Creating lola-816-bc2-upgrade-2 by @Omolola-Akinleye #68
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Upgrade Environment | |
| run-name: Creating ${{ github.event.inputs.deployment_name }} by @${{ github.actor }} | |
| on: | |
| # Ability to execute on demand | |
| workflow_dispatch: | |
| inputs: | |
| deployment_name: | |
| type: string | |
| description: | | |
| Name with letters, numbers, hyphens; start with a letter. Max 20 chars. e.g., 'my-env-123' | |
| required: true | |
| target-elk-stack-version: | |
| required: true | |
| description: "Target version of the ELK stack: For BC use version without hash 8.x.y, for SNAPSHOT use 8.x.y-SNAPSHOT" | |
| default: "8.13.0" | |
| type: string | |
| base-elk-stack-version: | |
| type: string | |
| description: "Release version of the ELK stack" | |
| required: false | |
| docker-image-override: | |
| required: false | |
| description: "Provide the full Docker image path to override the default image (e.g. for testing BC/SNAPSHOT)" | |
| kibana_ref: | |
| description: "Kibana branch, tag, or commit SHA to check out the UI sanity tests from" | |
| required: false | |
| default: "main" | |
| type: string | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: "eu-west-1" | |
| WORKING_DIR: deploy/test-environments | |
| INTEGRATIONS_SETUP_DIR: tests/integrations_setup | |
| TF_VAR_stack_version: ${{ inputs.target-elk-stack-version }} | |
| TF_VAR_ess_region: gcp-us-west2 | |
| TF_VAR_ec_api_key: ${{ secrets.EC_API_KEY }} | |
| DOCKER_IMAGE: ${{ inputs.docker-image-override }} | |
| jobs: | |
| init: | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| base-stack-version: ${{ steps.set-previous-version.outputs.PREVIOUS_VERSION }} | |
| ess-region: ${{ env.TF_VAR_ess_region }} | |
| target-agent-version: ${{ steps.clean-version.outputs.AGENT_VERSION }} | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Set Previous Version | |
| id: set-previous-version | |
| run: | | |
| if [[ "${{ inputs.base-elk-stack-version }}" == "" ]]; then | |
| VERSION="${{ inputs.target-elk-stack-version }}" | |
| PREVIOUS_VERSION=$(./.ci/scripts/get-previous-version.sh "$VERSION") | |
| echo "PREVIOUS_VERSION=$PREVIOUS_VERSION" >> $GITHUB_OUTPUT | |
| else | |
| echo "PREVIOUS_VERSION=${{ inputs.base-elk-stack-version }}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Process BC version | |
| id: clean-version | |
| run: | | |
| # Extract the stack version | |
| stack_version="${{ inputs.target-elk-stack-version }}" | |
| # Check if the version contains a commit hash, remove it | |
| if [[ $stack_version =~ -[a-f0-9]+ ]]; then | |
| cleaned_version=$(echo $stack_version | awk -F"-" '{print $1}') | |
| echo "AGENT_VERSION=$cleaned_version" >> $GITHUB_OUTPUT | |
| else | |
| echo "AGENT_VERSION=$stack_version" >> $GITHUB_OUTPUT | |
| fi | |
| deploy: | |
| uses: ./.github/workflows/test-environment.yml | |
| needs: init | |
| # Required for the 'Deploy' job in the 'test-environment.yml' to authenticate with Google Cloud (gcloud). | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| with: | |
| deployment_name: ${{ inputs.deployment_name }} | |
| elk-stack-version: ${{ needs.init.outputs.base-stack-version }} | |
| ess-region: ${{ needs.init.outputs.ess-region }} | |
| run-sanity-tests: false # Set to true once the issue at https://github.com/elastic/kibana/pull/171200 is resolved. | |
| serverless_mode: false | |
| secrets: inherit | |
| upgrade: | |
| runs-on: ubuntu-20.04 | |
| needs: [init, deploy] | |
| timeout-minutes: 120 | |
| defaults: | |
| run: | |
| working-directory: ${{ env.WORKING_DIR }} | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Init Hermit | |
| run: ./bin/hermit env -r >> $GITHUB_ENV | |
| working-directory: ./ | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.9' | |
| - name: Install Poetry | |
| run: | | |
| curl -sSL https://install.python-poetry.org | python3 - | |
| poetry --version | |
| - name: Install Fleet API and Tests dependencies | |
| id: fleet-api-deps | |
| working-directory: ./tests | |
| run: | | |
| poetry install | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::704479110758:role/Developer_eks | |
| role-session-name: github-ci | |
| aws-region: ${{ env.AWS_REGION }} | |
| - id: google-auth | |
| name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| - id: azure-auth | |
| name: Azure login | |
| uses: azure/login@v2 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Download tf state data | |
| env: | |
| S3_BUCKET: ${{ needs.deploy.outputs.s3-bucket }} | |
| run: | | |
| aws s3 cp "${{ env.S3_BUCKET }}/terraform.tfstate" "./terraform.tfstate" | |
| - name: Terraform Init | |
| run: terraform init | |
| - name: Terraform Validate | |
| run: terraform validate | |
| - name: Update ELK stack version | |
| id: apply | |
| if: success() | |
| run: | | |
| terraform apply --auto-approve \ | |
| -var="deployment_name=${{ inputs.deployment_name }}" \ | |
| -var="region=${{ env.AWS_REGION }}" \ | |
| -var="project=${{ github.actor }}" \ | |
| -var="owner=${{ github.actor }}" | |
| - name: Set Environment Output | |
| id: env-output | |
| run: ../../.ci/scripts/set_cloud_env_params.sh | |
| - name: Set Docker Image version | |
| if: ${{ ! inputs.docker-image-override }} | |
| env: | |
| VERSION: 'docker.elastic.co/beats/elastic-agent:${{ inputs.target-elk-stack-version }}' | |
| run: | | |
| echo "DOCKER_IMAGE=${{ env.VERSION }}" >> $GITHUB_ENV | |
| - name: Download Integrations data | |
| env: | |
| S3_BUCKET: ${{ needs.deploy.outputs.s3-bucket }} | |
| run: | | |
| aws s3 cp "${{ env.S3_BUCKET }}/kspm.pem" "${{ env.EC2_KSPM_KEY }}" | |
| aws s3 cp "${{ env.S3_BUCKET }}/state_data.json" "../../${{ env.INTEGRATIONS_SETUP_DIR }}/state_data.json" | |
| - name: Upgrade KSPM Unmanaged agent | |
| run: | | |
| chmod 600 ${{ env.EC2_KSPM_KEY }} | |
| # Update image | |
| ssh -o StrictHostKeyChecking=no -v -i ${{ env.EC2_KSPM_KEY }} "ubuntu@${{ env.KSPM_PUBLIC_IP }}" "kubectl set image daemonset elastic-agent -n kube-system elastic-agent=${{ env.DOCKER_IMAGE }}" | |
| - name: Upgrade KSPM EKS agent | |
| run: | | |
| aws eks --region ${{ env.AWS_REGION }} update-kubeconfig \ | |
| --name $(terraform output -raw deployment_name) --alias eks-config | |
| kubectl config use-context eks-config | |
| kubectl set image daemonset elastic-agent -n kube-system elastic-agent=${{ env.DOCKER_IMAGE }} | |
| kubectl rollout restart daemonset/elastic-agent -n kube-system | |
| - name: Upgrade Linux agents | |
| working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }} | |
| env: | |
| CNVM_STACK_NAME: ${{ needs.deploy.outputs.cnvm-stack-name }} | |
| STACK_VERSION: ${{ needs.init.outputs.target-agent-version }} | |
| run: | | |
| poetry run python upgrade_agents.py | |
| - name: Run Upgrade Sanity checks | |
| if: success() | |
| working-directory: ./tests | |
| env: | |
| AGENT_VERSION: ${{ needs.init.outputs.target-agent-version }} | |
| USE_K8S: false | |
| run: | | |
| poetry run pytest -m "sanity" --alluredir=./allure/results/ --clean-alluredir --maxfail=4 | |
| - name: Run UI Sanity checks (Kibana) | |
| uses: ./.github/actions/kibana-ftr | |
| if: success() | |
| with: | |
| test_kibana_url: ${{ env.TEST_KIBANA_URL }} | |
| test_es_url: ${{ env.TEST_ES_URL }} | |
| es_version: ${{ needs.init.outputs.target-agent-version }} | |
| kibana_ref: ${{ inputs.kibana_ref }} |