-
-
Notifications
You must be signed in to change notification settings - Fork 3
194 lines (173 loc) · 6.46 KB
/
build-and-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
name: build-and-test
on:
pull_request:
branches:
- main
types: [opened, synchronize, reopened]
push:
branches:
- main
env:
AWS_REGION: us-east-2
ATMOS_PLAN_DYNAMODB_TABLE: cptest-core-ue2-auto-gitops-plan-storage
ATMOS_PLAN_COST_DYNAMODB_TABLE: cptest-core-ue2-auto-gitops-plan-cost-storage
ATMOS_PLAN_S3_BUCKET: cptest-core-ue2-auto-gitops
ATMOS_PLAN_BLOB_ACCOUNT_NAME: cptestcoreeusteststorage
ATMOS_PLAN_BLOB_CONTAINER_NAME: github-action-terraform-plan-storage
ATMOS_PLAN_COSMOS_CONTAINER_NAME: github-action-terraform-plan-storage
ATMOS_PLAN_COSMOS_DATABASE_NAME: plans
ATMOS_PLAN_COSMOS_ENDPOINT: "https://cptest-core-eus-test-cosmos.documents.azure.com:443/"
# Permissions required for assuming AWS identity
permissions:
id-token: write # This is required for requesting the JWT
contents: write # This is required for check-dist
jobs:
check-dist:
name: "check-dist matches source"
uses: cloudposse/github-actions-workflows/.github/workflows/ci-typescript-app-check-dist.yml@main
with:
node-version: 20.x
unit-test:
name: "unit tests"
runs-on: ubuntu-latest
needs: check-dist
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/setup-node@v3
with:
node-version-file: package.json
cache: yarn
- name: install dependencies
run: yarn install --frozen-lockfile --prefer-offline
- name: run unit tests
run: yarn test
integration-test-aws:
name: "integration tests aws"
runs-on: ubuntu-latest
needs: check-dist
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/setup-node@v4
with:
node-version-file: package.json
cache: yarn
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_REGION }}
role-session-name: "atmos-terraform-plan-gitops"
- name: Calculate SHA256 of planfile before storage
id: before-store-checksum
run: |
checksum=$(shasum -a 256 src/__fixtures__/mock.planfile | cut -d ' ' -f 1)
echo "$checksum"
echo "checksum=$checksum" >>$GITHUB_OUTPUT
- uses: ./
id: store-plan
with:
action: storePlan
planPath: src/__fixtures__/mock.planfile
component: demo
stack: ue2-auto
tableName: ${{ env.ATMOS_PLAN_DYNAMODB_TABLE }}
bucketName: ${{ env.ATMOS_PLAN_S3_BUCKET }}
env:
GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
- uses: ./
id: get-plan
with:
action: getPlan
planPath: ./test-aws.planfile
component: demo
stack: ue2-auto
tableName: ${{ env.ATMOS_PLAN_DYNAMODB_TABLE }}
bucketName: ${{ env.ATMOS_PLAN_S3_BUCKET }}
env:
GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
- name: Calculate SHA256 of aws planfile after retrieval
id: after-get-checksum
run: |
checksum=$(shasum -a 256 ./test-aws.planfile | cut -d ' ' -f 1)
echo "$checksum"
echo "checksum=$checksum" >>$GITHUB_OUTPUT
- name: Compare Before and After Checksums (AWS)
run: |
if [ "${{ steps.before-store-checksum.outputs.checksum }}" != "${{ steps.after-get-checksum.outputs.checksum }}" ]; then
echo "Checksums do not match"
exit 1
fi
- name: Compare Before and After Checksums (AZURE)
run: |
if [ "${{ steps.before-store-checksum.outputs.checksum }}" != "${{ steps.after-get-checksum.outputs.checksum }}" ]; then
echo "Checksums do not match"
exit 1
fi
integration-test-azure:
name: "integration test azure"
runs-on: ubuntu-latest
needs: check-dist
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/setup-node@v4
with:
node-version-file: package.json
cache: yarn
- name: Configure Azure Credentials
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Calculate SHA256 of planfile before storage
id: before-store-checksum
run: |
checksum=$(shasum -a 256 src/__fixtures__/mock.planfile | cut -d ' ' -f 1)
echo "$checksum"
echo "checksum=$checksum" >>$GITHUB_OUTPUT
- uses: ./
id: store-plan
with:
blobAccountName: ${{ env.ATMOS_PLAN_BLOB_ACCOUNT_NAME }}
blobContainerName: ${{ env.ATMOS_PLAN_BLOB_CONTAINER_NAME }}
metadataRepositoryType: cosmos
planRepositoryType: azureblob
cosmosContainerName: ${{ env.ATMOS_PLAN_COSMOS_CONTAINER_NAME }}
cosmosDatabaseName: ${{ env.ATMOS_PLAN_COSMOS_DATABASE_NAME }}
cosmosEndpoint: ${{ env.ATMOS_PLAN_COSMOS_ENDPOINT }}
action: storePlan
planPath: src/__fixtures__/mock.planfile
component: demo
stack: eus-demo
- uses: ./
id: get-plan
with:
blobAccountName: ${{ env.ATMOS_PLAN_BLOB_ACCOUNT_NAME }}
blobContainerName: ${{ env.ATMOS_PLAN_BLOB_CONTAINER_NAME }}
metadataRepositoryType: cosmos
planRepositoryType: azureblob
cosmosContainerName: ${{ env.ATMOS_PLAN_COSMOS_CONTAINER_NAME }}
cosmosDatabaseName: ${{ env.ATMOS_PLAN_COSMOS_DATABASE_NAME }}
cosmosEndpoint: ${{ env.ATMOS_PLAN_COSMOS_ENDPOINT }}
action: getPlan
planPath: ./test-azure.planfile
component: demo
stack: eus-demo
- name: Calculate SHA256 of aws planfile after retrieval
id: after-get-checksum
run: |
checksum=$(shasum -a 256 ./test-azure.planfile | cut -d ' ' -f 1)
echo "$checksum"
echo "checksum=$checksum" >>$GITHUB_OUTPUT
- name: Compare Before and After Checksums
run: |
if [ "${{ steps.before-store-checksum.outputs.checksum }}" != "${{ steps.after-get-checksum.outputs.checksum }}" ]; then
echo "Checksums do not match"
exit 1
fi