Add e2e tests (#3)

Build foundations for e2e tests Signed-off-by: Hoang Quoc Trung <[email protected]>
ichbinfrog · Apr 14, 2024 · a317ff9 · a317ff9
1 parent 5c734a2
commit a317ff9
Show file tree

Hide file tree

Showing 4 changed files with 137 additions and 1 deletion.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -2,7 +2,7 @@ name: Go
 on: [push]
 
 jobs:
-  build:
+  unit:
     runs-on: ubuntu-latest
 
     steps:
@@ -18,3 +18,34 @@ jobs:
         run: |
           go build -v ./...
           go test ./...
+
+  e2e:
+    runs-on: ubuntu-latest
+    needs: unit
+    if: github.ref == 'refs/heads/main'
+    env:
+      MIGRATE_DST_INSTANCE: ${{ secrets.MIGRATE_DST_INSTANCE }}
+      MIGRATE_DST_PROJECT: ${{ secrets.MIGRATE_DST_PROJECT }}
+      MIGRATE_SRC_INSTANCE: ${{ secrets.MIGRATE_SRC_INSTANCE }}
+      MIGRATE_SRC_PROJECT: ${{ secrets.MIGRATE_SRC_PROJECT }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.22.x'
+          cache-dependency-path: go.sum
+      - name: Install dependencies
+        run: go get .
+
+      - id: auth
+        name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v0
+        with:
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.WORKLOAD_IDENTITY_SERVICE_ACCOUNT }}
+          create_credentials_file: true
+
+      - name: Build and test
+        run: |
+          go test -tags=e2e ./...
diff --git a/e2e/terraform/main.tf b/e2e/terraform/main.tf
@@ -49,4 +49,66 @@ resource "google_sql_database_instance" "target" {
     disk_type = "PD_HDD"
     disk_size = 10
   }
+}
+
+// E2E Tests
+resource "google_service_account" "e2e" {
+  count      = var.enabled_github_infra ? 1 : 0
+  project    = google_project.self.project_id
+  account_id = "sa-e2e"
+}
+
+locals {
+  // Technically, the least privilege role would only be a subset of the CloudSQL Viewer Role with
+  // "cloudsql.backupRuns.list", "cloudsql.backupRuns.get", "cloudsql.backupRuns.create", "cloudsql.backupRuns.restoreBackup",
+  // but I'm lazy :)
+  cloudsql_permissions = [
+    "roles/cloudsql.admin"
+  ]
+}
+
+resource "google_project_iam_member" "e2e" {
+  for_each = { for k in local.cloudsql_permissions : k => k if var.enabled_github_infra }
+  project  = google_project.self.project_id
+  member   = "serviceAccount:${google_service_account.e2e[0].email}"
+  role     = each.key
+}
+
+resource "google_iam_workload_identity_pool" "github" {
+  count                     = var.enabled_github_infra ? 1 : 0
+  project                   = google_project_service.self["iamcredentials.googleapis.com"].project
+  workload_identity_pool_id = "github-pool"
+  display_name              = "Github E2E Tests pipeline"
+}
+
+resource "google_iam_workload_identity_pool_provider" "github" {
+  count   = var.enabled_github_infra ? 1 : 0
+  project = google_project.self.project_id
+
+  workload_identity_pool_id          = google_iam_workload_identity_pool.github[0].workload_identity_pool_id
+  workload_identity_pool_provider_id = "github-provider"
+  description                        = "OIDC identity pool provider for e2e tests"
+  disabled                           = false
+
+  attribute_mapping = {
+    "google.subject"             = "assertion.sub"
+    "attribute.actor"            = "assertion.actor"
+    "attribute.repository_owner" = "assertion.repository_owner"
+    "attribute.repository"       = "assertion.repository"
+  }
+
+  oidc {
+    issuer_uri = "https://token.actions.githubusercontent.com"
+  }
+}
+
+resource "google_service_account_iam_member" "identity_federation_principalset" {
+  count              = var.enabled_github_infra ? 1 : 0
+  service_account_id = google_service_account.e2e[0].name
+  role               = "roles/iam.workloadIdentityUser"
+  member             = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github[0].name}/attribute.repository/${var.github_username}/${var.github_repo}"
+
+  depends_on = [
+    google_iam_workload_identity_pool_provider.github[0]
+  ]
 }
diff --git a/e2e/terraform/variables.tf b/e2e/terraform/variables.tf
@@ -4,6 +4,11 @@ variable "billing_account_id" {
   sensitive   = true
 }
 
+variable "enabled_github_infra" {
+  description = "Whether or not to provision infrastructure for e2e tests"
+  type        = bool
+}
+
 variable "github_username" {
   description = "Github username"
   type        = string

diff --git a/main_test.go b/main_test.go
@@ -0,0 +1,38 @@
+//go:build e2e
+
+package main_test
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/ichbinfrog/cloudsqlmigrate/migrate"
+)
+
+func TestMigrationPostgres(t *testing.T) {
+	ctx := context.Background()
+
+	srcProject := os.Getenv("MIGRATE_SRC_PROJECT")
+	srcInstance := os.Getenv("MIGRATE_SRC_INSTANCE")
+
+	dstProject := os.Getenv("MIGRATE_DST_PROJECT")
+	dstInstance := os.Getenv("MIGRATE_DST_INSTANCE")
+
+	op, err := migrate.NewOp(ctx, srcProject, srcInstance, dstProject, dstInstance)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if errs := op.Run(ctx,
+		[]migrate.Preflight{
+			migrate.PreflightVersion{},
+			migrate.PreflightStatus{},
+		},
+		[]migrate.PostFlight{
+			&migrate.PostFlightSQLAdmin{},
+		},
+	); len(errs) > 0 {
+		t.Fatalf("checks failed: %v", errs)
+	}
+}