Skip to content

Creating evgb816actionfix by @jeniawhite #64

Creating evgb816actionfix by @jeniawhite

Creating evgb816actionfix by @jeniawhite #64

name: Test Upgrade Environment
run-name: Creating ${{ github.event.inputs.deployment_name }} by @${{ github.actor }}
on:
# Ability to execute on demand
workflow_dispatch:
inputs:
deployment_name:
type: string
description: |
Name with letters, numbers, hyphens; start with a letter. Max 20 chars. e.g., 'my-env-123'
required: true
target-elk-stack-version:
required: true
description: "Target version of the ELK stack: For BC use version without hash 8.x.y, for SNAPSHOT use 8.x.y-SNAPSHOT"
default: "8.13.0"
type: string
base-elk-stack-version:
type: string
description: "Release version of the ELK stack"
required: false
docker-image-override:
required: false
description: "Provide the full Docker image path to override the default image (e.g. for testing BC/SNAPSHOT)"
kibana_ref:
description: "Kibana branch, tag, or commit SHA to check out the UI sanity tests from"
required: false
default: "main"
type: string
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: "eu-west-1"
WORKING_DIR: deploy/test-environments
INTEGRATIONS_SETUP_DIR: tests/integrations_setup
TF_VAR_stack_version: ${{ inputs.target-elk-stack-version }}
TF_VAR_ess_region: gcp-us-west2
TF_VAR_ec_api_key: ${{ secrets.EC_API_KEY }}
DOCKER_IMAGE: ${{ inputs.docker-image-override }}
jobs:
init:
runs-on: ubuntu-20.04
outputs:
base-stack-version: ${{ steps.set-previous-version.outputs.PREVIOUS_VERSION }}
ess-region: ${{ env.TF_VAR_ess_region }}
target-agent-version: ${{ steps.clean-version.outputs.AGENT_VERSION }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set Previous Version
id: set-previous-version
run: |
if [[ "${{ inputs.base-elk-stack-version }}" == "" ]]; then
VERSION="${{ inputs.target-elk-stack-version }}"
PREVIOUS_VERSION=$(./.ci/scripts/get-previous-version.sh "$VERSION")
echo "PREVIOUS_VERSION=$PREVIOUS_VERSION" >> $GITHUB_OUTPUT
else
echo "PREVIOUS_VERSION=${{ inputs.base-elk-stack-version }}" >> $GITHUB_OUTPUT
fi
- name: Process BC version
id: clean-version
run: |
# Extract the stack version
stack_version="${{ inputs.target-elk-stack-version }}"
# Check if the version contains a commit hash, remove it
if [[ $stack_version =~ -[a-f0-9]+ ]]; then
cleaned_version=$(echo $stack_version | awk -F"-" '{print $1}')
echo "AGENT_VERSION=$cleaned_version" >> $GITHUB_OUTPUT
else
echo "AGENT_VERSION=$stack_version" >> $GITHUB_OUTPUT
fi
deploy:
uses: ./.github/workflows/test-environment.yml
needs: init
# Required for the 'Deploy' job in the 'test-environment.yml' to authenticate with Google Cloud (gcloud).
permissions:
contents: 'read'
id-token: 'write'
with:
deployment_name: ${{ inputs.deployment_name }}
elk-stack-version: ${{ needs.init.outputs.base-stack-version }}
ess-region: ${{ needs.init.outputs.ess-region }}
run-sanity-tests: false # Set to true once the issue at https://github.com/elastic/kibana/pull/171200 is resolved.
serverless_mode: false
secrets: inherit
upgrade:
runs-on: ubuntu-20.04
needs: [init, deploy]
timeout-minutes: 120
defaults:
run:
working-directory: ${{ env.WORKING_DIR }}
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Init Hermit
run: ./bin/hermit env -r >> $GITHUB_ENV
working-directory: ./
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.9'
- name: Install Poetry
run: |
curl -sSL https://install.python-poetry.org | python3 -
poetry --version
- name: Install Fleet API and Tests dependencies
id: fleet-api-deps
working-directory: ./tests
run: |
poetry install
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::704479110758:role/Developer_eks
role-session-name: github-ci
aws-region: ${{ env.AWS_REGION }}
- id: google-auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- id: azure-auth
name: Azure login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Download tf state data
env:
S3_BUCKET: ${{ needs.deploy.outputs.s3-bucket }}
run: |
aws s3 cp "${{ env.S3_BUCKET }}/terraform.tfstate" "./terraform.tfstate"
- name: Terraform Init
run: terraform init
- name: Terraform Validate
run: terraform validate
- name: Update ELK stack version
id: apply
if: success()
run: |
terraform apply --auto-approve \
-var="deployment_name=${{ inputs.deployment_name }}" \
-var="region=${{ env.AWS_REGION }}" \
-var="project=${{ github.actor }}" \
-var="owner=${{ github.actor }}"
- name: Set Environment Output
id: env-output
run: ../../.ci/scripts/set_cloud_env_params.sh
- name: Set Docker Image version
if: ${{ ! inputs.docker-image-override }}
env:
VERSION: 'docker.elastic.co/beats/elastic-agent:${{ inputs.target-elk-stack-version }}'
run: |
echo "DOCKER_IMAGE=${{ env.VERSION }}" >> $GITHUB_ENV
- name: Download Integrations data
env:
S3_BUCKET: ${{ needs.deploy.outputs.s3-bucket }}
run: |
aws s3 cp "${{ env.S3_BUCKET }}/kspm.pem" "${{ env.EC2_KSPM_KEY }}"
aws s3 cp "${{ env.S3_BUCKET }}/state_data.json" "../../${{ env.INTEGRATIONS_SETUP_DIR }}/state_data.json"
- name: Upgrade KSPM Unmanaged agent
run: |
chmod 600 ${{ env.EC2_KSPM_KEY }}
# Update image
ssh -o StrictHostKeyChecking=no -v -i ${{ env.EC2_KSPM_KEY }} "ubuntu@${{ env.KSPM_PUBLIC_IP }}" "kubectl set image daemonset elastic-agent -n kube-system elastic-agent=${{ env.DOCKER_IMAGE }}"
- name: Upgrade KSPM EKS agent
run: |
aws eks --region ${{ env.AWS_REGION }} update-kubeconfig \
--name $(terraform output -raw deployment_name) --alias eks-config
kubectl config use-context eks-config
kubectl set image daemonset elastic-agent -n kube-system elastic-agent=${{ env.DOCKER_IMAGE }}
kubectl rollout restart daemonset/elastic-agent -n kube-system
- name: Upgrade Linux agents
working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }}
env:
CNVM_STACK_NAME: ${{ needs.deploy.outputs.cnvm-stack-name }}
STACK_VERSION: ${{ needs.init.outputs.target-agent-version }}
run: |
poetry run python upgrade_agents.py
- name: Run Upgrade Sanity checks
if: success()
working-directory: ./tests
env:
AGENT_VERSION: ${{ needs.init.outputs.target-agent-version }}
USE_K8S: false
run: |
poetry run pytest -m "sanity" --alluredir=./allure/results/ --clean-alluredir --maxfail=4
- name: Run UI Sanity checks (Kibana)
uses: ./.github/actions/kibana-ftr
if: success()
with:
test_kibana_url: ${{ env.TEST_KIBANA_URL }}
test_es_url: ${{ env.TEST_ES_URL }}
es_version: ${{ needs.init.outputs.target-agent-version }}
kibana_ref: ${{ inputs.kibana_ref }}