Skip to content

Commit

Permalink
Merge branch 'awslabs:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
@7navyasa
7navyasa authored Jun 27, 2024
2 parents 5c6888d + 1a9a993 commit 3f51072
Show file tree
Hide file tree
Showing 46 changed files with 1,114 additions and 325 deletions.
33 changes: 33 additions & 0 deletions .github/scripts/e2e-delete-lbs.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
import os
import boto3

REGION = os.environ.get('AWS_DEFAULT_REGION', 'us-east-1')
ELB_CLIENT = boto3.client('elbv2', region_name=REGION)

def delete_target_groups(target_group_arns):
for tg_arn in target_group_arns:
ELB_CLIENT.delete_target_group(TargetGroupArn=tg_arn)

def delete_listeners(listener_arns):
for listener_arn in listener_arns:
ELB_CLIENT.delete_listener(ListenerArn=listener_arn)

def delete_load_balancers():
response = ELB_CLIENT.describe_load_balancers()

for lb in response['LoadBalancers']:
lb_arn = lb['LoadBalancerArn']
listeners = ELB_CLIENT.describe_listeners(LoadBalancerArn=lb_arn)
listener_arns = [listener['ListenerArn'] for listener in listeners['Listeners']]

delete_listeners(listener_arns)

target_groups = ELB_CLIENT.describe_target_groups(LoadBalancerArn=lb_arn)
target_group_arns = [tg['TargetGroupArn'] for tg in target_groups['TargetGroups']]

delete_target_groups(target_group_arns)

ELB_CLIENT.delete_load_balancer(LoadBalancerArn=lb_arn)

if __name__ == '__main__':
delete_load_balancers()
21 changes: 21 additions & 0 deletions .github/scripts/e2e-delete-log-groups.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
import os
import boto3

REGION = os.environ.get('AWS_DEFAULT_REGION', 'us-east-1')
CLIENT = boto3.client('logs', region_name=REGION)

def delete_log_groups():
"""Delete all log groups in the region that start with `/aws/eks/`"""
response = CLIENT.describe_log_groups(
logGroupNamePrefix='/aws/eks/',
limit=50
)

for log_group in [log.get('logGroupName') for log in response.get('logGroups', {})]:
CLIENT.delete_log_group(
logGroupName=log_group
)


if __name__ == '__main__':
delete_log_groups()
45 changes: 45 additions & 0 deletions .github/scripts/e2e-delete-sgs.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
import os
import boto3

REGION = os.environ.get('AWS_DEFAULT_REGION', 'us-east-1')
EC2_CLIENT = boto3.client('ec2', region_name=REGION)

def remove_security_group_rules(security_group_id):
try:
sg_details = EC2_CLIENT.describe_security_groups(GroupIds=[security_group_id])
sg = sg_details['SecurityGroups'][0]

if sg['IpPermissions']:
EC2_CLIENT.revoke_security_group_ingress(
GroupId=security_group_id,
IpPermissions=sg['IpPermissions']
)

if sg['IpPermissionsEgress']:
EC2_CLIENT.revoke_security_group_egress(
GroupId=security_group_id,
IpPermissions=sg['IpPermissionsEgress']
)
except Exception as e:
print(f"Error removing rules from {security_group_id}: {str(e)}")

def delete_all_security_groups():
try:
response = EC2_CLIENT.describe_security_groups()
for sg in response['SecurityGroups']:
# Skip deleting default security groups or any critical system security group
if sg['GroupName'] == 'default' or 'default' in sg['GroupName']:
print(f"Skipping default security group: {sg['GroupId']} ({sg['GroupName']})")
continue

try:
remove_security_group_rules(sg['GroupId'])
EC2_CLIENT.delete_security_group(GroupId=sg['GroupId'])
print(f"Deleted security group: {sg['GroupId']}")
except Exception as e:
print(f"Failed to delete {sg['GroupId']}: {str(e)}")
except Exception as e:
print(f"Failed to process security groups: {str(e)}")

if __name__ == '__main__':
delete_all_security_groups()
126 changes: 126 additions & 0 deletions .github/workflows/e2e-parallel-full.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
name: e2e-parallel-full

on:
workflow_dispatch:
inputs:
TFDestroy:
description: 'Destroy TF Automatically (false/true) - Default: true'
required: true
default: 'true'

concurrency: e2e-parallel-full

env:
BUCKET_NAME: terraform-crossplane-on-eks-github-actions-state

permissions:
contents: read

jobs:
prereq-cleanup:
name: Prerequisite Cleanup
runs-on: ubuntu-latest
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29

- name: Auth AWS
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
aws-region: us-east-1
role-duration-seconds: 3600
role-session-name: GithubActions-Session

- name: Ensure load balancers and sgs are removed
run: |
pip3 install boto3
python3 .github/scripts/e2e-delete-sgs.py
python3 .github/scripts/e2e-delete-lbs.py
python3 .github/scripts/e2e-delete-log-groups.py
deploy:
name: Run e2e test
runs-on: ubuntu-latest
needs: prereq-cleanup

# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
matrix:
include:
- example_path: bootstrap/terraform
# - example_path: bootstrap/terraform-fully-private
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29

- name: Setup backend
# Un-comment remote backend for use in workflow
run: sed -i "s/# //g" ${{ matrix.example_path }}/versions.tf

- name: Auth AWS
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
aws-region: us-east-1
role-duration-seconds: 3600
role-session-name: GithubActions-Session

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.8.4

- name: Terraform Apply
id: apply
working-directory: ${{ matrix.example_path }}
run: |
terraform init -upgrade=true
terraform apply -no-color -auto-approve
- name: Terraform Destroy Addons
if: github.event.inputs.TFDestroy == 'true' && (steps.apply.outcome == 'success' || steps.apply.outcome == 'failure')
working-directory: ${{ matrix.example_path }}
run: |
terraform init -upgrade=true
terraform destroy -target="module.crossplane" -no-color -auto-approve
terraform destroy -target="module.gatekeeper" -no-color -auto-approve
terraform destroy -target="module.eks_blueprints_addons" -no-color -auto-approve
terraform destroy -target="module.eks" -no-color -auto-approve
- name: Ensure load balancers and sgs are removed
run: |
pip3 install boto3
python3 .github/scripts/e2e-delete-sgs.py
python3 .github/scripts/e2e-delete-lbs.py
python3 .github/scripts/e2e-delete-log-groups.py
- name: Terraform Destroy Resources
run: |
terraform destroy -target="module.vpc" -no-color -auto-approve
terraform destroy -no-color -auto-approve
- name: Fail if TF apply failed
if: steps.apply.outcome == 'failure'
run: |
echo "Terraform Apply step failed...Please check the logs of the Terraform Apply step."
echo "Failing the job to avoid false positives."
exit 1
27 changes: 27 additions & 0 deletions .github/workflows/linkcheck.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{
"timeout": "5s",
"retryOn429": true,
"retryCount": 5,
"fallbackRetryDelay": "30s",
"aliveStatusCodes": [200, 206],
"httpHeaders": [
{
"urls": ["https://help.github.com/"],
"headers": {
"Accept-Encoding": "zstd, br, gzip, deflate"
}
}
],
"ignorePatterns": [
{
"pattern": [
"localhost"
]
},
{
"pattern": [
"127.0.0.1"
]
}
]
}
37 changes: 37 additions & 0 deletions .github/workflows/markdown-link-check.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Check Markdown links

on:
push:
branches:
- main
paths:
- "**/*.md"

pull_request:
branches:
- main
paths:
- "**/*.md"

permissions:
contents: read

jobs:
markdown-link-check:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- uses: actions/setup-node@v4
with:
node-version: '16.x'
- name: install markdown-link-check
run: npm install -g [email protected]
- name: markdown-link-check version
run: npm list -g markdown-link-check
- name: Run markdown-link-check on MD files
run: find docs -name "*.md" | xargs -n 1 markdown-link-check -q -c .github/workflows/linkcheck.json
52 changes: 52 additions & 0 deletions .github/workflows/publish-docs.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Publish docs via GitHub Pages
on:
push:
branches:
- main

env:
PYTHON_VERSION: 3.x

permissions:
contents: read

jobs:
build:
name: Deploy docs
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout main
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
with:
fetch-depth: 0

- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}

- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install mkdocs-material==9.5.21 \
mkdocs-include-markdown-plugin==6.0.6 \
mkdocs-awesome-pages-plugin==2.9.2 \
mkdocs-glightbox==0.1.0 \
mkdocs-minify-plugin==0.8.0 \
mkdocs-material-extensions==1.3.1 \
pillow==10.3.0 \
cairosvg==2.7.1
- name: git config
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
- run: mkdocs gh-deploy --force
Loading

0 comments on commit 3f51072

Please sign in to comment.