fix up NGTS e2e, add github action

SgtCoDFish · SgtCoDFish · commit 692fdb8a52e7 · 2026-04-16T16:46:05.000+01:00
This fails in GHA currently, likely due to IP restrictions

Signed-off-by: Ashley Davis &lt;ashley.davis@cyberark.com&gt;
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -109,6 +109,41 @@ jobs:
           ARK_USERNAME: ${{ secrets.ARK_USERNAME }}
           ARK_SECRET: ${{ secrets.ARK_SECRET }}
 
+  ngts-test-e2e:
+    # TEMPORARY: require an explicit label to test NGTS until we have a stable test environment
+    if: contains(github.event.pull_request.labels.*.name, 'test-ngts')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        # Adding `fetch-depth: 0` makes sure tags are also fetched. We need
+        # the tags so `git describe` returns a valid version.
+        # see https://github.com/actions/checkout/issues/701 for extra info about this option
+        with: { fetch-depth: 0 }
+
+      - uses: ./.github/actions/repo_access
+        with:
+          DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: _bin/downloaded
+          key: downloaded-${{ runner.os }}-${{ hashFiles('klone.yaml') }}-test-unit
+
+      - run: make -j ngts-test-e2e
+        env:
+          OCI_BASE: ${{ secrets.NGTS_OCI_BASE }}
+          NGTS_CLIENT_ID: ${{ secrets.NGTS_CLIENT_ID }}
+          NGTS_PRIVATE_KEY: ${{ secrets.NGTS_PRIVATE_KEY }}
+          NGTS_TSG_ID: ${{ secrets.NGTS_TSG_ID }}
+
   test-e2e:
     if: contains(github.event.pull_request.labels.*.name, 'test-e2e')
     runs-on: ubuntu-latest
@@ -149,7 +184,7 @@ jobs:
         id: timestamp # Give the step an ID to reference its output
         run: |
           # Generate a timestamp in the format YYMMDD-HHMMSS.
-          # Extracting from PR name would require sanitization due to GKE cluster naming constraints        
+          # Extracting from PR name would require sanitization due to GKE cluster naming constraints
           TIMESTAMP=$(date +'%y%m%d-%H%M%S')
           CLUSTER_NAME="test-secretless-${TIMESTAMP}"
           echo "Generated cluster name: ${CLUSTER_NAME}"
diff --git a/hack/ngts/test-e2e.sh b/hack/ngts/test-e2e.sh
@@ -56,11 +56,11 @@ fi
 
 kubectl create ns "$NAMESPACE" || true
 
-kubectl delete secret agent-credentials --namespace "$NAMESPACE" --ignore-not-found
-kubectl create secret generic agent-credentials \
+kubectl delete secret discovery-agent-credentials --namespace "$NAMESPACE" --ignore-not-found
+kubectl create secret generic discovery-agent-credentials \
         --namespace "$NAMESPACE" \
-        --from-literal=CLIENT_ID=$NGTS_CLIENT_ID \
-        --from-literal=PRIVATE_KEY="$NGTS_PRIVATE_KEY"
+        --from-literal=clientID=$NGTS_CLIENT_ID \
+        --from-literal=privatekey.pem="$NGTS_PRIVATE_KEY"
 
 # Create a sample secret in the cluster
 kubectl create secret generic e2e-sample-secret-$(date '+%s') \
@@ -80,17 +80,18 @@ helm upgrade agent "oci://${NGTS_CHART}:NON_EXISTENT_TAG@${NGTS_CHART_DIGEST}" \
      --set "imageRegistry=${OCI_BASE}" \
      --set "imageNamespace=" \
      --set "image.digest=${NGTS_IMAGE_DIGEST}" \
-     --set config.clusterName="e2e-test-cluster" \
-     --set config.clusterDescription="A temporary cluster for E2E testing." \
+     --set config.clusterName="e2e-test-cluster-ngts" \
+     --set config.clusterDescription="A temporary cluster for E2E testing NGTS" \
      --set config.period=60s \
-     --set ngts.tsgId="${NGTS_TSG_ID}" \
+     --set config.tsgID="${NGTS_TSG_ID}" \
+     --set config.serverURL="https://${NGTS_TSG_ID}.ngts.dev.venafi.io" \
      --set-json "podLabels={\"discovery-agent.ngts/test-id\": \"${RANDOM}\"}"
 
 kubectl rollout status deployments/discovery-agent --namespace "${NAMESPACE}"
 
-# Wait 60s for log message indicating success.
+# Wait for log message indicating success.
 # Parse logs as JSON using jq to ensure logs are all JSON formatted.
-timeout 60 jq -n \
+timeout 120 jq -n \
         'inputs | if .msg | test("Data sent successfully") then . | halt_error(0) else . end' \
         <(kubectl logs deployments/discovery-agent --namespace "${NAMESPACE}" --follow)
 
