Skip to content

Terraform modules tests #739

Terraform modules tests

Terraform modules tests #739

Workflow file for this run

---
name: Terraform modules tests
on:
schedule:
- cron: 0 1 * * 2
workflow_dispatch:
pull_request:
# the paths should be synced with ../labeler.yml
paths:
- test/**.go
- test/**/go.mod
- modules/fixtures/**
- modules/**.tf
- .tool-versions
- .github/workflows/tests.yml
- justfile
# limit to a single execution per ref of this workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
# please keep those variables synced with daily-cleanup.yml
AWS_PROFILE: infex
AWS_REGION: eu-west-2 # /!\ always use one of the available test region https://github.com/camunda/infraex-common-config
TESTS_TF_BINARY_NAME: terraform
# please keep test-gha*.yml synced
TF_STATE_BUCKET: tests-eks-tf-state-eu-central-1
TF_STATE_BUCKET_REGION: eu-central-1
jobs:
# We can skip some tests using the commit description (skip-tests:NameOfTest1,NameOfTest2) or all tests (skip-tests:all) (see `DEVELOPER.md`)
# If all tests are skipped, the result of this workflow will be `failed` on purpose
# If you want to skip tests and have no error, you need to use `testing-ci-not-necessary` as a label on the PR
configure-tests:
runs-on: ubuntu-latest
if: >-
github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || (
github.event_name == 'pull_request' &&
!contains(github.event.pull_request.labels.*.name, 'testing-ci-not-necessary')
)
outputs:
test_functions: ${{ steps.extract_test_functions.outputs.test_functions }}
# ensure a suffix is added to prevent concurrency deletion with gha integration tests (test-gha-eks.yml)
cluster_id: ${{ steps.short_git_sha.outputs.short_git_sha }}-g
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
- name: Get Short GitHub SHA
id: short_git_sha
run: echo "short_git_sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
- name: Extract Test Functions
id: extract_test_functions
run: |
test_functions=$(grep -rho 'func \(Test[^ ]*\)' ./test/src/ | sed 's/func \(Test[^ ]*\)(t/\1/' | tr '\n' ',' | sed 's/,$//')
echo "test_functions=$test_functions"
: # Extract test names marked to be skipped from the commit message description
commit_message=$(git log -1 --pretty=format:"%B")
echo "commit_message=$commit_message"
skipped_tests=$(echo "$commit_message" | grep 'skip-tests' | sed 's/skip-tests://')
echo "skipped_tests=$skipped_tests"
: # If all tests are marked to be skipped, then clear the test_functions list completely
if [ "$skipped_tests" == "all" ]; then
test_functions=""
echo "Skipping all tests (skip-tests:all found), this workflow will fail. \
If you want to skip-tests for a PR, please use the label 'testing-ci-not-necessary'"
else
: # Otherwise, remove the tests marked to be skipped from the test_functions list
if [ -n "$skipped_tests" ]; then
for test in $(echo "$skipped_tests" | tr ',' '\n'); do
echo "Skipping test: $test"
test_functions=$(echo "$test_functions" | sed "s/$test//g" | sed 's/,,/,/g' | sed 's/^,//' | sed 's/,$//')
echo "test_functions=$test_functions"
done
fi
fi
: # to json array
IFS=',' read -ra array <<< "$test_functions"
json_array="["
for element in "${array[@]}"
do
json_array+="\"$element\","
done
test_functions="${json_array%,}]"
echo "test_functions=${test_functions}" >> "$GITHUB_OUTPUT"
echo "test_functions=${test_functions}"
integration-tests:
runs-on: ubuntu-latest
needs:
- configure-tests
strategy:
fail-fast: false # don't propagate failing jobs
matrix:
test_function: ${{ fromJson(needs.configure-tests.outputs.test_functions) }}
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Install tooling using asdf
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
# Official action does not support profiles
- name: Add profile credentials to ~/.aws/credentials
run: |
aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
- name: Get go.mod details
uses: Eun/go-mod-details@b719cd324463e2037cf3a0dd1dd6091bdc2730f4 # v1
id: go-mod-details
with:
modfile: ${{ github.workspace }}/test/src/go.mod
- name: Launch test
timeout-minutes: 125
# Do not interrupt tests; otherwise, the Terraform state may become inconsistent.
if: always() && success()
run: |
export TESTS_CLUSTER_ID="${{ needs.configure-tests.outputs.cluster_id }}"
export TESTS_CLUSTER_REGION="${{ env.AWS_REGION }}"
export TESTS_TF_BINARY_NAME="${{ env.TESTS_TF_BINARY_NAME }}"
just test ${{ matrix.test_function }} "--junitfile ${{ matrix.test_function }}_unit-tests.xml"
# this is a workaround for test report not working as expected due to https://github.com/test-summary/action/issues/5
- name: Filter logger.go from the test report (too large)
if: always()
run: |
sed 's/&#xA;/\n/g' < "./test/src/${{ matrix.test_function }}_unit-tests.xml" |
grep -E -v '^.*logger\.go.*$' |
sed 's/\n/&#xA;/g' > "./test/src/${{ matrix.test_function }}_unit-tests_filtered.xml"
- name: Upload test reports
if: always()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
with:
name: test-reports-${{ matrix.test_function }}
path: ./test/src/${{ matrix.test_function }}_unit-tests_filtered.xml
retention-days: 1
- name: Remove profile credentials from ~/.aws/credentials
if: always()
run: |
rm -rf ~/.aws/credentials
test-report:
runs-on: ubuntu-latest
if: ${{ always() && needs.configure-tests.result == 'success' }}
needs:
- configure-tests
- integration-tests
steps:
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
pattern: test-reports-*
path: /tmp/testreports
merge-multiple: true
- name: Run test-summary
uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2
with:
paths: /tmp/testreports/**/*.xml
cleanup-resources:
runs-on: ubuntu-latest
if: always()
needs:
- configure-tests
- integration-tests
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
- name: Install tooling using asdf
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
# Official action does not support profiles
- name: Add profile credentials to ~/.aws/credentials
run: |
aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
- name: Delete resources of this run
timeout-minutes: 125
if: always()
uses: ./.github/actions/eks-cleanup-resources
with:
tf-bucket: ${{ env.TF_STATE_BUCKET }}
tf-bucket-region: ${{ env.TF_STATE_BUCKET_REGION }}
max-age-hours: '0'
target: ${{ needs.configure-tests.outputs.cluster_id }}
notify-on-failure:
runs-on: ubuntu-latest
if: failure()
needs:
- configure-tests
- integration-tests
- test-report
- cleanup-resources
steps:
- name: Notify in Slack in case of failure
id: slack-notification
if: github.event_name == 'schedule'
uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@033b3a26fc64d789daff444f77e0b689266c22ee # 1.2.6
with:
vault_addr: ${{ secrets.VAULT_ADDR }}
vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}