auth-provider-zitadel/.github/workflows/test-e2e.yml at fecfd2375682f38e207d94438b6430ae8b1c28b7 · datum-cloud/auth-provider-zitadel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
name: End-to-End Tests

on:
  push:
    branches:
      - main
  pull_request: {}
  workflow_dispatch:
    inputs:
      test_suite:
        description: 'Test suite to run (e.g., machineaccount, userdeactivation or empty for all)'
        required: false
        default: ''
        type: string

env:
  # Enable experimental remote taskfiles feature
  TASK_X_REMOTE_TASKFILES: 1
  # Test infrastructure configuration
  TEST_INFRA_CLUSTER_NAME: test-infra
  IMAGE_NAME: ghcr.io/datum-cloud/auth-provider-zitadel
  IMAGE_TAG: dev

jobs:
  test-e2e:
    runs-on: ubuntu-latest
    timeout-minutes: 60

    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version-file: 'go.mod'
          cache: true

      - name: Install Task CLI
        run: |
          sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin

      - name: Verify Task installation
        run: |
          task --version
          echo "Available tasks:"
          task --list

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4
        with:
          buildkitd-config-inline: |
            [worker.oci]
              max-parallelism = 4

      - name: Install kubectl
        uses: azure/setup-kubectl@v4
        with:
          version: 'v1.30.0'

      - name: Install KinD
        uses: helm/kind-action@v1
        with:
          install_only: true
          version: v0.24.0

      - name: Verify prerequisites
        run: |
          echo "=== Checking prerequisites ==="
          docker version
          kubectl version --client
          kind version
          echo "Go version: $(go version)"

      - name: Set up test environment
        run: |
          echo "=== Setting up test environment ==="
          # This task handles cluster creation, image build/load, and deployment
          task ci:setup

      - name: Verify components
        run: |
          echo "=== Verifying Auth Provider Zitadel components ==="

          APP_NAMESPACE="auth-provider-zitadel-system"
          ZITADEL_NAMESPACE="zitadel-system"

          # Verify components are running
          echo "Checking Auth Provider Zitadel components:"
          task test-infra:kubectl -- get pods -n $APP_NAMESPACE

          # Wait for components to be ready
          echo "⏳ Waiting for controller manager to be ready..."
          task test-infra:kubectl -- wait --for=condition=Available deployment/controller-manager -n $APP_NAMESPACE --timeout=1000s

          echo "⏳ Waiting for API server to be ready..."
          task test-infra:kubectl -- wait --for=condition=Available deployment/apiserver -n $APP_NAMESPACE --timeout=1000s

          echo "⏳ Waiting for AuthN webhook to be ready..."
          task test-infra:kubectl -- wait --for=condition=Available deployment/authn-webhook -n $APP_NAMESPACE --timeout=1000s

          echo "⏳ Checking Zitadel status..."
          task test-infra:kubectl -- wait --for=condition=Available deployment/zitadel -n $ZITADEL_NAMESPACE --timeout=1000s

          # Verify Aggregated API Availability (CA Injection)
          echo "⏳ Verifying Aggregated API Availability..."
          for i in {1..30}; do
            CA_LEN=$(task test-infra:kubectl -- get apiservice v1alpha1.identity.miloapis.com -o jsonpath='{len(.spec.caBundle)}' 2>/dev/null || echo "0")
            if [ "$CA_LEN" -gt "0" ]; then
              echo "✅ CA Bundle injected into APIService."
              break
            fi
            echo "⏳ Waiting for CA injection into identity APIService (attempt $i/30)..."
            sleep 2
          done

          # Verify Discovery works
          echo "Verifying API Discovery..."
          task test-infra:kubectl -- get apiservice v1alpha1.identity.miloapis.com

          echo "✓ Components verification complete"

      - name: Run end-to-end tests
        run: |
          echo "=== Running end-to-end tests ==="

          # Determine which tests to run based on input
          if [ -n "${{ github.event.inputs.test_suite }}" ]; then
            echo "Running specified test suite: ${{ github.event.inputs.test_suite }}"
            task test:end-to-end -- ${{ github.event.inputs.test_suite }}
          else
            echo "Running all end-to-end tests..."
            task test:end-to-end
          fi

      - name: Collect debug information on failure
        if: failure()
        run: |
          echo "=== Collecting debug information ==="
          APP_NAMESPACE="auth-provider-zitadel-system"
          ZITADEL_NAMESPACE="zitadel-system"

          # Cluster status
          echo "=== Infrastructure Cluster Status ==="
          task test-infra:kubectl -- get pods -A || true
          task test-infra:kubectl -- get nodes -o wide || true

          # App status and logs
          echo "=== Auth Provider Zitadel Status ==="
          task test-infra:kubectl -- describe pods -n $APP_NAMESPACE || true

          echo "--- Controller Manager Logs ---"
          task test-infra:kubectl -- logs -n $APP_NAMESPACE -l app.kubernetes.io/component=controller-manager --tail=500 || true

          echo "--- API Server Logs ---"
          task test-infra:kubectl -- logs -n $APP_NAMESPACE -l app.kubernetes.io/component=apiserver --tail=500 || true

          echo "--- AuthN Webhook Logs ---"
          task test-infra:kubectl -- logs -n $APP_NAMESPACE -l app.kubernetes.io/component=authn-webhook --tail=500 || true

          # Zitadel status and logs
          echo "=== Zitadel Status ==="
          task test-infra:kubectl -- describe pods -n $ZITADEL_NAMESPACE || true

          echo "--- Zitadel Logs ---"
          task test-infra:kubectl -- logs -n $ZITADEL_NAMESPACE -l app.kubernetes.io/name=zitadel --tail=500 || true

          # PostgreSQL status
          echo "--- PostgreSQL Logs ---"
          task test-infra:kubectl -- logs -n $ZITADEL_NAMESPACE -l app=zitadel-postgresql --tail=100 || true

          # Docker container status
          echo "=== Docker Containers ==="
          docker ps -a || true

          # KinD cluster info
          echo "=== KinD cluster info ==="
          kind get clusters || true
          kind export logs /tmp/kind-logs --name $TEST_INFRA_CLUSTER_NAME || true

      - name: Upload debug artifacts
        if: failure()
        uses: actions/upload-artifact@v7
        with:
          name: debug-logs
          path: |
            /tmp/kind-logs/
          if-no-files-found: ignore

      - name: Cleanup test infrastructure
        if: always()
        run: |
          echo "=== Cleaning up test infrastructure ==="

          # Clean up test infrastructure cluster
          task test-infra:cluster-down || true

          # Verify cleanup
          echo "Remaining KinD clusters:"
          kind get clusters || true

          echo "Remaining Docker containers:"
          docker ps -a --filter "name=$TEST_INFRA_CLUSTER_NAME" || true