.github/workflows/run.e2e-tests.yml

name: "Tests: E2E"
concurrency: # This need to ensure that only a single job or workflow using the same concurrency group will run at a time.
  group: ${{ github.workflow }}
  cancel-in-progress: false

defaults:
  run:
    shell: bash

env:
  AWS_REGION: us-east-1
  NAMESPACE: tftest
  IZE_LOG_LEVEL: debug
  IZE_PREFER_RUNTIME: native
  IZE_PLAIN_TEXT: true
  IZE_VERSION: 0.0.0-dev
  IZE_LOCALSTACK: true
  IZE_ROOT_DOMAIN_NAME: tftest.local
  AWS_PROFILE: localstack

on:
  workflow_dispatch:
  pull_request:

jobs:
  e2e:
    runs-on: ubuntu-latest
    timeout-minutes: 60
    strategy:
      fail-fast: false
      max-parallel: 2 # VPCs are limited
      matrix:
        include:
#          - name: complete-worker
#            env: e2e01
#            test_name: TestExamplesCompleteWorker
#          - name: worker-scheduled
#            env: e2e02
#            test_name: TestExamplesWorkerSchedule
          - name: complete-web
            env: e2e03
            test_name: TestExamplesCompleteWeb
#          - name: web-nginx-proxy
#            env: e2e05
#            test_name: TestExamplesWebProxy
#          - name: worker-scheduled-autoscale
#            env: e2e04
#            test_name: TestExamplesWorkerAutoScheduled
#          - name: complete-worker-ec2
#            env: e2e05
#            test_name: TestExamplesWorkerEc2
    env:
      ENV: ${{ matrix.env }}

    steps:
      - name: Start LocalStack
        uses: LocalStack/setup-localstack@v0.2.0
        with:
          image-tag: 'latest'
          install-awslocal: 'false'
          use-pro: 'true'
        env:
          AWS_DEFAULT_REGION: us-east-1
          LOCALSTACK_AUTH_TOKEN: ${{ secrets.LOCALSTACK_AUTH_TOKEN }}


      - name: Install Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.18.x

      - name: Checkout Code
        uses: actions/checkout@v2

#      - name: Configure AWS Credentials
#        uses: aws-actions/configure-aws-credentials@v1
#        with:
#          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_SA }}
#          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_SA }}
#          aws-region: ${{ env.AWS_REGION }}

#      - name: Configure AWS Credentials
#        uses: aws-actions/configure-aws-credentials@v1
#        with:
#          aws-access-key-id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#          aws-secret-access-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#          aws-region: ${{ env.AWS_REGION }}

#      - name: Configure AWS Credentials
#        uses: aws-actions/configure-aws-credentials@v1
#        with:
#          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_SA }}
#          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_SA }}
#          aws-region: ${{ env.AWS_REGION }}

      - name: Generate Test SSH Key
        run: ssh-keygen -q -f ~/.ssh/id_rsa

      - name: IZE setup
        uses: hazelops/action-setup-ize@0.0.1
        with:
          version: ${{ env.IZE_VERSION }}

      - name: IZE init
        run: ize init

      - name: Ize gen env
        env:
          AWS_ACCESS_KEY_ID: test
          AWS_SECRET_ACCESS_KEY: test
          AWS_REGION: us-east-1
          AWS_PROFILE: default

        run: ize gen aws-profile

      - name: Init Localstack
        env:
          AWS_PROFILE: default
        run: |

            # Reset state (if any)
            curl --insecure -v --request POST http://127.0.0.1:4566/_localstack/state/reset

            echo "Terraform State Setup"
            echo "Create R53 domain"
            aws route53 create-hosted-zone --name "${NAMESPACE}.local" --caller-reference "2014-04-01-18:47"

            echo "Create S3 state bucket"
            aws s3api create-bucket --bucket "${NAMESPACE}-000000000000-tf-state"

            echo "Create DynamoDB Table"
            aws dynamodb create-table \
                --table-name tf-state-lock \
                --attribute-definitions AttributeName=LockID,AttributeType=S \
                --key-schema AttributeName=LockID,KeyType=HASH \
                --billing-mode PAY_PER_REQUEST

            echo "Create IAM Roles for non-root access
            aws iam create-role \
                --role-name eks-admin \
                --assume-role-policy-document '{
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "AWS": "arn:aws:iam::000000000000:root"
                        },
                        "Action": "sts:AssumeRole",
                        "Condition": {}
                    },
                    {
                                "Effect": "Allow",
                                "Principal": {
                                    "AWS": "arn:aws:iam::000000000000:user/badger"
                                },
                                "Action": "sts:AssumeRole",
                                "Condition": {}
                            }

                ]
            }'


            echo "Configure User for non-root access"
            aws iam create-user --user-name badger
            aws iam create-access-key --user-name badger | jq -r '.AccessKey | "[localstack]\naws_access_key_id=\(.AccessKeyId\)\naws_secret_access_key=\(.SecretAccessKey\)\nregion = us-east-1"' >> ~/.aws/credentials
            aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name badger

#      - name: IZE create AWS Profile
#        run: ize gen aws-profile

      - name: IZE gen tfenv
        run: ize gen tfenv

      - name: Copy generated files
        run: |
          cp -R .ize/env/${{ env.ENV }}/*.* examples/${{ matrix.name }}/

      - name: Go TF Test
        run: |
          cd test
          go mod tidy
          go test -v -timeout 60m -run ${{ matrix.test_name }}