Move CI runtime logic from pipeline to ci_integration.sh

adrienthebo · adrienthebo · commit ca9b78a34f71 · 2019-03-06T11:31:28.000-08:00
diff --git a/Makefile b/Makefile
@@ -74,12 +74,7 @@ check_headers:
 # Integration tests
 .PHONY: test_integration
 test_integration:
-	bundle install
-	bundle exec kitchen create
-	bundle exec kitchen converge
-	bundle exec kitchen converge
-	bundle exec kitchen verify
-	bundle exec kitchen destroy
+	test/ci_integration.sh
 
 .PHONY: generate_docs
 generate_docs:
@@ -112,15 +107,25 @@ docker_push_kitchen_terraform:
 .PHONY: docker_run
 docker_run:
 	docker run --rm -it \
+		-e COMPUTE_ENGINE_SERVICE_ACCOUNT \
+		-e PROJECT_ID \
+		-e REGION \
+		-e ZONES \
+		-e SERVICE_ACCOUNT_JSON \
 		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
 		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
 		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
-		/bin/bash
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && exec /bin/bash"
 
 .PHONY: docker_create
 docker_create: docker_build_kitchen_terraform
 	docker run --rm -it \
+		-e COMPUTE_ENGINE_SERVICE_ACCOUNT \
+		-e PROJECT_ID \
+		-e REGION \
+		-e ZONES \
+		-e SERVICE_ACCOUNT_JSON \
 		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
 		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
@@ -130,6 +135,11 @@ docker_create: docker_build_kitchen_terraform
 .PHONY: docker_converge
 docker_converge:
 	docker run --rm -it \
+		-e COMPUTE_ENGINE_SERVICE_ACCOUNT \
+		-e PROJECT_ID \
+		-e REGION \
+		-e ZONES \
+		-e SERVICE_ACCOUNT_JSON \
 		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
 		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
@@ -139,6 +149,11 @@ docker_converge:
 .PHONY: docker_verify
 docker_verify:
 	docker run --rm -it \
+		-e COMPUTE_ENGINE_SERVICE_ACCOUNT \
+		-e PROJECT_ID \
+		-e REGION \
+		-e ZONES \
+		-e SERVICE_ACCOUNT_JSON \
 		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
 		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
@@ -148,12 +163,25 @@ docker_verify:
 .PHONY: docker_destroy
 docker_destroy:
 	docker run --rm -it \
+		-e COMPUTE_ENGINE_SERVICE_ACCOUNT \
+		-e PROJECT_ID \
+		-e REGION \
+		-e ZONES \
+		-e SERVICE_ACCOUNT_JSON \
 		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
 		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
 		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
 		/bin/bash -c "kitchen destroy"
 
 .PHONY: test_integration_docker
-test_integration_docker: docker_create docker_converge docker_verify docker_destroy
-	@echo "Running test-kitchen tests in docker"
+test_integration_docker:
+	docker run --rm -it \
+		-e COMPUTE_ENGINE_SERVICE_ACCOUNT \
+		-e PROJECT_ID \
+		-e REGION \
+		-e ZONES \
+		-e SERVICE_ACCOUNT_JSON \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
+		/bin/bash -c "test/ci_integration.sh"
diff --git a/test/ci_integration.sh b/test/ci_integration.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Always clean up.
+DELETE_AT_EXIT="$(mktemp -d)"
+finish() {
+  echo 'BEGIN: finish() trap handler' >&2
+  kitchen destroy
+  [[ -d "${DELETE_AT_EXIT}" ]] && rm -rf "${DELETE_AT_EXIT}"
+  echo 'END: finish() trap handler' >&2
+}
+
+# Map the input parameters provided by Concourse CI, or whatever mechanism is
+# running the tests to Terraform input variables.  Also setup credentials for
+# use with kitchen-terraform, inspec, and gcloud.
+setup_environment() {
+  local tmpfile
+  tmpfile="$(mktemp)"
+  echo "${SERVICE_ACCOUNT_JSON}" > "${tmpfile}"
+
+  echo "${SERVICE_ACCOUNT_JSON}" > "test/fixtures/shared/credentials.json"
+
+  # gcloud variables
+  export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="${tmpfile}"
+  # Application default credentials (Terraform google provider and inspec-gcp)
+  export GOOGLE_APPLICATION_CREDENTIALS="${tmpfile}"
+
+  # Terraform variables
+  export TF_VAR_project_id="$PROJECT_ID"
+  export TF_VAR_credentials_path_relative="../shared/credentials.json"
+  export TF_VAR_region="$REGION"
+  export TF_VAR_zones="$ZONES"
+  export TF_VAR_compute_engine_service_account="$COMPUTE_ENGINE_SERVICE_ACCOUNT"
+}
+
+main() {
+  set -eu
+  # Setup trap handler to auto-cleanup
+  export TMPDIR="${DELETE_AT_EXIT}"
+  trap finish EXIT
+
+  # Setup environment variables
+  setup_environment
+  set -x
+
+  # Execute the test lifecycle
+  kitchen create
+  kitchen converge
+  kitchen converge
+  kitchen verify
+}
+
+# if script is being executed and not sourced.
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+  main "$@"
+fi
