🧑‍💻 Add Helm assets to run containerized tests (#1304)

* Add the required Helm assets to run containerized tests in local dev

.gitignore

@@ -10,8 +10,8 @@ mise.local.toml
 # Docker Cache
 tilt/docker
 
-# Helm Charts
-tilt/.charts
+# Helm chart dependencies
+helm/**/charts
 
 # VON Network
 tilt/.von-network

README.md

@@ -214,11 +214,30 @@ mise run tilt:up
 In another terminal:
 
 ```bash
-helmfile apply \
-  --environment local \
-  -f ./tilt/.charts/helmfiles/aries-capi-test.yaml
+# Run e2e tests
+helm upgrade --install acapy-test \
+  -f ./helm/acapy-test/conf/local/values.yaml \
+  ./helm/acapy-test
+
+# Bootstrap regression tests
+helm upgrade --install acapy-regression-test \
+  -f ./helm/acapy-test/conf/local/values.yaml \
+  -f ./helm/acapy-test/conf/local/regression.yaml \
+  --set env.FAIL_ON_RECREATING_FIXTURES=false \
+  ./helm/acapy-test
+
+# Run regression tests
+helm upgrade --install acapy-regression-test \
+  -f ./helm/acapy-test/conf/local/values.yaml \
+  -f ./helm/acapy-test/conf/local/regression.yaml \
+  --set env.FAIL_ON_RECREATING_FIXTURES=true \
+  ./helm/acapy-test
 ```
 
+> [!NOTE]
+> At the time of writing, if you are running tests on an ARM based machine, it is
+> expected that `bbs` tests will fail as `bbs` is not currently supported on ARM.
+
 ## CI/CD
 
 Please, refer to the [CI/CD docs](./.github/workflows/README.md) for more

helm/acapy-test/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/acapy-test/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: acapy-test
+description: A Helm chart to deploy AcaPy Cloud containerized tests
+type: application
+version: 0.1.0

helm/acapy-test/conf/.gitignore

@@ -0,0 +1,2 @@
+# We want to keep this local dir
+!local

helm/acapy-test/conf/local/regression.yaml

@@ -0,0 +1,18 @@
+fullnameOverride: acapy-regression-test
+
+command:
+  - sh
+  - -c
+  - |
+    poetry run pytest \
+      --junitxml="/mnt/test_output.xml" \
+      --cov-report=term-missing:skip-covered \
+      --cov | tee /mnt/test_coverage.txt
+
+env:
+  RUN_REGRESSION_TESTS: true
+  # `env.FAIL_ON_RECREATING_FIXTURES` -- Fail tests if they try to create new tenants, credentials, or connections
+  # - Set to `false` on a clean stack (first time running regression tests)
+  # - Set to `true` on a "dirty" stack (re-running regression tests)
+  #   - This will cause tests to fail on creating new tenants, credentials, or connections as these should already exist
+  FAIL_ON_RECREATING_FIXTURES: false

helm/acapy-test/conf/local/values.yaml

@@ -0,0 +1,43 @@
+command:
+  - sh
+  - -c
+  - |
+    poetry run pytest \
+      -n 2 \
+      --dist loadfile \
+      --junitxml="/mnt/test_output.xml" \
+      --cov-report=term-missing:skip-covered \
+      --cov | tee /mnt/test_coverage.txt
+
+env:
+  ACAPY_GOVERNANCE_AGENT_URL: http://governance-agent:3021
+  ACAPY_TAILS_SERVER_BASE_URL: http://tails-server:6543
+  ACAPY_TENANT_AGENT_URL: http://multitenant-agent:3021
+  CLOUDAPI_URL: http://tenant-web:8000/tenant
+  GOVERNANCE_ACAPY_LABEL: Governance
+  GOVERNANCE_FASTAPI_ENDPOINT: http://governance-web:8000/governance
+  LEDGER_REGISTRATION_URL: http://ledger-browser:8000/register
+  REGISTRY_CREATION_TIMEOUT: 120
+  SKIP_SET_PUBLIC_DID: true # skip set_public_did test to avoid conflict with two public dids, different seed
+  TENANT_ADMIN_FASTAPI_ENDPOINT: http://multitenant-web:8000/tenant-admin
+  TENANT_FASTAPI_ENDPOINT: http://tenant-web:8000/tenant
+  TRUST_REGISTRY_FASTAPI_ENDPOINT: http://public-web:8000/public
+  TRUST_REGISTRY_URL: http://trust-registry:8000
+  WAYPOINT_URL: http://waypoint:3010
+
+secretConfig:
+  ACAPY_GOVERNANCE_AGENT_API_KEY: adminApiKey
+  ACAPY_MULTITENANT_JWT_SECRET: verySecretMultitenantJwtSecret
+  ACAPY_TENANT_AGENT_API_KEY: adminApiKey
+  GOVERNANCE_ACAPY_API_KEY: adminApiKey
+  TENANT_ACAPY_API_KEY: adminApiKey
+
+persistence:
+  enabled: true
+  mountPath: /mnt
+  capacity: 1Gi
+  storageClassName: standard
+# podSecurityContext:
+#   fsGroup: 65534
+# securityContext:
+#   runAsUser: 65534

helm/acapy-test/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "acapy-test.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "acapy-test.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "acapy-test.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "acapy-test.labels" -}}
+helm.sh/chart: {{ include "acapy-test.chart" . }}
+{{ include "acapy-test.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "acapy-test.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "acapy-test.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "acapy-test.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "acapy-test.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

helm/acapy-test/templates/job.yaml

@@ -0,0 +1,92 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "acapy-test.fullname" . }}
+  labels:
+    {{- include "acapy-test.labels" . | nindent 4 }}
+    {{- with .Values.labels }}
+    {{- tpl (toYaml .) $ | nindent 4 }}
+    {{- end }}
+spec:
+  completions: {{ .Values.completions }}
+  backoffLimit: {{ default 0 .Values.backoffLimit }}
+  template:
+    metadata:
+      name: {{ include "acapy-test.fullname" . }}
+      labels:
+        {{- include "acapy-test.selectorLabels" . | nindent 8 }}
+        {{- if .Values.podLabels }}
+        {{- tpl (toYaml .Values.podLabels) . | nindent 8 }}
+        {{- end }}
+      annotations:
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+      {{- if .Values.podAnnotations }}
+        {{- tpl (toYaml .Values.podAnnotations) . | nindent 8 }}
+      {{- end }}
+    spec:
+      serviceAccountName: {{ include "acapy-test.serviceAccountName" . }}
+      automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      restartPolicy: {{ default "Never" .Values.restartPolicy }}
+      volumes:
+      {{- if .Values.persistence.enabled }}
+      - name: data
+        persistentVolumeClaim:
+          claimName: {{ include "acapy-test.fullname" . }}
+      {{- end }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        {{- if .Values.command }}
+        command:
+          {{- toYaml .Values.command | nindent 10 }}
+        {{- end }}
+        {{- if .Values.args }}
+        args:
+          {{- toYaml .Values.args | nindent 10 }}
+        {{- end }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+        envFrom:
+        - secretRef:
+            name: {{ include "acapy-test.fullname" . }}
+        {{- if .Values.env }}
+        env:
+        {{- range $k,$v := .Values.env }}
+        - name: {{ $k }}
+          {{- $type := printf "%s" (typeOf $v) }}
+          {{- if or (eq $type "string") (eq $type "float64") (eq $type "bool") }}
+          value: {{ tpl (toString $v) $ | quote }}
+          {{- else }}
+          {{- tpl (toYaml .) $ | nindent 10 }}
+          {{- end }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.extraSecretNamesForEnvFrom }}
+        envFrom:
+        {{- range .Values.extraSecretNamesForEnvFrom }}
+          - secretRef:
+              name: {{ . }}
+        {{- end }}
+        {{- end }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+        volumeMounts:
+        {{- if .Values.persistence.enabled }}
+        - name: data
+          mountPath: {{ .Values.persistence.mountPath }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

helm/acapy-test/templates/pvc.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "acapy-test.fullname" . }}
+  labels:
+    {{- include "acapy-test.labels" . | nindent 4 }}
+spec:
+  storageClassName: {{ .Values.persistence.storageClassName }}
+  accessModes:
+    - {{ default "ReadWriteOnce" .Values.persistence.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.capacity }}
+{{- end }}

helm/acapy-test/templates/secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "acapy-test.fullname" . }}
+  labels:
+    {{- include "acapy-test.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  {{- range $k, $v := .Values.secretConfig }}
+  {{ $k }}: {{ tpl (toString $v) . }}
+  {{- end }}

helm/acapy-test/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "acapy-test.serviceAccountName" . }}
+  labels:
+    {{- include "acapy-test.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}