Run IAC Integration Tests #235
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run IAC Integration Tests | |
on: | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
debug_enabled: | |
type: boolean | |
description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' | |
required: false | |
default: false | |
workflow_call: | |
schedule: | |
- cron: '0 0 * * 2' # Tuesday at 00:00 UTC | |
jobs: | |
permission_check: | |
runs-on: ubuntu-latest | |
outputs: | |
can-write: ${{ steps.check.outputs.can-write }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
steps: | |
- id: check | |
run: | | |
# If the AWS_ACCESS_KEY_ID secret is MIA we can't run tests | |
if [[ -z "$AWS_ACCESS_KEY_ID" ]]; then | |
echo "can-write=false" >> $GITHUB_OUTPUT | |
else | |
echo "can-write=true" >> $GITHUB_OUTPUT | |
fi | |
prepare_matrix: | |
needs: [permission_check] | |
if: needs.permission_check.outputs.can-write == 'true' | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.find_hcl_files.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup the test matrix | |
id: find_hcl_files | |
run: | | |
echo "matrix=$( find . -type d -name tests -print | sed 's:/[^/]*$::' | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT | |
- uses: actions/checkout@v4 | |
- name: DCE Provision | |
uses: observeinc/[email protected] | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
budget-amount: ${{ vars.BUDGET_AMOUNT }} | |
budget-currency: 'USD' | |
expiry: '30m' | |
email: '[email protected]' | |
- name: Setup tmate session | |
uses: mxschmitt/action-tmate@v3 | |
if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
with: | |
limit-access-to-actor: true | |
test-integration: | |
runs-on: ubuntu-latest | |
needs: [permission_check, prepare_matrix] | |
if: needs.permission_check.outputs.can-write == 'true' | |
strategy: | |
matrix: | |
testfile: ${{fromJson(needs.prepare_matrix.outputs.matrix)}} | |
steps: | |
- name: DCE Use | |
id: dce_setup | |
uses: observeinc/[email protected] | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: Integration test for ${{ matrix.testfile }} | |
run: DIR=${{ matrix.testfile }} make test-dir | |
env: | |
AWS_REGION: us-west-2 | |
cleanup: | |
needs: [permission_check, test-integration] | |
runs-on: ubuntu-latest | |
if: always() | |
steps: | |
- name: DCE Cleanup | |
if: needs.permission_check.outputs.can-write == 'true' | |
uses: observeinc/[email protected] | |
with: | |
action-type: 'decommission' | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |