Merge pull request #27 from raito-io/logging-update #232
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Raito CLI - AWS Account Plugin - Build | |
on: | |
push: | |
branches: | |
- "main" | |
pull_request: | |
env: | |
GOPRIVATE: "github.com/raito-io/*" | |
AWS_ORGANIZATION_PROFILE: "aws_organization" | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
setup-infra: | |
uses: ./.github/workflows/generate-infra.yml | |
with: | |
targetEnvironment: integration_testing | |
demo-infra: false | |
testing-infra: true | |
secrets: inherit | |
generate-usage: | |
uses: ./.github/workflows/generate-usage.yml | |
with: | |
targetEnvironment: integration_testing | |
secrets: inherit | |
needs: | |
- setup-infra | |
build: | |
environment: integration_testing | |
runs-on: ubuntu-latest | |
needs: | |
- setup-infra | |
- generate-usage | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
cache-dependency-path: "go.sum" | |
check-latest: true | |
cache: true | |
- name: Configure git for private modules | |
run: git config --global url."https://${{secrets.CI_SECRETS_TOKEN_USER}}:${{secrets.CI_SECRETS_TOKEN}}@github.com".insteadOf "https://github.com" | |
- name: Mod Tidy | |
run: go mod tidy | |
- name: Build | |
run: make build | |
- name: Lint | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: v1.61.0 | |
- name: Organization account - Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
id: aws_assumed_role_organization | |
with: | |
role-to-assume: ${{ secrets.AWS_ORGANIZATION_OIDC_DEPLOY_ROLE }} | |
aws-region: ${{ secrets.AWS_ORGANIZATION_REGION }} | |
output-credentials: true | |
- name: Organization account - Setup Profile | |
shell: bash | |
run: | | |
aws configure set region ${{ secrets.AWS_ORGANIZATION_REGION }} --profile ${{ env.AWS_ORGANIZATION_PROFILE }} | |
aws configure set aws_access_key_id ${{ steps.aws_assumed_role_organization.outputs.aws-access-key-id }} --profile ${{ env.AWS_ORGANIZATION_PROFILE }} | |
aws configure set aws_secret_access_key ${{ steps.aws_assumed_role_organization.outputs.aws-secret-access-key }} --profile ${{ env.AWS_ORGANIZATION_PROFILE }} | |
aws configure set aws_session_token ${{ steps.aws_assumed_role_organization.outputs.aws-session-token }} --profile ${{ env.AWS_ORGANIZATION_PROFILE }} | |
- name: Organization account - Check Profile | |
shell: bash | |
run: aws sts get-caller-identity --profile ${{ env.AWS_ORGANIZATION_PROFILE }} | |
- name: Testing account - Assume role using OIDC | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_TEST_OIDC_ROLE }} | |
aws-region: ${{ secrets.AWS_TEST_REGION }} | |
- name: Testing account - Check Profile | |
shell: bash | |
run: aws sts get-caller-identity | |
- name: Test | |
env: | |
AWS_ORGANIZATION_PROFILE: ${{ env.AWS_ORGANIZATION_PROFILE}} | |
AWS_ORGANIZATION_REGION: ${{ secrets.AWS_ORGANIZATION_REGION}} | |
AWS_ORGANIZATION_IDENTITY_CENTER_INSTANCE_ARN: ${{ secrets.AWS_ORGANIZATION_IDENTITY_CENTER_INSTANCE_ARN}} | |
AWS_ORGANIZATION_IDENTITY_STORE: ${{ secrets.AWS_ORGANIZATION_IDENTITY_STORE}} | |
run: make test | |
- uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: ./coverage.txt |