Integration test staging #1455
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration test staging | |
| on: | |
| workflow_dispatch: | |
| workflow_run: | |
| workflows: | |
| - "Build, Push and Deploy to Staging" | |
| - "Terraform apply staging" | |
| types: | |
| - completed | |
| env: | |
| API_TOKEN: ${{ secrets.STAGING_API_AUTH_TOKEN }} | |
| BUCKET_NAME: scan-files-staging-integration-test | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| integration-test-staging: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| url: | |
| - https://scan-files.cdssandbox.xyz | |
| - https://sync.scan-files.cdssandbox.xyz | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Configure AWS credentials using OIDC | |
| uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 | |
| with: | |
| role-to-assume: arn:aws:iam::127893201980:role/scan-files-apply | |
| role-session-name: IntegrationTest | |
| aws-region: ca-central-1 | |
| - name: Generate unique filename | |
| run: echo "FILENAME=scan.$(uuidgen).json" >> $GITHUB_ENV | |
| - name: Async test - upload test file | |
| run: aws s3 cp .github/workflows/assets/scan.json s3://${{ env.BUCKET_NAME }}/${{ env.FILENAME }} | |
| - name: Async test - wait for scan | |
| run: | | |
| COUNTER=0 | |
| while true; do | |
| CHECKSUM="$(aws s3api get-object-tagging --bucket ${{ env.BUCKET_NAME }} --key ${{ env.FILENAME }} --output text | grep 'av-checksum' || true)" | |
| if [ "$CHECKSUM" != "" ]; then | |
| break | |
| fi | |
| COUNTER=$((COUNTER+1)) | |
| if [ $COUNTER -gt 10 ]; then | |
| echo "💩 Async scan timed out" | |
| exit 1 | |
| fi | |
| sleep 5 | |
| done | |
| - name: Async test - expected verdict | |
| run: | | |
| VERDICT=$(aws s3api get-object-tagging \ | |
| --bucket ${{ env.BUCKET_NAME }} \ | |
| --key ${{ env.FILENAME }} \ | |
| --query "TagSet[?Key=='av-status']" | jq -r '.[0].Value') | |
| if [ "$VERDICT" != "clean" ]; then | |
| echo "💩 Async unexpected verdict: $VERDICT" | |
| exit 1 | |
| fi | |
| - name: Sync test - expected verdict | |
| run: | | |
| VERDICT=$(curl --silent --request POST "${{ matrix.url }}/clamav" \ | |
| --header "Authorization: ${{ env.API_TOKEN }}" \ | |
| --header "Content-Type: multipart/form-data" \ | |
| --form "ignore_cache=True" \ | |
| --form "[email protected]/workflows/assets/scan.json" | jq -r .verdict) | |
| if [ "$VERDICT" != "clean" ]; then | |
| echo "💩 Sync unexpected verdict: $VERDICT" | |
| exit 1 | |
| fi | |
| - name: Slack message on failure | |
| if: failure() | |
| run: | | |
| json='{"blocks":[{"type":"section","text":{"type":"mrkdwn","text":":red: Integration test failed: <https://github.com/cds-snc/scan-files/actions/workflows/integration_test_staging.yml|Integration test staging>"}}]}' | |
| curl -X POST -H 'Content-type: application/json' --data "$json" ${{ secrets.SCAN_FILES_STAGING_OPS_WEBHOOK }} |