feat(ci): add UI E2E tests on GKE by davdhacs · Pull Request #21421 · stackrox/stackrox · GitHub
Skip to content

feat(ci): add UI E2E tests on GKE #21421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
davdhacs wants to merge 4 commits into
base: master
Choose a base branch
from
+450 −1
Draft

feat(ci): add UI E2E tests on GKE #21421

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d198431
feat(ci): add UI E2E tests on GKE
davdhacs Jun 25, 2026
c2f7bbd
refactor(ci): remove shard-specific data waits from workflow
davdhacs Jun 25, 2026
726f686
revert: restore networkDeploymentSidebar.test.js to master
davdhacs Jun 25, 2026
566e4d4
Merge branch 'master' into davdhacs/ui-e2e-gke-only
davdhacs Jun 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .github/actions/create-gke-cluster/action.yaml
View file
Open in desktop
140 changes: 140 additions & 0 deletions .github/actions/deploy-stackrox/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
name: Deploy StackRox
description: >
Deploys StackRox using roxie. Foreground (default): blocks until
ready, exports env vars. Background: returns immediately. Wait
with: wait $(cat /tmp/deploy-stackrox.pid) && source /tmp/roxie-env.sh
Log: /tmp/deploy-stackrox.log.

inputs:
tag:
description: Image tag to deploy
required: true
cluster-name:
description: Cluster name as seen by Sensor
default: remote
resources:
description: Resource sizing preset
default: small
roxie-version:
description: roxie release version
default: v0.4.0
github-token:
description: GitHub token with access to stackrox/roxie
required: true
scanner:
description: "Scanner config: v4 (default), v2, or both"
default: v4
registry-username:
description: "Registry username — sets REGISTRY_USERNAME for roxie"
default: ""
registry-password:
description: "Registry password — sets REGISTRY_PASSWORD for roxie"
default: ""
exposure:
description: "Service exposure: auto (default), none, loadbalancer, route"
default: ""
background:
description: Run deploy in background
default: "false"

runs:
using: composite
steps:
- name: Install roxctl + roxie
shell: bash
env:
GH_TOKEN: ${{ inputs.github-token }}
run: |
set -x
if ! command -v roxctl >/dev/null 2>&1; then
docker pull -q --platform linux/amd64 "quay.io/stackrox-io/roxctl:${{ inputs.tag }}"
cid=$(docker create --platform linux/amd64 "quay.io/stackrox-io/roxctl:${{ inputs.tag }}" true)
docker cp "$cid:/usr/bin/roxctl" /usr/local/bin/roxctl
docker rm "$cid" >/dev/null
fi

arch=$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/')
os=$(uname -s | tr '[:upper:]' '[:lower:]')
gh release download "${{ inputs.roxie-version }}" \
--repo stackrox/roxie --pattern "roxie-${os}-${arch}" --dir /tmp --clobber
sudo install "/tmp/roxie-${os}-${arch}" /usr/local/bin/roxie
roxie version || echo "roxie install failed"

- name: Deploy StackRox
shell: bash
env:
INPUT_REGISTRY_USERNAME: ${{ inputs.registry-username }}
INPUT_REGISTRY_PASSWORD: ${{ inputs.registry-password }}
run: |
set +x
if [ -n "$INPUT_REGISTRY_USERNAME" ]; then
export REGISTRY_USERNAME="$INPUT_REGISTRY_USERNAME"
export REGISTRY_PASSWORD="$INPUT_REGISTRY_PASSWORD"
fi
export ROX_ADMIN_PASSWORD="$(openssl rand -base64 20)"
echo "::add-mask::${ROX_ADMIN_PASSWORD}"
echo "${ROX_ADMIN_PASSWORD}" > /tmp/rox-admin-password
export MAIN_IMAGE_TAG="${{ inputs.tag }}"

deploy() {
for _ in $(seq 1 120); do
kubectl cluster-info && break
sleep 2
done

# Ensure kubeconfig is at the default path for tools that don't honor KUBECONFIG
echo "KUBECONFIG=${KUBECONFIG:-not set}"
if [ -n "${KUBECONFIG:-}" ] && [ ! -f "$HOME/.kube/config" ]; then
echo "Copying $KUBECONFIG to $HOME/.kube/config"
mkdir -p "$HOME/.kube"
cp "$KUBECONFIG" "$HOME/.kube/config"
elif [ -f "$HOME/.kube/config" ]; then
echo "Default kubeconfig already exists"
else
echo "WARNING: No KUBECONFIG set and no default kubeconfig"
fi

yq -n ".securedCluster.spec.clusterName = \"${{ inputs.cluster-name }}\"" > /tmp/roxie-override.yaml
case "${{ inputs.scanner }}" in
v2) yq -i '.central.spec.scanner.scannerComponent = "Enabled" | .central.spec.scannerV4.scannerComponent = "Disabled"' /tmp/roxie-override.yaml ;;
both) yq -i '.central.spec.scanner.scannerComponent = "Enabled"' /tmp/roxie-override.yaml ;;
esac

exposure_flag=""
if [ -n "${{ inputs.exposure }}" ]; then
exposure_flag="--exposure=${{ inputs.exposure }}"
fi

roxie deploy both \
--resources=${{ inputs.resources }} \
--single-namespace \
--envrc /tmp/roxie-env.sh \
--override /tmp/roxie-override.yaml \
--tag ${{ inputs.tag }} \
$exposure_flag

sed "s/^export //; s/['\"]//g" /tmp/roxie-env.sh >> "$GITHUB_ENV"

@coderabbitai coderabbitai Bot Jun 25, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

sed-based env export is fragile.

s/['\"]//g strips every quote from values (not just wrapping quotes), and any multiline value would corrupt $GITHUB_ENV, which requires heredoc delimiters for multiline content. If roxie-env.sh only ever emits single-line, quote-free values this is safe; otherwise downstream steps will read truncated values.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/actions/deploy-stackrox/action.yaml at line 116, The current env
export in the action is too brittle because the sed cleanup in the step that
writes to GITHUB_ENV strips quotes from all values and cannot safely handle
multiline entries. Update the export logic around the roxie-env.sh processing so
it preserves quoted content correctly and writes multiline values using
GITHUB_ENV heredoc syntax, or otherwise parse and emit each variable explicitly
in the deploy-stackrox action instead of relying on global sed replacements.

Source: Linters/SAST tools

source /tmp/roxie-env.sh
echo "$API_ENDPOINT" > /tmp/rox-api-endpoint

echo "Generating API token (endpoint: ${API_ENDPOINT})..."
for attempt in $(seq 1 12); do
if curl -sk --connect-timeout 10 -u "admin:${ROX_ADMIN_PASSWORD}" \
"https://${API_ENDPOINT}/v1/apitokens/generate" \
-X POST -d '{"name":"ui_tests","role":"Admin"}' \
| jq -r '.token' > /tmp/rox-auth-token && [ -s /tmp/rox-auth-token ]; then
echo "API token generated"
break
fi
echo "Attempt $attempt/12 failed, waiting 10s..."
sleep 10
done

}

if [ "${{ inputs.background }}" = "true" ]; then
deploy > /tmp/deploy-stackrox.log 2>&1 &
echo $! > /tmp/deploy-stackrox.pid
else
deploy 2>&1 | tee /tmp/deploy-stackrox.log
fi
12 changes: 12 additions & 0 deletions .github/workflows/build.yaml
View file
Open in desktop
Loading
Loading