From c26aea0e4f9762e2d3f7b9d7838076a2e8109154 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Fri, 5 Sep 2025 15:45:49 +0100 Subject: [PATCH 01/20] ci(e2e): add azure tests --- .github/workflows/azure-test.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/azure-test.yaml diff --git a/.github/workflows/azure-test.yaml b/.github/workflows/azure-test.yaml new file mode 100644 index 00000000..20d64900 --- /dev/null +++ b/.github/workflows/azure-test.yaml @@ -0,0 +1,29 @@ +name: Azure test + +on: + pull_request: {} + +defaults: + run: + shell: bash + +jobs: + test: + permissions: + id-token: write + runs-on: k8s-small + steps: + - name: Azure CLI Login + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Azure CLI script + uses: azure/cli@v2 + with: + azcliversion: latest + inlineScript: | + az account show + # You can write your Azure CLI inline scripts here. From 820274bb1dc77ba080d87bac29d035c7ab76e6c3 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Fri, 5 Sep 2025 16:00:49 +0100 Subject: [PATCH 02/20] use binary instead of action --- .github/workflows/azure-test.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/azure-test.yaml b/.github/workflows/azure-test.yaml index 20d64900..6257905b 100644 --- a/.github/workflows/azure-test.yaml +++ b/.github/workflows/azure-test.yaml @@ -21,9 +21,4 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Azure CLI script - uses: azure/cli@v2 - with: - azcliversion: latest - inlineScript: | - az account show - # You can write your Azure CLI inline scripts here. + run: az account show From 21ed0f6b9c4c9fbef5fd92127680e8e9a3d4a738 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Fri, 5 Sep 2025 18:07:25 +0100 Subject: [PATCH 03/20] use environment for job --- .github/workflows/azure-test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/azure-test.yaml b/.github/workflows/azure-test.yaml index 6257905b..08562d52 100644 --- a/.github/workflows/azure-test.yaml +++ b/.github/workflows/azure-test.yaml @@ -12,6 +12,7 @@ jobs: permissions: id-token: write runs-on: k8s-small + environment: default steps: - name: Azure CLI Login uses: azure/login@v2 From 75a92d8251530b962a31ad5f1218ded3ecdf6938 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Tue, 9 Sep 2025 11:04:57 +0100 Subject: [PATCH 04/20] add azure credentials to E2E --- .github/actions/e2e/action.yaml | 85 ++++++++++++++++++------------- .github/workflows/azure-test.yaml | 25 --------- .github/workflows/e2e.yaml | 3 ++ 3 files changed, 54 insertions(+), 59 deletions(-) delete mode 100644 .github/workflows/azure-test.yaml diff --git a/.github/actions/e2e/action.yaml b/.github/actions/e2e/action.yaml index 27e58a45..d8ecd7bd 100644 --- a/.github/actions/e2e/action.yaml +++ b/.github/actions/e2e/action.yaml @@ -1,51 +1,60 @@ -name: "Run e2e tests" -description: "Run end to end tests for terraform provider" +name: Run e2e tests +description: Run end to end tests for terraform provider inputs: api_url: required: false - description: "Full URL of the API service to use. Defaults to the production API endpoint https://api.clickhouse.cloud/v1" + description: Full URL of the API service to use. Defaults to the production API endpoint https://api.clickhouse.cloud/v1 default: "" organization_id: required: true - description: "The clickhouse organization ID" + description: The clickhouse organization ID token_key: required: true - description: "The clickhouse token key" + description: The clickhouse token key token_secret: required: true - description: "The clickhouse token secret" + description: The clickhouse token secret service_name: required: true - description: "The unique name assigned to this test" + description: The unique name assigned to this test test_name: required: true - description: "The test name i.e. the name of the folder inside the examples dir" + description: The test name i.e. the name of the folder inside the examples dir tf_release: required: true - description: "The terraform cli version" + description: The terraform cli version cloud_provider: required: true - description: "The cloud provider name" + description: The cloud provider name upgrade_test: required: false default: "false" - description: "If true it runs a provider upgrade test" + description: If true it runs a provider upgrade test upgrade_from: required: false default: "" - description: "What version of the terraform provider to try upgrading from. Defaults to latest release." + description: What version of the terraform provider to try upgrading from. Defaults to latest release. skip_build: required: false default: "false" - description: "If true it runs tests out of last published terraform provider release" + description: If true it runs tests out of last published terraform provider release aws_role_arn: required: true - description: "The ARN of the AWS role to assume for AWS tests" + description: The ARN of the AWS role to assume for AWS tests + azure_client_id: + required: true + description: The Azure client or application id to use for Azure tests + azure_tenant_id: + required: true + description: The Azure tenant id to use for Azure tests + azure_subscription_id: + required: true + description: The Azure subscription id to use for Azure tests region: required: true - description: "The Cloud region to use for tests" + description: The Cloud region to use for tests runs: - using: "composite" + using: composite steps: - shell: bash id: defined @@ -63,7 +72,7 @@ runs: uses: actions/setup-go@v5 if: ${{steps.defined.outputs.defined == 'true' }} with: - go-version-file: 'go.mod' + go-version-file: "go.mod" cache: true - name: Install terraform @@ -86,12 +95,20 @@ runs: aws-region: ${{ inputs.region }} output-credentials: true + - name: Azure CLI Login + uses: azure/login@v2 + if: ${{ inputs.cloud_provider == 'azure' }} + with: + client-id: ${{ inputs.azure_client_id }} + tenant-id: ${{ inputs.azure_tenant_id }} + subscription-id: ${{ inputs.azure_subscription_id }} + - shell: bash if: ${{steps.defined.outputs.defined == 'true' }} name: Set env variables run: | echo "::group::Setting env variables" - + cat <examples/full/${{ inputs.test_name }}/${{ inputs.cloud_provider }}/variables.tfvars organization_id = "${{ inputs.organization_id }}" token_key = "${{ inputs.token_key }}" @@ -99,18 +116,18 @@ runs: service_name = "${{ inputs.service_name }}" region = "${{ inputs.region }}" EOF - + if [ "${{ inputs.cloud_provider }}" == "aws" ] then aws sts get-caller-identity - + cat <>examples/full/${{ inputs.test_name }}/${{ inputs.cloud_provider }}/variables.tfvars aws_key = "${{ steps.aws-auth.outputs.aws-access-key-id }}" aws_secret = "${{ steps.aws-auth.outputs.aws-secret-access-key }}" aws_session_token = "${{ steps.aws-auth.outputs.aws-session-token }}" EOF fi - + echo "::endgroup::" - id: get_latest_stable_release @@ -124,18 +141,18 @@ runs: shell: bash command: | set -eo pipefail - + if [ "${{ inputs.upgrade_from }}" == "" ] then # Get latest stable release LATEST="$(curl -s -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/ClickHouse/terraform-provider-clickhouse/releases/latest | jq -r '.name')" - + if [ "$LATEST" == "null" ] then echo "Error getting latest release" exit 1 fi - + echo "tag=$LATEST" >> "$GITHUB_OUTPUT" else echo "tag=${{ inputs.upgrade_from }}" >> "$GITHUB_OUTPUT" @@ -155,15 +172,15 @@ runs: exit 0 fi cd "examples/full/${{ inputs.test_name }}/${{ inputs.cloud_provider }}" - + if [ "${{inputs.api_url}}" != "" ] then export CLICKHOUSE_API_URL="${{inputs.api_url}}" echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - + export TF_LOG=debug - + terraform init -input=false terraform plan -no-color -var-file=variables.tfvars terraform apply -no-color -auto-approve -var-file=variables.tfvars @@ -173,7 +190,7 @@ runs: if: ${{ inputs.skip_build == 'false' && steps.defined.outputs.defined == 'true' && env.SKIP_E2E_TEST != 'true' }} name: Build provider from branch and create terraformrc to use it run: | - git checkout ${{ github.ref }} + git checkout ${{ github.ref }} echo "::group::Build provider from branch and create terraformrc to use it" go get go build -o terraform-provider-clickhouse -ldflags='-X github.com/ClickHouse/terraform-provider-clickhouse/pkg/project.version=e2e -X github.com/ClickHouse/terraform-provider-clickhouse/pkg/project.commit=${{ github.sha }}' @@ -194,15 +211,15 @@ runs: run: | echo "::group::Run terraform" cd "examples/full/${{ inputs.test_name }}/${{ inputs.cloud_provider }}" - + if [ "${{inputs.api_url}}" != "" ] then export CLICKHOUSE_API_URL="${{inputs.api_url}}" echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - + export TF_LOG=debug - + terraform init -input=false -upgrade terraform plan -no-color -var-file=variables.tfvars terraform apply -no-color -auto-approve -var-file=variables.tfvars @@ -215,14 +232,14 @@ runs: run: | echo "::group::Run terraform destroy" cd "examples/full/${{ inputs.test_name }}/${{ inputs.cloud_provider }}" - + if [ "${{inputs.api_url}}" != "" ] then export CLICKHOUSE_API_URL="${{inputs.api_url}}" echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - + export TF_LOG=debug - + terraform destroy -no-color -auto-approve -var-file=variables.tfvars echo "::endgroup::" diff --git a/.github/workflows/azure-test.yaml b/.github/workflows/azure-test.yaml deleted file mode 100644 index 08562d52..00000000 --- a/.github/workflows/azure-test.yaml +++ /dev/null @@ -1,25 +0,0 @@ -name: Azure test - -on: - pull_request: {} - -defaults: - run: - shell: bash - -jobs: - test: - permissions: - id-token: write - runs-on: k8s-small - environment: default - steps: - - name: Azure CLI Login - uses: azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Azure CLI script - run: az account show diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 8074382e..45a2da9d 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -156,6 +156,9 @@ jobs: skip_build: "false" region: ${{ contains(fromJSON('["hipaa", "pci"]'), matrix.test.name) && steps.credentials.outputs.compliance_region || steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Cleanup if: ${{ always() && matrix.test.cloud == 'aws' }} From 898f13117b829119b131cb04e6fcedf437bef241 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Tue, 9 Sep 2025 16:07:04 +0100 Subject: [PATCH 05/20] chore(azure): add private link example --- examples/full/basic/azure/main.tf | 4 +- .../full/private_endpoint/azure/README.md | 22 ++++ examples/full/private_endpoint/azure/azure.tf | 102 ++++++++++++++++++ examples/full/private_endpoint/azure/main.tf | 53 +++++++++ .../full/private_endpoint/azure/provider.tf | 16 +++ .../azure/provider.tf.template | 14 +++ .../azure/variables.tfvars.sample | 4 + 7 files changed, 213 insertions(+), 2 deletions(-) create mode 100644 examples/full/private_endpoint/azure/README.md create mode 100644 examples/full/private_endpoint/azure/azure.tf create mode 100644 examples/full/private_endpoint/azure/main.tf create mode 100644 examples/full/private_endpoint/azure/provider.tf create mode 100644 examples/full/private_endpoint/azure/provider.tf.template create mode 100644 examples/full/private_endpoint/azure/variables.tfvars.sample diff --git a/examples/full/basic/azure/main.tf b/examples/full/basic/azure/main.tf index 0575999c..ff57247e 100644 --- a/examples/full/basic/azure/main.tf +++ b/examples/full/basic/azure/main.tf @@ -17,7 +17,7 @@ variable "service_name" { default = "My Terraform Service" } -variable "region" { +variable "location" { type = string default = "westus3" } @@ -37,7 +37,7 @@ data "clickhouse_api_key_id" "self" { resource "clickhouse_service" "service" { name = var.service_name cloud_provider = "azure" - region = var.region + region = var.location release_channel = var.release_channel idle_scaling = true idle_timeout_minutes = 5 diff --git a/examples/full/private_endpoint/azure/README.md b/examples/full/private_endpoint/azure/README.md new file mode 100644 index 00000000..656372d7 --- /dev/null +++ b/examples/full/private_endpoint/azure/README.md @@ -0,0 +1,22 @@ +# AWS Private Link example + +Tested with HashiCorp/AWS v5.63.0 Terraform provider. + +The Terraform code deploys following resources: + +- 1 Azure PrivateLink endpoint with security groups: pl_vpc_foo +- 1 ClickHouse service: red + +The ClickHouse service is available from the subnet, access from the internet is blocked. + +## How to run + +- Rename `variables.tfvars.sample` to `variables.tfvars` and fill in all needed data. +- Run `terraform init` +- Run `terraform -var-file=variables.tfvars` + +## Needed Azure permissions + +To run this example, the Azure user you provide credentials for needs the following permissions: + +TODO diff --git a/examples/full/private_endpoint/azure/azure.tf b/examples/full/private_endpoint/azure/azure.tf new file mode 100644 index 00000000..6f21fdbb --- /dev/null +++ b/examples/full/private_endpoint/azure/azure.tf @@ -0,0 +1,102 @@ +provider "azurerm" { + features { + resource_group { + # Dangerous!! Remove this to prevent force delete a resource group + prevent_deletion_if_contains_resources = false + } + } +} + +locals { + tags = { + Name = var.service_name + } +} + +resource "azurerm_resource_group" "this" { + name = var.service_name + location = var.location + tags = local.tags +} + +resource "azurerm_virtual_network" "this" { + name = var.service_name + address_space = ["10.0.0.0/16"] + location = var.location + resource_group_name = azurerm_resource_group.this.name + tags = local.tags +} + +resource "azurerm_subnet" "this" { + name = var.service_name + resource_group_name = azurerm_resource_group.this.name + virtual_network_name = azurerm_virtual_network.this.name + address_prefixes = ["10.0.1.0/24"] +} + +resource "azurerm_private_endpoint" "this" { + name = var.service_name + location = var.location + resource_group_name = azurerm_resource_group.this.name + subnet_id = azurerm_subnet.this.id + + private_service_connection { + name = var.service_name + private_connection_resource_alias = clickhouse_service.this.private_endpoint_config.endpoint_service_id + is_manual_connection = true + request_message = "clickhouse-${var.service_name}" + } + + tags = local.tags +} + +resource "azurerm_network_security_group" "this" { + name = var.service_name + location = var.location + resource_group_name = azurerm_resource_group.this.name + tags = local.tags +} + +resource "azurerm_subnet_network_security_group_association" "this" { + subnet_id = azurerm_subnet.this.id + network_security_group_id = azurerm_network_security_group.this.id +} + +resource "azurerm_network_security_rule" "this" { + name = var.service_name + description = "Allow subnet to ${var.service_name}" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_ranges = [ + "8443", # https + "9440", # native + ] + source_address_prefixes = azurerm_virtual_network.this.address_space + destination_address_prefixes = azurerm_private_endpoint.this.private_service_connection[*].private_ip_address + resource_group_name = azurerm_resource_group.this.name + network_security_group_name = azurerm_network_security_group.this.name +} + +resource "azurerm_private_dns_zone" "clickhouse_cloud_private_link_zone" { + # Extract fqdn domain from private hostname + name = regex("^[^.]+\\.(.+)$", clickhouse_service.this.private_endpoint_config.private_dns_hostname)[0] + resource_group_name = azurerm_resource_group.this.name +} + +resource "azurerm_private_dns_a_record" "this" { + name = "*" + zone_name = azurerm_private_dns_zone.clickhouse_cloud_private_link_zone.name + resource_group_name = azurerm_resource_group.this.name + ttl = 300 + records = azurerm_private_endpoint.this.private_service_connection[*].private_ip_address +} + +resource "azurerm_private_dns_zone_virtual_network_link" "this" { + name = "clickhouse-private-link" + resource_group_name = azurerm_resource_group.this.name + private_dns_zone_name = azurerm_private_dns_zone.clickhouse_cloud_private_link_zone.name + virtual_network_id = azurerm_virtual_network.this.id +} diff --git a/examples/full/private_endpoint/azure/main.tf b/examples/full/private_endpoint/azure/main.tf new file mode 100644 index 00000000..78c2c065 --- /dev/null +++ b/examples/full/private_endpoint/azure/main.tf @@ -0,0 +1,53 @@ +variable "organization_id" { + type = string +} + +variable "token_key" { + type = string + sensitive = true +} + +variable "token_secret" { + type = string + sensitive = true +} + +variable "service_name" { + type = string +} + +variable "location" { + type = string + default = "westus3" +} + +resource "clickhouse_service" "this" { + name = var.service_name + cloud_provider = "azure" + region = var.location + idle_scaling = true + idle_timeout_minutes = 5 + password_hash = "n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=" # base64 encoded sha256 hash of "test" + + // keep it empty to block access from internet + ip_access = [] + + backup_configuration = { + backup_period_in_hours = 24 + backup_retention_period_in_hours = 24 + backup_start_time = null + } + + min_replica_memory_gb = 8 + max_replica_memory_gb = 120 +} + +resource "clickhouse_service_private_endpoints_attachment" "this" { + private_endpoint_ids = [azurerm_private_endpoint.this.id] + service_id = clickhouse_service.this.id +} + +# hostname for connecting to instance via PrivateLink from Vnet +output "private_link_endpoint" { + value = clickhouse_service.this.private_endpoint_config.private_dns_hostname +} diff --git a/examples/full/private_endpoint/azure/provider.tf b/examples/full/private_endpoint/azure/provider.tf new file mode 100644 index 00000000..1322a833 --- /dev/null +++ b/examples/full/private_endpoint/azure/provider.tf @@ -0,0 +1,16 @@ +# This file is generated automatically please do not edit +terraform { + required_providers { + clickhouse = { + version = "3.5.2" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret + api_url = "https://api.control-plane.clickhouse-dev.com/v1" +} diff --git a/examples/full/private_endpoint/azure/provider.tf.template b/examples/full/private_endpoint/azure/provider.tf.template new file mode 100644 index 00000000..f9e76961 --- /dev/null +++ b/examples/full/private_endpoint/azure/provider.tf.template @@ -0,0 +1,14 @@ +terraform { + required_providers { + clickhouse = { + version = "${CLICKHOUSE_TERRAFORM_PROVIDER_VERSION}" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret +} diff --git a/examples/full/private_endpoint/azure/variables.tfvars.sample b/examples/full/private_endpoint/azure/variables.tfvars.sample new file mode 100644 index 00000000..61d2cb4b --- /dev/null +++ b/examples/full/private_endpoint/azure/variables.tfvars.sample @@ -0,0 +1,4 @@ +# these keys are for example only and won't work when pointed to a deployed ClickHouse OpenAPI server +organization_id = "aee076c1-3f83-4637-95b1-ad5a0a825b71" +token_key = "avhj1U5QCdWAE9CA9" +token_secret = "4b1dROiHQEuSXJHlV8zHFd0S7WQj7CGxz5kGJeJnca" From 90aefed20c10a70cec664418ac6b45657bd6f1de Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Tue, 9 Sep 2025 16:22:35 +0100 Subject: [PATCH 06/20] add cleanup steps for azure --- .github/actions/cleanup-aws/action.yaml | 6 ++--- .github/actions/cleanup-azure/action.yaml | 33 +++++++++++++++++++++++ .github/actions/cleanup-azure/cleanup.sh | 10 +++++++ .github/workflows/e2e.yaml | 12 ++++++++- 4 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 .github/actions/cleanup-azure/action.yaml create mode 100755 .github/actions/cleanup-azure/cleanup.sh diff --git a/.github/actions/cleanup-aws/action.yaml b/.github/actions/cleanup-aws/action.yaml index 0fa4542e..c343507c 100644 --- a/.github/actions/cleanup-aws/action.yaml +++ b/.github/actions/cleanup-aws/action.yaml @@ -6,10 +6,10 @@ inputs: description: The full name of the service for filtering purposes aws_role_arn: required: true - description: The ARN of the AWS role to assume for AWS tests + description: The ARN of the AWS role to assume for cleanup aws_region: required: true - description: The AWS region to use for AWS tests + description: The AWS region to use for cleanup runs: using: composite @@ -21,7 +21,7 @@ runs: role-to-assume: ${{ inputs.aws_role_arn }} aws-region: ${{ inputs.aws_region }} - - name: Cleanup ClickHouse Instances + - name: Cleanup shell: bash env: AWS_REGION: ${{ inputs.aws_region }} diff --git a/.github/actions/cleanup-azure/action.yaml b/.github/actions/cleanup-azure/action.yaml new file mode 100644 index 00000000..d326f398 --- /dev/null +++ b/.github/actions/cleanup-azure/action.yaml @@ -0,0 +1,33 @@ +name: Cleanup Azure leftovers +description: Cleanup any Azure leftovers of e2e test +inputs: + service_name: + required: true + description: The full name of the service for filtering purposes + azure_client_id: + required: true + description: The Azure client or application id to use for cleanup + azure_tenant_id: + required: true + description: The Azure tenant id to use for cleanup + azure_subscription_id: + required: true + description: The Azure subscription id to use for cleanup + +runs: + using: composite + steps: + - name: Azure CLI Login + uses: azure/login@v2 + if: ${{ inputs.cloud_provider == 'azure' }} + with: + client-id: ${{ inputs.azure_client_id }} + tenant-id: ${{ inputs.azure_tenant_id }} + subscription-id: ${{ inputs.azure_subscription_id }} + + - name: Cleanup + shell: bash + env: + SERVICE_NAME: ${{ inputs.service_name }} + run: | + ./.github/actions/cleanup-azure/cleanup.sh diff --git a/.github/actions/cleanup-azure/cleanup.sh b/.github/actions/cleanup-azure/cleanup.sh new file mode 100755 index 00000000..ee3b18e8 --- /dev/null +++ b/.github/actions/cleanup-azure/cleanup.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +set -euo pipefail + +SERVICE_NAME="${SERVICE_NAME:?"SERVICE_NAME cannot be empty"}" + +### Resource Group +echo "::group::Deleting Resource Group..." +az group delete --name "${SERVICE_NAME}" --yes +echo "::endgroup::" diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 45a2da9d..b3f48b71 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -103,6 +103,7 @@ jobs: status: ${{ steps.status.outputs.status }} needs: [ "token", "find-tf-releases", "list-examples" ] runs-on: k8s-large + environment: default continue-on-error: true permissions: id-token: write @@ -160,7 +161,7 @@ jobs: azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Cleanup + - name: Cleanup AWS if: ${{ always() && matrix.test.cloud == 'aws' }} uses: ./.github/actions/cleanup-aws with: @@ -168,6 +169,15 @@ jobs: aws_region: ${{ steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + - name: Cleanup Azure + if: ${{ always() && matrix.test.cloud == 'azure' }} + uses: ./.github/actions/cleanup-azure + with: + service_name: ${{steps.name.outputs.test_name}} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Mark error id: status if: failure() From b79419bbdfc094eb7e8b46596a427ee9fe54e55a Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Tue, 9 Sep 2025 16:24:14 +0100 Subject: [PATCH 07/20] remove condition --- .github/actions/cleanup-azure/action.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/actions/cleanup-azure/action.yaml b/.github/actions/cleanup-azure/action.yaml index d326f398..3a6f9d9c 100644 --- a/.github/actions/cleanup-azure/action.yaml +++ b/.github/actions/cleanup-azure/action.yaml @@ -19,7 +19,6 @@ runs: steps: - name: Azure CLI Login uses: azure/login@v2 - if: ${{ inputs.cloud_provider == 'azure' }} with: client-id: ${{ inputs.azure_client_id }} tenant-id: ${{ inputs.azure_tenant_id }} From 74e2dc476ff03d11e72334e60175d94602c04097 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Tue, 9 Sep 2025 16:38:20 +0100 Subject: [PATCH 08/20] fix name for azure --- examples/full/private_endpoint/azure/azure.tf | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/examples/full/private_endpoint/azure/azure.tf b/examples/full/private_endpoint/azure/azure.tf index 6f21fdbb..f9f4e952 100644 --- a/examples/full/private_endpoint/azure/azure.tf +++ b/examples/full/private_endpoint/azure/azure.tf @@ -8,19 +8,21 @@ provider "azurerm" { } locals { + service_name_parsed = replace(replace(local.service_name_parsed, "[", "("), "]", ")") + tags = { - Name = var.service_name + Name = local.service_name_parsed } } resource "azurerm_resource_group" "this" { - name = var.service_name + name = local.service_name_parsed location = var.location tags = local.tags } resource "azurerm_virtual_network" "this" { - name = var.service_name + name = local.service_name_parsed address_space = ["10.0.0.0/16"] location = var.location resource_group_name = azurerm_resource_group.this.name @@ -28,30 +30,30 @@ resource "azurerm_virtual_network" "this" { } resource "azurerm_subnet" "this" { - name = var.service_name + name = local.service_name_parsed resource_group_name = azurerm_resource_group.this.name virtual_network_name = azurerm_virtual_network.this.name address_prefixes = ["10.0.1.0/24"] } resource "azurerm_private_endpoint" "this" { - name = var.service_name + name = local.service_name_parsed location = var.location resource_group_name = azurerm_resource_group.this.name subnet_id = azurerm_subnet.this.id private_service_connection { - name = var.service_name + name = local.service_name_parsed private_connection_resource_alias = clickhouse_service.this.private_endpoint_config.endpoint_service_id is_manual_connection = true - request_message = "clickhouse-${var.service_name}" + request_message = "clickhouse-${local.service_name_parsed}" } tags = local.tags } resource "azurerm_network_security_group" "this" { - name = var.service_name + name = local.service_name_parsed location = var.location resource_group_name = azurerm_resource_group.this.name tags = local.tags @@ -63,8 +65,8 @@ resource "azurerm_subnet_network_security_group_association" "this" { } resource "azurerm_network_security_rule" "this" { - name = var.service_name - description = "Allow subnet to ${var.service_name}" + name = local.service_name_parsed + description = "Allow subnet to ${local.service_name_parsed}" priority = 100 direction = "Inbound" access = "Allow" From faea3be562c665548dc238b827328c1e6fdafcf1 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Tue, 9 Sep 2025 16:45:32 +0100 Subject: [PATCH 09/20] validate resource group --- .github/actions/cleanup-azure/cleanup.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/actions/cleanup-azure/cleanup.sh b/.github/actions/cleanup-azure/cleanup.sh index ee3b18e8..c17eb006 100755 --- a/.github/actions/cleanup-azure/cleanup.sh +++ b/.github/actions/cleanup-azure/cleanup.sh @@ -6,5 +6,11 @@ SERVICE_NAME="${SERVICE_NAME:?"SERVICE_NAME cannot be empty"}" ### Resource Group echo "::group::Deleting Resource Group..." -az group delete --name "${SERVICE_NAME}" --yes + +if az group show --name "${SERVICE_NAME}" >/dev/null 2>&1; then + az group delete --name "${SERVICE_NAME}" --yes +else + echo "Resource group '${SERVICE_NAME}' does not exist, skipping deletion." +fi + echo "::endgroup::" From 2d7ed7f9abf1b24254ca364ce35b0a1cc18225a4 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Tue, 9 Sep 2025 16:52:24 +0100 Subject: [PATCH 10/20] doh --- examples/full/private_endpoint/azure/azure.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/full/private_endpoint/azure/azure.tf b/examples/full/private_endpoint/azure/azure.tf index f9f4e952..496e2b6f 100644 --- a/examples/full/private_endpoint/azure/azure.tf +++ b/examples/full/private_endpoint/azure/azure.tf @@ -8,7 +8,7 @@ provider "azurerm" { } locals { - service_name_parsed = replace(replace(local.service_name_parsed, "[", "("), "]", ")") + service_name_parsed = replace(replace(var.service_name, "[", "("), "]", ")") tags = { Name = local.service_name_parsed From 91190bb6e5e4a17ddc4d63ab348660143ab4c046 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Tue, 9 Sep 2025 17:02:38 +0100 Subject: [PATCH 11/20] remove api url for test --- examples/full/private_endpoint/azure/provider.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/full/private_endpoint/azure/provider.tf b/examples/full/private_endpoint/azure/provider.tf index 1322a833..da194e55 100644 --- a/examples/full/private_endpoint/azure/provider.tf +++ b/examples/full/private_endpoint/azure/provider.tf @@ -12,5 +12,4 @@ provider "clickhouse" { organization_id = var.organization_id token_key = var.token_key token_secret = var.token_secret - api_url = "https://api.control-plane.clickhouse-dev.com/v1" } From 5cb4805f8612932f33a024204b24e37924fc80b6 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Tue, 9 Sep 2025 17:23:49 +0100 Subject: [PATCH 12/20] add subscription id --- .github/actions/e2e/action.yaml | 13 +++++++++++++ examples/full/private_endpoint/azure/azure.tf | 6 ++++++ .../private_endpoint/azure/variables.tfvars.sample | 3 +++ 3 files changed, 22 insertions(+) diff --git a/.github/actions/e2e/action.yaml b/.github/actions/e2e/action.yaml index d8ecd7bd..377642bb 100644 --- a/.github/actions/e2e/action.yaml +++ b/.github/actions/e2e/action.yaml @@ -128,6 +128,15 @@ runs: EOF fi + if [ "${{ inputs.cloud_provider }}" == "azure" ] + then + az account show + + cat <>examples/full/${{ inputs.test_name }}/${{ inputs.cloud_provider }}/variables.tfvars + subscription_id = "${{ inputs.azure_subscription_id }}" + EOF + fi + echo "::endgroup::" - id: get_latest_stable_release @@ -184,6 +193,7 @@ runs: terraform init -input=false terraform plan -no-color -var-file=variables.tfvars terraform apply -no-color -auto-approve -var-file=variables.tfvars + echo "::endgroup::" - shell: bash @@ -203,6 +213,7 @@ runs: direct {} } EOF + echo "::endgroup::" - shell: bash @@ -224,6 +235,7 @@ runs: terraform plan -no-color -var-file=variables.tfvars terraform apply -no-color -auto-approve -var-file=variables.tfvars terraform refresh -no-color -var-file=variables.tfvars + echo "::endgroup::" - shell: bash @@ -242,4 +254,5 @@ runs: export TF_LOG=debug terraform destroy -no-color -auto-approve -var-file=variables.tfvars + echo "::endgroup::" diff --git a/examples/full/private_endpoint/azure/azure.tf b/examples/full/private_endpoint/azure/azure.tf index 496e2b6f..f0c6bb8f 100644 --- a/examples/full/private_endpoint/azure/azure.tf +++ b/examples/full/private_endpoint/azure/azure.tf @@ -1,4 +1,10 @@ +variable "subscription_id" { + type = string + sensitive = true +} + provider "azurerm" { + subscription_id = var.subscription_id features { resource_group { # Dangerous!! Remove this to prevent force delete a resource group diff --git a/examples/full/private_endpoint/azure/variables.tfvars.sample b/examples/full/private_endpoint/azure/variables.tfvars.sample index 61d2cb4b..ed90e228 100644 --- a/examples/full/private_endpoint/azure/variables.tfvars.sample +++ b/examples/full/private_endpoint/azure/variables.tfvars.sample @@ -2,3 +2,6 @@ organization_id = "aee076c1-3f83-4637-95b1-ad5a0a825b71" token_key = "avhj1U5QCdWAE9CA9" token_secret = "4b1dROiHQEuSXJHlV8zHFd0S7WQj7CGxz5kGJeJnca" + +# Azure +subscription_id = "" From 574bdbe743c927ad5b3ba2e1364a9966bf76ca38 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Wed, 10 Sep 2025 11:32:44 +0100 Subject: [PATCH 13/20] use actions for common steps --- .github/actions/cleanup-aws/action.yaml | 30 ----- .github/actions/cleanup-azure/action.yaml | 32 ------ .github/actions/cleanup-cloud/action.yaml | 60 ++++++++++ .../cleanup-aws.sh} | 0 .../cleanup-azure.sh} | 0 .../actions/generate-service-name/action.yaml | 46 ++++++++ .github/workflows/e2e.yaml | 104 ++++++++++-------- .github/workflows/import.yaml | 20 ++-- .github/workflows/release.yaml | 75 +++++++++---- examples/full/private_endpoint/azure/azure.tf | 22 ++-- 10 files changed, 239 insertions(+), 150 deletions(-) delete mode 100644 .github/actions/cleanup-aws/action.yaml delete mode 100644 .github/actions/cleanup-azure/action.yaml create mode 100644 .github/actions/cleanup-cloud/action.yaml rename .github/actions/{cleanup-aws/cleanup.sh => cleanup-cloud/cleanup-aws.sh} (100%) rename .github/actions/{cleanup-azure/cleanup.sh => cleanup-cloud/cleanup-azure.sh} (100%) create mode 100644 .github/actions/generate-service-name/action.yaml diff --git a/.github/actions/cleanup-aws/action.yaml b/.github/actions/cleanup-aws/action.yaml deleted file mode 100644 index c343507c..00000000 --- a/.github/actions/cleanup-aws/action.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: Cleanup AWS leftovers -description: Cleanup any AWS leftovers of e2e test -inputs: - service_name: - required: true - description: The full name of the service for filtering purposes - aws_role_arn: - required: true - description: The ARN of the AWS role to assume for cleanup - aws_region: - required: true - description: The AWS region to use for cleanup - -runs: - using: composite - steps: - - name: Configure AWS credentials - id: aws-auth - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ inputs.aws_role_arn }} - aws-region: ${{ inputs.aws_region }} - - - name: Cleanup - shell: bash - env: - AWS_REGION: ${{ inputs.aws_region }} - SERVICE_NAME: ${{ inputs.service_name }} - run: | - ./.github/actions/cleanup-aws/cleanup.sh diff --git a/.github/actions/cleanup-azure/action.yaml b/.github/actions/cleanup-azure/action.yaml deleted file mode 100644 index 3a6f9d9c..00000000 --- a/.github/actions/cleanup-azure/action.yaml +++ /dev/null @@ -1,32 +0,0 @@ -name: Cleanup Azure leftovers -description: Cleanup any Azure leftovers of e2e test -inputs: - service_name: - required: true - description: The full name of the service for filtering purposes - azure_client_id: - required: true - description: The Azure client or application id to use for cleanup - azure_tenant_id: - required: true - description: The Azure tenant id to use for cleanup - azure_subscription_id: - required: true - description: The Azure subscription id to use for cleanup - -runs: - using: composite - steps: - - name: Azure CLI Login - uses: azure/login@v2 - with: - client-id: ${{ inputs.azure_client_id }} - tenant-id: ${{ inputs.azure_tenant_id }} - subscription-id: ${{ inputs.azure_subscription_id }} - - - name: Cleanup - shell: bash - env: - SERVICE_NAME: ${{ inputs.service_name }} - run: | - ./.github/actions/cleanup-azure/cleanup.sh diff --git a/.github/actions/cleanup-cloud/action.yaml b/.github/actions/cleanup-cloud/action.yaml new file mode 100644 index 00000000..82570e00 --- /dev/null +++ b/.github/actions/cleanup-cloud/action.yaml @@ -0,0 +1,60 @@ +name: Cleanup AWS leftovers +description: Cleanup any AWS leftovers of e2e test +inputs: + cloud_provider: + required: true + description: The cloud provider name + service_name: + required: true + description: The full name of the service for filtering purposes + aws_role_arn: + required: true + description: The ARN of the AWS role to assume for cleanup + aws_region: + required: true + description: The AWS region to use for cleanup + azure_client_id: + required: true + description: The Azure client or application id to use for cleanup + azure_tenant_id: + required: true + description: The Azure tenant id to use for cleanup + azure_subscription_id: + required: true + description: The Azure subscription id to use for cleanup + +runs: + using: composite + steps: + - name: Configure AWS credentials + if: inputs.cloud_provider == 'aws' + id: aws-auth + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ inputs.aws_role_arn }} + aws-region: ${{ inputs.aws_region }} + + - name: Cleanup AWS + if: inputs.cloud_provider == 'aws' + shell: bash + env: + AWS_REGION: ${{ inputs.aws_region }} + SERVICE_NAME: ${{ inputs.service_name }} + run: | + ./.github/actions/cleanup-cloud/cleanup-aws.sh + + - name: Azure CLI Login + if: inputs.cloud_provider == 'azure' + uses: azure/login@v2 + with: + client-id: ${{ inputs.azure_client_id }} + tenant-id: ${{ inputs.azure_tenant_id }} + subscription-id: ${{ inputs.azure_subscription_id }} + + - name: Cleanup Azure + if: inputs.cloud_provider == 'azure' + shell: bash + env: + SERVICE_NAME: ${{ inputs.service_name }} + run: | + ./.github/actions/cleanup-cloud/cleanup-azure.sh diff --git a/.github/actions/cleanup-aws/cleanup.sh b/.github/actions/cleanup-cloud/cleanup-aws.sh similarity index 100% rename from .github/actions/cleanup-aws/cleanup.sh rename to .github/actions/cleanup-cloud/cleanup-aws.sh diff --git a/.github/actions/cleanup-azure/cleanup.sh b/.github/actions/cleanup-cloud/cleanup-azure.sh similarity index 100% rename from .github/actions/cleanup-azure/cleanup.sh rename to .github/actions/cleanup-cloud/cleanup-azure.sh diff --git a/.github/actions/generate-service-name/action.yaml b/.github/actions/generate-service-name/action.yaml new file mode 100644 index 00000000..0cb32e62 --- /dev/null +++ b/.github/actions/generate-service-name/action.yaml @@ -0,0 +1,46 @@ +name: Generate service name +description: Returns the service name to use for tests +inputs: + test_type: + required: true + description: The test name. e.g. e2e, upd + test_name: + required: true + description: The test name e.g. the name of the folder inside the examples dir + tf_release: + required: true + description: The terraform cli version + cloud_provider: + required: true + description: The cloud provider name + token: + required: true + description: Random token to append to service name + +outputs: + service_name: + description: The generated service name + value: ${{steps.generate.outputs.service_name}} + +runs: + using: composite + steps: + - name: Generate + shell: bash + id: generate + env: + cloud_provider: ${{ inputs.cloud_provider }} + test_type: ${{ inputs.test_type }} + test_name: ${{ inputs.test_name }} + tf_release: ${{ inputs.tf_release }} + token: ${{ inputs.token }} + run: | + prefix="[${test_type}]" + + if [[ "${cloud_provider}" == "azure" ]]; then + prefix="${test_type}" + fi + + service_name="${prefix}-${test_name}-${{ inputs.tf_release }}-${cloud_provider}-${token}" + echo "service_name=${service_name}" + echo "service_name=${service_name}" >> "${GITHUB_OUTPUT}" diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index b3f48b71..36dc8141 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -5,49 +5,49 @@ on: inputs: api_env: type: choice - default: "Production" + default: Production options: - Production - Staging - Development - Custom - description: "What API ENV to use as backend." + description: What API ENV to use as backend. api_url: type: string default: "" - description: "(Optional) Full URL of the API service to use when API Env is 'Custom'" + description: (Optional) Full URL of the API service to use when API Env is 'Custom' organization_id: type: string default: "" - description: "(Optional) Organization ID to use when API Env is 'Custom'" + description: (Optional) Organization ID to use when API Env is 'Custom' api_key_id: type: string default: "" - description: "(Optional) API Key ID to use when API Env is 'Custom'" + description: (Optional) API Key ID to use when API Env is 'Custom' api_key_secret: type: string default: "" - description: "(Optional) API Key secret to use when API Env is 'Custom'" + description: (Optional) API Key secret to use when API Env is 'Custom' aws_region: type: string default: "" - description: "(Optional) AWS region to run tests in when API Env is 'Custom'" + description: (Optional) AWS region to run tests in when API Env is 'Custom' azure_region: type: string default: "" - description: "(Optional) Azure region to run tests in when API Env is 'Custom'" + description: (Optional) Azure region to run tests in when API Env is 'Custom' gcp_region: type: string default: "" - description: "(Optional) GCP region to run tests in when API Env is 'Custom'" + description: (Optional) GCP region to run tests in when API Env is 'Custom' run_upgrade_test: type: boolean default: false - description: "If checked, additionally create service using latest stable version, then upgrade to the current version" + description: If checked, additionally create service using latest stable version, then upgrade to the current version upgrade_from: type: string default: "" - description: "What version to test upgrade from. Including leading 'v'. Example 'v2.3.0'. Defaults to latest stable release." + description: What version to test upgrade from. Including leading 'v'. Example 'v2.3.0'. Defaults to latest stable release. schedule: - cron: "0 7 * * *" @@ -59,16 +59,16 @@ jobs: # Generate a random token to tag the tests with token: outputs: - token: ${{ steps.generate.outputs.token }} + token: ${{ steps.generate_token.outputs.token }} runs-on: k8s-nano steps: - - name: Generate - id: generate + - name: Generate token + id: generate_token run: | # Number of seconds since January first 2025. token=$(( $(date +%s) - $(date -d "Jan 1, 2025 00:00:00" +%s) )) echo "token=${token}" - echo "token=${token}" >> $GITHUB_OUTPUT + echo "token=${token}" >> "${GITHUB_OUTPUT}" # Find the most recent release of terraform CLI find-tf-releases: @@ -79,7 +79,8 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - uses: ./.github/actions/find-tf-releases + - name: Find TF releases + uses: ./.github/actions/find-tf-releases id: find with: count: '3' @@ -92,10 +93,11 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - uses: ./.github/actions/list-examples + - name: List Examples + uses: ./.github/actions/list-examples id: list with: - ignore: 'pci' + ignore: pci # Run e2e tests e2e: @@ -119,10 +121,15 @@ jobs: with: fetch-depth: 0 - - name: Generate test name - id: name - run: | - echo "test_name=[e2e]-${{ matrix.test.name }}-${{ matrix.tf_release }}-${{ matrix.test.cloud }}-${{ needs.token.outputs.token }}" >> $GITHUB_OUTPUT + - name: Generate service name + uses: ./.github/actions/generate-service-name + id: service_name + with: + test_type: e2e + test_name: ${{ matrix.test.name }} + tf_release: ${{ matrix.tf_release }} + cloud_provider: ${{ matrix.test.cloud }} + token: ${{ needs.token.outputs.token }} - name: Get API details for env id: credentials @@ -141,7 +148,7 @@ jobs: run: | bash ./.github/scripts/set_api_env.sh ${{ matrix.test.cloud }} - - name: e2e + - name: E2E id: e2e uses: ./.github/actions/e2e with: @@ -149,7 +156,7 @@ jobs: organization_id: ${{ steps.credentials.outputs.organization_id }} token_key: ${{ steps.credentials.outputs.api_key_id }} token_secret: ${{ steps.credentials.outputs.api_key_secret }} - service_name: ${{steps.name.outputs.test_name}} + service_name: ${{steps.service_name.outputs.service_name}} test_name: ${{ matrix.test.name }} tf_release: ${{ matrix.tf_release }} cloud_provider: ${{ matrix.test.cloud }} @@ -161,19 +168,14 @@ jobs: azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Cleanup AWS - if: ${{ always() && matrix.test.cloud == 'aws' }} - uses: ./.github/actions/cleanup-aws + - name: Cleanup Cloud + if: always() + uses: ./.github/actions/cleanup-cloud with: - service_name: ${{steps.name.outputs.test_name}} + cloud_provider: ${{ matrix.test.cloud }} + service_name: ${{steps.service_name.outputs.service_name}} aws_region: ${{ steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} - - - name: Cleanup Azure - if: ${{ always() && matrix.test.cloud == 'azure' }} - uses: ./.github/actions/cleanup-azure - with: - service_name: ${{steps.name.outputs.test_name}} azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} @@ -182,7 +184,7 @@ jobs: id: status if: failure() run: | - echo "status=failure" >> $GITHUB_OUTPUT + echo "status=failure" >> "${GITHUB_OUTPUT}" exit 1 upgrade: @@ -204,10 +206,16 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Generate test name - id: name - run: | - echo "test_name=[upg]-${{ matrix.test.name }}-${{ matrix.tf_release }}-${{ matrix.test.cloud }}-${{ needs.token.outputs.token }}" >> $GITHUB_OUTPUT + + - name: Generate service name + uses: ./.github/actions/generate-service-name + id: service_name + with: + test_type: upg + test_name: ${{ matrix.test.name }} + tf_release: ${{ matrix.tf_release }} + cloud_provider: ${{ matrix.test.cloud }} + token: ${{ needs.token.outputs.token }} - name: Get API details for env id: credentials @@ -235,7 +243,7 @@ jobs: organization_id: ${{ steps.credentials.outputs.organization_id }} token_key: ${{ steps.credentials.outputs.api_key_id }} token_secret: ${{ steps.credentials.outputs.api_key_secret }} - service_name: ${{steps.name.outputs.test_name}} + service_name: ${{steps.service_name.outputs.service_name}} test_name: ${{ matrix.test.name }} tf_release: ${{ matrix.tf_release }} cloud_provider: ${{ matrix.test.cloud }} @@ -245,19 +253,23 @@ jobs: region: ${{ contains(fromJSON('["hipaa", "pci"]'), matrix.test.name) && steps.credentials.outputs.compliance_region || steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} - - name: Cleanup - if: ${{ always() && matrix.test.cloud == 'aws' }} - uses: ./.github/actions/cleanup-aws + - name: Cleanup Cloud + if: always() + uses: ./.github/actions/cleanup-cloud with: - service_name: ${{steps.name.outputs.test_name}} + cloud_provider: ${{ matrix.test.cloud }} + service_name: ${{steps.service_name.outputs.service_name}} aws_region: ${{ steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Mark error id: status if: failure() run: | - echo "status=failure" >> $GITHUB_OUTPUT + echo "status=failure" >> "${GITHUB_OUTPUT}" exit 1 report: @@ -309,7 +321,7 @@ jobs: gcp_region: "${{ inputs.gcp_region }}" run: | bash ./.github/scripts/set_api_env.sh - - name: Cleanup + - name: Cleanup ClickHouse uses: ./.github/actions/cleanup-clickhouse with: api_url: ${{ steps.credentials.outputs.api_url }} diff --git a/.github/workflows/import.yaml b/.github/workflows/import.yaml index 54bfb63e..6aca1ffc 100644 --- a/.github/workflows/import.yaml +++ b/.github/workflows/import.yaml @@ -5,29 +5,29 @@ on: inputs: api_env: type: choice - default: "Production" + default: Production options: - Production - Staging - Development - Custom - description: "What API ENV to use as backend." + description: What API ENV to use as backend. api_url: type: string default: "" - description: "(Optional) Full URL of the API service to use when API Env is 'Custom'" + description: (Optional) Full URL of the API service to use when API Env is 'Custom' organization_id: type: string default: "" - description: "(Optional) Organization ID to use when API Env is 'Custom'" + description: (Optional) Organization ID to use when API Env is 'Custom' api_key_id: type: string default: "" - description: "(Optional) API Key ID to use when API Env is 'Custom'" + description: (Optional) API Key ID to use when API Env is 'Custom' api_key_secret: type: string default: "" - description: "(Optional) API Key secret to use when API Env is 'Custom'" + description: (Optional) API Key secret to use when API Env is 'Custom' defaults: run: @@ -54,7 +54,9 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - uses: ./.github/actions/find-tf-releases + + - name: Find TF releases + uses: ./.github/actions/find-tf-releases id: find with: count: '1' @@ -94,7 +96,7 @@ jobs: run: | bash ./.github/scripts/set_api_env.sh ${{ matrix.cloud_provider }} - - name: import + - name: Import id: import uses: ./.github/actions/import with: @@ -148,7 +150,7 @@ jobs: api_key_secret: "${{ inputs.api_key_secret }}" run: | bash ./.github/scripts/set_api_env.sh - - name: cleanup + - name: Cleanup ClickHouse uses: ./.github/actions/cleanup-clickhouse with: api_url: ${{ steps.credentials.outputs.api_url }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b5cf38cd..1e81670b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -49,8 +49,8 @@ jobs: exit 1 fi - echo "enable_alpha=${enable_alpha}" >> $GITHUB_OUTPUT - echo "goreleaser_config=${goreleaser_config}" >> $GITHUB_OUTPUT + echo "enable_alpha=${enable_alpha}" >> "${GITHUB_OUTPUT}" + echo "goreleaser_config=${goreleaser_config}" >> "${GITHUB_OUTPUT}" # Generate a random token to tag the tests with token: @@ -64,7 +64,7 @@ jobs: run: | # Number of seconds since January first 2025. token=$(( $(date +%s) - $(date -d "Jan 1, 2025 00:00:00" +%s) )) - echo "token=${token}" >> $GITHUB_OUTPUT + echo "token=${token}" >> "${GITHUB_OUTPUT}" # Find the 3 most recent releases of terraform CLI (one for each minor) find-tf-releases: @@ -75,7 +75,9 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - uses: ./.github/actions/find-tf-releases + + - name: Find TF releases + uses: ./.github/actions/find-tf-releases id: find # List examples split by cloud provider as a JSON @@ -87,10 +89,11 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + - uses: ./.github/actions/list-examples id: list with: - ignore: 'pci' + ignore: pci # Run e2e tests e2e: @@ -113,6 +116,16 @@ jobs: with: fetch-depth: 0 + - name: Generate service name + uses: ./.github/actions/generate-service-name + id: service_name + with: + test_type: e2e + test_name: ${{ matrix.test.name }} + tf_release: ${{ matrix.tf_release }} + cloud_provider: ${{ matrix.test.cloud }} + token: ${{ needs.token.outputs.token }} + - name: Get API details for env id: credentials env: @@ -123,7 +136,7 @@ jobs: run: | bash ./.github/scripts/set_api_env.sh ${{ matrix.test.cloud }} - - name: e2e + - name: E2E uses: ./.github/actions/e2e with: api_url: ${{ steps.credentials.outputs.api_url }} @@ -138,19 +151,23 @@ jobs: region: ${{ contains(fromJSON('["hipaa", "pci"]'), matrix.test.name) && steps.credentials.outputs.compliance_region || steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} - - name: cleanup - if: ${{ always() && matrix.test.cloud == 'aws' }} - uses: ./.github/actions/cleanup-aws + - name: Cleanup Cloud + if: always() + uses: ./.github/actions/cleanup-cloud with: - service_name: "[e2e]-${{ matrix.test.name }}-${{ matrix.tf_release }}-${{ matrix.test.cloud }}-${{ needs.token.outputs.token }}" + cloud_provider: ${{ matrix.test.cloud }} + service_name: ${{steps.service_name.outputs.service_name}} aws_region: ${{ steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Mark error id: status if: failure() run: | - echo "status=failure" >> $GITHUB_OUTPUT + echo "status=failure" >> "${GITHUB_OUTPUT}" exit 1 # Run e2e tests @@ -174,6 +191,16 @@ jobs: with: fetch-depth: 0 + - name: Generate service name + uses: ./.github/actions/generate-service-name + id: service_name + with: + test_type: upg + test_name: ${{ matrix.test.name }} + tf_release: ${{ matrix.tf_release }} + cloud_provider: ${{ matrix.test.cloud }} + token: ${{ needs.token.outputs.token }} + - name: Get API details for env id: credentials env: @@ -184,7 +211,7 @@ jobs: run: | bash ./.github/scripts/set_api_env.sh ${{ matrix.test.cloud }} - - name: upgrade + - name: Upgrade if: ${{inputs.test_upgrade }} uses: ./.github/actions/e2e with: @@ -200,19 +227,23 @@ jobs: region: ${{ contains(fromJSON('["hipaa", "pci"]'), matrix.test.name) && steps.credentials.outputs.compliance_region || steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} - - name: cleanup - if: ${{ always() && matrix.test.cloud == 'aws' }} - uses: ./.github/actions/cleanup-aws + - name: Cleanup Cloud + if: always() + uses: ./.github/actions/cleanup-cloud with: - service_name: "[upg]-${{ matrix.test.name }}-${{ matrix.tf_release }}-${{ matrix.test.cloud }}-${{ needs.token.outputs.token }}" + cloud_provider: ${{ matrix.test.cloud }} + service_name: ${{steps.service_name.outputs.service_name}} aws_region: ${{ steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Mark error id: status if: failure() run: | - echo "status=failure" >> $GITHUB_OUTPUT + echo "status=failure" >> "${GITHUB_OUTPUT}" exit 1 # Run import tests @@ -246,7 +277,7 @@ jobs: run: | bash ./.github/scripts/set_api_env.sh ${{ matrix.cloud_provider }} - - name: import + - name: Import id: import uses: ./.github/actions/import with: @@ -263,7 +294,7 @@ jobs: id: status if: failure() run: | - echo "status=failure" >> $GITHUB_OUTPUT + echo "status=failure" >> "${GITHUB_OUTPUT}" exit 1 report: @@ -294,6 +325,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + - name: Get API details for env id: credentials env: @@ -302,8 +334,9 @@ jobs: api_env_staging: "${{ secrets.API_ENV_STAGING }}" api_env_development: "${{ secrets.API_ENV_DEVELOPMENT }}" run: | - bash ./.github/scripts/set_api_env.sh ${{ matrix.cloud_provider }} - - name: cleanup + bash ./.github/scripts/set_api_env.sh + + - name: Cleanup ClickHouse uses: ./.github/actions/cleanup-clickhouse with: api_url: ${{ steps.credentials.outputs.api_url }} diff --git a/examples/full/private_endpoint/azure/azure.tf b/examples/full/private_endpoint/azure/azure.tf index f0c6bb8f..e3543b9f 100644 --- a/examples/full/private_endpoint/azure/azure.tf +++ b/examples/full/private_endpoint/azure/azure.tf @@ -14,21 +14,19 @@ provider "azurerm" { } locals { - service_name_parsed = replace(replace(var.service_name, "[", "("), "]", ")") - tags = { - Name = local.service_name_parsed + Name = var.service_name } } resource "azurerm_resource_group" "this" { - name = local.service_name_parsed + name = var.service_name location = var.location tags = local.tags } resource "azurerm_virtual_network" "this" { - name = local.service_name_parsed + name = var.service_name address_space = ["10.0.0.0/16"] location = var.location resource_group_name = azurerm_resource_group.this.name @@ -36,30 +34,30 @@ resource "azurerm_virtual_network" "this" { } resource "azurerm_subnet" "this" { - name = local.service_name_parsed + name = var.service_name resource_group_name = azurerm_resource_group.this.name virtual_network_name = azurerm_virtual_network.this.name address_prefixes = ["10.0.1.0/24"] } resource "azurerm_private_endpoint" "this" { - name = local.service_name_parsed + name = var.service_name location = var.location resource_group_name = azurerm_resource_group.this.name subnet_id = azurerm_subnet.this.id private_service_connection { - name = local.service_name_parsed + name = var.service_name private_connection_resource_alias = clickhouse_service.this.private_endpoint_config.endpoint_service_id is_manual_connection = true - request_message = "clickhouse-${local.service_name_parsed}" + request_message = "clickhouse-${var.service_name}" } tags = local.tags } resource "azurerm_network_security_group" "this" { - name = local.service_name_parsed + name = var.service_name location = var.location resource_group_name = azurerm_resource_group.this.name tags = local.tags @@ -71,8 +69,8 @@ resource "azurerm_subnet_network_security_group_association" "this" { } resource "azurerm_network_security_rule" "this" { - name = local.service_name_parsed - description = "Allow subnet to ${local.service_name_parsed}" + name = var.service_name + description = "Allow subnet to ${var.service_name}" priority = 100 direction = "Inbound" access = "Allow" From 283015368a9cc97631269cff26ac1dbbad25f89c Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Wed, 10 Sep 2025 15:52:26 +0100 Subject: [PATCH 14/20] add missing creds --- .github/workflows/e2e.yaml | 6 ++++++ .github/workflows/release.yaml | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 36dc8141..f18c7bc5 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -192,6 +192,7 @@ jobs: status: ${{ steps.status.outputs.status }} needs: [ "token", "find-tf-releases", "list-examples" ] runs-on: k8s-large + environment: default continue-on-error: true permissions: id-token: write @@ -252,6 +253,9 @@ jobs: skip_build: "false" region: ${{ contains(fromJSON('["hipaa", "pci"]'), matrix.test.name) && steps.credentials.outputs.compliance_region || steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Cleanup Cloud if: always() @@ -305,6 +309,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + - name: Get API details for env id: credentials env: @@ -321,6 +326,7 @@ jobs: gcp_region: "${{ inputs.gcp_region }}" run: | bash ./.github/scripts/set_api_env.sh + - name: Cleanup ClickHouse uses: ./.github/actions/cleanup-clickhouse with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1e81670b..eb155fc4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -101,6 +101,7 @@ jobs: status: ${{ steps.status.outputs.status }} needs: [ "validate", "token", "find-tf-releases", "list-examples" ] runs-on: k8s-large + environment: default continue-on-error: true permissions: id-token: write @@ -150,6 +151,9 @@ jobs: upgrade_test: "false" region: ${{ contains(fromJSON('["hipaa", "pci"]'), matrix.test.name) && steps.credentials.outputs.compliance_region || steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Cleanup Cloud if: always() @@ -176,6 +180,7 @@ jobs: status: ${{ steps.status.outputs.status }} needs: [ "validate", "token", "find-tf-releases", "list-examples" ] runs-on: k8s-large + environment: default continue-on-error: true permissions: id-token: write @@ -226,6 +231,9 @@ jobs: upgrade_test: "true" region: ${{ contains(fromJSON('["hipaa", "pci"]'), matrix.test.name) && steps.credentials.outputs.compliance_region || steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }} + azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Cleanup Cloud if: always() From ac9942c087fe2604f4ca40a2fbf0aeafb5f8bf34 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Wed, 10 Sep 2025 16:32:34 +0100 Subject: [PATCH 15/20] fix test --- .github/actions/cleanup-cloud/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/cleanup-cloud/action.yaml b/.github/actions/cleanup-cloud/action.yaml index 82570e00..be932822 100644 --- a/.github/actions/cleanup-cloud/action.yaml +++ b/.github/actions/cleanup-cloud/action.yaml @@ -1,5 +1,5 @@ -name: Cleanup AWS leftovers -description: Cleanup any AWS leftovers of e2e test +name: Cleanup CSP leftovers +description: Cleanup any CSP leftovers of e2e test inputs: cloud_provider: required: true From 3cd1f65f2514d2ef51bea5cee453895f8826596c Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Wed, 10 Sep 2025 16:37:12 +0100 Subject: [PATCH 16/20] update readme --- examples/full/private_endpoint/azure/README.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/examples/full/private_endpoint/azure/README.md b/examples/full/private_endpoint/azure/README.md index 656372d7..035acffb 100644 --- a/examples/full/private_endpoint/azure/README.md +++ b/examples/full/private_endpoint/azure/README.md @@ -2,11 +2,6 @@ Tested with HashiCorp/AWS v5.63.0 Terraform provider. -The Terraform code deploys following resources: - -- 1 Azure PrivateLink endpoint with security groups: pl_vpc_foo -- 1 ClickHouse service: red - The ClickHouse service is available from the subnet, access from the internet is blocked. ## How to run @@ -14,9 +9,3 @@ The ClickHouse service is available from the subnet, access from the internet is - Rename `variables.tfvars.sample` to `variables.tfvars` and fill in all needed data. - Run `terraform init` - Run `terraform -var-file=variables.tfvars` - -## Needed Azure permissions - -To run this example, the Azure user you provide credentials for needs the following permissions: - -TODO From 4da78e1518a395ef4fed9ee44fda52d1654f3603 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Wed, 10 Sep 2025 16:41:27 +0100 Subject: [PATCH 17/20] add condition for debug mode --- .github/actions/e2e/action.yaml | 12 ++++++--- .github/actions/import/action.yaml | 42 +++++++++++++++++------------- 2 files changed, 33 insertions(+), 21 deletions(-) diff --git a/.github/actions/e2e/action.yaml b/.github/actions/e2e/action.yaml index 377642bb..4485f53e 100644 --- a/.github/actions/e2e/action.yaml +++ b/.github/actions/e2e/action.yaml @@ -188,7 +188,9 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - export TF_LOG=debug + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + export TF_LOG=debug + fi terraform init -input=false terraform plan -no-color -var-file=variables.tfvars @@ -229,7 +231,9 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - export TF_LOG=debug + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + export TF_LOG=debug + fi terraform init -input=false -upgrade terraform plan -no-color -var-file=variables.tfvars @@ -251,7 +255,9 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - export TF_LOG=debug + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + export TF_LOG=debug + fi terraform destroy -no-color -auto-approve -var-file=variables.tfvars diff --git a/.github/actions/import/action.yaml b/.github/actions/import/action.yaml index 4c46d95d..8e2f18e8 100644 --- a/.github/actions/import/action.yaml +++ b/.github/actions/import/action.yaml @@ -36,7 +36,7 @@ runs: - name: Setup go uses: actions/setup-go@v5 with: - go-version-file: 'go.mod' + go-version-file: "go.mod" cache: true - name: Install terraform @@ -53,7 +53,7 @@ runs: name: Set env variables run: | echo "::group::Setting env variables" - + cat <tests/import/${{ inputs.resource_type }}/variables.tfvars organization_id = "${{ inputs.organization_id }}" token_key = "${{ inputs.token_key }}" @@ -61,20 +61,20 @@ runs: cloud_provider = "${{ inputs.cloud_provider }}" region = "${{ inputs.region }}" EOF - + if [ "${{ inputs.resource_type }}" == "service" ] then cat <>tests/import/${{ inputs.resource_type }}/variables.tfvars service_name = "${{ inputs.resource_name }}" EOF fi - + echo "::endgroup::" - shell: bash name: Build provider from branch and create terraformrc to use it run: | - git checkout ${{ github.ref }} + git checkout ${{ github.ref }} echo "::group::Build provider from branch and create terraformrc to use it" go get go build -o terraform-provider-clickhouse -ldflags='-X github.com/ClickHouse/terraform-provider-clickhouse/pkg/project.version=e2e -X github.com/ClickHouse/terraform-provider-clickhouse/pkg/project.commit=${{ github.sha }}' @@ -95,24 +95,26 @@ runs: run: | echo "::group::Create the resource" cd "tests/import/${{ inputs.resource_type }}" - + if [ "${{inputs.api_url}}" != "" ] then export CLICKHOUSE_API_URL="${{inputs.api_url}}" echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - - export TF_LOG=debug - + + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + export TF_LOG=debug + fi + terraform init -input=false -upgrade terraform apply -no-color -var-file=variables.tfvars -auto-approve - + id="$(cat terraform.tfstate | jq '.resources[0].instances[0].attributes.id')" echo "id=${id}" >> "$GITHUB_OUTPUT" - + # Ensure there is no state file rm terraform.tfstate - + echo "::endgroup::" - shell: bash @@ -127,8 +129,10 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - export TF_LOG=debug - + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + export TF_LOG=debug + fi + terraform init -input=false -upgrade terraform import -no-color -var-file=variables.tfvars clickhouse_${{ inputs.resource_type }}.import ${{ steps.apply.outputs.id }} echo "::endgroup::" @@ -138,14 +142,16 @@ runs: run: | echo "::group::Run terraform destroy" cd "tests/import/${{ inputs.resource_type }}" - + if [ "${{inputs.api_url}}" != "" ] then export CLICKHOUSE_API_URL="${{inputs.api_url}}" echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - - export TF_LOG=debug - + + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + export TF_LOG=debug + fi + terraform destroy -no-color -auto-approve -var-file=variables.tfvars echo "::endgroup::" From 1048acf6b9193b2988b4f423fdb660245de382bd Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Wed, 10 Sep 2025 17:13:23 +0100 Subject: [PATCH 18/20] fix syntax --- .github/actions/e2e/action.yaml | 6 +++--- .github/actions/import/action.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/actions/e2e/action.yaml b/.github/actions/e2e/action.yaml index 4485f53e..ff0769de 100644 --- a/.github/actions/e2e/action.yaml +++ b/.github/actions/e2e/action.yaml @@ -188,7 +188,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi @@ -231,7 +231,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi @@ -255,7 +255,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi diff --git a/.github/actions/import/action.yaml b/.github/actions/import/action.yaml index 8e2f18e8..b88d731a 100644 --- a/.github/actions/import/action.yaml +++ b/.github/actions/import/action.yaml @@ -102,7 +102,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi @@ -129,7 +129,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi @@ -149,7 +149,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true "]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true "]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi From d9e80b812f961a10bbfaf7f97719a3a35f7a5328 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Wed, 10 Sep 2025 17:26:15 +0100 Subject: [PATCH 19/20] move script to file --- .github/actions/import/action.yaml | 19 ++++--------------- .github/actions/import/import.sh | 23 +++++++++++++++++++++++ 2 files changed, 27 insertions(+), 15 deletions(-) create mode 100755 .github/actions/import/import.sh diff --git a/.github/actions/import/action.yaml b/.github/actions/import/action.yaml index b88d731a..ec6c0b6d 100644 --- a/.github/actions/import/action.yaml +++ b/.github/actions/import/action.yaml @@ -139,19 +139,8 @@ runs: - shell: bash name: Terraform destroy + env: + resource_type: ${{ inputs.resource_type }} + api_url: ${{inputs.api_url}} run: | - echo "::group::Run terraform destroy" - cd "tests/import/${{ inputs.resource_type }}" - - if [ "${{inputs.api_url}}" != "" ] - then - export CLICKHOUSE_API_URL="${{inputs.api_url}}" - echo "Using '$CLICKHOUSE_API_URL' as API URL" - fi - - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then - export TF_LOG=debug - fi - - terraform destroy -no-color -auto-approve -var-file=variables.tfvars - echo "::endgroup::" + ./.github/actions/import/import.sh diff --git a/.github/actions/import/import.sh b/.github/actions/import/import.sh new file mode 100755 index 00000000..a9d9b2ac --- /dev/null +++ b/.github/actions/import/import.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -euo pipefail + +RESOURCE_TYPE="${RESOURCE_TYPE:?"RESOURCE_TYPE cannot be empty"}" +API_URL="${API_URL:?"API_URL cannot be empty"}" + +echo "::group::Run terraform destroy" + +cd "tests/import/${RESOURCE_TYPE}" + +if [ "${API_URL}" != "" ]; then + export CLICKHOUSE_API_URL="${API_URL}" + echo "Using '$CLICKHOUSE_API_URL' as API URL" +fi + +if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true" ]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then + export TF_LOG="debug" +fi + +terraform destroy -no-color -auto-approve -var-file=variables.tfvars + +echo "::endgroup::" From 9c48321d3c57509c1dab71ce739232610a036bf3 Mon Sep 17 00:00:00 2001 From: Gabriel Martinez Date: Wed, 10 Sep 2025 17:29:34 +0100 Subject: [PATCH 20/20] fix typo --- .github/actions/e2e/action.yaml | 6 +++--- .github/actions/import/action.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/actions/e2e/action.yaml b/.github/actions/e2e/action.yaml index ff0769de..6649778c 100644 --- a/.github/actions/e2e/action.yaml +++ b/.github/actions/e2e/action.yaml @@ -188,7 +188,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true" ]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi @@ -231,7 +231,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true" ]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi @@ -255,7 +255,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true" ]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi diff --git a/.github/actions/import/action.yaml b/.github/actions/import/action.yaml index ec6c0b6d..747a21d2 100644 --- a/.github/actions/import/action.yaml +++ b/.github/actions/import/action.yaml @@ -102,7 +102,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true" ]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi @@ -129,7 +129,7 @@ runs: echo "Using '$CLICKHOUSE_API_URL' as API URL" fi - if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true"]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then + if [[ "${ACTIONS_RUNNER_DEBUG:-}" == "true" ]] || [[ "${ACTIONS_STEP_DEBUG:-}" == "true" ]]; then export TF_LOG=debug fi