-
Notifications
You must be signed in to change notification settings - Fork 1
140 lines (123 loc) · 4.07 KB
/
tests-integration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Run IAC Integration Tests
on:
# push:
# branches:
# - main
# release.yaml runs the tests on commits to main
pull_request:
workflow_dispatch:
inputs:
debug_enabled:
type: boolean
description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
required: false
default: false
workflow_call:
schedule:
- cron: '0 0 * * 1' # Monday at 00:00 UTC
jobs:
permission_check:
runs-on: ubuntu-latest
outputs:
can-write: ${{ steps.check.outputs.can-write }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
steps:
- id: check
run: |
# If the AWS_ACCESS_KEY_ID secret is MIA we can't run tests
if [[ -z "$AWS_ACCESS_KEY_ID" ]]; then
echo "can-write=false" >> $GITHUB_OUTPUT
else
echo "can-write=true" >> $GITHUB_OUTPUT
fi
prepare_matrix:
needs: [permission_check]
if: needs.permission_check.outputs.can-write == 'true'
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.find_hcl_files.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- name: Setup the test matrix
id: find_hcl_files
run: |
cd integration && \
echo "matrix=$(ls tests/*.hcl | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: DCE Provision
uses: observeinc/github-action-dce@1.0.1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
budget-amount: ${{ vars.BUDGET_AMOUNT }}
budget-currency: 'USD'
expiry: '30m'
email: 'colin.hutchinson+gha@observeinc.com'
- name: Create S3 Bucket for Artifacts
run: |
if ! aws s3api head-bucket --bucket "${{ github.run_id }}-$AWS_REGION" 2>/dev/null; then
aws s3 mb s3://"${{ github.run_id }}-$AWS_REGION" --region us-west-2
fi
env:
AWS_REGION: us-west-2
- name: Package SAM Applications
run: make sam-package-all
env:
AWS_REGION: us-west-2
S3_BUCKET_PREFIX: ${{ github.run_id }}
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
with:
limit-access-to-actor: true
- name: Archive SAM directory
uses: actions/upload-artifact@v3
with:
name: repo-and-sam-build
path: |
${{ github.workspace }}/.aws-sam/
test-integration:
runs-on: ubuntu-latest
needs: [permission_check, prepare_matrix]
if: needs.permission_check.outputs.can-write == 'true'
strategy:
matrix:
testfile: ${{fromJson(needs.prepare_matrix.outputs.matrix)}}
steps:
- name: DCE Use
id: dce_setup
uses: observeinc/github-action-dce@1.0.1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: checkout
uses: actions/checkout@v4
- name: Download SAM directory
uses: actions/download-artifact@v3
with:
name: repo-and-sam-build
path: ${{ github.workspace }}/.aws-sam/
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Integration test for ${{ matrix.testfile }}
run: S3_BUCKET_PREFIX=${S3_BUCKET_PREFIX} TEST_ARGS='-filter=${{ matrix.testfile }} -verbose' make integration-test
env:
AWS_REGION: us-west-2
S3_BUCKET_PREFIX: ${{ github.run_id }}
cleanup:
needs: [permission_check, test-integration]
runs-on: ubuntu-latest
if: always()
steps:
- name: DCE Cleanup
if: needs.permission_check.outputs.can-write == 'true'
uses: observeinc/github-action-dce@1.0.1
with:
action-type: 'decommission'
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}