fix: shell needs a dot over the source command (#118) #83
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| AWS_REGION: us-west-2 | |
| AWS_ROLE: arn:aws:iam::270074865685:role/terraform-module-ci-test | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory | |
| AWS_MAX_ATTEMPTS: 100 | |
| AWS_RETRY_MODE: adaptive | |
| permissions: write-all | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release_pr: ${{ steps.release-please.outputs.pr }} | |
| steps: | |
| - uses: googleapis/release-please-action@v4 | |
| id: release-please | |
| with: | |
| release-type: terraform-module | |
| - name: Install Let's Encrypt Roots and Intermediate Certificates | |
| if: steps.release-please.outputs.pr | |
| run: | | |
| # https://letsencrypt.org/certificates/ | |
| sudo apt-get update -y | |
| sudo apt-get install -y ca-certificates wget openssl libssl-dev | |
| wget https://letsencrypt.org/certs/isrgrootx1.pem # rsa | |
| sudo cp isrgrootx1.pem /usr/local/share/ca-certificates/ | |
| wget https://letsencrypt.org/certs/isrg-root-x2.pem # ecdsa | |
| sudo cp isrg-root-x2.pem /usr/local/share/ca-certificates/ | |
| wget https://letsencrypt.org/certs/2024/r11.pem | |
| sudo cp r11.pem /usr/local/share/ca-certificates/ | |
| wget https://letsencrypt.org/certs/2024/r10.pem | |
| sudo cp r10.pem /usr/local/share/ca-certificates/ | |
| wget https://letsencrypt.org/certs/2024/e5.pem | |
| sudo cp e5.pem /usr/local/share/ca-certificates/ | |
| wget https://letsencrypt.org/certs/2024/e6.pem | |
| sudo cp e6.pem /usr/local/share/ca-certificates/ | |
| sudo update-ca-certificates | |
| - name: Verify Lets Encrypt CA Functionality | |
| if: steps.release-please.outputs.pr | |
| run: | | |
| # Function to check if Let's Encrypt CA is effectively used by openssl | |
| check_letsencrypt_ca() { | |
| # Try to verify a known Let's Encrypt certificate (you can use any valid one) | |
| if openssl s_client -showcerts -connect letsencrypt.org:443 < /dev/null | openssl x509 -noout -issuer | grep -q "Let's Encrypt"; then | |
| return 0 # Success | |
| else | |
| return 1 # Failure | |
| fi | |
| } | |
| if check_letsencrypt_ca; then | |
| echo "Let's Encrypt CA is functioning correctly." | |
| else | |
| echo "Error: Let's Encrypt CA is not being used for verification." | |
| exit 1 | |
| fi | |
| - uses: actions/github-script@v8 | |
| if: steps.release-please.outputs.pr | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: ${{ fromJson(steps.release-please.outputs.pr).number }}, | |
| owner: "${{ github.repository_owner }}", | |
| repo: "${{ github.event.repository.name }}", | |
| body: "Please make sure e2e tests pass before merging this PR! \n ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| }) | |
| # WARNING! Tests need to run one at a time because AWS is throttling our requests. | |
| # 4 hours is the current maximum session time for the token | |
| test_TestOneBasic: | |
| needs: release | |
| if: needs.release.outputs.release_pr | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| token: ${{secrets.GITHUB_TOKEN}} | |
| fetch-depth: 0 | |
| - id: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{env.AWS_ROLE}} | |
| role-session-name: ${{github.run_id}}-TestOneBasic | |
| aws-region: ${{env.AWS_REGION}} | |
| role-duration-seconds: 14400 # 4 hours | |
| output-credentials: true | |
| - name: install-nix | |
| run: | | |
| curl -L https://nixos.org/nix/install | sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: run_tests | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| AWS_RETRY_MODE: adaptive | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| GITHUB_OWNER: rancher | |
| IDENTIFIER: ${{github.run_id}}-TestOneBasic | |
| ZONE: ${{secrets.ZONE}} | |
| ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory | |
| RANCHER_INSECURE: false | |
| run: | | |
| ./run_tests.sh -t TestOneBasic | |
| test_TestProdBasic: | |
| needs: | |
| - release | |
| - test_TestOneBasic | |
| if: needs.release.outputs.release_pr | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| token: ${{secrets.GITHUB_TOKEN}} | |
| fetch-depth: 0 | |
| - id: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{env.AWS_ROLE}} | |
| role-session-name: ${{github.run_id}}-TestProdBasic | |
| aws-region: ${{env.AWS_REGION}} | |
| role-duration-seconds: 14400 # 4 hours | |
| output-credentials: true | |
| - name: install-nix | |
| run: | | |
| curl -L https://nixos.org/nix/install | sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: run_tests | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| AWS_RETRY_MODE: adaptive | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| GITHUB_OWNER: rancher | |
| IDENTIFIER: ${{github.run_id}}-TestProdBasic | |
| ZONE: ${{secrets.ZONE}} | |
| ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory | |
| RANCHER_INSECURE: false | |
| run: | | |
| ./run_tests.sh -t TestProdBasic | |
| test_TestThreeBasic: | |
| needs: | |
| - release | |
| - test_TestOneBasic | |
| if: needs.release.outputs.release_pr | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| token: ${{secrets.GITHUB_TOKEN}} | |
| fetch-depth: 0 | |
| - id: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{env.AWS_ROLE}} | |
| role-session-name: ${{github.run_id}}-TestThreeBasic | |
| aws-region: ${{env.AWS_REGION}} | |
| role-duration-seconds: 14400 # 4 hours | |
| output-credentials: true | |
| - name: install-nix | |
| run: | | |
| curl -L https://nixos.org/nix/install | sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: run_tests | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| AWS_RETRY_MODE: adaptive | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| GITHUB_OWNER: rancher | |
| IDENTIFIER: ${{github.run_id}}-TestThreeBasic | |
| ZONE: ${{secrets.ZONE}} | |
| ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory | |
| RANCHER_INSECURE: false | |
| run: | | |
| ./run_tests.sh -t TestThreeBasic | |
| test_TestDownstreamBasic: | |
| needs: | |
| - release | |
| - test_TestOneBasic | |
| if: needs.release.outputs.release_pr | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| token: ${{secrets.GITHUB_TOKEN}} | |
| fetch-depth: 0 | |
| - id: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{env.AWS_ROLE}} | |
| role-session-name: ${{github.run_id}}-TestDownstreamBasic | |
| aws-region: ${{env.AWS_REGION}} | |
| role-duration-seconds: 14400 # 4 hours | |
| output-credentials: true | |
| - name: install-nix | |
| run: | | |
| curl -L https://nixos.org/nix/install | sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: run_tests | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| AWS_RETRY_MODE: adaptive | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| GITHUB_OWNER: rancher | |
| IDENTIFIER: ${{github.run_id}}-TestDownstreamBasic | |
| ZONE: ${{secrets.ZONE}} | |
| ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory | |
| RANCHER_INSECURE: false | |
| run: | | |
| ./run_tests.sh -t TestDownstreamBasic | |
| test_TestDownstreamSplitrole: | |
| needs: | |
| - release | |
| - test_TestOneBasic | |
| if: needs.release.outputs.release_pr | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| token: ${{secrets.GITHUB_TOKEN}} | |
| fetch-depth: 0 | |
| - id: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{env.AWS_ROLE}} | |
| role-session-name: ${{github.run_id}}-TestDownstreamSplitrole | |
| aws-region: ${{env.AWS_REGION}} | |
| role-duration-seconds: 14400 # 4 hours | |
| output-credentials: true | |
| - name: install-nix | |
| run: | | |
| curl -L https://nixos.org/nix/install | sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: run_tests | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| AWS_RETRY_MODE: adaptive | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| GITHUB_OWNER: rancher | |
| IDENTIFIER: ${{github.run_id}}-TestDownstreamSplitrole | |
| ZONE: ${{secrets.ZONE}} | |
| ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory | |
| RANCHER_INSECURE: false | |
| run: | | |
| ./run_tests.sh -t TestDownstreamSplitrole | |
| test_Cleanup: | |
| needs: | |
| - release | |
| - test_TestOneBasic | |
| - test_TestProdBasic | |
| - test_TestThreeBasic | |
| - test_TestDownstreamBasic | |
| - test_TestDownstreamSplitrole | |
| if: always() && needs.release.outputs.release_pr | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| token: ${{secrets.GITHUB_TOKEN}} | |
| fetch-depth: 0 | |
| - id: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{env.AWS_ROLE}} | |
| role-session-name: ${{github.run_id}}-cleanup | |
| aws-region: ${{env.AWS_REGION}} | |
| role-duration-seconds: 3600 # 1 hour | |
| output-credentials: true | |
| - name: install-nix | |
| run: | | |
| curl -L https://nixos.org/nix/install | sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: cleanupTestOneBasic | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| IDENTIFIER: ${{github.run_id}}-TestOneBasic | |
| run: | | |
| ./run_tests.sh -c $IDENTIFIER | |
| - name: cleanupTestProdBasic | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| IDENTIFIER: ${{github.run_id}}-TestProdBasic | |
| run: | | |
| ./run_tests.sh -c $IDENTIFIER | |
| - name: cleanupTestThreeBasic | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| IDENTIFIER: ${{github.run_id}}-TestThreeBasic | |
| run: | | |
| ./run_tests.sh -c $IDENTIFIER | |
| - name: cleanupTestDownstreamBasic | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| IDENTIFIER: ${{github.run_id}}-TestDownstreamBasic | |
| run: | | |
| ./run_tests.sh -c $IDENTIFIER | |
| - name: cleanupTestDownstreamSplitrole | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| AWS_MAX_ATTEMPTS: 100 | |
| IDENTIFIER: ${{github.run_id}}-TestDownstreamSplitrole | |
| run: | | |
| ./run_tests.sh -c $IDENTIFIER | |
| report: | |
| needs: | |
| - release | |
| - test_TestOneBasic | |
| - test_TestProdBasic | |
| - test_TestThreeBasic | |
| - test_TestDownstreamBasic | |
| - test_TestDownstreamSplitrole | |
| - test_Cleanup | |
| if: success() && needs.release.outputs.release_pr #Ensure the test jobs succeeded, and that a release PR was created. | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/github-script@v8 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: ${{ fromJson(needs.release.outputs.release_pr).number }}, | |
| owner: "${{ github.repository_owner }}", | |
| repo: "${{ github.event.repository.name }}", | |
| body: "End to End Tests Passed! \n ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| }) |