feat: introduce e2e tests for helm charts (#3730)

This PR introduced the QA end to end test suite. This allows us to run more thorough tests on each PR

Author: eamonnmoloney

.github/actions/cluster-auth/action.yaml

@@ -0,0 +1,74 @@
+name: cluster-auth
+description: Generate GH token and log in to GKE/ROSA or decrypt kubeconfig
+inputs:
+  platform:         { required: true,  description: gke | rosa | custom }
+  auth-data:        { required: false, description: base64-encrypted kubeconfig }
+
+outputs:
+  token:
+    description: GitHub token
+    value: ${{ steps.generate-github-token.outputs.token }}
+
+env:
+  GH_APP_ID:        {}
+  GH_APP_KEY:       {}
+  GKE_CLUSTER_NAME: {}
+  GKE_CLUSTER_LOC:  {}
+  GKE_WIP:          {}
+  GKE_SA:           {}
+  ROSA_URL:         {}
+  ROSA_USER:        {}
+  ROSA_PASS:        {}
+  CLUSTER_NAME:     {}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Generate GitHub token
+      uses: tibdex/github-app-token@v2
+      id: generate-github-token
+      with:
+        app_id:      ${{ env.GH_APP_ID }}
+        private_key: ${{ env.GH_APP_KEY }}
+
+    - name: Authenticate to GKE
+      if: inputs.platform == 'gke' && inputs.auth-data == ''
+      uses: ./.github/actions/gke-login
+      with:
+        cluster-name:                ${{ env.GKE_CLUSTER_NAME }}
+        cluster-location:            ${{ env.GKE_CLUSTER_LOC }}
+        workload-identity-provider:  ${{ env.GKE_WIP }}
+        service-account:             ${{ env.GKE_SA }}
+
+    - name: Authenticate to OpenShift
+      if: inputs.platform == 'rosa' && inputs.auth-data == ''
+      uses: redhat-actions/oc-login@v1
+      with:
+        openshift_server_url: ${{ env.ROSA_URL }}
+        openshift_username:   ${{ env.ROSA_USER }}
+        openshift_password:   ${{ env.ROSA_PASS }}
+
+    - name: Set up Teleport
+      if: inputs.platform == 'eks'
+      uses: teleport-actions/setup@v1
+      with:
+        version: 17.2.2
+
+    - name: Authenticate with Teleport
+      if: inputs.platform == 'eks' && inputs.auth-data == ''
+      uses: teleport-actions/auth-k8s@v2
+      with:
+        proxy: camunda.teleport.sh:443
+        token: ${{ env.TOKEN }}
+        kubernetes-cluster: ${{ env.CLUSTER_NAME }}
+
+    - name: Authenticate via var
+      if: inputs.auth-data != ''
+      shell: bash
+      run: |
+        mkdir -p "$HOME/.kube"
+        echo "${{ inputs.auth-data }}" | base64 -d > enc.cfg
+        openssl enc -aes-256-cbc -d -in enc.cfg -out "$HOME/.kube/config" \
+               -pass pass:"${{ steps.generate-github-token.outputs.token }}" -pbkdf2
+        rm enc.cfg
+        chmod 600 "$HOME/.kube/config"

.github/actions/failed-pods-info/action.yml

@@ -4,39 +4,13 @@ description: In case of failure, get Pods details like name, logs, and descripti
 runs:
   using: composite
   steps:
-  - name: Gather diagnostics for failed Pods
-    if: failure()
+  - name: Get failed Pods info
     shell: bash
+    # TODO: Better way to collect logs and store them as artifacts in GitHub Actions.
     run: |
-      set -euo pipefail
-      ARTIFACT_DIR="$RUNNER_TEMP/failed-pods"
-      mkdir -p "$ARTIFACT_DIR"
-      IFS=$'\n'
-
-      for pod in $(kubectl -n "$TEST_NAMESPACE" get pods \
-                     --field-selector=status.phase!=Succeeded \
-                     -o jsonpath='{range .items[?(@.status.containerStatuses[?(@.ready==false)])]}{.metadata.name}{"\n"}{end}'); do
-        echo "⇢ Collecting diagnostics for $pod"
-        pod_dir="$ARTIFACT_DIR/$pod"; mkdir -p "$pod_dir"
-
-        kubectl -n "$TEST_NAMESPACE" describe pod "$pod"           > "$pod_dir/describe.txt"
-        kubectl -n "$TEST_NAMESPACE" get pod "$pod" -o yaml        > "$pod_dir/pod.yaml"
-        kubectl -n "$TEST_NAMESPACE" get events \
-          --field-selector involvedObject.name="$pod" \
-          --sort-by=.metadata.creationTimestamp                    > "$pod_dir/events.txt"
-
-        node=$(kubectl -n "$TEST_NAMESPACE" get pod "$pod" -o jsonpath='{.spec.nodeName}')
-        kubectl describe node "$node"                              > "$pod_dir/node.txt" || true
-
-        for c in $(kubectl -n "$TEST_NAMESPACE" get pod "$pod" -o jsonpath='{.spec.containers[*].name}'); do
-          kubectl -n "$TEST_NAMESPACE" logs "$pod" -c "$c" --timestamps            > "$pod_dir/$c.log" || true
-          kubectl -n "$TEST_NAMESPACE" logs "$pod" -c "$c" --previous --timestamps > "$pod_dir/$c.previous.log" || true
-        done
-        kubectl -n "$TEST_NAMESPACE" top pod "$pod" --containers   > "$pod_dir/top.txt" || true
+      kubectl -n $TEST_NAMESPACE get po
+      kubectl -n $TEST_NAMESPACE get po | grep -v "Completed" | awk '/0\//{print $1}' | while read pod_name; do
+        echo -e "\n###Failed Pod: ${pod_name}###\n";
+        kubectl -n $TEST_NAMESPACE describe po ${pod_name};
+        kubectl -n $TEST_NAMESPACE logs ${pod_name};
       done
-  - name: Upload diagnostics
-    if: failure()
-    uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
-    with:
-      name: failed-pods
-      path: ${{ runner.temp }}/failed-pods

.github/actions/generate-chart-matrix/action.yml

@@ -72,6 +72,7 @@ runs:
         write_matrix_entry() {
           local camunda_version="$1"
           local chart_dir="$2"
+          echo "⭐ Generating matrix for $camunda_version and chart $chart_dir"
           if [ -f "$chart_dir/test/ci-test-config.yaml" ]; then
             readarray prScenarios < <(yq e -o=j -I=0 '.integration.case.pr.scenario.[]' $chart_dir/test/ci-test-config.yaml)
             for prScenario in "${prScenarios[@]}"; do
@@ -82,6 +83,7 @@ runs:
               echo "  - version: ${camunda_version}" >> matrix_versions.txt
               echo "    case: pr" >> matrix_versions.txt
               echo "    scenario: $(echo "$prScenario" | yq e '.name' -)" >> matrix_versions.txt
+              echo "    shortname: $(echo "$prScenario" | yq e '.shortname' -)" >> matrix_versions.txt
               echo "    auth: $(echo "$prScenario" | yq e '.auth' -)" >> matrix_versions.txt
               echo "    exclude: $(echo "$prScenario" | yq e '.exclude | join("|")' -)" >> matrix_versions.txt
             done
@@ -92,7 +94,13 @@ runs:
         echo "Checking for manual-trigger"
         touch matrix_versions.txt
         echo "matrix:" > matrix_versions.txt
-        if [[ "${{ inputs.manual-trigger }}" != "none" && "${{ inputs.manual-trigger }}" != "" ]]; then
+        if [[ "${{ inputs.manual-trigger }}" == "all" ]]; then
+          echo "Requested to build all"
+          for camunda_version in ${{ steps.get-chart-versions.outputs.active }}; do
+            chart_dir="charts/camunda-platform-${camunda_version}"
+            write_matrix_entry "$camunda_version" "$chart_dir"
+          done
+        elif [[ "${{ inputs.manual-trigger }}" != "none" && "${{ inputs.manual-trigger }}" != "" ]]; then
           echo "Manual trigger detected: ${{ inputs.manual-trigger }}"
           chart_dir="charts/camunda-platform-${{ inputs.manual-trigger }}"
           if [ -d "$chart_dir" ]; then

.github/actions/workflow-vars/action.yml

@@ -4,6 +4,9 @@ inputs:
   setup-flow:
     description: The chart setup flow either "install" or "upgrade".
     default: "install"
+  ingress-hostname-base:
+    description: The base of the Ingress hostname.
+    required: true
   platform:
     description: The deployment cloud platform like GKE or ROSA.
   deployment-ttl:
@@ -14,6 +17,7 @@ inputs:
     description: The fixed string in the identifier of the deployment it could be PR number or another specified name.
   chart-dir:
     description: A reference for the Camunda Helm chart directory which allows to test unreleased chagnes from Git repo.
+    required: true
   chart-upgrade-version:
     description: The Helm chart released version to upgrade from.
     required: false
@@ -68,6 +72,12 @@ runs:
       echo "GITHUB_WORKFLOW_JOB_ID=$GITHUB_WORKFLOW_JOB_ID" | tee -a $GITHUB_ENV
       echo "GITHUB_WORKFLOW_RUN_ID=${{ github.run_id }}" | tee -a $GITHUB_ENV
 
+      # Identifier
+      local_identifier=${{ inputs.identifier-base }}
+      if [[ -z "${{ inputs.identifier-base }}" ]]; then
+        local_identifier="no-id-use-ran-$(uuidgen | head -c 6)"
+      fi
+
       # Namespace.
       TRIGGER_KEY=$(is_pr && echo "pr" || echo "id")
       TEST_NAMESPACE="$NAMESPACE_PREFIX-$(echo ${TRIGGER_KEY}-${{ inputs.identifier-base }} | sed 's/\./-/g')"
@@ -77,10 +87,9 @@ runs:
       fi
 
       if [[ "${{ inputs.setup-flow }}" == 'upgrade' ]]; then
-        TEST_NAMESPACE="${TEST_NAMESPACE}-upgrade"
+        TEST_NAMESPACE="${TEST_NAMESPACE}-upg"
       fi
-      
-      echo "TEST_NAMESPACE=$(printf '%s' "${TEST_NAMESPACE%-}" | head -c 63)" | tee -a $GITHUB_ENV
+      echo "TEST_NAMESPACE=$(printf '%s' "$TEST_NAMESPACE" | head -c 63 | sed 's/-$//')" | tee -a "$GITHUB_ENV"
 
       # Get alpha chart dir.
       TEST_CAMUNDA_HELM_DIR_ALPHA="$(basename $(ls -d1 charts/camunda-platform-8.* | sort -V | tail -n1))"
@@ -89,14 +98,13 @@ runs:
       echo "Output vars:"
 
       # Deployment identifier.
-      TEST_IDENTIFIER="$(echo ${{ inputs.platform }}-${{ inputs.identifier-base }} | sed 's/\./-/g')"
+      TEST_IDENTIFIER="$(echo ${{ inputs.platform }}-${local_identifier} | sed 's/\./-/g')"
       if [[ "${{ inputs.setup-flow }}" == 'upgrade' ]]; then
         TEST_IDENTIFIER="${TEST_IDENTIFIER}-upgrade"
       fi
       echo "identifier=${TEST_IDENTIFIER}" | tee -a $GITHUB_OUTPUT
 
       # Ingress hostname.
-
       if [[ "${{ inputs.platform }}" == 'eks' ]]; then
         export INGRESS_HOSTNAME_BASE=${NAMESPACE_PREFIX}.aws.camunda.cloud
       else

.github/config/test-integration-matrix.yaml

@@ -23,8 +23,8 @@ matrix:
         password: DISTRO_CI_OPENSHIFT_CLUSTER_PASSWORD
       if: $INPUTS_PLATFORMS_ROSA
   scenario:
-    - name: Chart Setup
-      desc: Setup chart in production-like setup with Ingress and TLS.
+    - name: Chart Install
+      desc: Install chart in production-like setup with Ingress and TLS.
       flow: install
       if: $INPUTS_FLOWS_INSTALL
     - name: Chart Upgrade

.github/workflows/test-chart-version-template.yaml

@@ -20,39 +20,86 @@ on:
         description: Scenario
         required: true
         type: string
+      shortname:
+        description: Shortname for the scenario within the identifier
+        required: true
+        type: string
       auth:
-        description: Scenario
+        description: Auth
         required: true
         type: string
       exclude:
-        description: Scenario
-        required: true
+        description: Exclude
+        required: false
+        default: ""
+        type: string
+      run-all-e2e-tests:
+        description: "Run all E2E tests (playwright)"
+        required: false
+        default: false
+        type: boolean
+      platforms:
+        description: The deployment cloud platform
+        default: gke
+        required: false
         type: string
+      flows:
+        description: The flows to run
+        default: "install,upgrade"
+        type: string
+        required: false
+      e2e-enabled:
+        required: false
+        default: true
+        type: boolean
 
 concurrency:
-  group: ${{ github.workflow }}-${{ inputs.pr-number }}-${{ inputs.scenario }}-${{ inputs.camunda-version }}-${{ inputs.auth }}-${{ inputs.exclude }}
+  group: ${{ github.workflow }}-${{ inputs.pr-number }}-${{ inputs.shortname }}-${{ inputs.camunda-version }}-${{ inputs.auth }}-${{ inputs.exclude }}-${{ inputs.platforms }}
   cancel-in-progress: true
 
 permissions:
   contents: read
 
 jobs:
+  parse-platforms:
+    name: Parse platforms
+    runs-on: ubuntu-latest
+    env:
+      SCENARIOS_LIST: ${{ inputs.scenarios }}
+    outputs:
+      platforms: ${{ steps.make-json-array.outputs.platforms }}
+    steps:
+      - name: Convert string to JSON array and set as output
+        id: make-json-array
+        run: |
+          platforms="${{ inputs.platforms }}"
+          echo "platforms=$(jq -cn --arg p "$platforms" '$p | split(",")')" >> "$GITHUB_OUTPUT"
+          echo "platforms=$platforms"
+
   integration:
-    name: Camunda ${{ inputs.camunda-version }} - Integration Test
+    name: ${{ matrix.platform }} - ITs
+    needs: [parse-platforms]
     permissions:
       contents: read
       id-token: write
       deployments: write
     secrets: inherit
+    strategy:
+      matrix:
+        platform: ${{ fromJson(needs.parse-platforms.outputs.platforms) }}
     uses: ./.github/workflows/test-integration-template.yaml
     with:
-      identifier: "${{ github.event.pull_request.number }}-intg-${{ inputs.camunda-version }}"
+      identifier: "${{ github.event.pull_request.number }}-intg-${{ inputs.camunda-version }}-${{ matrix.platform }}"
       deployment-ttl: "${{ contains(github.event.pull_request.labels.*.name, 'test-persistent') && '1w' || '' }}"
-      flows: "install,upgrade"
+      flows: ${{ inputs.flows }}
       camunda-helm-dir: "camunda-platform-${{ inputs.camunda-version }}"
       camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
       caller-git-ref: "${{ github.event.pull_request.head.sha }}"
       test-case: ${{inputs.case}}
       scenario: ${{inputs.scenario}}
+      e2e-enabled: ${{ inputs.e2e-enabled }}
+      shortname: ${{inputs.shortname}}
       auth: ${{inputs.auth}}
       exclude: ${{inputs.exclude}}
+      platforms: ${{ matrix.platform }}
+      run-all-e2e-tests: ${{ inputs.run-all-e2e-tests }}