From 76d8ffbbb8503dd497e1f18c08e378d0f1410916 Mon Sep 17 00:00:00 2001
From: Huw Wilkins <huw.wilkins@canonical.com>
Date: Mon, 24 Feb 2025 14:27:30 +1100
Subject: [PATCH] test

---
 .github/actions/test-server/README.md   |  28 +++++
 .github/actions/test-server/action.yaml | 138 ++++++++++++++++++++++++
 .github/workflows/jimm.yml              |  54 ++++++++++
 3 files changed, 220 insertions(+)
 create mode 100644 .github/actions/test-server/README.md
 create mode 100644 .github/actions/test-server/action.yaml
 create mode 100644 .github/workflows/jimm.yml

diff --git a/.github/actions/test-server/README.md b/.github/actions/test-server/README.md
new file mode 100644
index 000000000..2926efc38
--- /dev/null
+++ b/.github/actions/test-server/README.md
@@ -0,0 +1,28 @@
+# test-server
+An action to create a JIMM server with real dependencies for integration test purposes.
+
+This action requires Docker to be installed to start JIMM and its related services.
+
+The action performs the following steps:
+- Starts JIMM's docker compose test environment.
+- Uses https://github.com/charmed-kubernetes/actions-operator action to start a Juju controller and connects it to JIMM.
+- Ensures the local Juju CLI is setup to communicate with JIMM authenticating as a test user.
+
+Use the action by adding the following to a Github workflow:
+
+```yaml
+  integration-test:
+    runs-on: ubuntu-latest
+    name: Integration testing with JIMM
+    steps:
+      - name: Setup JIMM environment
+        uses: canonical/jimm@v3.1.7
+        with:
+          jimm-version: "v3.1.7"
+          juju-channel: "3/stable"
+          ghcr-pat: ${{ secrets.GHCR_PAT }}
+```
+
+Note that it's recommended to pin the action version to the same version as `jimm-version` to ensure the action works as expected for that specific version of JIMM.
+
+For full details on the inputs see `action.yaml`.
diff --git a/.github/actions/test-server/action.yaml b/.github/actions/test-server/action.yaml
new file mode 100644
index 000000000..ee1ed1c9a
--- /dev/null
+++ b/.github/actions/test-server/action.yaml
@@ -0,0 +1,138 @@
+name: JIMM Server Setup
+description: "Create a JIMM environment"
+
+inputs:
+  jimm-version:
+    description: >
+      JIMM version tag to use. This will decide the version of JIMM to start e.g. v3.1.7
+      A special tag of "dev" can be provided to use the current development version of JIMM.
+    required: true
+  juju-channel:
+    description: 'Juju snap channel to pass to charmed-kubernetes/actions-operator'
+    required: false
+  ghcr-pat:
+    description: >
+      PAT Token that has package:read access to canonical/JIMM
+      The PAT token can be left empty when building the development version of JIMM.
+    required: true
+  python-version:
+    description: Python version to install in the setup-python action.
+    default: "3.12"
+    required: false
+
+outputs:
+  url:
+    description: 'URL where JIMM can be reached.'
+    value: "https://jimm.localhost"
+  client-id:
+    description: 'Test client ID to login to JIMM with a service account.'
+    value: "test-client-id"
+  client-secret:
+    description: 'Test client Secret to login to JIMM with a service account.'
+    value: "2M2blFbO4GX4zfggQpivQSxwWX1XGgNf"
+  ca-cert:
+    description: 'The CA certificate used to genereate the JIMM server cert.'
+    value: ${{ steps.fetch-cert.outputs.jimm-ca }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Login to GitHub Container Registry
+      if: ${{ inputs.jimm-version != 'dev' }}
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ inputs.ghcr-pat }}
+
+    # We can't use a make target here because a composite action
+    # doesn't have a .git folder when checked out.
+    - name: Start server based on released version
+      if: ${{ inputs.jimm-version != 'dev' }}
+      run: |
+        cd local/traefik/certs; ./certs.sh; cd - && \
+        docker compose --profile test up -d --wait
+      shell: bash
+      working-directory: ${{ github.action_path }}/../../../jimm
+      env:
+        JIMM_VERSION: ${{ inputs.jimm-version }}
+
+    - name: Start server based on development version
+      if: ${{ inputs.jimm-version == 'dev' }}
+      working-directory: ${{ github.action_path }}/../../../jimm
+      run: make dev-env
+      shell: bash
+
+    - name: Retrieve server CA cert.
+      id: fetch-cert
+      run: |
+        echo 'jimm-ca<<EOF' >> $GITHUB_OUTPUT
+        cat ./local/traefik/certs/ca.crt >> $GITHUB_OUTPUT
+        echo 'EOF' >> $GITHUB_OUTPUT
+      working-directory: ${{ github.action_path }}/../../../jimm
+      shell: bash
+
+    - name: Initialise LXD
+      run: |
+        sudo lxd waitready && \
+        sudo lxd init --auto && \
+        sudo chmod a+wr /var/snap/lxd/common/lxd/unix.socket && \
+        lxc network set lxdbr0 ipv6.address none && \
+        sudo usermod -a -G lxd $USER
+      shell: bash
+
+    - name: Setup cloud-init script for bootstraping Juju controllers
+      run: ./local/jimm/setup-controller.sh
+      shell: bash
+      working-directory: ${{ github.action_path }}/../../../jimm
+      env:
+        SKIP_BOOTSTRAP: true
+        CLOUDINIT_FILE: "cloudinit.temp.yaml"
+
+    # See: https://github.com/charmed-kubernetes/actions-operator/issues/82
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ inputs.python-version }}
+
+    - name: Setup Juju Controller
+      uses: charmed-kubernetes/actions-operator@main
+      with:
+        provider: "lxd"
+        channel: "5.21/stable"
+        juju-channel: ${{ inputs.juju-channel }}
+        bootstrap-options: "--config ${{ github.action_path }}/../../../jimm/cloudinit.temp.yaml --config login-token-refresh-url=https://jimm.localhost/.well-known/jwks.json"
+
+    # As described in https://github.com/charmed-kubernetes/actions-operator grab the newly setup controller name
+    - name: Save LXD controller name
+      id: lxd-controller
+      run: echo "name=$CONTROLLER_NAME" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: Install jimmctl, jaas plugin and yq
+      run: |
+        sudo snap install jimmctl --channel=3/stable && \
+        sudo snap install jaas --channel=3/stable &&
+        sudo snap install yq
+      shell: bash
+
+    - name: Authenticate Juju CLI
+      run: chmod -R 666 ~/.local/share/juju/*.yaml && ./local/jimm/setup-cli-auth.sh
+      working-directory: ${{ github.action_path }}/../../../jimm
+      shell: bash
+      # Below is a hardcoded JWT using the same test-secret used in JIMM's docker compose and allows the CLI to authenticate as the jimm-test@canonical.com user.
+      env:
+        JWT: ZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SnBjM01pT2lKUGJteHBibVVnU2xkVUlFSjFhV3hrWlhJaUxDSnBZWFFpT2pFM01qUXlNamcyTmpBc0ltVjRjQ0k2TXprMk5EYzFNelEyTUN3aVlYVmtJam9pYW1sdGJTSXNJbk4xWWlJNkltcHBiVzB0ZEdWemRFQmpZVzV2Ym1sallXd3VZMjl0SW4wLkpTWVhXcGF6T0FnX1VFZ2hkbjlOZkVQdWxhWWlJQVdaX3BuSmRDbnJvWEk=
+
+    - name: Add LXD Juju controller to JIMM
+      run: ./local/jimm/add-controller.sh
+      working-directory: ${{ github.action_path }}/../../../jimm
+      shell: bash
+      env:
+        JIMM_CONTROLLER_NAME: "jimm"
+        CONTROLLER_NAME: ${{ steps.lxd-controller.outputs.name }}
+
+    - name: Provide service account with cloud-credentials
+      run: ./local/jimm/setup-service-account.sh
+      working-directory: ${{ github.action_path }}/../../../jimm
+      shell: bash
diff --git a/.github/workflows/jimm.yml b/.github/workflows/jimm.yml
new file mode 100644
index 000000000..db2cccc66
--- /dev/null
+++ b/.github/workflows/jimm.yml
@@ -0,0 +1,54 @@
+name: Integration Test
+
+on:
+  pull_request:
+
+jobs:
+  startjimm:
+    name: Test JIMM with Juju controller
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout JIMM repo
+        uses: actions/checkout@v4
+        with:
+          name: canonical/jimm
+          path: jimm
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Go vendor to speed up docker build
+        run: go mod vendor
+
+      - name: Start JIMM (pull request)
+        uses: ./.github/actions/test-server
+        with:
+          jimm-version: dev
+          juju-channel: "3/stable"
+          ghcr-pat: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create a model, deploy an application and run juju status
+        run: |
+          juju add-model foo && \
+          juju deploy haproxy && \
+          sleep 5 && \
+          juju status
+      - name: Checkout Juju Dashboard repo
+        uses: actions/checkout@v4
+        with:
+          path: juju-dashboard
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: "yarn"
+      - name: Install
+        run: yarn --cwd juju-dashboard install --immutable
+      - name: Build
+        run: yarn --cwd juju-dashboard build
+      - name: Configure
+        run: sed -i -e 's/controllerAPIEndpoint\:\ \"\"/controllerAPIEndpoint:\ "ws:\/\/jimm.localhost\/api"/g' juju-dashboard/build/config.js
+      - name: Start
+        run: npx http-server juju-dashboard/build --port 8000 &