platform/.github/workflows/test-local-dev.yml at main · ambient-code/platform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
name: Test Local Development Environment

on:
  pull_request:

env:
  # Pin versions for reliable caching
  KUBECTL_VERSION: "v1.31.4"
  KIND_VERSION: "v0.31.0"

jobs:
  # Fast job that doesn't need the cluster - runs in parallel
  validate-manifests:
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
    - name: Checkout code
      uses: actions/checkout@v6

    - name: Validate production manifest safety
      run: |
        echo "Validating production manifests do NOT contain dev mode variables..."

        # Recursively check base and production manifests for DISABLE_AUTH
        while IFS= read -r manifest; do
          if grep -q "DISABLE_AUTH" "$manifest"; then
            echo "CRITICAL: Production manifest contains DISABLE_AUTH: $manifest"
            exit 1
          fi

          if grep -qE "ENVIRONMENT.*[\"']?(local|development)[\"']?" "$manifest"; then
            echo "CRITICAL: Production manifest sets ENVIRONMENT=local/development: $manifest"
            exit 1
          fi
        done < <(find components/manifests/base components/manifests/overlays/production -name "*.yaml" -o -name "*.yml" 2>/dev/null)

        echo "All production manifests are safe"

    - name: Validate Makefile
      run: |
        echo "Validating Makefile quality..."
        make validate-makefile

  test-local-dev-simulation:
    runs-on: ubuntu-latest
    timeout-minutes: 30

    steps:
    - name: Checkout code
      uses: actions/checkout@v6

    - name: Cleanup Diskspace
      id: cleanup
      uses: kubeflow/pipelines/.github/actions/github-disk-cleanup@master
      if: (!cancelled())

    - name: Set up Go
      uses: actions/setup-go@v6
      with:
        go-version-file: 'components/backend/go.mod'
        cache-dependency-path: 'components/backend/go.sum'

    - name: Cache kubectl and kind
      uses: actions/cache@v4
      id: k8s-tools-cache
      with:
        path: |
          ~/k8s-tools/kubectl
          ~/k8s-tools/kind
        key: k8s-tools-${{ runner.os }}-kubectl-${{ env.KUBECTL_VERSION }}-kind-${{ env.KIND_VERSION }}

    - name: Install kind and kubectl
      run: |
        mkdir -p ~/k8s-tools

        # Install kubectl if not cached
        if [[ ! -f ~/k8s-tools/kubectl ]]; then
          echo "Downloading kubectl $KUBECTL_VERSION..."
          curl -sLO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl"
          chmod +x kubectl
          mv kubectl ~/k8s-tools/
        else
          echo "Using cached kubectl"
        fi
        sudo cp ~/k8s-tools/kubectl /usr/local/bin/kubectl

        # Install kind if not cached
        if [[ ! -f ~/k8s-tools/kind ]]; then
          echo "Downloading kind $KIND_VERSION..."
          curl -sLO "https://kind.sigs.k8s.io/dl/${KIND_VERSION}/kind-linux-amd64"
          chmod +x kind-linux-amd64
          mv kind-linux-amd64 ~/k8s-tools/kind
        else
          echo "Using cached kind"
        fi
        sudo cp ~/k8s-tools/kind /usr/local/bin/kind

        # Verify installations
        kubectl version --client
        kind version

    - name: Deploy using Makefile
      run: |
        echo "Using Makefile to deploy complete stack..."
        make kind-up CONTAINER_ENGINE=docker CI_MODE=true

    - name: Wait for deployments
      run: |
        echo "Waiting for all deployments in parallel..."

        # Wait for all deployments concurrently using background jobs
        kubectl wait --for=condition=available --timeout=180s deployment/backend-api -n ambient-code &
        PID_BACKEND=$!

        kubectl wait --for=condition=available --timeout=180s deployment/frontend -n ambient-code &
        PID_FRONTEND=$!

        kubectl wait --for=condition=available --timeout=180s deployment/agentic-operator -n ambient-code &
        PID_OPERATOR=$!

        # Wait for all and collect exit codes
        FAILED=0

        wait $PID_BACKEND || {
          echo "Backend deployment timeout - showing status"
          kubectl get pods -n ambient-code -o wide
          kubectl describe deployment backend-api -n ambient-code | tail -50
          kubectl get events -n ambient-code --field-selector involvedObject.kind=Pod --sort-by='.lastTimestamp' | grep backend-api || true
          FAILED=1
        }

        wait $PID_FRONTEND || {
          echo "Frontend deployment timeout - showing status"
          kubectl get pods -n ambient-code -o wide
          kubectl describe deployment frontend -n ambient-code | tail -50
          FAILED=1
        }

        wait $PID_OPERATOR || {
          echo "Operator deployment timeout - showing status"
          kubectl get pods -n ambient-code -o wide
          kubectl describe deployment agentic-operator -n ambient-code | tail -50
          FAILED=1
        }

        if [[ $FAILED -eq 1 ]]; then
          exit 1
        fi

        echo "All deployments ready"

    - name: Run backend integration tests (real k8s auth path)
      run: |
        set -euo pipefail

        echo "Setting up ServiceAccount + RBAC for backend integration tests..."
        kubectl -n ambient-code create serviceaccount backend-integration-test 2>/dev/null || true
        kubectl -n ambient-code create role backend-integration-test \
          --verb=get,list \
          --resource=configmaps 2>/dev/null || true
        kubectl -n ambient-code create rolebinding backend-integration-test \
          --role=backend-integration-test \
          --serviceaccount=ambient-code:backend-integration-test 2>/dev/null || true

        TEST_TOKEN="$(kubectl -n ambient-code create token backend-integration-test)"
        echo "::add-mask::$TEST_TOKEN"

        echo "Running Go integration tests (skips any external-provider tests without env)..."
        cd components/backend
        INTEGRATION_TESTS=true \
        K8S_TEST_TOKEN="$TEST_TOKEN" \
        K8S_TEST_NAMESPACE="ambient-code" \
        go test ./tests/integration/... -count=1 -timeout=10m

    - name: Run Makefile smoke tests
      run: |
        echo "Running Makefile smoke tests..."
        make local-test-quick CONTAINER_ENGINE=docker || {
          echo "Smoke tests failed - showing debugging information..."
          make local-troubleshoot
          exit 1
        }

    - name: Run comprehensive test suite
      run: |
        echo "Running local development test suite..."
        chmod +x tests/local-dev-test.sh

        # Run tests in CI mode (known failures tracked separately)
        ./tests/local-dev-test.sh --skip-setup --ci || {
          echo "Test suite failed - showing debugging information..."
          make local-troubleshoot
          exit 1
        }

    - name: Show deployment status
      if: always()
      run: |
        echo "=== Namespace ==="
        kubectl get namespace ambient-code 2>&1 || echo "(Namespace not found - may not have been created)"

        echo ""
        echo "=== Deployments ==="
        kubectl get deployments -n ambient-code -o wide 2>&1 || echo "(No deployments found or namespace does not exist)"

        echo ""
        echo "=== ReplicaSets ==="
        kubectl get replicasets -n ambient-code -o wide 2>&1 || echo "(No replicasets found or namespace does not exist)"

        echo ""
        echo "=== Pods ==="
        kubectl get pods -n ambient-code -o wide 2>&1 || echo "(No pods found or namespace does not exist)"

        echo ""
        echo "=== Services ==="
        kubectl get svc -n ambient-code 2>&1 || echo "(No services found or namespace does not exist)"

        echo ""
        echo "=== Ingress ==="
        kubectl get ingress -n ambient-code 2>&1 || echo "(No ingress found or namespace does not exist)"

        echo ""
        echo "=== CRDs ==="
        kubectl get crd 2>&1 | grep vteam || echo "(No vteam CRDs found)"

        echo ""
        echo "=== Events (last 30) ==="
        kubectl get events -n ambient-code --sort-by='.lastTimestamp' 2>&1 | tail -30 || echo "(No events found or namespace does not exist)"

        echo ""
        echo "=== Deployment describe (if no pods) ==="
        if ! kubectl get pods -n ambient-code 2>/dev/null | grep -q "backend-api\|frontend\|agentic-operator"; then
          echo "No pods found - describing deployments for details:"
          kubectl describe deployment backend-api -n ambient-code 2>&1 | tail -50 || echo "(backend-api deployment not found)"
          kubectl describe deployment frontend -n ambient-code 2>&1 | tail -50 || echo "(frontend deployment not found)"
          kubectl describe deployment agentic-operator -n ambient-code 2>&1 | tail -50 || echo "(agentic-operator deployment not found)"
        fi

    - name: Cleanup
      if: always()
      run: |
        echo "Cleaning up using Makefile..."
        make kind-down 2>&1 || echo "(Cleanup failed or cluster already removed)"