ubicloud/.github/workflows/e2e.yml

name: E2E CI

on:
  workflow_dispatch:
    inputs:
      test_cases:
        description: 'Comma-separated list of test cases (vm)'
        required: true
        default: 'vm,github_runner_ubuntu_2404,github_runner_ubuntu_2204,github_runner_ubuntu_2004'
        type: string

  schedule:
    - cron:  '0 */1 * * *'

jobs:
  run-ci:
    if: vars.RUN_E2E == 'true'
    runs-on: ubicloud
    environment: E2E-CI
    timeout-minutes: 45
    concurrency: e2e_environment

    env:
      DB_USER: clover
      DB_PASSWORD: nonempty
      DB_NAME: clover_test

    services:
      postgres:
        image: postgres:15.4
        env:
          POSTGRES_USER: ${{ env.DB_USER }}
          POSTGRES_PASSWORD: ${{ env.DB_PASSWORD }}
          POSTGRES_DB: ${{ env.DB_NAME }}
        ports:
          - 5432:5432
        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

    steps:
    - name: Perform superuser-only actions, then remove superuser
      run: |
        psql "postgres://${{ env.DB_USER }}:${{ env.DB_PASSWORD }}@localhost:5432/${{ env.DB_NAME }}" \
          -c "CREATE EXTENSION citext; CREATE EXTENSION btree_gist; CREATE ROLE clover_password PASSWORD '${{ env.DB_PASSWORD }}' LOGIN; ALTER ROLE ${{ env.DB_USER }} NOSUPERUSER"

    - name: Check out code
      uses: actions/checkout@v4

    - name: Set up Ruby
      uses: ruby/setup-ruby@v1
      with:
        ruby-version: .tool-versions
        bundler-cache: true

    - name: Apply migrations
      env:
        CLOVER_DATABASE_URL: postgres://${{ env.DB_USER }}:${{ env.DB_PASSWORD }}@localhost:5432/${{ env.DB_NAME }}
      run: bundle exec rake _test_up

    - name: Cache ngrok binary
      id: cache-ngrok
      uses: actions/cache@v4
      with:
        path: /usr/local/bin/ngrok
        key: ngrok-binary

    - name: Install ngrok
      if: steps.cache-ngrok.outputs.cache-hit != 'true'
      run: curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | sudo tee /etc/apt/sources.list.d/ngrok.list && sudo apt update && sudo apt install ngrok

    - name: Set ngrok token
      run: ngrok config add-authtoken ${{ secrets.NGROK_TOKEN }}

    - name: Local to public
      run: ngrok http --domain=${{ secrets.NGROK_ADDRESS }} http://127.0.0.1:5000 > /dev/null &

    - name: Install foreman
      run: gem install foreman

    - name: Modify Procfile to add retry logic
      run: |
        sed -i "s/^\([^:]*\): \(.*\)/\1: bash -c 'for i in {1..4}; do \2 \&\& break || echo \"Attempt \$i failed, retrying...\"; sleep 1; done'/" Procfile

    - name: Add e2e script to Procfile
      run: |
        echo "e2e: bin/ci --test-cases=${{ github.event_name != 'workflow_dispatch' && 'vm,github_runner_ubuntu_2204,github_runner_ubuntu_2004' || inputs.test_cases }}" >> Procfile

    - name: Run services
      env:
        RACK_ENV: production
        CLOVER_DATABASE_URL: postgres://${{ env.DB_USER }}:${{ env.DB_PASSWORD }}@localhost:5432/${{ env.DB_NAME }}
        CLOVER_SESSION_SECRET: kbaf1V3biZ+R2QqFahgDLB5/lSomwxQusA4PwROUkFS1srn0xM/I47IdLW7HjbQoxWri6/aVgtkqTLFiP65h9g==
        CLOVER_COLUMN_ENCRYPTION_KEY: TtlY0+hd4lvedPkNbu5qsj5H7giPKJSRX9KDBrvid7c=
        CI_HETZNER_SACRIFICIAL_SERVER_ID: ${{ secrets.CI_HETZNER_SACRIFICIAL_SERVER_ID }}
        HETZNER_USER: ${{ secrets.HETZNER_USER }}
        HETZNER_PASSWORD: ${{ secrets.HETZNER_PASSWORD }}
        UBICLOUD_IMAGES_BLOB_STORAGE_ENDPOINT: ${{ secrets.UBICLOUD_IMAGES_BLOB_STORAGE_ENDPOINT }}
        UBICLOUD_IMAGES_BLOB_STORAGE_ACCESS_KEY: ${{ secrets.UBICLOUD_IMAGES_BLOB_STORAGE_ACCESS_KEY }}
        UBICLOUD_IMAGES_BLOB_STORAGE_SECRET_KEY: ${{ secrets.UBICLOUD_IMAGES_BLOB_STORAGE_SECRET_KEY }}
        UBICLOUD_IMAGES_BLOB_STORAGE_CERTS: ${{ secrets.UBICLOUD_IMAGES_BLOB_STORAGE_CERTS }}
        GITHUB_APP_NAME: ${{ secrets.GH_APP_NAME }}
        GITHUB_APP_ID: ${{ secrets.GH_APP_ID }}
        GITHUB_APP_CLIENT_ID: ${{ secrets.GH_APP_CLIENT_ID }}
        GITHUB_APP_CLIENT_SECRET: ${{ secrets.GH_APP_CLIENT_SECRET }}
        GITHUB_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
        GITHUB_APP_WEBHOOK_SECRET: ${{ secrets.GH_APP_WEBHOOK_SECRET }}
        GITHUB_RUNNER_SERVICE_PROJECT_ID: ${{ secrets.GH_RUNNER_SERVICE_PROJECT_ID }}
        GITHUB_CACHE_BLOB_STORAGE_ENDPOINT: ${{ secrets.GH_CACHE_BLOB_STORAGE_ENDPOINT }}
        GITHUB_CACHE_BLOB_STORAGE_REGION: ${{ secrets.GH_CACHE_BLOB_STORAGE_REGION }}
        GITHUB_CACHE_BLOB_STORAGE_ACCESS_KEY: ${{ secrets.GH_CACHE_BLOB_STORAGE_ACCESS_KEY }}
        GITHUB_CACHE_BLOB_STORAGE_SECRET_KEY: ${{ secrets.GH_CACHE_BLOB_STORAGE_SECRET_KEY }}
        GITHUB_CACHE_BLOB_STORAGE_ACCOUNT_ID: ${{ secrets.GH_CACHE_BLOB_STORAGE_ACCOUNT_ID }}
        GITHUB_CACHE_BLOB_STORAGE_API_KEY: ${{ secrets.GH_CACHE_BLOB_STORAGE_API_KEY }}
        VM_POOL_PROJECT_ID: ${{ secrets.VM_POOL_PROJECT_ID }}
        E2E_GITHUB_INSTALLATION_ID: ${{ secrets.E2E_GH_INSTALLATION_ID }}
      run: timeout 40m foreman start

    - name: Send notification if failed
      if: ${{ failure() && github.ref_name == 'main' }}
      uses: slackapi/slack-github-action@v1.27.0
      with:
        payload: |
          {
            "text": "*E2E Tests Failed* :this-is-fine-fire:",
            "attachments": [
              {
                "color": "E33122",
                "fields": [
                  {
                    "title": "Event",
                    "short": true,
                    "value": "${{ github.event_name }}"
                  },
                  {
                    "title": "Reference",
                    "short": true,
                    "value": "<${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}|${{ github.ref_name }}>"
                  },
                  {
                    "title": "Action",
                    "short": false,
                    "value": "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"
                  }
                ]
              }
            ]
          }
      env:
        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_PAGER_URL }}
        SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK