Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Adding custom terraform test flow #19

Merged
merged 15 commits into from
Aug 14, 2024
Merged

fix: Adding custom terraform test flow #19

Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
dc976a8
fix: custom terraform test flow
mabunixda Aug 13, 2024
f079579
fix: test timeout as optional
mabunixda Aug 14, 2024
d5b62a9
fix: test timeout as optional
mabunixda Aug 14, 2024
62457c8
fix: testing
mabunixda Aug 14, 2024
bdbe40f
fix: testing
mabunixda Aug 14, 2024
02d78a8
fix: hcp auth
mabunixda Aug 14, 2024
4b8974e
use vault to fetch secrets
mabunixda Aug 14, 2024
f598cb3
use vault to fetch secrets
mabunixda Aug 14, 2024
d0731ce
donot customize aud
mabunixda Aug 14, 2024
096e7b6
vault action
mabunixda Aug 14, 2024
5ffc636
vault action
mabunixda Aug 14, 2024
f343de6
vault
mabunixda Aug 14, 2024
8fdf089
vault
mabunixda Aug 14, 2024
5117b64
vault
mabunixda Aug 14, 2024
ea0610f
make aws role param
mabunixda Aug 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 84 additions & 6 deletions .github/workflows/terratest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,35 @@ name: Analyze Terraform
on:
workflow_call:
inputs:
tfdir:
sourceDir:
description: 'Terraform directory to analyze'
required: true
default: '.'
type: string
test_timeout:
description: 'Test timeout'
required: false
default: '30m'
type: string
terraform_version:
description: 'Terraform version'
required: false
default: '1.9.0'
type: string
aws_region:
description: 'AWS region'
required: false
default: 'eu-central-1'
type: string
aws_role:
description: 'AWS role'
required: false
default: 'training'
type: string

permissions:
contents: read
id-token: write

jobs:

Expand All @@ -19,14 +43,68 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4

- name: Check if ${{ inputs.tfdir }} changed
- name: Check if ${{ inputs.sourceDir }} changed
id: detect
uses: tj-actions/changed-files@v44
with:
path: ${{ inputs.tfdir }}
path: ${{ inputs.sourceDir }}

- name: Import Secrets
id: import-secrets
uses: hashicorp/vault-action@v2
with:
url: https://vault-eu-central-1-public-vault-d0c4b76c.55bfc018.z1.hashicorp.cloud:8200
namespace: admin
method: jwt
path: jwt_github
role: tf_mod
# jwtGithubAudience: sigstore
secrets: |
kv/data/op/hcp_packer_service_principal username | HCP_CLIENT_ID;
kv/data/op/hcp_packer_service_principal password | HCP_CLIENT_SECRET;
kv/data/op/terraform_il_machine Token | TFE_TOKEN;
aws-dev-${{ inputs.aws_region }}/creds/${{ inputs.aws_role }} * | AWS_;

- name: Run Terratest
uses: cloudposse/github-action-terratest@main
- name: Setup HCP Terraform authentication
if: steps.detect.outputs.all_changed_files != '' || github.event_name == 'workflow_dispatch'
uses: hashicorp/setup-terraform@v3
with:
sourceDir: ${{ inputs.tfdir }}
terraform_version: ${{ inputs.terraform_version }}
cli_config_credentials_token: ${{ steps.import-secrets.outputs.TFE_TOKEN }}

- uses: actions/setup-go@v5
if: steps.detect.outputs.all_changed_files != '' || github.event_name == 'workflow_dispatch'
with:
go-version-file: ${{ inputs.sourceDir }}/go.mod
cache: true
cache-dependency-path: ${{ inputs.sourceDir }}/go.mod

- name: Run Tests
if: steps.detect.outputs.all_changed_files != '' || github.event_name == 'workflow_dispatch'
shell: bash
working-directory: ${{ inputs.sourceDir }}
env:
AWS_REGION: ${{ inputs.aws_region }}
AWS_ACCESS_KEY_ID: ${{ steps.import-secrets.outputs.AWS_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ steps.import-secrets.outputs.AWS_SECRET_KEY }}
HCP_CLIENT_ID: ${{ steps.import-secrets.outputs.HCP_CLIENT_ID }}
HCP_CLIENT_SECRET: ${{ steps.import-secrets.outputs.HCP_CLIENT_SECRET }}
run: |
env
go install github.com/jstemmer/go-junit-report@latest
go test -timeout ${{ inputs.test_timeout }} -v ./... | go-junit-report -set-exit-code > report.xml

- name: Post Test Summary
uses: test-summary/action@v2
with:
paths: |
${{ inputs.sourceDir }}/report.xml
if: always()

# - name: Run Terratest
# uses: cloudposse/github-action-terratest@main
# if: steps.detect.outputs.all_changed_files != '' || github.event_name == 'workflow_dispatch'
# with:
# sourceDir: ${{ inputs.tfdir }}
# env:
# TFE_TOKEN: ${{ secrets.TFE_TOKEN }}