fix: e2e integration with Kubernetes cluster (#81)

Author: adskyiproger

.github/workflows/deploy-and-e2e.yml

@@ -1,12 +1,12 @@
 name: Deploy & run E2E
-run-name: 'E2E by ${{ github.event.client_payload.actor || github.actor }} to ${{ github.event.client_payload.stack || github.event.inputs.stack }}. Images core: ${{ github.event.client_payload.core-image-tag || github.event.inputs.core-image-tag }} and farajaland: ${{ github.event.client_payload.countryconfig-image-tag || github.event.inputs.countryconfig-image-tag }}'
+run-name: 'E2E by ${{ github.event.client_payload.actor || github.actor }} to ${{ github.event.client_payload.stack || github.event.inputs.stack }}. (core: ${{ github.event.client_payload.core-image-tag || github.event.inputs.core-image-tag }}, farajaland: ${{ github.event.client_payload.countryconfig-image-tag || github.event.inputs.countryconfig-image-tag }})'
 on:
   repository_dispatch:
     types: [run_e2e]
   workflow_dispatch:
     inputs:
       core-image-tag:
-        description: Core DockerHub image tag
+        description: Core image tag
         required: true
         default: 'v1.8.0'
       countryconfig-image-tag:
@@ -26,19 +26,71 @@ on:
         description: e2e branch
         required: false
         default: 'develop'
+      runtime:
+        required: false
+        default: 'none'
+        type: choice
+        options:
+          - none
+          - docker
+          - k8s
+      reset:
+        description: reset e2e
+        required: false
+        default: false
+        type: boolean
 concurrency:
-  group: ${{ github.event.client_payload.stack || github.event.inputs.stack }}
+  group: ${{ github.event.client_payload.stack || inputs.stack }}
   cancel-in-progress: true
 
 jobs:
   debug:
     name: Debug output
     runs-on: ubuntu-22.04
+    outputs:
+      runtime: ${{ steps.runtime.outputs.runtime }}
+      domain: ${{ steps.runtime.outputs.domain }}
+      keep_e2e: ${{ steps.runtime.outputs.keep_e2e }}
     steps:
       - name: Print Entire Event Payload
         run: |
           echo "${{ toJson(github.event) }}"
-  deploy:
+      - name: Select docker swarm or k8s
+        # Environment is selected based on stack hash with is always constant
+        # Only first 8 symbols are used from hash and stack_id number is generated
+        # - Odd numbers are deployed to k8s
+        # - Even numbers are deployed to docker swarm
+        # E/g ocrvs-9595 has stack id 2766917431, which means docker
+        id: runtime
+        env:
+          run_id: ${{ github.run_id }}
+          runtime: ${{ github.event.client_payload.runtime || inputs.runtime }}
+          stack: ${{ github.event.client_payload.stack || inputs.stack }}
+          keep_e2e: ${{ github.event.client_payload.keep-e2e || inputs.keep-e2e }}
+        run: |
+          stack_hash=$(echo -n "$stack" | sha256sum | head -c 8)
+          stack_id=$((16#$stack_hash))
+          if [[ -n "$runtime" && "$runtime" != "none" ]]; then
+            runtime="$runtime"
+          elif (( stack_id % 2 == 0 )); then
+            runtime="k8s"
+          else
+            runtime="docker"
+          fi
+          if [[ "$runtime" == "docker" ]]; then
+            domain=${{ github.event.client_payload.stack || inputs.stack }}.${{ vars.DOMAIN }}
+          else
+            domain=${{ github.event.client_payload.stack || inputs.stack }}.k8s-e2e.${{ vars.DOMAIN }}
+          fi
+          echo "domain=$domain" >> $GITHUB_OUTPUT
+          echo "runtime=$runtime" >> $GITHUB_OUTPUT
+          echo "keep_e2e=$keep_e2e" >> $GITHUB_OUTPUT
+          echo "domain=$domain"
+          echo "runtime=$runtime"
+          echo "keep_e2e=$keep_e2e"
+  deploy-docker:
+    needs: debug
+    if: needs.debug.outputs.runtime == 'docker'
     uses: ./.github/workflows/deploy.yml
     with:
       core-image-tag: ${{ github.event.client_payload.core-image-tag || github.event.inputs.core-image-tag }}
@@ -48,6 +100,16 @@ jobs:
       e2e_branch: ${{ github.event.client_payload.branch || github.event.inputs.branch }}
       reset: 'true'
     secrets: inherit
+  deploy-k8s:
+    if: needs.debug.outputs.runtime == 'k8s'
+    needs: debug
+    uses: ./.github/workflows/k8s-deploy.yml
+    with:
+      core-image-tag: ${{ github.event.client_payload.core-image-tag || inputs.core-image-tag }}
+      countryconfig-image-tag: ${{ github.event.client_payload.countryconfig-image-tag || inputs.countryconfig-image-tag }}
+      environment: ${{ github.event.client_payload.stack || inputs.stack }}
+      reset: ${{ github.event.client_payload.reset || inputs.reset || true }}
+    secrets: inherit
 
   discover-tests:
     name: Discover test directories
@@ -83,7 +145,7 @@ jobs:
             node_modules
             ~/.cache/yarn/v6
             ~/.cache/ms-playwright
-          key: ${{ github.event.client_payload.countryconfig-image-tag || github.event.inputs.countryconfig-image-tag }}
+          key: ${{ github.event.client_payload.countryconfig-image-tag || inputs.countryconfig-image-tag }}
           restore-keys: |
             ${{ runner.os }}-node-
 
@@ -101,16 +163,22 @@ jobs:
             node_modules
             ~/.cache/yarn/v6
             ~/.cache/ms-playwright
-          key: ${{ github.event.client_payload.countryconfig-image-tag || github.event.inputs.countryconfig-image-tag }}
+          key: ${{ github.event.client_payload.countryconfig-image-tag || inputs.countryconfig-image-tag }}
           restore-keys: |
             ${{ runner.os }}-node-
   test:
-    needs: [deploy, discover-tests]
-    runs-on: ubuntu-22.04
-    environment: ${{ github.event.client_payload.stack || github.event.inputs.stack }}
+    needs: [debug, deploy-docker, deploy-k8s, discover-tests]
+    # Continue if at least one dependency succeeded (docker OR k8s ran)
+    if: |
+      always() && (
+        needs.deploy-docker.result == 'success' ||
+        needs.deploy-k8s.result == 'success'
+      )
+    runs-on: ubuntu-24.04
+    environment: ${{ github.event.client_payload.stack || inputs.stack }}
     strategy:
-      fail-fast: false
       max-parallel: 10
+      fail-fast: false
       matrix:
         test_file: ${{ fromJson(needs.discover-tests.outputs.test_matrix) }}
     name: ${{ matrix.test_file }}
@@ -122,7 +190,7 @@ jobs:
 
       - name: Checkout country branch
         run: |
-          git checkout ${{ github.event.client_payload.countryconfig-image-tag || github.event.inputs.countryconfig-image-tag }}
+          git checkout ${{ github.event.client_payload.countryconfig-image-tag || inputs.countryconfig-image-tag }}
       - name: Set up Node.js from country .nvmrc
         uses: actions/setup-node@v4
         with:
@@ -136,7 +204,7 @@ jobs:
             node_modules
             ~/.cache/yarn/v6
             ~/.cache/ms-playwright
-          key: ${{ github.event.client_payload.countryconfig-image-tag || github.event.inputs.countryconfig-image-tag }}
+          key: ${{ github.event.client_payload.countryconfig-image-tag || inputs.countryconfig-image-tag }}
           restore-keys: |
             ${{ runner.os }}-node-
 
@@ -150,9 +218,16 @@ jobs:
           max_attempts: 3
           command: npx playwright install --with-deps
       - name: Run Playwright Tests
-        run: npx playwright test ./e2e/testcases/${{ matrix.test_file }}
+        run: |
+          curl -s -o $NODE_EXTRA_CA_CERTS https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem
+          curl -s -o playwright.config.ts https://raw.githubusercontent.com/opencrvs/e2e/refs/heads/k8s-integration/playwright.config.ts
+          npx playwright test ./e2e/testcases/print-certificate/death/36.07-validate-certify-record-page.spec.ts
         env:
-          DOMAIN: '${{ github.event.client_payload.stack || inputs.stack }}.${{ vars.DOMAIN }}'
+          DOMAIN: '${{ needs.debug.outputs.domain }}'
+          # Allow e2e playwright API call for Lets encrypt staging SSL Certificate
+          NODE_EXTRA_CA_CERTS: /tmp/letsencrypt-stg-root-x1.pem
+          # Allow e2e Browser for Lets encrypt staging SSL Certificate
+          IGNORE_CA: '1'
       - id: ctrf_check
         if: always()
         run: |
@@ -171,7 +246,7 @@ jobs:
       - uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: playwright-report-${{ github.event.client_payload.stack || github.event.inputs.stack }}-${{ steps.artifact.outputs.artifact }}-${{ github.run_id }}-${{ github.run_attempt }}
+          name: playwright-report-${{ github.event.client_payload.stack || inputs.stack }}-${{ steps.artifact.outputs.artifact }}-${{ github.run_id }}-${{ github.run_attempt }}
           path: playwright-report/
           retention-days: 30
 
@@ -199,13 +274,13 @@ jobs:
         run: |
           echo "result=$PREVIOUS_CONCLUSION" >> $GITHUB_OUTPUT
 
-  cleanup-stack:
-    needs: [test]
+  cleanup-stack-docker:
+    needs: [test, debug]
     runs-on: ubuntu-24.04
-    if: github.event.client_payload.keep-e2e == 'false' || github.event.inputs.keep-e2e == 'false'
+    if: always() && needs.debug.outputs.keep_e2e == 'false' && needs.debug.outputs.runtime == 'docker'
     env:
-      stack: ${{ github.event.client_payload.stack || github.event.inputs.stack }}
-      keep_e2e: ${{ github.event.client_payload.keep-e2e || github.event.inputs.keep-e2e }}
+      stack: ${{ github.event.client_payload.stack || inputs.stack }}
+      keep_e2e: ${{ github.event.client_payload.keep-e2e || inputs.keep-e2e }}
     steps:
       - uses: actions/checkout@v4
       - name: Read known hosts
@@ -230,3 +305,31 @@ jobs:
           --ssh_host=${{ vars.SSH_HOST || secrets.SSH_HOST }} \
           --ssh_port=${{ vars.SSH_PORT || secrets.SSH_PORT }} \
           --ssh_user=${{ secrets.SSH_USER }}
+
+  cleanup-stack-k8s:
+    needs: [test, debug]
+    runs-on: [self-hosted]
+    env:
+      ENV: ${{ github.event.client_payload.stack || inputs.stack }}
+    if: always() && needs.debug.outputs.keep_e2e == 'false' && needs.debug.outputs.runtime == 'k8s'
+    steps:
+        - name: Checkout repo
+          uses: actions/checkout@v4
+        - name: Update k8s-env/opencrvs/values.yaml
+          run: |
+            sed -i -e "s#{{STACK}}#${ENV}#g" k8s-env/opencrvs/values.yaml
+        - name: Cleanup environment
+          run: |
+            kubectl delete job -n opencrvs-${ENV} --ignore-not-found=true data-cleanup
+            helm template -f k8s-env/opencrvs/values.yaml \
+                --set data_cleanup.enabled=true \
+                --set image.tag="$CORE_IMAGE_TAG" \
+                --namespace opencrvs-${ENV} \
+                -s templates/data-cleanup-job.yaml \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n opencrvs-${ENV} --wait=true -f -
+            sleep 30;
+            kubectl logs job/data-cleanup -f --all-containers=true -n opencrvs-${ENV} || true
+            kubectl wait --for=condition=complete job/data-cleanup -n opencrvs-${ENV} --timeout=600s;
+        - name: Delete helm release and namespace
+          run: |
+            kubectl delete namespace opencrvs-${ENV}

.github/workflows/k8s-deploy.yml

@@ -0,0 +1,98 @@
+name: Deploy (k8s)
+run-name: "Deploy OpenCRVS on k8s (core: ${{ inputs.core-image-tag }}, country: ${{ inputs.countryconfig-image-tag }})"
+on:
+    workflow_call:
+      inputs:
+        core-image-tag:
+          type: string
+        countryconfig-image-tag:
+          type: string
+        environment:
+          type: string
+        reset:
+          type: boolean
+    workflow_dispatch:
+      inputs:
+        core-image-tag:
+          description: "Tag of the core image"
+          required: true
+          default: "develop"
+        countryconfig-image-tag:
+          description: "Tag of the countryconfig image"
+          required: true
+          default: "develop"
+        environment:
+          description: "Target environment"
+          required: true
+          default: "demo"
+          type: string
+        reset:
+          description: "Reset environment after deploy"
+          required: false
+          default: false
+          type: boolean
+
+jobs:
+  deploy:
+    env:
+      ENV: ${{ inputs.environment }}
+      CORE_IMAGE_TAG: ${{ inputs.core-image-tag }}
+      COUNTRYCONFIG_IMAGE_TAG: ${{ inputs.countryconfig-image-tag }}
+    runs-on: [self-hosted]
+    steps:
+      # FYI: Repository is needed only due to single file: examples/dev/opencrvs-services/values.yaml
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Print deployment parameters
+        run: |
+          echo "Environment: $ENV"
+          echo "Core Image: $CORE_IMAGE_TAG"
+          echo "Country Config Image: $COUNTRYCONFIG_IMAGE_TAG"
+      - name: Deploy OpenCRVS MOSIP API
+        run: |
+          helm upgrade --install mosip-api oci://ghcr.io/opencrvs/opencrvs-mosip \
+          --namespace "opencrvs-${ENV}" \
+          -f k8s-env/mosip-api/values.yaml \
+          --set hostname=$ENV.k8s-e2e.opencrvs.dev \
+          --create-namespace
+      - name: Copy secrets from dependencies into application namespace
+        run: |
+          secrets=(
+            "elasticsearch-admin-user"
+            "redis-opencrvs-users"
+            "minio-opencrvs-users"
+            "mongodb-admin-user"
+            "postgres-admin-user"
+          )
+          for secret in "${secrets[@]}"; do
+            kubectl get secret $secret -n opencrvs-deps-e2e -o yaml \
+            | sed "s#namespace: opencrvs-deps-e2e#namespace: opencrvs-${ENV}#" \
+            | grep -vE 'resourceVersion|uid|creationTimestamp' \
+            | kubectl apply -n opencrvs-${ENV} -f - \
+            || echo "Secret $secret doesn't exist in opencrvs-deps-e2e namespace"
+          done
+      - name: Update k8s-env/opencrvs/values.yaml
+        run: |
+          sed -i -e "s#{{STACK}}#${ENV}#g" k8s-env/opencrvs/values.yaml
+      - name: Deploy with Helm
+        run: |
+          helm upgrade --install opencrvs oci://ghcr.io/opencrvs/opencrvs-services \
+            --namespace "opencrvs-${ENV}" \
+            -f k8s-env/opencrvs/values.yaml \
+            --create-namespace \
+            --set image.tag="$CORE_IMAGE_TAG" \
+            --set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \
+            --set hostname=$ENV.k8s-e2e.opencrvs.dev \
+            --set environment="$ENV"
+
+  reset-data:
+    if: ${{ inputs.reset }}
+    # name: Reset environment (k8s)
+    # run-name: "Reset environment (core: ${{ inputs.core-image-tag }})
+    needs: deploy
+    uses: ./.github/workflows/k8s-reset-data.yml
+    with:
+      environment: ${{ inputs.environment }}
+      core-image-tag: ${{ inputs.core-image-tag }}
+    secrets: inherit