feat: randomize ami name on testinfra for 15.6 (#1080)

samrose · web-flow · commit f4ace6ef076a · 2024-08-01T10:01:26.000-04:00
* feat: randomize ami name on testinfra for 15.6

* chore: utilize random name all the way through

* chore: need to pin osquery version
newer release is broken in nixpkgs
and won't install

* chore: use env var for AMI_NAME

* chore: full ami name

---------

Co-authored-by: Sam Rose &lt;samuel@supabase.io&gt;
diff --git a/.github/workflows/testinfra-nix.yml b/.github/workflows/testinfra-nix.yml
@@ -37,24 +37,30 @@ jobs:
         with:
           endpoint: builders
 
+      - name: Generate random string
+        id: random
+        run: echo "random_string=$(openssl rand -hex 8)" >> $GITHUB_OUTPUT
+  
       - name: Build AMI stage 1
         run: |
           packer init amazon-arm64-nix.pkr.hcl
           GIT_SHA=${{github.sha}}
-          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=" -var "postgres-version=ci-ami-test" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" amazon-arm64-nix.pkr.hcl
-
+          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=" -var "postgres-version=${{ steps.random.outputs.random_string }}" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" amazon-arm64-nix.pkr.hcl
+      
       - name: Build AMI stage 2
         run: |
           packer init stage2-nix-psql.pkr.hcl
           GIT_SHA=${{github.sha}}
-          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl"  -var "postgres-version=ci-ami-test" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" -var "git_sha=${GITHUB_SHA}"  stage2-nix-psql.pkr.hcl 
+          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl"  -var "postgres-version=${{ steps.random.outputs.random_string }}" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" -var "git_sha=${GITHUB_SHA}"  stage2-nix-psql.pkr.hcl 
 
       - name: Run tests
         timeout-minutes: 10
+        env:
+          AMI_NAME: "supabase-postgres-${{ steps.random.outputs.random_string }}"
         run: |
           # TODO: use poetry for pkg mgmt
           pip3 install boto3 boto3-stubs[essential] docker ec2instanceconnectcli pytest pytest-testinfra[paramiko,docker] requests
-          pytest -vv -s testinfra/test_ami_nix.py
+          pytest -vv -s testinfra/test_ami_nix.py 
       
       - name: Cleanup resources on build cancellation
         if: ${{ cancelled() }}
@@ -71,7 +77,7 @@ jobs:
         run: |
           # Define AMI name patterns
           STAGE1_AMI_NAME="supabase-postgres-ci-ami-test-stage-1"
-          STAGE2_AMI_NAME="supabase-postgres-ci-ami-test-nix"
+          STAGE2_AMI_NAME="${{ steps.random.outputs.random_string }}"
           
           # Function to deregister AMIs by name pattern
           deregister_ami_by_name() {
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
@@ -192,7 +192,7 @@
     - name: Install osquery from nixpkgs binary cache
       become: yes
       shell: |
-        sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install nixpkgs#osquery"
+        sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:nixos/nixpkgs/f98ec4f73c762223d62bee706726138cb6ea27cc#osquery"
       when: stage2_nix
 
     - name: Run osquery permission checks
diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py
@@ -13,7 +13,7 @@
 
 # if GITHUB_RUN_ID is not set, use a default value that includes the user and hostname
 RUN_ID = os.environ.get("GITHUB_RUN_ID", "unknown-ci-run-" + os.environ.get("USER", "unknown-user") + '@' + socket.gethostname())
-
+AMI_NAME = os.environ.get('AMI_NAME')
 postgresql_schema_sql_content = """
 ALTER DATABASE postgres SET "app.settings.jwt_secret" TO  'my_jwt_secret_which_is_not_so_secret';
 ALTER DATABASE postgres SET "app.settings.jwt_exp" TO 3600;
@@ -167,7 +167,7 @@ def host():
     ec2 = boto3.resource("ec2", region_name="ap-southeast-1")
     images = list(
         ec2.images.filter(
-            Filters=[{"Name": "name", "Values": ["supabase-postgres-ci-ami-test-nix"]}]
+            Filters=[{"Name": "name", "Values": [AMI_NAME]}],
         )
     )
     assert len(images) == 1
@@ -387,4 +387,4 @@ def test_postgrest_ending_apikey_query_parameter_is_removed(host):
             "apikey": service_role_key,
         },
     )
-    assert res.ok
+    assert res.ok
