Add integration test

.github/workflows/plan.yml

@@ -25,7 +25,7 @@ jobs:
         terraform_version: 1.5.7
 
     - name: lint
-      run: terraform fmt *.tf modules/*/*.tf
+      run: find . -type f -name "*.tf" -exec terraform fmt {} \;
       shell: bash
 
     - name: Set up Cloud SDK

.github/workflows/test.yml

@@ -0,0 +1,74 @@
+name: Integration Test
+
+on:
+  push:
+    branches-ignore:
+      - main
+env:
+  TF_VAR_project: ${{ secrets.GCLOUD_PROJECT }}
+jobs:
+  terraform:
+    name: Create test CR
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Install Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version: 1.5.7
+
+    - name: lint
+      run: terraform fmt *.tf modules/*/*.tf
+      shell: bash
+
+    - name: Set up Cloud SDK
+      uses: google-github-actions/setup-gcloud@v1
+      with:
+        version: 'latest'
+
+    - name: Authenticate to Google Cloud
+      id: 'auth'
+      uses: google-github-actions/auth@v1
+      with:
+        workload_identity_provider: ${{ secrets.GCLOUD_OIDC_POOL }}
+        service_account: ${{ secrets.GSA }}
+        token_format: 'access_token'
+
+    - name: Configure gcloud
+      run: |
+        gcloud config set project ${{ secrets.GCLOUD_PROJECT }}
+        gcloud config set disable_prompts true
+
+    - uses: 'docker/login-action@v3'
+      name: 'Docker login'
+      with:
+        registry: 'us-docker.pkg.dev'
+        username: 'oauth2accesstoken'
+        password: '${{ steps.auth.outputs.access_token }}'
+
+    - name: terraform init
+      run: terraform init -upgrade
+      working-directory: ./test
+
+    - name : pick a region, any region
+      run: terraform apply -target random_shuffle.region -auto-approve
+      working-directory: ./test
+
+    - name: terraform apply
+      run: terraform apply -auto-approve
+      working-directory: ./test
+
+    - name: run tests
+      run: ./test.sh
+      working-directory: ./test
+
+    - name: terraform destroy
+      run: terraform destroy -auto-approve
+      working-directory: ./test

modules/cloudrun/main.tf

@@ -120,7 +120,7 @@ resource "google_cloud_run_service_iam_member" "invoker" {
 
 # create a serverless NEG for this set of regional services
 resource "google_compute_region_network_endpoint_group" "neg" {
-  for_each              = toset(var.regions)
+  for_each              = var.skipNeg ? toset([]) : toset(var.regions)
   name                  = "libops-neg-${var.name}-${each.value}"
   network_endpoint_type = "SERVERLESS"
   region                = each.value
@@ -136,6 +136,8 @@ resource "google_compute_region_network_endpoint_group" "neg" {
 }
 
 resource "google_compute_backend_service" "backend" {
+  count = var.skipNeg ? 0 : 1
+
   project = var.project
   name    = "libops-backend-${var.name}"
 

modules/cloudrun/outputs.tf

@@ -1,3 +1,10 @@
 output "backend" {
-  value = google_compute_backend_service.backend.id
+  value = var.skipNeg ? "" : google_compute_backend_service.backend[0].id
+}
+
+output "urls" {
+  value = {
+    for region, service in google_cloud_run_service.cloudrun :
+    region => service.status[0].url
+  }
 }

modules/cloudrun/variables.tf

@@ -34,6 +34,11 @@ variable "project" {
   description = "The GCP project to use"
 }
 
+variable "skipNeg" {
+  type    = bool
+  default = false
+}
+
 variable "secrets" {
   type = list(object({
     name        = string
@@ -42,6 +47,7 @@ variable "secrets" {
   }))
   default = []
 }
+
 variable "containers" {
   type = list(object({
     image          = string

test/main.tf

@@ -0,0 +1,172 @@
+terraform {
+  required_version = "= 1.5.7"
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.0.1"
+    }
+    github = {
+      source  = "integrations/github"
+      version = "6.2.1"
+    }
+    google = {
+      source  = "hashicorp/google"
+      version = "5.29.1"
+    }
+  }
+
+  backend "gcs" {
+    bucket = "libops-public-microservices-terraform"
+    prefix = "/github-test"
+  }
+}
+
+provider "google" {
+  alias   = "default"
+  project = var.project
+}
+
+provider "docker" {
+  alias = "local"
+  registry_auth {
+    address     = "us-docker.pkg.dev"
+    config_file = pathexpand("~/.docker/config.json")
+  }
+}
+
+resource "random_shuffle" "region" {
+  input = [
+    "us-east4",
+    "us-east5",
+    "us-central1",
+    "us-west3",
+    "us-west1",
+    "us-west4",
+    "us-south1"
+  ]
+  result_count = 1
+}
+
+
+module "houdini" {
+  source = "../modules/cloudrun"
+
+  name    = "houdini-test"
+  project = var.project
+  regions = random_shuffle.region.result
+  skipNeg = true
+  containers = tolist([
+    {
+      name           = "houdini",
+      image          = "us-docker.pkg.dev/${var.project}/shared/imagemagick:main",
+      port           = 8080
+      liveness_probe = "/healthcheck"
+    }
+  ])
+  providers = {
+    google = google.default
+    docker = docker.local
+  }
+}
+
+module "homarus" {
+  source = "../modules/cloudrun"
+
+  name    = "homarus-test"
+  project = var.project
+  regions = random_shuffle.region.result
+  skipNeg = true
+  containers = tolist([
+    {
+      name           = "homarus",
+      image          = "us-docker.pkg.dev/${var.project}/shared/ffmpeg:main",
+      port           = 8080
+      liveness_probe = "/healthcheck"
+    }
+  ])
+  providers = {
+    google = google.default
+    docker = docker.local
+  }
+}
+
+module "hypercube" {
+  source = "../modules/cloudrun"
+
+  name    = "hypercube-test"
+  project = var.project
+  regions = random_shuffle.region.result
+  skipNeg = true
+  containers = tolist([
+    {
+      name           = "hypercube",
+      image          = "us-docker.pkg.dev/${var.project}/shared/tesseract:main",
+      port           = 8080
+      liveness_probe = "/healthcheck"
+    }
+  ])
+  providers = {
+    google = google.default
+    docker = docker.local
+  }
+}
+
+module "fits" {
+  source = "../modules/cloudrun"
+
+  name    = "fits-test"
+  project = var.project
+  regions = random_shuffle.region.result
+  skipNeg = true
+  containers = tolist([
+    {
+      name   = "fits",
+      image  = "us-docker.pkg.dev/${var.project}/shared/harvard-fits:main",
+      memory = "2Gi"
+      cpu    = "2000m"
+    }
+  ])
+
+  providers = {
+    google = google.default
+    docker = docker.local
+  }
+}
+
+module "crayfits" {
+  source = "../modules/cloudrun"
+
+  name    = "crayfits-test"
+  project = var.project
+  regions = random_shuffle.region.result
+  skipNeg = true
+  containers = tolist([
+    {
+      name           = "crayfits",
+      image          = "us-docker.pkg.dev/${var.project}/shared/fits:main",
+      liveness_probe = "/healthcheck"
+    }
+  ])
+  addl_env_vars = tolist([
+    {
+      name  = "SCYLLARIDAE_YML"
+      value = <<EOT
+allowedMimeTypes:
+  - "*"
+cmdByMimeType:
+  default:
+    cmd: "curl"
+    args:
+      - "-X"
+      - "POST"
+      - "-F"
+      - "datafile=@-"
+      - "${module.fits.urls[random_shuffle.region.result[0]]}/fits/examine"
+EOT
+    }
+  ])
+  providers = {
+    google = google.default
+    docker = docker.local
+  }
+}

test/outputs.tf

@@ -0,0 +1,8 @@
+output "urls" {
+  value = {
+    crayfits  = module.crayfits.urls[random_shuffle.region.result[0]],
+    homarus   = module.homarus.urls[random_shuffle.region.result[0]],
+    houdini   = module.houdini.urls[random_shuffle.region.result[0]],
+    hypercube = module.hypercube.urls[random_shuffle.region.result[0]]
+  }
+}

test/test.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+set -eou pipefail
+
+JSON=$(terraform output -json)
+
+KEYS=$(echo "$JSON" | jq -r '.urls.value | keys[]')
+
+for KEY in $KEYS; do
+  URL=$(echo "$JSON" | jq -r ".urls.value[\"$KEY\"]")
+  echo "Testing $KEY at $URL"
+
+  if [ "$KEY" == "crayfits" ]; then
+    curl -s -o fits.xml \
+        --header "Accept: application/xml" \
+        --header "Apix-Ldp-Resource: https://www.libops.io/themes/custom/libops_www/assets/img/200x200/islandora.png" \
+        "$URL"
+    # check the md5 of that file exists in the FITS XML
+    grep d6c508e600dcd72d86b599b3afa06ec2 fits.xml | grep md5checksum
+    rm fits.xml
+  elif [ "$KEY" == "homarus" ]; then
+    curl -s -o image.jpg \
+        --header "X-Islandora-Args: -ss 00:00:45.000 -frames 1 -vf scale=720:-2" \
+        --header "Accept: image/jpeg" \
+        --header "Apix-Ldp-Resource: http://commondatastorage.googleapis.com/gtv-videos-bucket/sample/BigBuckBunny.mp4" \
+        "$URL"
+    md5 image.jpg | grep fe7dd57460dbaf50faa38affde54b694
+    rm image.jpg
+  elif [ "$KEY" == "houdini" ]; then
+    curl -s -o image.png \
+        --header "Accept: image/png" \
+        --header "Apix-Ldp-Resource: https://www.libops.io/themes/custom/libops_www/assets/img/200x200/islandora.png" \
+        "$URL"
+    file image.png | grep PNG
+    rm image.png
+  elif [ "$KEY" == "hypercube" ]; then
+    curl -s -o ocr.txt \
+        --header "Accept: text/plain" \
+        --header "Apix-Ldp-Resource: https://www.libops.io/sites/default/files/2024-05/Screen%20Shot%20on%202024-05-21%20at%2002-32-42.png" \
+        "$URL"
+    grep healthcheck ocr.txt
+    rm ocr.txt
+  else
+    echo "Unknown service"
+    exit 1
+  fi
+done

test/variables.tf

@@ -0,0 +1,3 @@
+variable "project" {
+  type = string
+}

variables.tf

@@ -1,4 +1,3 @@
 variable "project" {
   type = string
 }
-