Secrets migration: enhance logging #4175
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2024-2025 New Vector Ltd | |
| # Copyright 2025-2026 Element Creations Ltd | |
| # | |
| # SPDX-License-Identifier: AGPL-3.0-only | |
| name: Run PyTest tests - Integration and Manifests | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - 'maintenance/*' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| GHCR_USERNAME: ${{ github.actor }} | |
| GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| pytest-setup: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| envFiles: ${{ steps.data.outputs.envFiles }} | |
| manifestTests: ${{ steps.data.outputs.manifestTests }} | |
| upgradeFrom: ${{ steps.data.outputs.upgradeFrom }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - id: data | |
| run: | | |
| echo "envFiles=$(find tests/integration/env -name '*.rc' | sed 's|tests/integration/env/||' | sed 's/.rc$//' | jq -ncR '{envFiles: [inputs]}')" | tee -a "$GITHUB_OUTPUT" | |
| echo "manifestTests=$(find tests/manifests -name 'test_*.py' | sed 's|tests/manifests/||' | sed 's/.py$//' | jq -ncR '{manifestTests: [inputs]}')" | tee -a "$GITHUB_OUTPUT" | |
| LATEST_TAG=$(git describe --abbrev=0 --tags --match '[0-9]*.[0-9]*.[0-9]*') | |
| echo "upgradeFrom=$LATEST_TAG" | tee -a "$GITHUB_OUTPUT" | |
| pytest-integration: | |
| runs-on: ubuntu-latest | |
| needs: pytest-setup | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test-component: ${{ fromJSON(needs.pytest-setup.outputs.envFiles).envFiles }} | |
| test-from-ref: | |
| - "${{ github.event.pull_request.head.sha }}" | |
| - "${{ needs.pytest-setup.outputs.upgradeFrom }}" | |
| env: | |
| MATRIX_TEST_COMPONENT: ${{ matrix.test-component }} | |
| MATRIX_TEST_FROM_REF: ${{ matrix.test-from-ref }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2 | |
| with: | |
| python-version: "3.x" | |
| - name: Load poetry path | |
| run: | | |
| echo "$(poetry env info -p)/bin" >> "${GITHUB_PATH}" | |
| - name: Login to Dockerhub | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 | |
| if: ${{ github.event.pull_request.head.repo.full_name == 'element-hq/ess-helm' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} | |
| with: | |
| registry: docker.io | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Install k3d with asdf | |
| uses: asdf-vm/actions/install@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4 | |
| with: | |
| tool_versions: | | |
| k3d 5.8.3 | |
| - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| - name: Checkout values files from previous ref | |
| run: | | |
| git checkout --no-overlay -f "${MATRIX_TEST_FROM_REF}" -- charts/matrix-stack tests/integration/env/ | |
| if: ${{ matrix.test-from-ref != github.event.pull_request.head.sha }} | |
| - name: Deploy with pytest once | |
| env: | |
| PYTEST_CI_FIRST_STEP: "1" | |
| run: | | |
| if [ -f "tests/integration/env/${MATRIX_TEST_COMPONENT}.rc" ]; then | |
| # shellcheck source=/dev/null | |
| . "tests/integration/env/${MATRIX_TEST_COMPONENT}.rc" | |
| PYTEST_KEEP_CLUSTER=1 poetry run pytest -vv tests/integration | |
| else | |
| echo "The integration test does not exist in previous ref, skipping..." | |
| fi | |
| - name: Checkout values files back | |
| run: | | |
| git checkout --no-overlay -f HEAD -- charts/matrix-stack tests/integration/env/ | |
| - name: On upgrade, Synapse can restart, expect 429 to occur | |
| run: | | |
| echo "PYTEST_EXPECTED_HTTP_STATUS_CODES=429,502,504" >> "$GITHUB_ENV" | |
| if: ${{ matrix.test-from-ref != github.event.pull_request.head.sha }} | |
| - name: Test with pytest (upgrade or idempotent setup) | |
| env: | |
| PYTEST_CI_SECOND_STEP: "1" | |
| run: | | |
| # shellcheck source=/dev/null | |
| . "tests/integration/env/${MATRIX_TEST_COMPONENT}.rc" | |
| PYTEST_KEEP_CLUSTER=1 poetry run pytest -vv tests/integration | |
| # syn2mas is a special case that cannot run twice by design | |
| if: ${{ matrix.test-component != 'matrix-authentication-service-syn2mas' }} | |
| - name: Export logs | |
| if: ${{ failure() }} | |
| shell: bash | |
| run: | | |
| mkdir ess-helm-logs | |
| k3d kubeconfig merge ess-helm -ds | |
| for ns in $(kubectl --context k3d-ess-helm get ns -o custom-columns=NS:.metadata.name --no-headers); do | |
| mkdir -p "./ess-helm-logs/$ns" | |
| for pod in $(kubectl --context k3d-ess-helm -n "$ns" get pod -o custom-columns=NS:.metadata.name --no-headers); do | |
| kubectl --context k3d-ess-helm -n "$ns" logs --all-containers --prefix --timestamps --ignore-errors --previous "$pod" > "./ess-helm-logs/$ns/$pod.previous" | |
| kubectl --context k3d-ess-helm -n "$ns" logs --all-containers --prefix --timestamps --ignore-errors "$pod" > "./ess-helm-logs/$ns/$pod.logs" | |
| done | |
| resources=("pods" "deployments" "statefulsets" "services" "configmaps" "ingresses" "persistentvolumes" "persistentvolumeclaims" "endpoints") | |
| for i in "${resources[@]}"; do | |
| kubectl --context k3d-ess-helm get "$i" -n "$ns" > "./ess-helm-logs/$ns/$i.txt" | |
| echo "----" >> "./ess-helm-logs/$ns/$i.txt" | |
| kubectl --context k3d-ess-helm get "$i" -o yaml -n "$ns" >> "./ess-helm-logs/$ns/$i.txt" | |
| done | |
| kubectl --context k3d-ess-helm get events --sort-by=.metadata.creationTimestamp -n "$ns" > "./ess-helm-logs/$ns/events.txt" | |
| done | |
| k3d cluster delete ess-helm | |
| - name: Upload logs | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: ess-helm-logs-${{ matrix.test-component }}-${{ matrix.test-from-ref }} | |
| path: ess-helm-logs | |
| retention-days: 1 | |
| pytest-manifests: | |
| runs-on: ubuntu-latest | |
| needs: pytest-setup | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| manifest-test: ${{ fromJSON(needs.pytest-setup.outputs.manifestTests).manifestTests }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2 | |
| with: | |
| python-version: "3.x" | |
| - name: Load poetry path | |
| run: | | |
| echo "$(poetry env info -p)/bin" >> "${GITHUB_PATH}" | |
| # Helm >= 3.19.5 (including Helm v4) have https://github.com/helm/helm/issues/31643 | |
| # which breaks one of the Ingress tests | |
| - name: Pin Helm with asdf | |
| uses: asdf-vm/actions/install@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4 | |
| with: | |
| tool_versions: | | |
| helm 3.19.4 | |
| - name: Restore pytest cache | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 | |
| with: | |
| path: .pytest_cache | |
| key: pytest-manifests-cache-${{ matrix.manifest-test }}-${{ hashFiles('charts/matrix-stack/values.yaml') }} | |
| restore-keys: | | |
| pytest-manifests-cache- | |
| - name: Run our manifest test | |
| run: poetry run pytest -vv tests/manifests/${{ matrix.manifest-test }}.py |