chore(ci): refactor DCE to it's own github action #245
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run IAC Integration Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| jobs: | |
| permission_check: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| can-write: ${{ steps.check.outputs.can-write }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| steps: | |
| - id: check | |
| run: | | |
| # If the AWS_ACCESS_KEY_ID secret is MIA we can't run tests | |
| if [[ -z "$AWS_ACCESS_KEY_ID" ]]; then | |
| echo "can-write=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "can-write=true" >> $GITHUB_OUTPUT | |
| fi | |
| prepare_matrix: | |
| needs: [permission_check] | |
| if: needs.permission_check.outputs.can-write == 'true' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.find_hcl_files.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup the test matrix | |
| id: find_hcl_files | |
| run: | | |
| cd integration && \ | |
| echo "matrix=$(ls tests/*.hcl | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: DCE Provision | |
| uses: observeinc/github-action-dce@1.0.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| budget-amount: ${{ vars.BUDGET_AMOUNT }} | |
| budget-currency: 'USD' | |
| expiry: '30m' | |
| email: 'colin.hutchinson+gha@observeinc.com' | |
| - name: Create S3 Bucket for Artifacts | |
| run: | | |
| if ! aws s3api head-bucket --bucket "${{ github.run_id }}-$AWS_REGION" 2>/dev/null; then | |
| aws s3 mb s3://"${{ github.run_id }}-$AWS_REGION" --region us-west-2 | |
| fi | |
| env: | |
| AWS_REGION: us-west-2 | |
| - name: Package SAM Applications | |
| run: make sam-package-all | |
| env: | |
| AWS_REGION: us-west-2 | |
| S3_BUCKET_PREFIX: ${{ github.run_id }} | |
| - name: Archive SAM directory | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: repo-and-sam-build | |
| path: | | |
| ${{ github.workspace }}/.aws-sam/ | |
| test-integration: | |
| runs-on: ubuntu-latest | |
| needs: [permission_check, prepare_matrix] | |
| if: needs.permission_check.outputs.can-write == 'true' | |
| strategy: | |
| matrix: | |
| testfile: ${{fromJson(needs.prepare_matrix.outputs.matrix)}} | |
| steps: | |
| - name: DCE Use | |
| id: dce_setup | |
| uses: observeinc/github-action-dce@1.0.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| - name: Download SAM directory | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: repo-and-sam-build | |
| path: ${{ github.workspace }}/.aws-sam/ | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Integration test for ${{ matrix.testfile }} | |
| run: S3_BUCKET_PREFIX=${S3_BUCKET_PREFIX} TEST_ARGS='-filter=${{ matrix.testfile }} -verbose' make integration-test | |
| env: | |
| AWS_REGION: us-west-2 | |
| S3_BUCKET_PREFIX: ${{ github.run_id }} | |
| cleanup: | |
| needs: [permission_check, test-integration] | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: DCE Cleanup | |
| if: needs.permission_check.outputs.can-write == 'true' | |
| uses: observeinc/github-action-dce@1.0.1 | |
| with: | |
| action-type: 'decommission' | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |