.github/workflows/qa-argo.yml

# qa-argo workflow is for attaching ec2 nodes to the nexodus qa environment and is triggered via an argocd webhook
name: qa-argo

on:
  repository_dispatch:
    types:
      - argocd-webhook

jobs:
  deploy-ec2:
    name: deploy-ec2-e2e
    runs-on: ubuntu-latest
    timeout-minutes: 60
    strategy:
      fail-fast: false
    env:
      AWS_REGION: "us-east-1"
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      ANSIBLE_VAULT_PASSWORD_FILE: "vault-secret.txt"
      ANSIBLE_PRIVATE_KEY_FILE: "nexodus.pem"
      ANSIBLE_HOST_KEY_CHECKING: "false"
    steps:
      - uses: actions/checkout@v4

      - name: Setup Go
        uses: ./.github/actions/setup-go-env

      - name: Build
        run: |
          make dist/nexd-linux-amd64

      - name:  Copy Agent Binary to S3
        run: |
          aws s3 cp ./dist/nexd-linux-amd64 s3://nexodus-io/ec2-e2e/

      - uses: actions/setup-python@v5
        with:
          python-version: '3.10'

      - name: Install Ansible and Dependencies
        run: pip3.10 install boto boto3 ansible-vault ansible-core==2.13.3

      - name: Install amazon.aws Ansible library
        run: ansible-galaxy collection install amazon.aws

      - name: Set Deployment Vars
        run: |
          echo "${{ secrets.ANSIBLE_VARS_QA }}" > ./ops/ansible/aws/vars.yml

      - name: Create Ansible Secrets
        run: |
          echo "${{ secrets.ANSIBLE_SSH_KEY }}" > nexodus.pem
          chmod 0400 nexodus.pem
          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > vault-secret.txt
          chmod 0400 vault-secret.txt
          # this rootCA import is not necessary for qa env but will preserve a single set of playbooks for qa & dev without ansible surgery
          echo "${{ secrets.ROOT_CA }}" > ./ops/ansible/aws/rootCA.pem
          chmod 0400 ops/ansible/aws/rootCA.pem

      - name: Deploy EC2 Playbooks
        run: |
          ansible-playbook -vv ./ops/ansible/aws/deploy-ec2.yml \
          -i ./ops/ansible/aws/inventory.txt \
          --private-key nexodus.pem \
          --vault-password-file vault-secret.txt

      - name: Mesh Connectivity Results
        run: cat ./ops/ansible/aws/connectivity-results.txt

      - name: Reset the Nexodus Stack
        if: always()
        run: |
          ansible-playbook -vv ./ops/ansible/aws/recreate-api-db.yml -u ubuntu

      - name: Terminate EC2 Instances
        if: always()
        run: |
          ansible-playbook -vv ./ops/ansible/aws/terminate-instances.yml