feat!: introduce basic Terratest based tests, unified Makefile and Ch…

…atOPS like workflows (#304)
PaloAltoNetworks · Sep 7, 2023 · 20e456b · 20e456b
1 parent ea91b40
commit 20e456b
Show file tree

Hide file tree

Showing 74 changed files with 2,285 additions and 483 deletions.
diff --git a/.github/actions/plan_apply/action.yml b/.github/actions/plan_apply/action.yml
diff --git a/.github/actions/sub_cleanup/action.yml b/.github/actions/sub_cleanup/action.yml
@@ -1,5 +1,11 @@
 name: 'Subscription cleanup'
 description: 'Cleans up subscription in case the job was cancelled.'
+inputs:
+  pr-id:
+    description: A PR number. Optional value, you might want to use it to prefix resources created for a particular PR to identify them easly.
+    type: string
+    default: ""
+    required: false
 runs:
   using: "composite"
   steps:
@@ -13,11 +19,15 @@ runs:
 
     - name: delete resource groups
       shell: bash
+      env:
+        PRID: ${{ inputs.pr-id }}
       run: |
         echo "::group::CLEANUP"
 
         set +e
-        for RG in $(az group list --query "[?properties.provisioningState=='Succeeded']" | jq -r '.[] | select(.name | contains("ghci")) | .name'); do 
+        PRPREFIX=$(if [ "$PRID" ]; then  echo "-pr$PRID-"; fi)
+
+        for RG in $(az group list --query "[?properties.provisioningState=='Succeeded']" | jq -r ".[] | select(.name | contains(\"ghci$PRPREFIX\")) | .name"); do 
           echo "  deleting: $RG"
           az group delete -g ${RG} -y --no-wait
 

diff --git a/.github/actions/terratest/action.yml b/.github/actions/terratest/action.yml
@@ -0,0 +1,50 @@
+name: 'Terratest'
+description: 'Runs Terratest for a specified path.'
+inputs:
+  tf_version:
+    description: 'TF version used.'
+    required: true
+  path:
+    description: 'Path to Terraform module.'
+    required: true
+  terratest_action:
+    description: The action (name of a test in Terratest) that will be passed to the Makefile's ACTION parameter
+    type: string
+    required: true
+  pr-id:
+    description: A PR number. Optional value, you might want to use it to prefix resources created for a particular PR to identify them easly.
+    type: string
+    default: ""
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+
+    - name: setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version: ${{ inputs.tf_version }}
+        terraform_wrapper: false
+
+    - name: setup Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.20'
+
+    - name: login to Azure
+      uses: azure/login@v1
+      with:
+        client-id: ${{ env.ARM_CLIENT_ID }}
+        tenant-id: ${{ env.ARM_TENANT_ID }}
+        subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }}
+
+    - name: ${{ inputs.terratest_action }} infrastructure
+      env:
+        TPATH: ${{ inputs.path }}
+        ARM_USE_OIDC: true
+        ARM_SKIP_PROVIDER_REGISTRATION: true
+        ACTION: ${{ inputs.terratest_action }}
+        PRID: ${{ inputs.pr-id }}
+      shell: bash
+      run: make $TPATH ACTION=$ACTION
diff --git a/.github/workflows/apply-command.yml b/.github/workflows/apply-command.yml
@@ -0,0 +1,51 @@
+name: ChatOPS Apply
+run-name: "On demand Apply test for PR - (#${{ github.event.inputs.pr-id }}) ${{ github.event.inputs.pr-title }}"
+
+permissions:
+  contents: read
+
+concurrency: chatops-apply
+
+on:
+  workflow_dispatch:
+    inputs:
+      paths:
+        description: Space delimited list of module paths to test
+        type: string
+        required: true
+      tf_version:
+        description: Terraform versions to use for tests, comma-separated list
+        type: string
+      pr-id:
+        description: ID of the PR that triggered this workflow
+        type: string
+        required: true
+      pr-title: 
+        description: Title of the PR that triggered this workflow
+        type: string
+        required: true
+      comment-id:
+        description: 'The comment-id of the slash command'
+        type: string
+        required: true
+      branch:
+        description: Branch on which the tests should run
+        type: string
+        default: main
+
+jobs:
+  test:
+    name: Run apply test
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
+    uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      paths: ${{ inputs.paths }}
+      tf_version: ${{ inputs.tf_version }}
+      pr-id: ${{ inputs.pr-id }}
+      comment-id: ${{ inputs.comment-id }}
+      branch: ${{ inputs.branch }}
+      terratest_action: Apply
diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml
@@ -0,0 +1,77 @@
+name: ChatOPS dispatcher
+run-name: "ChatOPS bot for PR - (#${{ github.event.issue.number }}) ${{ github.event.issue.title }}"
+
+permissions:
+  contents: read
+
+on:
+  issue_comment:
+    types: [created]
+
+concurrency: 
+  group: chat-${{ github.event.issue.number }}
+  cancel-in-progress: true
+
+jobs:
+  dispatch:
+    name: Dispatch a test job
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: get PR head branch
+        uses: actions/github-script@v6
+        id: pr
+        with:
+          result-encoding: string
+          script: |
+            let pr = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number,
+            })
+            console.log(pr.data.head.ref)
+            return pr.data.head.ref
+            
+      - name: "dispatch test command on branch: ${{ steps.pr.outputs.result }}"
+        id: scd
+        uses: peter-evans/slash-command-dispatch@v3
+        with:
+          token: ${{ secrets.CHATOPS }}
+          issue-type: pull-request
+          dispatch-type: workflow
+          permission: maintain
+          commands: |
+            validate
+            plan
+            apply
+            idempotence
+            sca
+            help
+          static-args: |
+            comment-id=${{ github.event.comment.id }}
+            pr-id=${{ github.event.issue.number }}
+            pr-title=${{ github.event.issue.title }}
+            branch=${{ steps.pr.outputs.result }}
+
+      - name: Edit comment with error message
+        if: steps.scd.outputs.error-message
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          comment-id: ${{ github.event.comment.id }}
+          body: |
+            > ${{ steps.scd.outputs.error-message }}
+          reactions: '-1'
+          reactions-edit-mode: replace
+
+      - name: Concurency ratio fallback
+        if: cancelled()
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          comment-id: ${{ github.event.comment.id }}
+          body: |
+            > ChatOPS run cancelled.
+            > See [job run log](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.
+          reactions: 'confused'
+          reactions-edit-mode: replace
diff --git a/.github/workflows/help-command.yml b/.github/workflows/help-command.yml
@@ -0,0 +1,67 @@
+name: ChatOPS Help
+run-name: "Display ChatOPS help (#${{ github.event.inputs.pr-id }}) ${{ github.event.inputs.pr-title }}"
+
+on:
+  workflow_dispatch:
+    inputs:
+      pr-id:
+        description: ID of the PR that triggered this workflow
+        type: string
+        required: true
+      pr-title: 
+        description: Title of the PR that triggered this workflow
+        type: string
+        required: true
+      comment-id:
+        description: 'The comment-id of the slash command'
+        type: string
+        required: true
+      branch:
+        description: Branch on which the tests should run
+        type: string
+        default: main
+
+jobs:
+  help:
+    name: Add help comment to originating PR
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: add help comment
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          comment-id: ${{ inputs.comment-id }}
+          issue-number: ${{ inputs.pr-id }}
+          body: |
+
+            ## ChatOPS built in help:
+            
+            Currently supported commands include:
+
+            * `/sca` - run all SCA tests via `pre-commit`
+            * `/validate` - run `terraform validate`
+            * `/plan` - plan the infrastructure (only examples)
+            * `/apply` - deploy the infrastructure and destroy afterwards (only examples)
+            * `/idempotence` - test idempotence: deploy, plan and destroy afterwards (only examples).
+
+            The 1<sup>st</sup> command does not take arguments, the remaining take two:
+
+            * `paths` - a space delimitied list of module paths
+            * `tf_version` - (optional, defaults to the latest available) a space delimited list of Terraform versions to test the infrastrucure against.
+
+            Examples:
+
+            ```bash
+            # run idempotence tests on listed modules with Terraform versions: 1.2 (latest patch available), 1.4 (latest patch available), 1.5.4.
+            /idempotence paths="examples/common_vmseries examples/panorama_standalone" tf_version="1.2 1.4 1.5.4"
+            ```
+
+            ```bash
+            # run validation tests with the latest available Terraform version on listed modules.
+            /validate paths="modules/vmseries modules/vnet examples/dedicated_vmseries"
+            ```
+
+          reactions: '+1'
+          reactions-edit-mode: replace