feat(aws-test-infra): add AWS test infrastructure provisioning action#139
Open
sowmyav27 wants to merge 1 commit intoloft-sh:mainfrom
Open
feat(aws-test-infra): add AWS test infrastructure provisioning action#139sowmyav27 wants to merge 1 commit intoloft-sh:mainfrom
sowmyav27 wants to merge 1 commit intoloft-sh:mainfrom
Conversation
Composite action that provisions and tears down AWS test infra (VPC + subnet + IGW + route table + security group + EC2 instances) for e2e workflows. Built as a Go binary using aws-sdk-go-v2 with hand-rolled mocks for unit testing. Replaces ~150 lines of duplicated Bash + aws-cli inline in loft-sh/vcluster-pro's e2e-selinux-support-matrix.yaml and prerelease-vcluster.yaml workflows. Build-from-source: action runs `go build` from src/ on every invocation. Mirrors run-ginkgo's pattern — assumes the consumer has Go available (via actions/setup-go). No separate release artifact lifecycle. Two subcommands: - provision: VPC/subnet/IGW/route table/SG/EC2/SSM-wait, with optional AMI architecture/virtualization-type filter for safety-net AMI lookup. - cleanup: best-effort direct teardown by ID, plus tag-based sweep that catches resources from runs that failed before exporting IDs. Sweep errors are logged + swallowed by default to match `set +e` semantics of the original Bash teardown; -strict-sweep opts back into hard fail. Outputs: vpc-id, igw-id, subnet-id, route-table-id, route-assoc-id, security-group-id, ami-id, primary-public-ip, instance-ids (CSV), named per-role instance IDs (primary/worker1/worker2), and a JSON map output (instance-id-by-role) for consumers using arbitrary role names or non-three-instance counts. Tests (29 top-level / 71 cases / 62.9% coverage) cover API call ordering, tag application on every resource, the partial-failure ResourceIDs contract that lets cleanup tear down failed provisions, tag-based sweep correctness, dependency-order strict checks for disassoc-before-delete pairs, ingress encoding round-trip, flag validation, and output format wiring.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes: ENGQA-702
A composite action that provisions and tears down AWS test infrastructure (VPC + subnet + IGW + route table + security group + EC2 instances) for e2e workflows. Built as a Go binary using
aws-sdk-go-v2, unit-tested with hand-rolled mocks.Replaces ~150 lines of duplicated Bash +
aws-clithat previously lived inline inloft-sh/vcluster-pro'se2e-selinux-support-matrix.yamlandprerelease-vcluster.yamlworkflows. A separate vcluster-pro PR migrates those workflows to use this action.Why
actions/setup-goin place.Design
Build-from-source: the action runs
go buildfromsrc/on every invocation. Mirrorsrun-ginkgo's pattern — assumes the consumer has Go available (viaactions/setup-go). No separate release artifact lifecycle, no SHA-256 dance, no two-step "merge then tag then PR" coordination. Tagaws-test-infra/v1is usable immediately after merge.Two subcommands:
provision: VPC/subnet/IGW/route table/SG/EC2/SSM-wait. Optional-ami-architectureand-ami-virtualization-typefilter to preserve the safety net the original Bash had (defaults tox86_64+hvminaction.yml).cleanup: best-effort direct teardown by ID, plus a tag-based sweep that catches resources from runs that failed before exporting IDs. Sweep errors are logged + swallowed by default to matchset +esemantics of the original Bash teardown;-strict-sweepopts back into hard failure.Outputs:
vpc-id,igw-id,subnet-id,route-table-id,route-assoc-id,security-group-id,ami-id,primary-public-ip,instance-ids(CSV).primary-instance-id,worker1-instance-id,worker2-instance-id(covers the common 3-instance case).instance-id-by-role(JSON map): for consumers using arbitrary role names or non-three-instance counts.Tests
29 top-level / 71 cases / 62.9% coverage. Cover:
if: always()cleanup stepsTest plan
test-aws-test-infra.yaml:go test ./...+ build verification)aws-test-infra/v1so the consumer PR (vcluster-pro engqa-aws-mig) can reference itworkflow_dispatchone2e-selinux-support-matrix.yamlin vcluster-pro after the consumer PR merges (matrix runs on all 3 distros, cleanup leaves no orphans)workflow_dispatchonprerelease-vcluster.yaml(Kind shared-HA + EC2 standalone paths both pass, teardown succeeds)