Skip to content

Commit

Permalink
Update to aws test: replacing pull_request with pull_request_target
Browse files Browse the repository at this point in the history 
Signed-off-by: George Almasi <[email protected]>
  • Loading branch information
@maugustosilva
George Almasi authored and maugustosilva committed Dec 11, 2023
1 parent f2b369a commit e99b07c
Show file tree
Hide file tree
Showing 2 changed files with 99 additions and 43 deletions.
7 changes: 5 additions & 2 deletions .github/workflows/awstest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: aws_test
on:
push:
branches: [ "main" ]
pull_request:
pull_request_target:
branches: [ "main" ]

workflow_dispatch:
Expand Down Expand Up @@ -72,4 +72,7 @@ jobs:
if: success() || failure()
run: |
. ./util/awscli_util.sh
if [[ ${instanceid} != "" ]] ; then awscli_terminate ${instanceid} ; fi
if [[ ${instanceid} != "" ]]
then
awscli_terminate ${instanceid}
fi
135 changes: 94 additions & 41 deletions util/awscli_util.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,50 +44,49 @@ function awscli_install() {
# #############################################################

function awscli_config() {
echo "awscli_config: creating AWS/SSH configuration and credentials"
# check whether secrets exist as env vars
if [[ "${AWS_KEYPAIR}" == "" ]]
then
echo "AWS keypair secret undefined. Exiting."
echo "ERROR: AWS keypair secret undefined. Exiting."
exit -1
fi

if [[ "${AWS_ACCESS_KEY_ID}" == "" ]]
then
echo "AWS access key ID undefined. Exiting."
echo "ERROR: AWS access key ID undefined. Exiting."
exit -1
fi

if [[ "${AWS_ACCESS_KEY_SECRET}" == "" ]]
then
echo "AWS secret undefined. Exiting."
echo "ERROR: AWS secret undefined. Exiting."
exit -1
fi

# create ssh configuration and credentials
echo "==> Creating AWS/SSH configuration and credentials"
mkdir ~/.ssh
cat > ~/.ssh/config <<EOF
mkdir ${HOME}/.ssh
cat > ${HOME}/.ssh/config <<EOF
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
LogLevel=ERROR
EOF
echo "${AWS_KEYPAIR}" > ~/.ssh/aws.pem
chmod 600 ~/.ssh/aws.pem
echo "${AWS_KEYPAIR}" > ${HOME}/.ssh/aws.pem
chmod 600 ${HOME}/.ssh/aws.pem

# create AWS CLI configuration and credentials
echo "==> Creating AWSCLI configuration and credentials"
mkdir ~/.aws
cat > ~/.aws/config <<EOF
mkdir ${HOME}/.aws
cat > ${HOME}/.aws/config <<EOF
[default]
region = us-east-1
EOF
chmod 0600 ~/.aws/config
cat > ~/.aws/credentials <<EOF
chmod 0600 ${HOME}/.aws/config
cat > ${HOME}/.aws/credentials <<EOF
[default]
aws_access_key_id = ${AWS_ACCESS_KEY_ID}
aws_secret_access_key = ${AWS_ACCESS_KEY_SECRET}
EOF
chmod 0600 ~/.aws/credentials
chmod 0600 ${HOME}/.aws/credentials
return 0
}

Expand All @@ -114,8 +113,8 @@ function awscli_launch() {
--block-device-mappings '[{"DeviceName": "/dev/xvda", "Ebs": {"VolumeSize": 25}}]' )
if [[ $? != 0 ]]
then
echo "Launch failed"
return 1
echo "ERROR: EC2 launch failed"
exit -1
fi
local instanceid=$(echo "${output}" | jq -r .Instances[0].InstanceId -)
aws ec2 create-tags --resources ${instanceid} --tags="Key=Name,Value=${vmname}-$$" >/dev/null 2>&1
Expand Down Expand Up @@ -152,7 +151,7 @@ function awscli_wait_run() {
local tend=$((t0+timeout))

# step 1: wait for instance to reach "running" state
echo -n "Waiting for ${instanceid} to reach run state: "
echo -n "awscli_wait_run: waiting for ${instanceid} to run: "
local running=0
while [[ $(date +%s) < $tend ]]
do
Expand All @@ -167,7 +166,7 @@ function awscli_wait_run() {
done
if [[ ${running} == 0 ]]
then
echo "Timed out"
echo "ERROR: Timed out"
exit -1
else
local t1=$(date +%s)
Expand All @@ -176,7 +175,7 @@ function awscli_wait_run() {

# step 2: wait for instance to have a public IP
local ipcmd="aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | select(.InstanceId==\"${instanceid}\") | .PublicIpAddress'"
echo -n "Waiting for ${instanceid} IP address: "
echo -n "awscli_wait_run: waiting for ${instanceid} IP address: "
while [[ $(date +%s) < $tend ]]
do
local ipaddr=$(eval ${ipcmd})
Expand All @@ -186,27 +185,28 @@ function awscli_wait_run() {
done
if [[ ${ipaddr} == "" ]]
then
echo "Timed out"
echo "ERROR: Timed out"
exit -1
else
local t1=$(date +%s)
echo "${ipaddr}, took $((t1-t0)) seconds"
fi

# step 3: test public IP
echo -n "Performing uptime test: "
echo -n "awscli_wait_run: performing uptime test"
while [[ $(date +%s) < $tend ]]
do
if ssh -i ~/.ssh/aws.pem ubuntu@${ipaddr} uptime > /dev/null 2>&1
if ssh -i ${HOME}/.ssh/aws.pem ubuntu@${ipaddr} uptime > /dev/null 2>&1
then
local t1=$(date +%s)
echo "done, $((t1-t0)) total seconds to launch"
echo "done."
echo "awscli_wait_run: SUCCESS after $((t1-t0)) seconds."
return 0
fi
echo -n "."
sleep 10
done
echo "Timed out"
echo "ERROR: Timed out"
return -1
}

Expand All @@ -215,55 +215,108 @@ function awscli_wait_run() {
# #############################################################

function awscli_terminate() {
aws ec2 terminate-instances --instance-ids "${1}"
echo "awscli_terminate: destroying EC2 VM ID ${1}"
aws ec2 terminate-instances --instance-ids "${1}" > /dev/null 2>&1
}

# #############################################################
# install minikube on the AWS instance
# #############################################################

function awscli_install_minikube() {
function awscli_start_minikube() {
local ipaddr=${1}
local t0=$(date +%s)
# install docker
ssh -i ~/.ssh/aws.pem ubuntu@${ipaddr} <<EOF
echo "awscli_start_minikube on ${ipaddr}: installing docker"
ssh -i ${HOME}/.ssh/aws.pem ubuntu@${ipaddr} > /tmp/docker-install.log 2>&1 <<EOF
sudo apt-get update
sudo apt-get install -y docker.io
sudo usermod -aG docker ubuntu
EOF
if [[ $? != 0 ]]
then
echo "ERROR: docker installation failed. Attaching log."
cat /tmp/docker-install.log
exit -1
fi
# install and start minikube
ssh -i ~/.ssh/aws.pem ubuntu@${ipaddr} <<EOF
echo "awscli_start_minikube on ${ipaddr}: installing minikube"
ssh -i ${HOME}/.ssh/aws.pem ubuntu@${ipaddr} > /tmp/minikube-install.log 2>&1 <<EOF
curl https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 -o /tmp/minikube-linux-amd64
sudo mv /tmp/minikube-linux-amd64 /usr/local/bin/minikube
sudo chmod 755 /usr/local/bin/minikube
/usr/local/bin/minikube start
/usr/local/bin/minikube kubectl get nodes
EOF
if [[ $? != 0 ]]
then
echo "ERROR: minikube installation failed. Attaching log."
cat /tmp/minikube-install.log
exit -1
fi
local t1=$(date +%s)
echo "awscli_start_minikube: SUCCESS, total time=$((t1-t0))"
return 0
}


function awscli_access_minikube_start() {
# #############################################################
# access minikube from the github action container
# * copy credentials from EC2 VM with scp
# * fix up kube configuration
# * create a ssh tunnel on local port 8443
# * use tunnel to check minikube function
# #############################################################

function awscli_access_minikube() {
local ipaddr=${1}
local t0=$(date +%s)
echo "awscli_access_minikube: copying credentials from ${ipaddr}"
mkdir -p ${HOME}/.kube
scp -i ~/.ssh/aws.pem ubuntu@${ipaddr}:.kube/config ${HOME}/.kube/config && \
scp -i ~/.ssh/aws.pem ubuntu@${ipaddr}:.minikube/ca.crt ${HOME}/.kube/ca.crt && \
scp -i ~/.ssh/aws.pem ubuntu@${ipaddr}:.minikube/profiles/minikube/client.crt ${HOME}/.kube/client.crt && \
scp -i ~/.ssh/aws.pem ubuntu@${ipaddr}:.minikube/profiles/minikube/client.key ${HOME}/.kube/client.key
scp -i ${HOME}/.ssh/aws.pem ubuntu@${ipaddr}:.kube/config ${HOME}/.kube/config && \
scp -i ${HOME}/.ssh/aws.pem ubuntu@${ipaddr}:.minikube/ca.crt ${HOME}/.kube/ca.crt && \
scp -i ${HOME}/.ssh/aws.pem ubuntu@${ipaddr}:.minikube/profiles/minikube/client.crt ${HOME}/.kube/client.crt && \
scp -i ${HOME}/.ssh/aws.pem ubuntu@${ipaddr}:.minikube/profiles/minikube/client.key ${HOME}/.kube/client.key
if [[ $? != 0 ]]
then
echo "ERROR: failed to copy credentials from EC2 VM"
exit -1
fi

local serverip=$(yq -r .clusters[0].cluster.server .kube/config | sed "s%https://%%" | sed "s/:.*//")
local serverip=$(yq -r .clusters[0].cluster.server ${HOME}/.kube/config | sed "s%https://%%" | sed "s/:.*//")
echo "awscli_access_minikube: server-local minikube address is ${serverip}"

# change the kube configuration
sed -i "s%certificate-authority:.*%certificate-authority: ${HOME}/.kube/ca.crt%" ${HOME}/.kube/config
sed -i "s%client-certificate:.*%client-certificate: ${HOME}/.kube/client.crt%" ${HOME}/.kube/config
sed -i "s%client-key:.*%client-key: ${HOME}/.kube/client.key%" ${HOME}/.kube/config
echo "awscli_access_minikube: patching .kube/config"
sed -i "s%certificate-authority:.*%certificate-authority: ${HOME}/.kube/ca.crt%" ${HOME}/.kube/config && \
sed -i "s%client-certificate:.*%client-certificate: ${HOME}/.kube/client.crt%" ${HOME}/.kube/config && \
sed -i "s%client-key:.*%client-key: ${HOME}/.kube/client.key%" ${HOME}/.kube/config && \
sed -i "s%server:.*%server: https://127.0.0.1:8443%" ${HOME}/.kube/config
if [[ $? != 0 ]]
then
echo "ERROR: failed to patch ${HOME}/.kube/config"
exit -1
fi


# we don't need to worry about cleaning up this connection,
# because the last step of any GH action is to remove the target VM itself.
nohup ssh -N -L 0.0.0.0:8443:${serverip}:8443 -i ~/.ssh/aws.pem ubuntu@${ipaddr} &
echo "awscli_access_minikube: creating a ssh tunnel to ${ipaddr}"
nohup ssh -N -L 0.0.0.0:8443:${serverip}:8443 -i ${HOME}/.ssh/aws.pem ubuntu@${ipaddr} &
sleep 5


sleep 10
kubectl get nodes
# test
echo "awscli_access_minikube: testing kubectl"
export KUBECONFIG=${HOME}/.kube/config
kubectl get nodes > /dev/null 2>&1
if [[ $? != 0 ]]
then
echo "ERROR: kubectl failed to access minikube on ${ipaddr}."
exit -1
fi
local t1=$(date +%s)
echo "awscli_access_minikube: SUCCESS after $((t1-t0)) seconds."
return 0
}


0 comments on commit e99b07c

Please sign in to comment.