Merge branch 'main' into azure-management-groups

.ci/scripts/get-previous-version.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# Calculate Previous Version
+#
+# This script takes a version as input, calculates the previous version,
+# fetches the corresponding release version from Elastic snapshots,
+# and outputs the previous version.
+#
+# Usage: ./get_previous_version.sh <version>
+#
+# Example:
+# ./get_previous_version.sh 8.12.0-SNAPSHOT
+
+# Input: version to calculate previous version
+VERSION="$1"
+
+# Extract the major and minor versions
+MAJOR_VERSION=$(echo "$VERSION" | cut -d'.' -f1)
+MINOR_VERSION=$(echo "$VERSION" | cut -d'.' -f2)
+
+# Calculate the previous version (assuming it's always X.(Y-1))
+PREVIOUS_VERSION="$MAJOR_VERSION.$((MINOR_VERSION - 1))"
+
+URL="https://snapshots.elastic.co/latest/$PREVIOUS_VERSION.json"
+
+# Use curl to fetch the JSON data
+JSON_RESPONSE=$(curl -s "$URL")
+
+# Get latest snapshot version
+SNAPSHOT_VERSION=$(echo "$JSON_RESPONSE" | jq -r '.version')
+
+# Check if SNAPSHOT_VERSION is empty
+if [ -z "$SNAPSHOT_VERSION" ]; then
+    # Log an error message with variable values
+    echo "Error: The release version corresponding to $PREVIOUS_VERSION could not be found." >&2
+    exit 1
+fi
+
+# Split the version into major, minor, and patch parts
+IFS='.-' read -ra PARTS <<<"$SNAPSHOT_VERSION"
+MAJOR="${PARTS[0]}"
+MINOR="${PARTS[1]}"
+PATCH="${PARTS[2]}"
+
+# Decrement the patch version by 1
+PATCH=$((PATCH - 1))
+
+# Format the previous version
+PREVIOUS_VERSION="$MAJOR.$MINOR.$PATCH"
+
+# Output the previous version
+echo "$PREVIOUS_VERSION"

.github/workflows/test-environment.yml

@@ -18,14 +18,17 @@ on:
       elk-stack-version:
         required: true
         description: "Stack version: For released/BC version use 8.x.y, for SNAPSHOT use 8.x.y-SNAPSHOT"
-        default: "8.10.0"
+        default: "8.11.0"
+        type: string
       ess-region:
         required: true
         description: "Elastic Cloud deployment region"
         default: "gcp-us-west2"
+        type: string
       docker-image-override:
         required: false
         description: "Provide the full Docker image path to override the default image (e.g. for testing BC/SNAPSHOT)"
+        type: string
       run-sanity-tests:
           description: "Run sanity tests after provision"
           default: false
@@ -38,6 +41,45 @@ on:
         type: string
         description: "**Optional** By default, the environment will be created in our Cloud Security Organization. If you want to use your own cloud account, enter your Elastic Cloud API key."
         required: false
+  workflow_call:
+    inputs:
+      deployment_name:
+        description: Name of the deployment to create
+        type: string
+        required: true
+      elk-stack-version:
+        required: true
+        description: "Stack version: For released/BC version use 8.x.y, for SNAPSHOT use 8.x.y-SNAPSHOT"
+        default: "8.10.0"
+        type: string
+      ess-region:
+        required: true
+        description: "Elastic Cloud deployment region"
+        default: "gcp-us-west2"
+        type: string
+      docker-image-override:
+        required: false
+        description: "Provide the full Docker image path to override the default image (e.g. for testing BC/SNAPSHOT)"
+        type: string
+      run-sanity-tests:
+        description: "Run sanity tests after provision"
+        default: false
+        type: boolean
+      cleanup-env:
+        description: "Cleanup resources after provision"
+        default: false
+        type: boolean
+      ec-api-key:
+        type: string
+        description: "**Optional** By default, the environment will be created in our Cloud Security Organization. If you want to use your own cloud account, enter your Elastic Cloud API key."
+        required: false
+    outputs:
+      s3-bucket:
+        description: "Terraform state s3 bucket folder"
+        value: ${{ jobs.Deploy.outputs.deploy-s3-bucket }}
+      cnvm-stack-name:
+        description: "AWS CNVM integration stack name"
+        value: ${{ jobs.Deploy.outputs.aws-cnvm-stack-name }}
 
 env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -57,18 +99,21 @@ jobs:
       run:
         working-directory: ${{ env.WORKING_DIR }}
     env:
-      TF_VAR_serverless_mode: ${{ github.event.inputs.serverless_mode }}
-      TF_VAR_stack_version: ${{ github.event.inputs.elk-stack-version }}
-      TF_VAR_ess_region: ${{ github.event.inputs.ess-region }}
-      DEPLOYMENT_NAME: ${{ github.event.inputs.deployment_name }}
+      TF_VAR_stack_version: ${{ inputs.elk-stack-version }}
+      TF_VAR_ess_region: ${{ inputs.ess-region }}
+      DEPLOYMENT_NAME: ${{ inputs.deployment_name }}
+      TF_VAR_serverless_mode: ${{ inputs.serverless_mode }}
       S3_BASE_BUCKET: "s3://tf-state-bucket-test-infra"
-      DOCKER_IMAGE_OVERRIDE: ${{ github.event.inputs.docker-image-override }}
-      STACK_VERSION: ${{ github.event.inputs.elk-stack-version }}
-      CNVM_STACK_NAME: "${{ github.event.inputs.deployment_name }}-cnvm-sanity-test-stack"
+      DOCKER_IMAGE_OVERRIDE: ${{ inputs.docker-image-override }}
+      STACK_VERSION: ${{ inputs.elk-stack-version }}
+      CNVM_STACK_NAME: "${{ inputs.deployment_name }}-cnvm-sanity-test-stack"
     # Add "id-token" with the intended permissions.
     permissions:
       contents: 'read'
       id-token: 'write'
+    outputs:
+      deploy-s3-bucket: ${{ steps.upload-state.outputs.s3-bucket-folder }}
+      aws-cnvm-stack-name: ${{ steps.upload-state.outputs.aws-cnvm-stack }}
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
@@ -79,7 +124,7 @@ jobs:
 
       - name: Check Deployment Name
         run: |
-          deployment_name="${{ github.event.inputs.deployment_name }}"
+          deployment_name="${{ inputs.deployment_name }}"
 
           # Check length
           if [ ${#deployment_name} -gt 20 ]; then
@@ -94,7 +139,7 @@ jobs:
           fi
 
       - name: Mask Sensitive Data
-        if: github.event.inputs.ec-api-key != ''
+        if: inputs.ec-api-key != ''
         run: |
           ec_api_key=$(jq -r '.inputs["ec-api-key"]' $GITHUB_EVENT_PATH)
           echo "::add-mask::$ec_api_key"
@@ -184,13 +229,16 @@ jobs:
           echo "CSPM_PUBLIC_IP=$CSPM_PUBLIC_IP" >> $GITHUB_ENV
 
       - name: Upload tf state
+        id: upload-state
         if: always()
         env:
           S3_BUCKET: "${{ env.S3_BASE_BUCKET }}/${{ env.DEPLOYMENT_NAME }}_${{ env.TF_STATE_FOLDER }}"
         run: |
           aws s3 cp "./terraform.tfstate" "${{ env.S3_BUCKET }}/terraform.tfstate"
           aws s3 cp "${{ env.EC2_CSPM_KEY }}" "${{ env.S3_BUCKET }}/cspm.pem"
           aws s3 cp "${{ env.EC2_KSPM_KEY }}" "${{ env.S3_BUCKET }}/kspm.pem"
+          echo "s3-bucket-folder=${{ env.S3_BUCKET }}" >> $GITHUB_OUTPUT
+          echo "aws-cnvm-stack=${{ env.CNVM_STACK_NAME }}" >> $GITHUB_OUTPUT
 
       - name: Summary
         if: success()
@@ -320,6 +368,7 @@ jobs:
           aws s3 cp "${{ env.FLEET_API_DIR}}/kspm_d4c.yaml" "${{ env.S3_BUCKET }}/kspm_d4c.yaml"
           aws s3 cp "${{ env.FLEET_API_DIR}}/kspm_eks.yaml" "${{ env.S3_BUCKET }}/kspm_eks.yaml"
           aws s3 cp "${{ env.FLEET_API_DIR}}/cspm-linux.sh" "${{ env.S3_BUCKET }}/cspm-linux.sh"
+          aws s3 cp "${{ env.FLEET_API_DIR}}/state_data.json" "${{ env.S3_BUCKET }}/state_data.json"
 
       - name: Wait for agents to enroll
         id: wait-for-agents
@@ -328,13 +377,13 @@ jobs:
           poetry run python src/agents_enrolled.py
 
       - name: Run Sanity checks
-        if: ${{ success() && github.event.inputs.run-sanity-tests == 'true' }}
+        if: ${{ success() && inputs.run-sanity-tests == true }}
         working-directory: ./tests
         run: |
           poetry install
           poetry run pytest -m "sanity" --alluredir=./allure/results/ --clean-alluredir --maxfail=4
 
       - name: Cleanup Environment
-        if: github.event.inputs.cleanup-env == 'true'
+        if: inputs.cleanup-env == 'true'
         run: |
           just delete-cloud-env ${{ env.DEPLOYMENT_NAME }} '' "false"