chore: node e2e config -> gha secret (#400)

iartemiev · web-flow · commit 813603a36323 · 2024-11-20T11:11:59.000-05:00
diff --git a/.changeset/five-donkeys-join.md b/.changeset/five-donkeys-join.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.github/workflows/callable-local-e2e-tests.yml b/.github/workflows/callable-local-e2e-tests.yml
@@ -6,13 +6,20 @@ jobs:
   unit_test:
     name: Local E2E Tests
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
         with:
           path: amplify-api-next
       - name: Setup node and build the repository
         uses: ./amplify-api-next/.github/actions/node-and-build
+      - name: Write Amplify outputs
+        working-directory: ./amplify-api-next
+        env:
+          AMPLIFY_OUTPUTS_BASE64: ${{ secrets.E2E_NODE_AMPLIFY_OUTPUTS_BASE64 }}
+        run: |
+          echo $AMPLIFY_OUTPUTS_BASE64 | base64 --decode > ./packages/e2e-tests/node/amplify_outputs.json
       - name: Install Node Sample Dependencies
         working-directory: ./amplify-api-next
         run: npm run e2e-node:install
diff --git a/.github/workflows/callable-release-verification.yml b/.github/workflows/callable-release-verification.yml
@@ -17,6 +17,7 @@ jobs:
   local-e2e:
     needs:
       - prebuild-ubuntu
+    secrets: inherit
     uses: ./.github/workflows/callable-local-e2e-tests.yml
   e2e:
     needs:
diff --git a/.github/workflows/push-e2e-test.yml b/.github/workflows/push-e2e-test.yml
@@ -0,0 +1,16 @@
+name: Push - run release verifications
+
+concurrency:
+  # group name unique for push to push-integ-test
+  group: push-e2e-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - replace-with-your-branch
+
+jobs:
+  e2e:
+    secrets: inherit
+    uses: ./.github/workflows/callable-release-verification.yml
diff --git a/packages/e2e-tests/node/.gitignore b/packages/e2e-tests/node/.gitignore
@@ -24,4 +24,6 @@ dist-ssr
 *.sw?
 
 # amplify
-.amplify
+.amplify
+amplify_outputs.json
+amplify_outputs.base64
diff --git a/packages/e2e-tests/node/README.md b/packages/e2e-tests/node/README.md
@@ -0,0 +1,36 @@
+# Node E2E Test
+
+This e2e test relies on a long-lived cloud backend provisioned in the team's internal AWS account.
+
+The `amplify_outputs.json` file is not persisted to the repo. The contents of the `amplify_outputs.json` file are base64-encoded and stored in a GitHub Actions secret. The GHA job creates a temporary `amplify_outputs.json` from the secret during execution.
+
+The decoded config is stored in SSM in the team's internal AWS account.
+
+## Running the test locally
+
+1. Run `npx ampx sandbox`
+1. `npm run install:no-lock`
+1. `npm run e2e-node` to run test
+
+Note: `amplify_outputs.json` and `.amplify/*` files are ignored by Git in this directory, so you do not have to delete them manually.
+
+## Updating backend
+
+Prereqs:
+
+- `gh` CLI installed and configured with your GitHub credentials (`brew install gh && gh auth login`)
+- amplify-backend profile configured with the team's internal AWS test account
+
+See GitHub Actions [docs](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#storing-base64-binary-blobs-as-secrets) for similar configuration.
+
+Steps:
+
+1. Create a new amplify-backend sandbox in this directory using an AWS profile configured with our internal AWS test account credentials
+1. After sandbox deploys, ensure the generated `amplify_outputs.json` contains the expected configuration
+1. Run `base64 -i amplify_outputs.json -o amplify_outputs.base64` to output a base64-encoded config
+1. Run `gh secret set E2E_NODE_AMPLIFY_OUTPUTS_BASE64 < amplify_outputs.base64` to set the secret to the base64-encoded value
+1. Trigger e2e workflow to confirm the test script works as expected with your new backend.
+   - **If you're seeing errors and would like to revert to the last known working config: retrieve `amplify_outputs.json` from team's SSM, base64-encode it, and set as secret value. Trigger test run to confirm.**
+   - If new config works as expected, update SSM with the new config you created. Use the un-encoded JSON contents (direct copy-paste from your `amplify_outputs.json` file)
+
+Note: `amplify_outputs.json` and `amplify_outputs.base64` files are ignored by Git in this directory, so you do not have to delete them manually.
diff --git a/packages/e2e-tests/node/amplify_outputs.json b/packages/e2e-tests/node/amplify_outputs.json
diff --git a/packages/e2e-tests/node/utils.ts b/packages/e2e-tests/node/utils.ts
@@ -6,8 +6,10 @@ import {
 } from 'aws-amplify/data';
 import { Hub, ConsoleLogger } from 'aws-amplify/utils';
 import type { Schema } from './amplify/data/resource';
-import outputs from './amplify_outputs.json';
 import { WebSocket } from 'ws';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore - outputs is loaded dynamically in GHA; expected undefined locally
+import outputs from './amplify_outputs.json';
 
 // TODO: use imported type from `aws-amplify/data` once it's fixed
 export type Client = ReturnType<typeof generateClient<Schema>>;
