Skip to content
Back to pull request #283

fix(tracing): gate lambda resource detector #777

Sign in to view logs

fix(tracing): gate lambda resource detector

fix(tracing): gate lambda resource detector #777

Workflow file for this run

.github/workflows/tests-integration.yaml at 4137124
name: Run IAC Integration Tests
on:
# push:
# branches:
# - main
# release.yaml runs the tests on commits to main
pull_request:
workflow_dispatch:
inputs:
debug_enabled:
type: boolean
description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
required: false
default: false
workflow_call:
schedule:
- cron: '0 0 * * 1' # Monday at 00:00 UTC
jobs:
permission_check:
runs-on: ubuntu-latest
outputs:
can-write: ${{ steps.check.outputs.can-write }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
steps:
- id: check
run: |
# If the AWS_ACCESS_KEY_ID secret is MIA we can't run tests
if [[ -z "$AWS_ACCESS_KEY_ID" ]]; then
echo "can-write=false" >> $GITHUB_OUTPUT
else
echo "can-write=true" >> $GITHUB_OUTPUT
fi
prepare_matrix:
needs: [permission_check]
if: needs.permission_check.outputs.can-write == 'true'
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.find_hcl_files.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- name: Setup the test matrix
id: find_hcl_files
run: |
cd integration && \
echo "matrix=$(ls tests/*.hcl | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: DCE Provision
uses: observeinc/github-action-dce@1.0.1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
budget-amount: ${{ vars.BUDGET_AMOUNT }}
budget-currency: 'USD'
expiry: '30m'
email: 'colin.hutchinson+gha@observeinc.com'
- name: Create S3 Bucket for Artifacts
run: |
if ! aws s3api head-bucket --bucket "${{ github.run_id }}-$AWS_REGION" 2>/dev/null; then
aws s3 mb s3://"${{ github.run_id }}-$AWS_REGION" --region us-west-2
fi
env:
AWS_REGION: us-west-2
- name: Package SAM Applications
run: make sam-package-all
env:
AWS_REGION: us-west-2
S3_BUCKET_PREFIX: ${{ github.run_id }}
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
with:
limit-access-to-actor: true
- name: Archive SAM directory
uses: actions/upload-artifact@v4
with:
name: repo-and-sam-build
path: |
${{ github.workspace }}/.aws-sam/
test-integration:
runs-on: ubuntu-latest
needs: [permission_check, prepare_matrix]
if: needs.permission_check.outputs.can-write == 'true'
strategy:
matrix:
testfile: ${{fromJson(needs.prepare_matrix.outputs.matrix)}}
steps:
- name: DCE Use
id: dce_setup
uses: observeinc/github-action-dce@1.0.1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: checkout
uses: actions/checkout@v4
- name: Download SAM directory
uses: actions/download-artifact@v4
with:
name: repo-and-sam-build
path: ${{ github.workspace }}/.aws-sam/
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Integration test for ${{ matrix.testfile }}
run: S3_BUCKET_PREFIX=${S3_BUCKET_PREFIX} TEST_ARGS='-filter=${{ matrix.testfile }} -verbose' make integration-test
env:
AWS_REGION: us-west-2
S3_BUCKET_PREFIX: ${{ github.run_id }}
cleanup:
needs: [permission_check, test-integration]
runs-on: ubuntu-latest
if: always()
steps:
- name: DCE Cleanup
if: needs.permission_check.outputs.can-write == 'true'
uses: observeinc/github-action-dce@1.0.1
with:
action-type: 'decommission'
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}