chmod 400 #90
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GitHub runner seems not to support ipv6, thus, we can not test on bwCloud. | |
| # See https://github.com/actions/runner-images/issues/668 | |
| name: Night | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '20 4 * * 2' | |
| push: | |
| branches: | |
| - fix-night-workflow | |
| concurrency: night | |
| jobs: | |
| night: | |
| name: Night | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| ################################################### | |
| # | |
| # Prepare | |
| # | |
| ################################################### | |
| - name: (PREPARE) Checkout Repository | |
| uses: actions/checkout@v3 | |
| with: | |
| lfs: true | |
| - name: (PREPARE) Setup Git | |
| run: | | |
| git config --global user.name "${GITHUB_ACTOR}" | |
| git config --global user.email "${GITHUB_ACTOR}@users.noreply.${GITHUB_DOMAIN:-"github.com"}" | |
| - name: (PREPARE) Setup GCloud | |
| uses: google-github-actions/setup-gcloud@v1 | |
| with: | |
| version: 438.0.0 | |
| - name: (PREPARE) Setup GCP credentials | |
| uses: actions/github-script@v3 | |
| with: | |
| script: | | |
| const fs = require('fs') | |
| if (!process.env.GCP_CREDENTIALS) throw 'GCP_CREDENTIALS undefined' | |
| const file = '/tmp/gcp-credentials.json' | |
| const content = new Buffer.from(process.env.GCP_CREDENTIALS, 'base64').toString('utf-8') | |
| fs.writeFileSync(file, content) | |
| env: | |
| GCP_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }} | |
| - name: (PREPARE) Setup OS credentials | |
| uses: actions/github-script@v3 | |
| with: | |
| script: | | |
| // Imports | |
| const fs = require('fs') | |
| // Ensure env is set | |
| if (!process.env.OS_APPLICATION_CREDENTIAL_ID) throw 'OS_APPLICATION_CREDENTIAL_ID undefined' | |
| if (!process.env.OS_APPLICATION_CREDENTIAL_SECRET) throw 'OS_APPLICATION_CREDENTIAL_SECRET undefined' | |
| if (!process.env.OS_SSH_KEY_FILE) throw 'OS_SSH_KEY_FILE undefined' | |
| // Write "os-ssh-key-file" | |
| fs.writeFileSync('/tmp/os-ssh-key-file', new Buffer.from(process.env.OS_SSH_KEY_FILE, 'base64').toString('utf-8')) | |
| fs.chmodSync('/tmp/os-ssh-key-file', '400') | |
| // Write "os-credentials.sh" | |
| fs.writeFileSync('/tmp/os-credentials.sh', | |
| `#!/usr/bin/env bash | |
| export OS_AUTH_TYPE=v3applicationcredential | |
| export OS_AUTH_URL=https://idm02.bw-cloud.org:5000/v3 | |
| export OS_IDENTITY_API_VERSION=3 | |
| export OS_REGION_NAME="Mannheim" | |
| export OS_INTERFACE=public | |
| export OS_APPLICATION_CREDENTIAL_ID=${process.OS_APPLICATION_CREDENTIAL_ID} | |
| export OS_APPLICATION_CREDENTIAL_SECRET=${process.env.OS_APPLICATION_CREDENTIAL_SECRET}`) | |
| fs.chmodSync('/tmp/os-credentials.sh', '755') | |
| env: | |
| OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} | |
| OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} | |
| OS_SSH_KEY_FILE: ${{ secrets.OS_SSH_KEY_FILE }} | |
| - name: (PREPARE) Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.10.13 | |
| cache: pip | |
| - name: (PREPARE) Cache xOpera | |
| uses: actions/cache@v3 | |
| with: | |
| path: /home/runner/opera | |
| key: xopera | |
| - name: (PREPARE) Install xOpera | |
| run: ./src/assets/scripts/install-xopera.sh | |
| - name: (PREPARE) Cache Unfurl | |
| uses: actions/cache@v3 | |
| with: | |
| path: /home/runner/unfurl | |
| key: unfurl | |
| - name: (PREPARE) Install Unfurl | |
| run: ./src/assets/scripts/install-unfurl.sh | |
| ################################################### | |
| # | |
| # Installation | |
| # | |
| ################################################### | |
| - name: (INSTALLATION) Install Vintner | |
| run: curl -fsSL https://vintner.opentosca.org/install.sh | sudo bash - | |
| - name: (INSTALLATION) Verify checksum | |
| run: | | |
| wget https://github.com/opentosca/opentosca-vintner/releases/download/latest/vintner-linux-x64.sha256 | |
| cp /usr/bin/vintner vintner-linux-x64 | |
| sha256sum --check vintner-linux-x64.sha256 | |
| rm vintner-linux-x64 | |
| rm vintner-linux-x64.sha256 | |
| - name: (INSTALLATION) Verify signature | |
| run: | | |
| curl https://vintner.opentosca.org/vintner-release.gpg | gpg --import | |
| wget https://github.com/opentosca/opentosca-vintner/releases/download/latest/vintner-linux-x64.asc | |
| cp /usr/bin/vintner vintner-linux-x64 | |
| gpg --verify vintner-linux-x64.asc | |
| rm vintner-linux-x64.asc | |
| ################################################### | |
| # | |
| # Vintner | |
| # | |
| ################################################### | |
| - name: (VINTNER) Ensure that version is overridden | |
| run: | | |
| vintner --version | |
| if [ "$(vintner --version)" == "__VERSION__" ]; then | |
| exit 1 | |
| fi | |
| - name: (VINTNER) Ensure that license is overridden | |
| run: | | |
| vintner info license | |
| if [ "$(vintner info license)" == "$(cat src/assets/LICENSE)" ]; then | |
| exit 1 | |
| fi | |
| - name: (VINTNER) Ensure that dependencies are overridden | |
| run: | | |
| vintner info dependencies | |
| if [ "$(vintner info dependencies)" == "$(cat src/assets/dependencies.csv)" ]; then | |
| exit 1 | |
| fi | |
| - name: (VINTNER) Test filesystem initialization | |
| run: vintner setup init | |
| - name: (VINTNER) Test resolver | |
| run: vintner setup benchmark --seeds 10 250 | |
| ################################################### | |
| # | |
| # Docker | |
| # | |
| ################################################### | |
| - name: (DOCKER) Start Docker container | |
| run: | | |
| docker run --detach --name vintner ghcr.io/opentosca/opentosca-vintner:latest | |
| sleep 2 | |
| docker logs vintner | |
| - name: (DOCKER) Ensure Vintner can be executed | |
| run: docker exec vintner vintner --version | |
| - name: (DOCKER) Stop Docker container | |
| run: docker kill vintner | |
| ################################################### | |
| # | |
| # xOpera Motivation: Development | |
| # | |
| ################################################### | |
| - name: (XOPERA-MOTIVATION-DEV) Deploy the development variant of xopera-motivation on OpenStack | |
| run: | | |
| vintner setup clean --force | |
| vintner setup init | |
| vintner orchestrators init xopera | |
| vintner orchestrators enable --orchestrator xopera | |
| vintner orchestrators attest --orchestrator xopera | |
| vintner templates import --template motivation --path examples/xopera-motivation | |
| vintner instances init --instance motivation --template motivation | |
| vintner instances resolve --instance motivation --presets dev | |
| vintner instances validate --instance motivation | |
| DEPLOYMENT_INPUTS=/tmp/xopera-motivation-dev-deployment-inputs.yaml | |
| echo "os_application_credential_id: ${OS_APPLICATION_CREDENTIAL_ID}" >> ${DEPLOYMENT_INPUTS} | |
| echo "os_application_credential_secret: ${OS_APPLICATION_CREDENTIAL_SECRET}" >> ${DEPLOYMENT_INPUTS} | |
| echo "private_vm_ssh_key_file: /tmp/os-ssh-key-file" >> ${DEPLOYMENT_INPUTS} | |
| vintner instances deploy --instance motivation --inputs ${DEPLOYMENT_INPUTS} | |
| env: | |
| OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} | |
| OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} | |
| - name: (XOPERA-MOTIVATION-DEV) Test the development variant of xopera-motivation on OpenStack | |
| run: | | |
| cd ~/opera | |
| . .venv/bin/activate | |
| source /tmp/.os-credentials.sh | |
| VIRTUAL_MACHINE_IP=$(openstack server show motivation -f json | jq -r '.addresses."public-belwue"[0]') | |
| curl --fail-with-body http://${VIRTUAL_MACHINE_IP} | |
| - name: (XOPERA-MOTIVATION-DEV) Undeploy the development variant of xopera-motivation on OpenStack | |
| run: vintner instances undeploy --instance motivation | |
| if: always() | |
| - name: Abort | |
| run: exit 1 | |
| if: always() | |
| ################################################### | |
| # | |
| # xOpera Motivation | |
| # | |
| ################################################### | |
| - name: (XOPERA-MOTIVATION) Deploy the production variant of xopera-motivation on GCP | |
| run: | | |
| vintner setup clean --force | |
| vintner setup init | |
| vintner orchestrators init xopera | |
| vintner orchestrators enable --orchestrator xopera | |
| vintner orchestrators attest --orchestrator xopera | |
| vintner templates import --template motivation --path examples/xopera-motivation | |
| vintner instances init --instance motivation --template motivation | |
| vintner instances resolve --instance motivation --presets prod | |
| vintner instances validate --instance motivation | |
| cp examples/xopera-motivation/deployment-inputs.example.yaml examples/xopera-motivation/deployment-inputs.ignored.yaml | |
| sed -i "/gcp_service_account_file:/c\gcp_service_account_file: /tmp/gcp-credentials.json" examples/xopera-motivation/deployment-inputs.ignored.yaml | |
| vintner instances deploy --instance motivation --inputs examples/xopera-motivation/deployment-inputs.ignored.yaml | |
| - name: (XOPERA-MOTIVATION) Test the production variant of xopera-motivation on GCP | |
| run: curl --fail-with-body https://application-dot-stoetzms-387808.ey.r.appspot.com | |
| - name: (XOPERA-MOTIVATION) Undeploy the production variant of xopera-motivation on GCP | |
| run: vintner instances undeploy --instance motivation | |
| if: always() | |
| ################################################### | |
| # | |
| # xOpera Pruning | |
| # | |
| ################################################### | |
| - name: (XOPERA-PRUNING) Deploy the elastic variant of xopera-pruning on GCP | |
| run: | | |
| vintner setup clean --force | |
| vintner setup init | |
| vintner orchestrators init xopera | |
| vintner orchestrators enable --orchestrator xopera | |
| vintner orchestrators attest --orchestrator xopera | |
| vintner templates import --template pruning --path examples/xopera-pruning | |
| vintner instances init --instance pruning --template pruning | |
| vintner instances resolve --instance pruning --presets elastic | |
| vintner instances validate --instance pruning | |
| echo "gcp_service_account_file: /tmp/gcp-credentials.json" > examples/xopera-pruning/deployment-inputs.ignored.yaml | |
| vintner instances deploy --instance pruning --inputs examples/xopera-pruning/deployment-inputs.ignored.yaml | |
| - name: (XOPERA-PRUNING) Test the elastic variant of xopera-pruning on GCP | |
| run: curl --fail-with-body https://shop-dot-stoetzms-387808.ey.r.appspot.com | |
| - name: (XOPERA-PRUNING) Undeploy the elastic variant of xopera-pruning on GCP | |
| run: vintner instances undeploy --instance pruning | |
| if: always() | |
| ################################################### | |
| # | |
| # Unfurl Artifacts | |
| # | |
| ################################################### | |
| - name: (UNFURL-ARTIFACTS) Deploy the enterprise plan of unfurl-artifacts on GCP | |
| run: | | |
| vintner setup clean --force | |
| vintner setup init | |
| vintner orchestrators init unfurl | |
| vintner orchestrators enable --orchestrator unfurl | |
| vintner orchestrators attest --orchestrator unfurl | |
| vintner templates import --template artifacts --path examples/unfurl-artifacts | |
| vintner instances init --instance artifacts --template artifacts | |
| vintner instances resolve --instance artifacts --inputs examples/unfurl-artifacts/tests/enterprise/inputs.yaml | |
| echo "gcp_credentials: /tmp/gcp-credentials.json" > examples/unfurl-artifacts/deployment-inputs.ignored.yaml | |
| vintner instances deploy --instance artifacts --inputs examples/unfurl-artifacts/deployment-inputs.ignored.yaml | |
| - name: (UNFURL-ARTIFACTS) Test the enterprise plan of unfurl-artifacts on GCP | |
| run: curl --fail-with-body https://shop-dot-stoetzms-387808.ey.r.appspot.com | |
| - name: (UNFURL-ARTIFACTS) Undeploy the enterprise plan of unfurl-artifacts on GCP | |
| run: vintner instances undeploy --instance artifacts | |
| if: always() | |
| ################################################### | |
| # | |
| # Notification | |
| # | |
| ################################################### | |
| - name: (NOTIFICATION) Send success notification | |
| run: | | |
| curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Night workflow [${GITHUB_RUN_ID}](https://github.com/OpenTOSCA/opentosca-vintner/actions/runs/${GITHUB_RUN_ID}) succeeded.\"}" ${DISCORD_WEBHOOK_NIGHT_WORKFLOW} | |
| env: | |
| DISCORD_WEBHOOK_NIGHT_WORKFLOW: ${{ secrets.DISCORD_WEBHOOK_NIGHT_WORKFLOW }} | |
| if: success() | |
| - name: (NOTIFICATION) Send failure notification | |
| run: | | |
| curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Night workflow [${GITHUB_RUN_ID}](https://github.com/OpenTOSCA/opentosca-vintner/actions/runs/${GITHUB_RUN_ID}) failed.\"}" ${DISCORD_WEBHOOK_NIGHT_WORKFLOW} | |
| env: | |
| DISCORD_WEBHOOK_NIGHT_WORKFLOW: ${{ secrets.DISCORD_WEBHOOK_NIGHT_WORKFLOW }} | |
| if: failure() | |
| - name: (DISCORD) Send cancel notification | |
| run: | | |
| curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Night workflow [${GITHUB_RUN_ID}](https://github.com/OpenTOSCA/opentosca-vintner/actions/runs/${GITHUB_RUN_ID}) cancelled.\"}" ${DISCORD_WEBHOOK_NIGHT_WORKFLOW} | |
| env: | |
| DISCORD_WEBHOOK_NIGHT_WORKFLOW: ${{ secrets.DISCORD_WEBHOOK_NIGHT_WORKFLOW }} | |
| if: cancelled() |