -H $(terraform output -raw bastion_public_ip) >> ~/.ssh/known_hosts | |
ssh-keyscan -H -p 22 -t rsa -T 10 -o StrictHostKeyChecking=no -o "ProxyCommand=ssh -W %h:%p root@$(terraform output -raw bastion_public_ip)" $(terraform output -raw cvim_ip_address) >> ~/.ssh/known_hosts | |
# Show meaningful status via "cluster status". alternatively, "ncc health_checks run_all", which can take a while | |
# For more commands: https://portal.nutanix.com/page/documents/kbs/details?targetId=kA07V000000LVVSSA4 | |
ssh -j root@$(terraform output -raw bastion_public_ip) nutanix@$(terraform output -raw cvim_ip_address) cluster status | |
- name: Terraform Destroy with Retry | |
id: destroy | |
if: ${{ always() }} | |
run: | | |
attempts=0 | |
max_attempts=3 | |
delay=60 # delay in seconds | |
until [ $attempts -ge $max_attempts ] | |
do | |
terraform destroy -input=false -auto-approve && break | |
attempts=$((attempts+1)) | |
echo "Terraform destroy failed. Retrying in $delay seconds..." | |
sleep $delay | |
done | |
if [ $attempts -ge $max_attempts ]; then | |
echo "Terraform destroy failed after $max_attempts attempts." | |
exit 1 | |
fi | |
- name: Project Delete | |
if: ${{ always() }} | |
uses: equinix-labs/[email protected] | |
with: | |
authToken: ${{ secrets.METAL_AUTH_TOKEN }} | |
projectID: ${{ steps.metal-project.outputs.projectID }} |