From 1687947fa5eb5a2986b29c778ba55672b7d513a9 Mon Sep 17 00:00:00 2001
From: Jonathan Gregson <jonathan@icewatch.io>
Date: Sun, 12 Jan 2025 20:20:18 +0000
Subject: [PATCH 1/7] Adding boilerplate end-to-end testing setup.

---
 .github/workflows/ci.yml                | 25 +++++++++++++++++++++++++
 .github/workflows/dry-run.yml           | 17 -----------------
 .github/workflows/scripts/end-to-end.sh |  2 ++
 3 files changed, 27 insertions(+), 17 deletions(-)
 create mode 100644 .github/workflows/ci.yml
 delete mode 100644 .github/workflows/dry-run.yml
 create mode 100644 .github/workflows/scripts/end-to-end.sh

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..d912255
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,25 @@
+name: Dry run
+
+on:
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  dry-run:
+    runs-on: ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Run setup script and sanity testing using incoming PR
+      run: bash .github/workflows/scripts/dry-run.sh
+
+  end-to-end-testing:
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-22.04
+    environment: dev
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Run end-to-end testing using incoming PR
+      run: bash .github/workflows/scripts/end-to-end.sh
diff --git a/.github/workflows/dry-run.yml b/.github/workflows/dry-run.yml
deleted file mode 100644
index 4f83e18..0000000
--- a/.github/workflows/dry-run.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: Dry run
-
-on:
-  pull_request:
-    branches: [ "main" ]
-
-jobs:
-  install-and-run:
-    runs-on: ubuntu-22.04
-
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Run setup script from PR
-      run: |
-        chmod +x .github/workflows/scripts/dry-run.sh
-        .github/workflows/scripts/dry-run.sh
diff --git a/.github/workflows/scripts/end-to-end.sh b/.github/workflows/scripts/end-to-end.sh
new file mode 100644
index 0000000..a0a3d6e
--- /dev/null
+++ b/.github/workflows/scripts/end-to-end.sh
@@ -0,0 +1,2 @@
+echo "Hello world"
+echo $SECRET1

From b5d1abac5c982326fa20ecbd1fb0825c303dae74 Mon Sep 17 00:00:00 2001
From: Jonathan Gregson <jonathan@icewatch.io>
Date: Sun, 12 Jan 2025 20:23:05 +0000
Subject: [PATCH 2/7] Update CI.

---
 .github/workflows/ci.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d912255..d0a1e97 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,7 +15,6 @@ jobs:
       run: bash .github/workflows/scripts/dry-run.sh
 
   end-to-end-testing:
-    if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-22.04
     environment: dev
     steps:

From 26ed87cdb5f8520570aeedef782d4f9812a4c711 Mon Sep 17 00:00:00 2001
From: Jonathan Gregson <jonathan@icewatch.io>
Date: Sun, 12 Jan 2025 20:33:41 +0000
Subject: [PATCH 3/7] Test CI

---
 .github/workflows/scripts/end-to-end.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/scripts/end-to-end.sh b/.github/workflows/scripts/end-to-end.sh
index a0a3d6e..11ae15d 100644
--- a/.github/workflows/scripts/end-to-end.sh
+++ b/.github/workflows/scripts/end-to-end.sh
@@ -1,2 +1,4 @@
 echo "Hello world"
 echo $SECRET1
+echo `env`
+env

From 4f5031ab15ba5b073a2eae269b50afe2d77a0ea1 Mon Sep 17 00:00:00 2001
From: Jonathan Gregson <jonathan@icewatch.io>
Date: Sun, 12 Jan 2025 20:39:26 +0000
Subject: [PATCH 4/7] Update CI

---
 .github/workflows/ci.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d0a1e97..2dd8389 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,6 +17,8 @@ jobs:
   end-to-end-testing:
     runs-on: ubuntu-22.04
     environment: dev
+    env:
+      SECRET_ONE: ${{ secrets.SECRET1 }}
     steps:
     - uses: actions/checkout@v3
 

From 8ccdb5e6280d60a19aa218fa68a94d659505e444 Mon Sep 17 00:00:00 2001
From: Jonathan Gregson <jonathan@icewatch.io>
Date: Sun, 12 Jan 2025 20:41:59 +0000
Subject: [PATCH 5/7] Test CI

---
 .github/workflows/scripts/end-to-end.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scripts/end-to-end.sh b/.github/workflows/scripts/end-to-end.sh
index 11ae15d..441dabd 100644
--- a/.github/workflows/scripts/end-to-end.sh
+++ b/.github/workflows/scripts/end-to-end.sh
@@ -1,4 +1,4 @@
 echo "Hello world"
-echo $SECRET1
+echo ">>$SECRET_ONE<<"
 echo `env`
 env

From 6551d43239d6e02f2ec51ffd45613878bd813557 Mon Sep 17 00:00:00 2001
From: Jonathan Gregson <jonathan@icewatch.io>
Date: Mon, 13 Jan 2025 06:00:01 +0000
Subject: [PATCH 6/7] Testing end-to-end

---
 .github/workflows/ci.yml                    |  9 ++-
 .github/workflows/scripts/end-to-end.sh     | 82 ++++++++++++++++++++-
 .github/workflows/scripts/setup-vpn.sh      | 33 +++++++++
 .github/workflows/scripts/start-instance.sh | 42 +++++++++++
 4 files changed, 161 insertions(+), 5 deletions(-)
 create mode 100644 .github/workflows/scripts/setup-vpn.sh
 create mode 100644 .github/workflows/scripts/start-instance.sh

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2dd8389..c62d3bc 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,7 +18,14 @@ jobs:
     runs-on: ubuntu-22.04
     environment: dev
     env:
-      SECRET_ONE: ${{ secrets.SECRET1 }}
+      OCI_API_KEY_PRIV: ${{ secrets.OCI_API_KEY_PRIV }}
+      OCI_API_KEY_PUB: ${{ secrets.OCI_API_KEY_PUB }}
+      OCI_CID: ${{ secrets.OCI_CID }}
+      OCI_COMP_ID: ${{ secrets.OCI_COMP_ID }}
+      OCI_SUBNET_ID: ${{ secrets.OCI_SUBNET_ID }}
+      OCI_AVAILABILITY_DOMAIN: ${{ secrets.OCI_AVAILABILITY_DOMAIN }}
+      OCI_SHAPE: ${{ secrets.OCI_SHAPE }}
+      OCI_IMAGE_ID: ${{ secrets.OCI_IMAGE_ID }}
     steps:
     - uses: actions/checkout@v3
 
diff --git a/.github/workflows/scripts/end-to-end.sh b/.github/workflows/scripts/end-to-end.sh
index 441dabd..5abcd88 100644
--- a/.github/workflows/scripts/end-to-end.sh
+++ b/.github/workflows/scripts/end-to-end.sh
@@ -1,4 +1,78 @@
-echo "Hello world"
-echo ">>$SECRET_ONE<<"
-echo `env`
-env
+set -e
+
+echo "Starting end-to-end"
+
+cleanup() {
+    rm -f \
+        client_privatekey \
+        client_publickey \
+        oci-install.sh \
+        wg-client.conf
+}
+trap cleanup EXIT
+
+sudo apt update
+sudo apt install -y \
+    wireguard \
+    jq
+
+# Generate SSH key
+KEY_NAME="test-$(date +%s%N | md5sum | head -c 8)"
+SSH_KEY="$HOME/.ssh/$KEY_NAME"
+ssh-keygen -t rsa -b 4096 -f "$SSH_KEY" -N ""
+
+# Generate client WireGuard keys
+if ! wg genkey | tee client_privatekey | wg pubkey | tee client_publickey; then
+    echo "Failed to generate WireGuard keys"
+    exit 1
+fi
+WG_CLIENT_PUBKEY=$(cat client_publickey)
+
+# Download OCI binary
+curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh > oci-install.sh
+chmod +x oci-install.sh
+./oci-install.sh --accept-all-defaults
+OCI=~/bin/oci
+mkdir ~/.oci
+echo "$OCI_API_KEY_PRIV" > ~/.oci/oci_api_key.pem
+echo "$OCI_API_KEY_PUB" > ~/.oci/oci_api_key_public.pem
+chmod 600 ~/.oci/oci_api_key.pem ~/.oci/oci_api_key_public.pem
+
+# Start instance in OCI
+SERVER_IP=$(bash .github/workers/scripts/start-instance.sh $SSH_KEY)
+if [ -z "$SERVER_IP" ]; then
+    echo "Failed to get server IP"
+    exit 1
+fi
+
+# TODO: Open port for instance
+echo "Waiting for instance to be ready..."
+sleep 30
+
+# Install WireGuard in OCI instance
+sed -i "s/CLIENT_PUBLIC_KEY_PLACEHOLDER/$WG_CLIENT_PUBKEY/" .github/workers/scripts/setup-vpn.sh
+scp -o StrictHostKeyChecking=accept-new -i "$SSH_KEY" .github/workers/scripts/setup-vpn.sh ubuntu@$SERVER_IP:/tmp
+SERVER_PUBLIC_KEY=$(ssh -o StrictHostKeyChecking=accept-new -i "$SSH_KEY" ubuntu@$SERVER_IP "bash /tmp/setup-vpn.sh")
+if [ -z "$SERVER_PUBLIC_KEY" ]; then
+    echo "Failed to get server public key"
+    exit 1
+fi
+
+# Create client config
+tee wg-client.conf << EOF
+[Interface]
+PrivateKey = $(cat client_privatekey)
+Address = 10.0.0.2/24
+
+[Peer]
+PublicKey = $SERVER_PUBLIC_KEY
+Endpoint = $SERVER_IP:51820
+AllowedIPs = 10.0.0.0/24
+PersistentKeepalive = 25
+EOF
+
+# Connect to VPN
+if ! sudo wg-quick up wg-client.conf; then
+    echo "Failed to establish WireGuard connection"
+    exit 1
+fi
diff --git a/.github/workflows/scripts/setup-vpn.sh b/.github/workflows/scripts/setup-vpn.sh
new file mode 100644
index 0000000..81ca200
--- /dev/null
+++ b/.github/workflows/scripts/setup-vpn.sh
@@ -0,0 +1,33 @@
+set -e
+
+sudo apt update
+sudo apt install -y wireguard
+
+# Generate server keys
+cd /etc/wireguard
+umask 077
+if ! wg genkey | sudo tee privatekey | wg pubkey | sudo tee publickey; then
+    echo "Failed to generate WireGuard keys" >&2
+    exit 1
+fi
+
+# Create server config
+sudo tee /etc/wireguard/wg0.conf << EOF
+[Interface]
+PrivateKey = $(cat privatekey)
+Address = 10.0.0.1/24
+ListenPort = 51820
+SaveConfig = false
+
+[Peer]
+PublicKey = CLIENT_PUBLIC_KEY_PLACEHOLDER
+AllowedIPs = 10.0.0.2/32
+EOF
+
+# Start WireGuard and enable on boot
+if ! sudo systemctl enable --now wg-quick@wg0; then
+    echo "Failed to start WireGuard service" >&2
+    exit 1
+fi
+
+echo "$(cat publickey)"
diff --git a/.github/workflows/scripts/start-instance.sh b/.github/workflows/scripts/start-instance.sh
new file mode 100644
index 0000000..91e61f2
--- /dev/null
+++ b/.github/workflows/scripts/start-instance.sh
@@ -0,0 +1,42 @@
+set -e
+
+OCI=~/bin/oci
+SSH_KEY=$1
+
+#OCI_CID
+#OCI_COMP_ID
+#OCI_SUBNET_ID
+#OCI_AVAILABILITY_DOMAIN
+#OCI_SHAPE
+#OCI_IMAGE_ID
+
+VM_CREATE_RESULT=$($OCI compute instance launch \
+  --compartment-id "$OCI_COMP_ID" \
+  --shape "$OCI_SHAPE" \
+  --subnet-id "$OCI_SUBNET_ID" \
+  --availability-domain "$OCI_AVAILABILITY_DOMAIN" \
+  --source-details "{\"sourceType\": \"image\", \"imageId\": \"$OCI_IMAGE_ID\"}" \
+  --metadata "{\"ssh_authorized_keys\": \"$(cat $SSH_KEY)\"}")
+echo "VM creation result: $VM_CREATE_RESULT"
+
+if echo "$VM_CREATE_RESULT" | jq -e '.data.id' >/dev/null 2>&1; then
+    INSTANCE_ID=$(echo "$VM_CREATE_RESULT" | jq -r '.data.id')
+    echo "Successfully created instance with ID: $INSTANCE_ID"
+else
+    echo "Error: Failed to create instance or get instance ID"
+    echo "Response did not contain expected data structure"
+    exit 1
+fi
+
+GET_VNIC_RESULT=$($OCI compute instance list-vnics --instance-id "$INSTANCE_ID")
+echo "Get VNIC result: $GET_VNIC_RESULT"
+if echo "$GET_VNIC_RESULT" | jq -e '.data[0]."public-ip"' >/dev/null 2>&1; then
+    PUBLIC_IP=$(echo "$GET_VNIC_RESULT" | jq -r '.data[0]."public-ip"')
+    echo "Successfully retrieved public IP: $PUBLIC_IP"
+else
+    echo "Error: Failed to get public IP"
+    echo "Response did not contain expected VNIC data"
+    exit 1
+fi
+
+echo $PUBLIC_IP

From 8acbd2cc100b354c5d357a9c0dbecb3c02760d9a Mon Sep 17 00:00:00 2001
From: Jonathan Gregson <jonathan@icewatch.io>
Date: Mon, 13 Jan 2025 06:05:35 +0000
Subject: [PATCH 7/7] Test

---
 .github/workflows/scripts/end-to-end.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scripts/end-to-end.sh b/.github/workflows/scripts/end-to-end.sh
index 5abcd88..77cee76 100644
--- a/.github/workflows/scripts/end-to-end.sh
+++ b/.github/workflows/scripts/end-to-end.sh
@@ -39,7 +39,7 @@ echo "$OCI_API_KEY_PUB" > ~/.oci/oci_api_key_public.pem
 chmod 600 ~/.oci/oci_api_key.pem ~/.oci/oci_api_key_public.pem
 
 # Start instance in OCI
-SERVER_IP=$(bash .github/workers/scripts/start-instance.sh $SSH_KEY)
+SERVER_IP=$(bash .github/workflows/scripts/start-instance.sh $SSH_KEY)
 if [ -z "$SERVER_IP" ]; then
     echo "Failed to get server IP"
     exit 1