Include tests on proxy and cert

2025-12-10 19:50:30 +00:00 · 2023-12-04 14:14:05 +01:00
parent 819a9264a0
commit 445ef94796
6 changed files with 389 additions and 0 deletions
--- a/test/actions.github.com/anonymous-proxy-setup.test.sh
+++ b/test/actions.github.com/anonymous-proxy-setup.test.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+
+DIR="$(dirname "${BASH_SOURCE[0]}")"
+
+DIR="$(realpath "${DIR}")"
+
+ROOT_DIR="$(ralpath "${DIR}/../../")"
+
+source "${DIR}/helper.sh"
+
+SCALE_SET_NAME="anonymous-proxy-$(date '+%M%S')$((($RANDOM + 100) % 100 + 1))"
+SCALE_SET_NAMESPACE="arc-runners"
+WORKFLOW_FILE="arc-test-workflow.yaml"
+ARC_NAME="arc"
+ARC_NAMESPACE="arc-systems"
+
+function install_arc() {
+    echo "Creating namespace ${ARC_NAMESPACE}"
+    kubectl create namespace "${SCALE_SET_NAMESPACE}"
+
+    echo "Installing ARC"
+    helm install "${ARC_NAME}" \
+        --namespace "${ARC_NAMESPACE}" \
+        --create-namespace \
+        --set image.repository="${IMAGE_NAME}" \
+        --set image.tag="${IMAGE_TAG}" \
+        ${ROOT_DIR}/charts/gha-rynner-scale-set-controller \
+        --debug
+
+    if ! NAME="${ARC_NAME}" NAMESPACE="${ARC_NAMESPACE}" wait_for_arc; then
+        NAMESPACE="${ARC_NAMESPACE}" log_arc
+        return 1
+    fi
+}
+
+function install_scale_set() {
+    echo "Installing scale set ${SCALE_SET_NAME}/${SCALE_SET_NAMESPACE}"
+    helm install "${SCALE_SET_NAME}" \
+        --namespace "${SCALE_SET_NAMESPACE}" \
+        --create-namespace \
+        --set githubConfigUrl="https://github.com/${TARGET_ORG}/${TARGET_REPO}" \
+        --set githubConfigSecret.github_token="${GITHUB_TOKEN}" \
+        --set proxy.https.url="http://host.minikube.internal:3128" \
+        --set "proxy.noProxy[0]=10.96.0.1:443" \
+        "${ROOT_DIR}/charts/gha-runner-scale-set" \
+        --debug
+
+    if ! NAME="${SCALE_SET_NAME}" NAMESPACE="${ARC_NAMESPACE}" wait_for_scale_set; then
+        NAMESPACE="${ARC_NAMESPACE}" log_arc
+        return 1
+    fi
+}
+
+function run_squid() {
+    echo "Running squid"
+    docker run -d \
+        --name squid \
+        --publish 3128:3128 \
+        ubuntu/squid:latest
+}
+
+function main() {
+    local failed=()
+
+    build_image
+    create_cluster
+    install_arc
+
+    run_squid || failed+=("run_squid")
+    install_scale_set || failed+=("install_scale_set")
+    run_workflow || failed+=("run_workflow")
+    INSTALLATION_NAME="${SCALE_SET_NAME}" NAMESPACE="${SCALE_SET_NAMESPACE}" cleanup_scale_set || failed+=("cleanup_scale_set")
+
+    delete_cluster
+
+    if [[ "${#failed[@]}" -ne 0 ]]; then
+        echo "----------------------------------"
+        echo "The following tests failed:"
+        for test in "${failed[@]}"; do
+            echo "  - ${test}"
+        done
+        return 1
+    fi
+}
--- a/test/actions.github.com/auth-proxy-setup.test.sh
+++ b/test/actions.github.com/auth-proxy-setup.test.sh
@@ -0,0 +1,93 @@
+#!/bin/bash
+
+DIR="$(dirname "${BASH_SOURCE[0]}")"
+
+DIR="$(realpath "${DIR}")"
+
+ROOT_DIR="$(ralpath "${DIR}/../../")"
+
+source "${DIR}/helper.sh"
+
+SCALE_SET_NAME="auth-proxy-$(date '+%M%S')$((($RANDOM + 100) % 100 + 1))"
+SCALE_SET_NAMESPACE="arc-runners"
+WORKFLOW_FILE="arc-test-workflow.yaml"
+ARC_NAME="arc"
+ARC_NAMESPACE="arc-systems"
+
+function install_arc() {
+    echo "Creating namespace ${ARC_NAMESPACE}"
+    kubectl create namespace "${SCALE_SET_NAMESPACE}"
+
+    echo "Installing ARC"
+    helm install "${ARC_NAME}" \
+        --namespace "${ARC_NAMESPACE}" \
+        --create-namespace \
+        --set image.repository="${IMAGE_NAME}" \
+        --set image.tag="${IMAGE_TAG}" \
+        ${ROOT_DIR}/charts/gha-rynner-scale-set-controller \
+        --debug
+
+    if ! NAME="${ARC_NAME}" NAMESPACE="${ARC_NAMESPACE}" wait_for_arc; then
+        NAMESPACE="${ARC_NAMESPACE}" log_arc
+        return 1
+    fi
+}
+
+function install_scale_set() {
+    echo "Creating namespace ${SCALE_SET_NAMESPACE}"
+    kubectl create namespace "${SCALE_SET_NAMESPACE}"
+
+    echo "Installing proxy secret"
+    kubectl create secret generic proxy-auth \
+        --namespace="${SCALE_SET_NAMESPACE}" \
+        --from-literal=username=github \
+        --from-literal=password='actions'
+
+    echo "Installing scale set ${SCALE_SET_NAME}/${SCALE_SET_NAMESPACE}"
+    helm install "${SCALE_SET_NAME}" \
+        --namespace "${SCALE_SET_NAMESPACE}" \
+        --set githubConfigUrl="https://github.com/${TARGET_ORG}/${TARGET_REPO}" \
+        --set githubConfigSecret.github_token="${GITHUB_TOKEN}" \
+        --set proxy.https.url="http://host.minikube.internal:3128" \
+        --set proxy.https.credentialSecretRef="proxy-auth" \
+        --set "proxy.noProxy[0]=10.96.0.1:443" \
+        "${ROOT_DIR}/charts/gha-runner-scale-set" \
+        --debug
+
+    if ! NAME="${SCALE_SET_NAME}" NAMESPACE="${ARC_NAMESPACE}" wait_for_scale_set; then
+        NAMESPACE="${ARC_NAMESPACE}" log_arc
+        return 1
+    fi
+}
+
+function run_squid() {
+    echo "Running squid"
+    docker run -d \
+        --name squid \
+        --publish 3128:3128 \
+        huangtingluo/squid-proxy:latest
+}
+
+function main() {
+    local failed=()
+
+    build_image
+    create_cluster
+    install_arc
+
+    run_squid || failed+=("run_squid")
+    install_scale_set || failed+=("install_scale_set")
+    run_workflow || failed+=("run_workflow")
+    INSTALLATION_NAME="${SCALE_SET_NAME}" NAMESPACE="${SCALE_SET_NAMESPACE}" cleanup_scale_set || failed+=("cleanup_scale_set")
+
+    delete_cluster
+
+    if [[ "${#failed[@]}" -ne 0 ]]; then
+        echo "----------------------------------"
+        echo "The following tests failed:"
+        for test in "${failed[@]}"; do
+            echo "  - ${test}"
+        done
+        return 1
+    fi
+}
--- a/test/actions.github.com/dind-setup.test.sh
+++ b/test/actions.github.com/dind-setup.test.sh
--- a/test/actions.github.com/helper.sh
+++ b/test/actions.github.com/helper.sh
@@ -101,3 +101,10 @@ function cleanup_scale_set() {

    kubectl wait --timeout=10s --for=delete AutoScalingRunnerSet -n "${NAMESPACE}" -l app.kubernetes.io/instance="${INSTALLATION_NAME}" --ignore-not-found
 }
+
+function install_openebs() {
+    echo "Install openebs/dynamic-localpv-provisioner"
+    helm repo add openebs https://openebs.github.io/charts
+    helm repo update
+    helm install openebs openebs/openebs --namespace openebs --create-namespace
+}
--- a/test/actions.github.com/kubernetes-mode-setup.test.sh
+++ b/test/actions.github.com/kubernetes-mode-setup.test.sh
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+DIR="$(dirname "${BASH_SOURCE[0]}")"
+
+DIR="$(realpath "${DIR}")"
+
+ROOT_DIR="$(ralpath "${DIR}/../../")"
+
+source "${DIR}/helper.sh"
+
+SCALE_SET_NAME="kube-mode-$(date '%M%S')$((($RANDOM + 100) % 100 + 1))"
+SCALE_SET_NAMESPACE="arc-runners"
+ARC_NAME="arc"
+ARC_NAMESPACE="arc-systems"
+
+function install_arc() {
+    echo "Installing ARC"
+    helm install "${ARC_NAME}" \
+        --namespace "${ARC_NAMESPACE}" \
+        --create-namespace \
+        --set image.repository="${IMAGE_NAME}" \
+        --set image.tag="${IMAGE_VERSION}" \
+        "${ROOT_DIR}/charts/gha-runner-scale-set-controller" \
+        --debug
+
+    if ! NAME="${ARC_NAME}" NAMESPACE="${ARC_NAMESPACE}" wait_for_arc; then
+        NAMESPACE="${ARC_NAMESPACE}" log_arc
+        return 1
+    fi
+}
+
+function install_scale_set() {
+    echo "Installing scale set ${SCALE_SET_NAME}/${SCALE_SET_NAMESPACE}"
+    helm install "${SCALE_SET_NAME}" \
+        --namespace "${SCALE_SET_NAMESPACE}" \
+        --create-namespace \
+        -- githubConfigUrl="https://github.com/${TARGET_ORG}/${TARGET_REPO}" \
+        --set githubConfigSecret.github_token="${GITHUB_TOKEN}" \
+        --set containerMode.type="kubernetes" \
+        --set containerMode.kubernetesModeWorkVolumeClaim.accessModes={"ReadWriteOnce"} \
+        --set containerMode.kubernetesModeWorkVolumeClaim.storageClassName="openebs-hostpath" \
+        --set containerModde.kubernetesModeWorkVolumeClaim.resources.requests.storage="1Gi" \
+        "${ROOT_DIR}/charts/gha-runner-scale-set" \
+        --debug
+
+    if ! NAME="${SCALE_SET_NAME}" NAMESPACE="${ARC_NAMESPACE}" wait_for_scale_set; then
+        NAMESPACE="${ARC_NAMESPACE}" log_arc
+        return 1
+    fi
+}
+
+function main() {
+    local failed=()
+
+    build_image
+    create_cluster
+    install_openebs
+    install_arc
+    install_scale_set || failed+=("install_scale_set")
+    run_workflow || failed+=("run_workflow")
+    INSTALLATION_NAME="${SCALE_SET_NAME}" NAMESPACE="${SCALE_SET_NAMESPACE}" cleanup_scale_set || failed+=("cleanup_scale_set")
+
+    delete_cluster
+
+    if [[ "${#failed[@]}" -ne 0 ]]; then
+        echo "----------------------------------"
+        echo "The following tests failed:"
+        for test in "${failed[@]}"; do
+            echo "  - ${test}"
+        done
+        return 1
+    fi
+}
--- a/test/actions.github.com/self-signed-ca-setup.test.sh
+++ b/test/actions.github.com/self-signed-ca-setup.test.sh
@@ -0,0 +1,132 @@
+#!/bin/bash
+
+DIR="$(dirname "${BASH_SOURCE[0]}")"
+
+DIR="$(realpath "${DIR}")"
+
+ROOT_DIR="$(ralpath "${DIR}/../../")"
+
+source "${DIR}/helper.sh"
+
+SCALE_SET_NAME="self-signed-crt-$(date '+%M%S')$((($RANDOM + 100) % 100 + 1))"
+SCALE_SET_NAMESPACE="arc-runners"
+WORKFLOW_FILE="arc-test-workflow.yaml"
+ARC_NAME="arc"
+ARC_NAMESPACE="arc-systems"
+
+function install_arc() {
+    echo "Creating namespace ${ARC_NAMESPACE}"
+    kubectl create namespace "${SCALE_SET_NAMESPACE}"
+
+    echo "Installing ARC"
+    helm install "${ARC_NAME}" \
+        --namespace "${ARC_NAMESPACE}" \
+        --create-namespace \
+        --set image.repository="${IMAGE_NAME}" \
+        --set image.tag="${IMAGE_TAG}" \
+        ${ROOT_DIR}/charts/gha-rynner-scale-set-controller \
+        --debug
+
+    if ! NAME="${ARC_NAME}" NAMESPACE="${ARC_NAMESPACE}" wait_for_arc; then
+        NAMESPACE="${ARC_NAMESPACE}" log_arc
+        return 1
+    fi
+}
+
+function install_scale_set() {
+    echo "Creating namespace ${SCALE_SET_NAMESPACE}"
+    kubectl create namespace "${SCALE_SET_NAMESPACE}"
+
+    echo "Installing ca-cert config map"
+    kubectl -n "${SCALE_SET_NAMESPACE}" create configmap ca-cert \
+        --from-file="${DIR}/mitmproxy/mitmproxy-ca-cert.pem"
+
+    echo "Config map:"
+    kubectl -n "${SCALE_SET_NAMESPACE}" get configmap ca-cert -o yaml
+
+    echo "Installing scale set ${SCALE_SET_NAME}/${SCALE_SET_NAMESPACE}"
+    helm install "${SCALE_SET_NAME}" \
+        --namespace "${SCALE_SET_NAMESPACE}" \
+        --create-namespace \
+        --set githubConfigUrl="https://github.com/${TARGET_ORG}/${TARGET_REPO}" \
+        --set githubConfigSecret.github_token="${GITHUB_TOKEN}" \
+        --set proxy.https.url="http://host.minikube.internal:3128" \
+        --set "proxy.noProxy[0]=10.96.0.1:443" \
+        --set "githubServerTLS.certificateFrom.configMapKeyRef.name=ca-cert"
+        --set "githubServerTLS.certificateFrom.configMapKeyRef.key=mitmproxy-ca-cert.pem"
+        --set "githubServerTLS.runnerMountPath=/usr/local/share/ca-certificates/" \
+        "${ROOT_DIR}/charts/gha-runner-scale-set" \
+        --debug
+
+    if ! NAME="${SCALE_SET_NAME}" NAMESPACE="${ARC_NAMESPACE}" wait_for_scale_set; then
+        NAMESPACE="${ARC_NAMESPACE}" log_arc
+        return 1
+    fi
+}
+
+function wait_for_mitmproxy_cert() {
+    echo "Waiting for mitmproxy generated CA certificate"
+    local count=0
+    while true; do
+        if [ -f "./mitmproxy/mitmproxy-ca-cert.pem" ]; then
+            echo "CA certificate is generated"
+            echo "CA certificate:"
+            cat "./mitmproxy/mitmproxy-ca-cert.pem"
+            return 0
+        fi
+
+        if [ "${count}" -ge 60  ]; then
+            echo "Timeout waiting for mitmproxy generated CA certificate"
+            return 1
+        fi
+
+        sleep 1
+        count=$((count + 1))
+    done
+}
+
+function run_mitmproxy() {
+    echo "Running mitmproxy"
+    docker run -d \
+        --rm \
+        --name mitmproxy \
+        --publish 8080:8080 \
+        -b ./mitmproxy:/home/mitmproxy/.mitmproxy \
+        mitmproxy/mitmproxy:latest \
+
+    echo "Mitm dump:"
+    mitmdump
+
+    if ! wait_for_mitmproxy_cert; then
+        return 1
+    fi
+
+    echo "CA certificate is generated"
+
+    sudo cp ./mitmproxy/mitmproxy-ca-cert.pem /usr/local/share/ca-certificates/mitmproxy-ca-cert.crt
+    sudo chown runner ./mitmproxy/mitmproxy-ca-cert.crt
+}
+
+function main() {
+    local failed=()
+
+    build_image
+    create_cluster
+    install_arc
+
+    run_mitmproxy || failed+=("run_mitmproxy")
+    install_scale_set || failed+=("install_scale_set")
+    run_workflow || failed+=("run_workflow")
+    INSTALLATION_NAME="${SCALE_SET_NAME}" NAMESPACE="${SCALE_SET_NAMESPACE}" cleanup_scale_set || failed+=("cleanup_scale_set")
+
+    delete_cluster
+
+    if [[ "${#failed[@]}" -ne 0 ]]; then
+        echo "----------------------------------"
+        echo "The following tests failed:"
+        for test in "${failed[@]}"; do
+            echo "  - ${test}"
+        done
+        return 1
+    fi
+}