E2E Tests (Full Suite) #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: E2E Tests (Full Suite) | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| aws_region: | |
| description: 'AWS region for deployment' | |
| default: 'us-east-1' | |
| type: string | |
| schedule: | |
| - cron: '0 14 * * 1' # Mondays 14:00 UTC (09:00 EST / 10:00 EDT — cron does not observe DST) | |
| concurrency: | |
| group: e2e-full-${{ github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| id-token: write # OIDC — lets GitHub assume an AWS IAM role via short-lived token (no stored keys) | |
| contents: read | |
| jobs: | |
| e2e: | |
| runs-on: ubuntu-latest | |
| environment: e2e-testing | |
| timeout-minutes: 60 | |
| env: | |
| # Single source for the AWS region default. On `workflow_dispatch` the | |
| # input applies; on `schedule` `inputs` is empty so the fallback applies. | |
| AWS_REGION: ${{ inputs.aws_region || 'us-east-1' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| cdk-source: [npm, main] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| ref: ${{ github.event_name == 'workflow_dispatch' && github.ref || 'main' }} | |
| persist-credentials: false | |
| - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| - name: Configure git | |
| run: | | |
| git config --global user.email "ci@amazon.com" | |
| git config --global user.name "CI" | |
| - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 | |
| with: | |
| role-to-assume: ${{ secrets.E2E_AWS_ROLE_ARN }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Get AWS Account ID | |
| id: aws | |
| run: echo "account_id=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_OUTPUT" | |
| - name: Get API keys from Secrets Manager | |
| uses: aws-actions/aws-secretsmanager-get-secrets@2cb1a461cbd4865ac4299648312e4704c646cd53 # v3 | |
| with: | |
| secret-ids: | | |
| E2E,${{ secrets.E2E_SECRET_ARN }} | |
| parse-json-secrets: true | |
| - run: npm ci | |
| - run: npm run build | |
| - name: Build CDK package from main | |
| if: matrix.cdk-source == 'main' | |
| run: | | |
| set -euo pipefail | |
| [ -n "${CDK_REPO_TOKEN:-}" ] && [ -n "${CDK_REPO:-}" ] || { echo "::error::Required secrets CDK_REPO_NAME and CDK_REPO_TOKEN are not configured"; exit 1; } | |
| git clone --depth 1 --branch main "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo | |
| cd /tmp/cdk-repo | |
| npm ci | |
| npm run build | |
| TARBALL="$(npm pack --json --pack-destination "$RUNNER_TEMP" | jq -r '.[0].filename')" | |
| [ -n "$TARBALL" ] && [ "$TARBALL" != "null" ] || { echo "::error::npm pack produced no tarball"; exit 1; } | |
| CDK_TARBALL="$RUNNER_TEMP/$TARBALL" | |
| # Fail loud: a missing tarball would silently fall back to the published | |
| # CDK in installCdkTarball(), defeating the `main` matrix leg. | |
| [ -f "$CDK_TARBALL" ] || { echo "::error::CDK tarball not found at '$CDK_TARBALL'"; exit 1; } | |
| echo "CDK_TARBALL=$CDK_TARBALL" >> "$GITHUB_ENV" | |
| env: | |
| CDK_REPO_TOKEN: ${{ secrets.CDK_REPO_TOKEN }} | |
| CDK_REPO: ${{ secrets.CDK_REPO_NAME }} | |
| - name: Install CLI globally | |
| run: | | |
| set -euo pipefail | |
| TARBALL="$(npm pack --json | jq -r '.[0].filename')" | |
| [ -n "$TARBALL" ] && [ "$TARBALL" != "null" ] || { echo "::error::npm pack produced no tarball"; exit 1; } | |
| npm install -g "./$TARBALL" | |
| - name: Run E2E tests (${{ matrix.cdk-source }}) | |
| env: | |
| AWS_ACCOUNT_ID: ${{ steps.aws.outputs.account_id }} | |
| ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }} | |
| OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }} | |
| GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }} | |
| CDK_TARBALL: ${{ env.CDK_TARBALL }} | |
| run: npm run test:e2e |