Skip to content

Run IAC Integration Tests #225

Run IAC Integration Tests

Run IAC Integration Tests #225

name: Run IAC Integration Tests
on:
pull_request:
workflow_dispatch:
inputs:
debug_enabled:
type: boolean
description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
required: false
default: false
workflow_call:
schedule:
- cron: '0 0 * * 2' # Tuesday at 00:00 UTC
jobs:
permission_check:
runs-on: ubuntu-latest
outputs:
can-write: ${{ steps.check.outputs.can-write }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
steps:
- id: check
run: |
# If the AWS_ACCESS_KEY_ID secret is MIA we can't run tests
if [[ -z "$AWS_ACCESS_KEY_ID" ]]; then
echo "can-write=false" >> $GITHUB_OUTPUT
else
echo "can-write=true" >> $GITHUB_OUTPUT
fi
prepare_matrix:
needs: [permission_check]
if: needs.permission_check.outputs.can-write == 'true'
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.find_hcl_files.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- name: Setup the test matrix
id: find_hcl_files
run: |
echo "matrix=$( find . -type d -name tests -print | sed 's:/[^/]*$::' | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
- name: DCE Provision
uses: observeinc/[email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
budget-amount: ${{ vars.BUDGET_AMOUNT }}
budget-currency: 'USD'
expiry: '30m'
email: '[email protected]'
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
with:
limit-access-to-actor: true
test-integration:
runs-on: ubuntu-latest
needs: [permission_check, prepare_matrix]
if: needs.permission_check.outputs.can-write == 'true'
strategy:
matrix:
testfile: ${{fromJson(needs.prepare_matrix.outputs.matrix)}}
steps:
- name: DCE Use
id: dce_setup
uses: observeinc/[email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: checkout
uses: actions/checkout@v4
- name: Integration test for ${{ matrix.testfile }}
run: DIR=${{ matrix.testfile }} make test-dir
env:
AWS_REGION: us-west-2
cleanup:
needs: [permission_check, test-integration]
runs-on: ubuntu-latest
if: always()
steps:
- name: DCE Cleanup
if: needs.permission_check.outputs.can-write == 'true'
uses: observeinc/[email protected]
with:
action-type: 'decommission'
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}