# Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 name: test-integrations on: pull_request: branches-ignore: - stable-website - 'docs/**' - 'ui/**' - 'mktg-**' # Digital Team Terraform-generated branch prefix - 'backport/docs/**' - 'backport/ui/**' - 'backport/mktg-**' push: branches: # Push events on the main branch - main - release/** env: TEST_RESULTS_DIR: /tmp/test-results TEST_RESULTS_ARTIFACT_NAME: test-results CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} GOTESTSUM_VERSION: "1.11.0" CONSUL_BINARY_UPLOAD_NAME: consul-bin # strip the hashicorp/ off the front of github.repository for consul CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }} GOPRIVATE: github.com/hashicorp # Required for enterprise deps SKIP_CHECK_BRANCH: ${{ github.head_ref || github.ref_name }} concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true jobs: conditional-skip: runs-on: ubuntu-latest name: Get files changed and conditionally skip CI outputs: skip-ci: ${{ steps.read-files.outputs.skip-ci }} steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 - name: Get changed files id: read-files run: ./.github/scripts/check_skip_ci.sh setup: needs: [conditional-skip] runs-on: ubuntu-latest name: Setup if: needs.conditional-skip.outputs.skip-ci != 'true' outputs: compute-small: ${{ steps.runners.outputs.compute-small }} compute-medium: ${{ steps.runners.outputs.compute-medium }} compute-large: ${{ steps.runners.outputs.compute-large }} compute-xl: ${{ steps.runners.outputs.compute-xl }} enterprise: ${{ steps.runners.outputs.enterprise }} steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - id: runners run: .github/scripts/get_runner_classes.sh get-go-version: uses: ./.github/workflows/reusable-get-go-version.yml get-envoy-versions: uses: ./.github/workflows/reusable-get-envoy-versions.yml dev-build: needs: - setup - get-go-version uses: ./.github/workflows/reusable-dev-build.yml with: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} uploaded-binary-name: 'consul-bin' go-version: ${{ needs.get-go-version.outputs.go-version }} secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} nomad-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} needs: - setup - dev-build permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read strategy: matrix: nomad-version: ['v1.8.3', 'v1.7.7', 'v1.6.10'] steps: - name: Checkout Nomad uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: repository: hashicorp/nomad ref: ${{ matrix.nomad-version }} - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: # Do not explicitly set Go version here, as it should depend on what Nomad declares. go-version-file: 'go.mod' - name: Fetch Consul binary uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}' path: ./bin - name: Restore Consul permissions run: | chmod +x ./bin/consul echo "$(pwd)/bin" >> $GITHUB_PATH - name: Make Nomad dev build run: | make pkg/linux_amd64/nomad echo "$(pwd)/pkg/linux_amd64" >> $GITHUB_PATH - name: Run integration tests run: | go install gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} && \ gotestsum \ --format=github-actions \ --rerun-fails \ --rerun-fails-report=/tmp/gotestsum-rerun-fails \ --packages="./command/agent/consul" \ --junitfile $TEST_RESULTS_DIR/results.xml -- \ -run TestConsul # NOTE: ENT specific step as we store secrets in Vault. - name: Authenticate to Vault if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: vault-auth run: vault-auth # NOTE: ENT specific step as we store secrets in Vault. - name: Fetch Secrets if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: secrets uses: hashicorp/vault-action@v3 with: url: ${{ steps.vault-auth.outputs.addr }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} token: ${{ steps.vault-auth.outputs.token }} secrets: | kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - name: prepare datadog-ci if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }} run: | curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" chmod +x /usr/local/bin/datadog-ci - name: upload coverage # do not run on forks if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} env: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml vault-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} needs: - setup - get-go-version - dev-build permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read strategy: matrix: vault-version: ["1.17.5", "1.16.3", "1.15.6"] env: VAULT_BINARY_VERSION: ${{ matrix.vault-version }} steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - name: Setup Git if: ${{ endsWith(github.repository, '-enterprise') }} run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: # We use the current Consul Go version here since Vault is installed as a binary # and tests are run from the Consul repo. go-version: ${{ needs.get-go-version.outputs.go-version }} - name: Install Vault run: | wget -q -O /tmp/vault.zip "https://releases.hashicorp.com/vault/${{ env.VAULT_BINARY_VERSION }}/vault_${{ env.VAULT_BINARY_VERSION }}_linux_amd64.zip" unzip -d /tmp /tmp/vault.zip echo "/tmp" >> $GITHUB_PATH - name: Run Connect CA Provider Tests run: | mkdir -p "${{ env.TEST_RESULTS_DIR }}" go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --format=github-actions \ --junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report.xml" \ -- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage.txt ./agent/connect/ca # Run leader tests that require Vault go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --format=github-actions \ --junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-leader.xml" \ -- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage-leader.txt -run Vault ./agent/consul # Run agent tests that require Vault go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --format=github-actions \ --junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-agent.xml" \ -- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage-agent.txt -run Vault ./agent # NOTE: ENT specific step as we store secrets in Vault. - name: Authenticate to Vault if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: vault-auth run: vault-auth # NOTE: ENT specific step as we store secrets in Vault. - name: Fetch Secrets if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: secrets uses: hashicorp/vault-action@v3 with: url: ${{ steps.vault-auth.outputs.addr }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} token: ${{ steps.vault-auth.outputs.token }} secrets: | kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - name: prepare datadog-ci if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }} run: | curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" chmod +x /usr/local/bin/datadog-ci - name: upload coverage # do not run on forks if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} env: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" "${{ env.TEST_RESULTS_DIR }}/gotestsum-report.xml" - name: upload leader coverage # do not run on forks if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} env: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-leader.xml" - name: upload agent coverage # do not run on forks if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} env: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-agent.xml" generate-envoy-job-matrices: needs: [setup] runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} name: Generate Envoy Job Matrices outputs: envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }} steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Generate Envoy Job Matrix id: set-matrix env: # TEST_SPLITS sets the number of test case splits to use in the matrix. This will be # further multiplied in envoy-integration tests by the other dimensions in the matrix # to determine the total number of runners used. TEST_SPLITS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' run: | NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l) if [ "$NUM_DIRS" -lt "$TEST_SPLITS" ]; then echo "TEST_SPLITS is larger than the number of tests/packages to split." TEST_SPLITS=$((NUM_DIRS-1)) fi # fix issue where test splitting calculation generates 1 more split than TEST_SPLITS. TEST_SPLITS=$((TEST_SPLITS-1)) { echo -n "envoy-matrix=" find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \ | xargs -0 -n 1 basename \ | jq --raw-input --argjson runnercount "$TEST_SPLITS" "$JQ_SLICER" \ | jq --compact-output 'map(join("|"))' } >> "$GITHUB_OUTPUT" envoy-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} needs: - setup - get-go-version - get-envoy-versions - generate-envoy-job-matrices - dev-build permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read strategy: fail-fast: false matrix: xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: ENVOY_VERSION: ${{ needs.get-envoy-versions.outputs.max-envoy-version }} XDS_TARGET: ${{ matrix.xds-target }} AWS_LAMBDA_REGION: us-west-2 steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: ${{ needs.get-go-version.outputs.go-version }} - name: fetch binary uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}' path: ./bin - name: restore mode+x run: chmod +x ./bin/consul - name: Set up Docker Buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Docker build run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin - name: Envoy Integration Tests id: envoy-integration-tests env: GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml GOTESTSUM_FORMAT: standard-verbose COMPOSE_INTERACTIVE_NO_CLI: 1 LAMBDA_TESTS_ENABLED: "true" # tput complains if this isn't set to something. TERM: ansi run: | # shellcheck disable=SC2001 echo "Running $(sed 's,|, ,g' <<< "${{ matrix.test-cases }}" |wc -w) subtests" # shellcheck disable=SC2001 sed 's,|,\n,g' <<< "${{ matrix.test-cases }}" go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --debug \ --rerun-fails \ --rerun-fails-report=/tmp/gotestsum-rerun-fails \ --jsonfile /tmp/jsonfile/go-test.log \ --packages=./test/integration/connect/envoy \ -- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})" # See https://github.com/orgs/community/discussions/8945#discussioncomment-9897011 # and overall topic discussion for why this is necessary. - name: Generate artifact ID id: generate-artifact-id if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }} run: | ARTIFACT_ID=$(uuidgen) echo "Artifact ID: $ARTIFACT_ID (search this in job summary for download link)" echo "artifact_id=$ARTIFACT_ID" >> "$GITHUB_ENV" - name: Upload failure logs if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }} uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: envoy-${{ matrix.envoy-version }}-logs-${{ env.artifact_id }} path: test/integration/connect/envoy/workdir/logs/ # NOTE: ENT specific step as we store secrets in Vault. - name: Authenticate to Vault if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: vault-auth run: vault-auth # NOTE: ENT specific step as we store secrets in Vault. - name: Fetch Secrets if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: secrets uses: hashicorp/vault-action@v3 with: url: ${{ steps.vault-auth.outputs.addr }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} token: ${{ steps.vault-auth.outputs.token }} secrets: | kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - name: prepare datadog-ci if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }} run: | curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" chmod +x /usr/local/bin/datadog-ci - name: upload coverage # do not run on forks if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} env: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml compatibility-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }} # NOTE: do not change without tuning the -p and -parallel flags in go test. needs: - setup - get-go-version - get-envoy-versions - dev-build permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read env: ENVOY_VERSION: ${{ needs.get-envoy-versions.outputs.max-envoy-version }} #TODO don't harcode this image name CONSUL_DATAPLANE_IMAGE: "docker.io/hashicorppreview/consul-dataplane:1.6-dev-ubi" steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - name: Setup Git if: ${{ endsWith(github.repository, '-enterprise') }} run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: ${{ needs.get-go-version.outputs.go-version }} - run: go env - name: docker env run: | docker version docker info - name: fetch binary uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}' path: . - name: restore mode+x run: chmod +x consul # Build the consul:local image from the already built binary - name: Build consul:local image run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile . - name: Build consul-envoy:target-version image id: buildConsulEnvoyImage continue-on-error: true run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - name: Retry Build consul-envoy:target-version image if: steps.buildConsulEnvoyImage.outcome == 'failure' run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - name: Build consul-dataplane:local image run: docker build -t consul-dataplane:local --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg CONSUL_DATAPLANE_IMAGE=${{ env.CONSUL_DATAPLANE_IMAGE }} -f ./test/integration/consul-container/assets/Dockerfile-consul-dataplane ./test/integration/consul-container/assets - name: Configure GH workaround for ipv6 loopback if: ${{ !endsWith(github.repository, '-enterprise') }} run: | cat /etc/hosts && echo "-----------" sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts cat /etc/hosts - name: Compatibility Integration Tests run: | mkdir -p "/tmp/test-results" cd ./test/integration/consul-container docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --raw-command \ --format=github-actions \ --rerun-fails \ -- \ go test \ -p=6 \ -parallel=4 \ -tags "${{ env.GOTAGS }}" \ -timeout=30m \ -json \ `go list -tags "${{ env.GOTAGS }}" ./... | grep -v upgrade | grep -v peering_commontopo` \ --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ --target-version local \ --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \ --latest-version latest ls -lrt env: # this is needed because of incompatibility between RYUK container and GHA GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml GOTESTSUM_FORMAT: standard-verbose COMPOSE_INTERACTIVE_NO_CLI: 1 # tput complains if this isn't set to something. TERM: ansi # NOTE: ENT specific step as we store secrets in Vault. - name: Authenticate to Vault if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: vault-auth run: vault-auth # NOTE: ENT specific step as we store secrets in Vault. - name: Fetch Secrets if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: secrets uses: hashicorp/vault-action@v3 with: url: ${{ steps.vault-auth.outputs.addr }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} token: ${{ steps.vault-auth.outputs.token }} secrets: | kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - name: prepare datadog-ci if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }} run: | curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" chmod +x /usr/local/bin/datadog-ci - name: upload coverage # do not run on forks if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} env: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml integration-test-with-deployer: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }} needs: - setup - get-go-version permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read strategy: fail-fast: false env: # TODO @sarah.alsmiller Don't hardcode this version value DEPLOYER_CONSUL_DATAPLANE_IMAGE: "docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.6-dev" steps: - name: Checkout code uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - name: Setup Git if: ${{ endsWith(github.repository, '-enterprise') }} run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: ${{ needs.get-go-version.outputs.go-version }} - run: go env - name: Build image run: make test-deployer-setup - name: Integration Tests run: | mkdir -p "${{ env.TEST_RESULTS_DIR }}" #export NOLOGBUFFER=1 cd ./test-integ go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --raw-command \ --format=github-actions \ -- \ go test \ -tags "${{ env.GOTAGS }}" \ -timeout=20m \ -parallel=2 \ -failfast \ -json \ `go list -tags "${{ env.GOTAGS }}" ./... | grep -v peering_commontopo | grep -v upgrade ` \ --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ --target-version local \ --latest-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ --latest-version latest env: # this is needed because of incompatibility between RYUK container and GHA GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml GOTESTSUM_FORMAT: standard-verbose COMPOSE_INTERACTIVE_NO_CLI: 1 # tput complains if this isn't set to something. TERM: ansi # NOTE: ENT specific step as we store secrets in Vault. - name: Authenticate to Vault if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: vault-auth run: vault-auth # NOTE: ENT specific step as we store secrets in Vault. - name: Fetch Secrets if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} id: secrets uses: hashicorp/vault-action@v3 with: url: ${{ steps.vault-auth.outputs.addr }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} token: ${{ steps.vault-auth.outputs.token }} secrets: | kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - name: prepare datadog-ci if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }} run: | curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" chmod +x /usr/local/bin/datadog-ci - name: upload coverage # do not run on forks if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} env: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml test-integrations-success: needs: - conditional-skip - setup - dev-build - nomad-integration-test - vault-integration-test - generate-envoy-job-matrices - envoy-integration-test - compatibility-integration-test - integration-test-with-deployer runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} if: always() && needs.conditional-skip.outputs.skip-ci != 'true' steps: - name: evaluate upstream job results run: | # exit 1 if failure or cancelled result for any upstream job if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}" exit 1 fi