Support Fork Testing On Personal AWS (aws#414)

sethAmazon · Mar 30, 2022 · 4dcea9a · 4dcea9a
1 parent 45127bb
commit 4dcea9a
Show file tree

Hide file tree

Showing 7 changed files with 66 additions and 9 deletions.
diff --git a/.github/workflows/integrationTest.yml b/.github/workflows/integrationTest.yml
@@ -6,7 +6,10 @@ env:
   PRIVATE_KEY: ${{ secrets.AWS_PRIVATE_KEY  }}
   TERRAFORM_AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }}
   TERRAFORM_AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }}
-  S3_INTEGRATION_BUCKET: cloudwatch-agent-integration-bucket
+  S3_INTEGRATION_BUCKET: ${{ secrets.S3_INTEGRATION_BUCKET }}
+  KEY_NAME: ${{ secrets.KEY_NAME }}
+  VPC_SECURITY_GROUPS_IDS: ${{ secrets.VPC_SECURITY_GROUPS_IDS }}
+  IAM_ROLE: ${{ secrets.IAM_ROLE }}
 
 on:
   push:
@@ -149,9 +152,10 @@ jobs:
           key: "cached_msi_${{ github.sha }}"
           path: buildMSI/amazon-cloudwatch-agent.msi
 
+      # Using the env variable returns "" for bucket name thus use the secret
       - name: Copy msi
         if: steps.cached_msi.outputs.cache-hit != 'true'
-        run: aws s3 cp s3://${S3_INTEGRATION_BUCKET}/integration-test/packaging/${{ github.sha }}/buildMSI.zip .
+        run: aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/integration-test/packaging/${{ github.sha }}/buildMSI.zip .
 
       - name: Create msi
         if: steps.cached_msi.outputs.cache-hit != 'true'
@@ -162,7 +166,7 @@ jobs:
           $env:PATH = $env:PATH + $wixToolsetBinPath
           Expand-Archive buildMSI.zip -Force
           cd buildMSI
-          .\create_msi.ps1 ${{ github.sha }}
+          .\create_msi.ps1 ${{ github.sha }} ${{ secrets.S3_INTEGRATION_BUCKET }}
 
   StartLocalStack:
     name: 'StartLocalStack'
@@ -196,7 +200,10 @@ jobs:
           -var="ssh_key=${PRIVATE_KEY}"
           -var="github_repo=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
           -var="github_sha=${GITHUB_SHA}" 
-          -var="s3_bucket=${S3_INTEGRATION_BUCKET}" &&
+          -var="s3_bucket=${S3_INTEGRATION_BUCKET}"
+          -var="vpc_security_group_ids=${VPC_SECURITY_GROUPS_IDS}"
+          -var="key_name=${KEY_NAME}"
+          -var="iam_instance_profile=${IAM_ROLE}" &&
           LOCAL_STACK_HOST_NAME=$(terraform output -raw public_dns) &&
           echo $LOCAL_STACK_HOST_NAME &&
           echo "::set-output name=local_stack_host_name::$LOCAL_STACK_HOST_NAME" &&
@@ -301,6 +308,10 @@ jobs:
           -var="binary_name=${{ matrix.arrays.binaryName }}"
           -var="local_stack_host_name=${{ needs.StartLocalStack.outputs.local_stack_host_name }}"
           -var="s3_bucket=${S3_INTEGRATION_BUCKET}"
+          -var="vpc_security_group_ids=${VPC_SECURITY_GROUPS_IDS}"
+          -var="key_name=${KEY_NAME}"
+          -var="test_name=${{ matrix.arrays.os }}"
+          -var="iam_instance_profile=${IAM_ROLE}"
 
       - name: Terraform destroy
         if: ${{ always() && steps.ec2-linux-integration-test.outputs.cache-hit != 'true' }}
@@ -352,9 +363,14 @@ jobs:
           echo run terraform and execute test code &&
           terraform apply --auto-approve
           -var="ssh_key=${PRIVATE_KEY}"
+          -var="key_name=${KEY_NAME}"
           -var="github_repo=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
           -var="github_sha=${GITHUB_SHA}"
           -var="ami=${{ matrix.arrays.ami }}"
+          -var="test_name=${{ matrix.arrays.os }}"
+          -var="iam_instance_profile=${IAM_ROLE}"
+          -var="vpc_security_group_ids=${VPC_SECURITY_GROUPS_IDS}"
+          -var="s3_bucket=${S3_INTEGRATION_BUCKET}"
 
       - name: Terraform destroy
         if: ${{ always() && steps.ec2-win-integration-test.outputs.cache-hit != 'true' }}

diff --git a/integration/msi/tools/create_msi.ps1 b/integration/msi/tools/create_msi.ps1
@@ -1,10 +1,11 @@
 # get the version
 $version=$args[0]
+$bucket=$args[1]
 
 # create msi
 candle.exe -ext WixUtilExtension.dll ./amazon-cloudwatch-agent.wxs
 light.exe -ext WixUtilExtension.dll ./amazon-cloudwatch-agent.wixobj
 
 # upload to s3
-aws s3 cp ./amazon-cloudwatch-agent.msi "s3://cloudwatch-agent-integration-bucket/integration-test/packaging/$version/amazon-cloudwatch-agent.msi"
-Write-Host "s3 for msi is s3://cloudwatch-agent-integration-bucket/integration-test/packaging/$version/amazon-cloudwatch-agent.msi"
+aws s3 cp ./amazon-cloudwatch-agent.msi "s3://$bucket/integration-test/packaging/$version/amazon-cloudwatch-agent.msi"
+Write-Host "s3 for msi is s3://$bucket/integration-test/packaging/$version/amazon-cloudwatch-agent.msi"
diff --git a/integration/terraform/ec2/linux/README.md b/integration/terraform/ec2/linux/README.md
@@ -122,4 +122,23 @@ This process generates a new ami we can then use for testing
    2. Go to local stack directory
       1. cd ${path to agent dir}/integration/terraform/ec2/localstack
    3. Tear down localstack state
-      1. terraform destroy --auto-approve
+      1. terraform destroy --auto-approve
+
+**How To Run On Your Own Fork**
+1. Follow "Create resources and setup local" except install terraform
+   1. You may skip installing terraform since terraform will be installed on GitHub action runners
+2. Set up GitHub action secrets in your fork
+   1. Left side is the key name: right side is key value
+   2. Do not wrap values in quotes
+      1. This is a correct value
+      2. "This is not a correct value"
+   3. Must be repository secrets not environment secrets
+   4. ```
+        AWS_PRIVATE_KEY: ${Your private key}
+        TERRAFORM_AWS_ACCESS_KEY_ID: ${User aws access key}
+        TERRAFORM_AWS_SECRET_ACCESS_KEY: ${User aws secret key}
+        S3_INTEGRATION_BUCKET: ${Bucket to save build}
+        KEY_NAME: ${Key pair name for ec2}
+        VPC_SECURITY_GROUPS_IDS: ${Security group within your vpc the value should look like ["sg-013585129c1f92bf0"]}
+        IAM_ROLE: ${Role the ec2 instance should assume}
+        ```
diff --git a/integration/terraform/ec2/linux/main.tf b/integration/terraform/ec2/linux/main.tf
@@ -32,6 +32,9 @@ resource "aws_instance" "integration-test" {
       host        = self.public_dns
     }
   }
+  tags = {
+    Name = var.test_name
+  }
 }
 
 data "aws_ami" "latest" {

diff --git a/integration/terraform/ec2/linux/variables.tf b/integration/terraform/ec2/linux/variables.tf
@@ -77,4 +77,9 @@ variable "local_stack_host_name" {
 variable "s3_bucket" {
   type = string
   default = ""
+}
+
+variable "test_name" {
+  type = string
+  default = ""
 }
diff --git a/integration/terraform/ec2/win/main.tf b/integration/terraform/ec2/win/main.tf
@@ -12,7 +12,7 @@ resource "aws_instance" "integration-test" {
       "git clone ${var.github_repo}",
       "cd amazon-cloudwatch-agent",
       "git reset --hard ${var.github_sha}",
-      "aws s3 cp s3://cloudwatch-agent-integration-bucket/integration-test/packaging/${var.github_sha}/amazon-cloudwatch-agent.msi .",
+      "aws s3 cp s3://${var.s3_bucket}/integration-test/packaging/${var.github_sha}/amazon-cloudwatch-agent.msi .",
       "msiexec /i amazon-cloudwatch-agent.msi",
     ]
     connection {
@@ -24,11 +24,14 @@ resource "aws_instance" "integration-test" {
       target_platform = "windows"
     }
   }
+  tags = {
+    Name = var.test_name
+  }
 }
 
 data "aws_ami" "latest" {
   most_recent = true
-  owners      = ["self"]
+  owners      = ["self", "506463145083"]
 
   filter {
     name   = "name"

diff --git a/integration/terraform/ec2/win/variables.tf b/integration/terraform/ec2/win/variables.tf
@@ -41,4 +41,14 @@ variable "github_sha" {
 variable "github_repo" {
   type = string
   default = ""
+}
+
+variable "test_name" {
+  type = string
+  default = ""
+}
+
+variable "s3_bucket" {
+  type = string
+  default = ""
 }