Upload Integration Test Binary To S3 Instead Of Building On EC2 And A…

.github/workflows/integrationTest.yml

@@ -15,7 +15,61 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  MakeBinary:
+    name: 'MakeBinary'
+    runs-on: ubuntu-latest
+    steps:
+      # Set up building environment, patch the dev repo code on dispatch events.
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v2
+        with:
+          go-version: ~1.15.15
+
+      - name: Install rpm
+        run: sudo apt install rpm
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Check out code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          submodules: 'true'
+
+      - name: Cache go
+        id: cached_go
+        uses: actions/cache@v2
+        env:
+          cache-name: cached_go_modules
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: v1-go-pkg-mod-${{ hashFiles('**/go.sum') }}
+
+      - name: Cache binaries
+        id: cached_binaries
+        uses: actions/cache@v2
+        with:
+          key: "cached_binaries_${{ github.sha }}"
+          path: build
+
+      - name: Build Binaries
+        if: steps.cached_binaries.outputs.cache-hit != 'true'
+        run: make build package-rpm package-deb
+
+      - name: Upload to s3
+        if: steps.cached_binaries.outputs.cache-hit != 'true'
+        run: aws s3 cp build/bin s3://cloudwatch-agent-integration-bucket/integration-test/binary/${{ github.sha }} --recursive
+
   EC2LinuxIntegrationTest:
+    needs:
+      - MakeBinary
     name: 'EC2LinuxIntegrationTest'
     runs-on: ubuntu-latest
     defaults:
@@ -28,31 +82,81 @@ jobs:
           { os: "ubuntu", package: "package-deb",  username: "ubuntu",
             installAgentCommand: "dpkg -i -E ./amazon-cloudwatch-agent.deb",
             ami: "cloudwatch-agent-integration-test-ubuntu", caCertPath: "/etc/ssl/certs/ca-certificates.crt",
-            arc: "amd64" },
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.deb" },
           { os: "al2", package: "package-rpm",  username: "ec2-user",
             installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
             ami: "cloudwatch-agent-integration-test-al2", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
-            arc: "amd64" }
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" },
+          { os: "rhel8", package: "package-rpm",  username: "ec2-user",
+            installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
+            ami: "cloudwatch-agent-integration-test-rhel8", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" },
+          { os: "rhel8-1", package: "package-rpm",  username: "ec2-user",
+            installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
+            ami: "cloudwatch-agent-integration-test-rhel8-1", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" },
+          { os: "rhel8-2", package: "package-rpm",  username: "ec2-user",
+            installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
+            ami: "cloudwatch-agent-integration-test-rhel8-2", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" },
+          { os: "rhel8-3", package: "package-rpm",  username: "ec2-user",
+            installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
+            ami: "cloudwatch-agent-integration-test-rhel8-3", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" },
+          { os: "rhel8-4", package: "package-rpm",  username: "ec2-user",
+            installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
+            ami: "cloudwatch-agent-integration-test-rhel8-4", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" },
+          { os: "ol8-1", package: "package-rpm",  username: "ec2-user",
+            installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
+            ami: "cloudwatch-agent-integration-test-ol8-1", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" },
+          { os: "ol8-2", package: "package-rpm",  username: "ec2-user",
+            installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
+            ami: "cloudwatch-agent-integration-test-ol8-2", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" },
+          { os: "o8-3", package: "package-rpm",  username: "ec2-user",
+            installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
+            ami: "cloudwatch-agent-integration-test-ol8-3", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" },
+          { os: "ol8-4", package: "package-rpm",  username: "ec2-user",
+            installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm",
+            ami: "cloudwatch-agent-integration-test-ol8-4", caCertPath: "/etc/ssl/certs/ca-bundle.crt",
+            arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }
         ]
     steps:
       - uses: actions/checkout@v2
 
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Cache if success
+        id: ec2-linux-integration-test
+        uses: actions/cache@v2
+        with:
+          path: |
+            RELEASE_NOTES
+          key: ec2-linux-integration-test-${{ github.sha }}-${{ matrix.arrays.os }}
+
       - name: Echo OS
         run: echo run on ec2 instance os ${{ matrix.arrays.os }}
 
       - name: Verify Terraform version
         run: terraform --version
 
       - name: Terraform init
-        run: terraform init -var="aws_access_key=${TERRAFORM_AWS_ACCESS_KEY_ID}" -var="aws_secret_access_key=${TERRAFORM_AWS_ACCESS_KEY_ID}"
+        run: terraform init
 
       - name: Terraform apply
+        if: steps.ec2-linux-integration-test.outputs.cache-hit != 'true'
         run: >
           echo run terraform and execute test code &&
           terraform apply --auto-approve
           -var="ssh_key=${PRIVATE_KEY}"
-          -var="aws_access_key=${TERRAFORM_AWS_ACCESS_KEY_ID}"
-          -var="aws_secret_access_key=${TERRAFORM_AWS_SECRET_ACCESS_KEY}"
           -var="github_repo=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
           -var="github_sha=${GITHUB_SHA}"
           -var="package=${{ matrix.arrays.package }}"
@@ -61,11 +165,10 @@ jobs:
           -var="ami=${{ matrix.arrays.ami }}"
           -var="ca_cert_path=${{ matrix.arrays.caCertPath }}"
           -var="arc=${{ matrix.arrays.arc }}"
+          -var="binary_name=${{ matrix.arrays.binaryName }}"
 
       - name: Terraform destroy
-        if: always()
+        if: ${{ always() && steps.ec2-linux-integration-test.outputs.cache-hit != 'true' }}
         run: >
           terraform destroy --auto-approve
-          -var="aws_access_key=${TERRAFORM_AWS_ACCESS_KEY_ID}"
-          -var="aws_secret_access_key=${TERRAFORM_AWS_SECRET_ACCESS_KEY}"
           -var="ami=${{ matrix.arrays.ami }}"

integration/localstack/docker-compose.yml

@@ -3,7 +3,9 @@ version: "3.8"
 services:
   localstack:
     container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
-    image: localstack/localstack
+    # @TODO use latest when this is fixed https://github.com/localstack/localstack/issues/5502
+    # Use 0.12.20 since this is last version that worked for now
+    image: localstack/localstack:0.12.20
     network_mode: bridge
     ports:
       - "127.0.0.1:53:53"

integration/terraform/ec2/linux/README.md

@@ -0,0 +1,13 @@
+Instance assumptions
+
+1. docker
+    1. starts on start up
+    2. does not require sudo
+2. docker-compose
+3. golang
+4. openssl
+5. git
+6. make
+7. rpm-build (on centos8 based os -rhel8 ol8-)
+8. aws-cli
+9. CloudWatchAgentServerRole is attached

integration/terraform/ec2/linux/centOS8-setup.sh

@@ -0,0 +1,22 @@
+# You can use this script to install all required deps for integration testing to a centos8 based linux (rhel8 ol8)
+sudo yum install -y yum-utils
+sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+sudo yum install -y git make rpm-build nano docker-ce docker-ce-cli containerd.io wget
+sudo systemctl start docker
+# sudo groupadd docker on rhel this is already added
+sudo usermod -aG docker $USER
+newgrp docker
+sudo systemctl enable docker.service
+sudo systemctl enable containerd.service
+sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+sudo chmod +x /usr/local/bin/docker-compose
+sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
+docker-compose --version
+wget https://dl.google.com/go/go1.17.linux-amd64.tar.gz
+sudo tar -C /usr/local -xzf go1.17.linux-amd64.tar.gz
+echo "export PATH=$PATH:/usr/local/go/bin" >> ~/.bashrc
+source ~/.bashrc
+# assume open ssl is installed by default
+curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+unzip awscliv2.zip
+sudo ./aws/install

integration/terraform/ec2/linux/main.tf

@@ -11,8 +11,7 @@ resource "aws_instance" "integration-test" {
       "git clone ${var.github_repo}",
       "cd amazon-cloudwatch-agent",
       "git reset --hard ${var.github_sha}",
-      "make clean build ${var.package}",
-      "cd build/bin/linux/${var.arc}",
+      "aws s3 cp s3://cloudwatch-agent-integration-bucket/integration-test/binary/${var.github_sha}/linux/${var.arc}/${var.binary_name} .",
       "sudo ${var.install_agent}",
       "echo set up ssl pem for localstack, then start localstack",
       "cd ~/amazon-cloudwatch-agent/integration/localstack/ls_tmp",

integration/terraform/ec2/linux/providers.tf

@@ -1,5 +1,3 @@
 provider "aws" {
-  access_key = var.aws_access_key
-  secret_key = var.aws_secret_access_key
   region  = var.region
 }

integration/terraform/ec2/linux/variables.tf

@@ -23,14 +23,6 @@ variable "region" {
   default = "us-west-2"
 }
 
-variable "aws_access_key" {
-  type = string
-}
-
-variable "aws_secret_access_key" {
-  type = string
-}
-
 variable "ami" {
   type = string
   default = ""
@@ -76,4 +68,9 @@ variable "ca_cert_path" {
 variable "arc" {
   type = string
   default = ""
+}
+
+variable "binary_name" {
+  type = string
+  default = ""
 }

integration/test/ca_bundle/ca_bundle_test.go

@@ -42,8 +42,6 @@ func TestBundle(t *testing.T) {
 		{dataInput: "resources/integration/ssl/with/original/bundle", findTarget: true},
 		//Do not look for ca bundle should not connect thus target string found
 		{dataInput: "resources/integration/ssl/without/bundle", findTarget: true},
-		//Do not look for ca bundle should not connect thus target string found
-		{dataInput: "resources/integration/ssl/without/bundle", findTarget: true},
 	}
 
 	for _, parameter := range parameters {