Test Nebari Provider #4568
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is only workflow that requires cloud credentials and therefore will not run on PRs coming from forks. | |
name: "Test Nebari Provider" | |
on: | |
schedule: | |
- cron: "0 3 * * *" | |
pull_request: | |
paths: | |
- ".github/workflows/test-provider.yaml" | |
- ".github/failed-workflow-issue-templates/test-provider.md" | |
- ".github/actions/publish-from-template" | |
- "tests/**" | |
- "scripts/**" | |
- "src/**" | |
- "pyproject.toml" | |
push: | |
branches: | |
- main | |
- develop | |
- release/\d{4}.\d{1,2}.\d{1,2} | |
paths: | |
- ".github/workflows/test-provider.yaml" | |
- "tests/**" | |
- "scripts/**" | |
- "src/**" | |
- "pyproject.toml" | |
workflow_call: | |
inputs: | |
pr_number: | |
required: true | |
type: string | |
jobs: | |
test-render-providers: | |
# Prevents the execution of this test under the following conditions: | |
# 1. When the 'NO_PROVIDER_CREDENTIALS' GitHub variable is set, indicating the absence of provider credentials. | |
# 2. For pull requests (PRs) originating from a fork, since GitHub does not provide the fork's credentials to the destination repository. | |
# ref. https://github.com/nebari-dev/nebari/issues/2379 | |
if: | | |
vars.NO_PROVIDER_CREDENTIALS == '' && | |
(github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request') | |
name: "Test Nebari Provider" | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
pull-requests: write | |
strategy: | |
matrix: | |
provider: | |
- aws | |
- azure | |
- do | |
- gcp | |
- local | |
- existing | |
cicd: | |
- none | |
- github-actions | |
- gitlab-ci | |
fail-fast: false | |
steps: | |
- name: "Checkout Infrastructure" | |
uses: actions/checkout@v4 | |
- name: Checkout the branch from the PR that triggered the job | |
if: ${{ github.event_name == 'issue_comment' }} | |
run: hub pr checkout ${{ inputs.pr_number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
- name: Retrieve secret from Vault | |
uses: hashicorp/[email protected] | |
with: | |
method: jwt | |
url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200" | |
namespace: "admin/quansight" | |
role: "repository-nebari-dev-nebari-role" | |
secrets: | | |
kv/data/repository/nebari-dev/nebari/amazon_web_services/nebari-dev-ci role_name | AWS_ROLE_ARN; | |
kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci project_id | PROJECT_ID; | |
kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci workload_identity_provider | GCP_WORKFLOW_PROVIDER; | |
kv/data/repository/nebari-dev/nebari/google_cloud_platform/nebari-dev-ci/github-nebari-dev-repo-ci service_account_name | GCP_SERVICE_ACCOUNT; | |
kv/data/repository/nebari-dev/nebari/azure/nebari-dev-ci/github-nebari-dev-repo-ci client_id | ARM_CLIENT_ID; | |
kv/data/repository/nebari-dev/nebari/azure/nebari-dev-ci/github-nebari-dev-repo-ci tenant_id | ARM_TENANT_ID; | |
kv/data/repository/nebari-dev/nebari/azure/nebari-dev-ci/github-nebari-dev-repo-ci subscription_id | ARM_SUBSCRIPTION_ID; | |
kv/data/repository/nebari-dev/nebari/shared_secrets DIGITALOCEAN_TOKEN | DIGITALOCEAN_TOKEN; | |
kv/data/repository/nebari-dev/nebari/shared_secrets SPACES_ACCESS_KEY_ID | SPACES_ACCESS_KEY_ID; | |
kv/data/repository/nebari-dev/nebari/shared_secrets SPACES_SECRET_ACCESS_KEY | SPACES_SECRET_ACCESS_KEY; | |
- name: 'Authenticate to GCP' | |
if: ${{ matrix.provider == 'gcp' }} | |
uses: 'google-github-actions/auth@v1' | |
with: | |
token_format: access_token | |
create_credentials_file: 'true' | |
workload_identity_provider: ${{ env.GCP_WORKFLOW_PROVIDER }} | |
service_account: ${{ env.GCP_SERVICE_ACCOUNT }} | |
- name: Set required environment variables | |
if: ${{ matrix.provider == 'gcp' }} | |
run: | | |
echo "GOOGLE_CREDENTIALS=${{ env.GOOGLE_APPLICATION_CREDENTIALS }}" >> $GITHUB_ENV | |
- name: 'Authenticate to AWS' | |
if: ${{ matrix.provider == 'aws' }} | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
role-session-name: github-action | |
aws-region: us-east-1 | |
- name: 'Azure login' | |
if: ${{ matrix.provider == 'azure' }} | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ env.ARM_CLIENT_ID }} | |
tenant-id: ${{ env.ARM_TENANT_ID }} | |
subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }} | |
- name: Install Nebari | |
run: | | |
pip install --upgrade pip | |
pip install .[dev] | |
- name: Nebari Initialize | |
run: | | |
nebari init "${{ matrix.provider }}" --project "TestProvider" --domain "${{ matrix.provider }}.nebari.dev" --auth-provider password --disable-prompt --ci-provider ${{ matrix.cicd }} | |
cat "nebari-config.yaml" | |
- name: Nebari Render | |
run: | | |
nebari render -c "nebari-config.yaml" -o "nebari-${{ matrix.provider }}-${{ matrix.cicd }}-deployment" | |
cp "nebari-config.yaml" "nebari-${{ matrix.provider }}-${{ matrix.cicd }}-deployment/nebari-config.yaml" | |
- name: Nebari Render Artifact | |
uses: actions/upload-artifact@master | |
with: | |
name: "nebari-${{ matrix.provider }}-${{ matrix.cicd }}-artifact" | |
path: "nebari-${{ matrix.provider }}-${{ matrix.cicd }}-deployment" | |
- if: failure() || github.event_name == 'pull_request' | |
name: Publish information from template | |
uses: ./.github/actions/publish-from-template | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PROVIDER: ${{ matrix.provider }} | |
CICD: ${{ matrix.cicd }} | |
with: | |
filename: .github/failed-workflow-issue-templates/test-provider.md |