feat: examples for terraform doc #687
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Terraform modules tests | |
| on: | |
| schedule: | |
| - cron: 0 1 * * 2 | |
| workflow_dispatch: | |
| pull_request: | |
| # the paths should be synced with ../labeler.yml | |
| paths: | |
| - test/**.go | |
| - test/**/go.mod | |
| - modules/fixtures/** | |
| - modules/**.tf | |
| - .tool-versions | |
| - .github/workflows/tests.yml | |
| - justfile | |
| # limit to a single execution per ref of this workflow | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| # please keep those variables synced with daily-cleanup.yml | |
| AWS_PROFILE: infex | |
| AWS_REGION: eu-west-2 # /!\ always use one of the available test region https://github.com/camunda/infraex-common-config | |
| TESTS_TF_BINARY_NAME: terraform | |
| # please keep test-gha*.yml synced | |
| TF_STATE_BUCKET: tests-eks-tf-state-eu-central-1 | |
| TF_STATE_BUCKET_REGION: eu-central-1 | |
| jobs: | |
| # We can skip some tests using the commit description (skip-tests:NameOfTest1,NameOfTest2) or all tests (skip-tests:all) (see `DEVELOPER.md`) | |
| # If all tests are skipped, the result of this workflow will be `failed` on purpose | |
| # If you want to skip tests and have no error, you need to use `testing-ci-not-necessary` as a label on the PR | |
| configure-tests: | |
| runs-on: ubuntu-latest | |
| if: >- | |
| github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || ( | |
| github.event_name == 'pull_request' && | |
| !contains(github.event.pull_request.labels.*.name, 'testing-ci-not-necessary') | |
| ) | |
| outputs: | |
| test_functions: ${{ steps.extract_test_functions.outputs.test_functions }} | |
| # ensure a suffix is added to prevent concurrency deletion with gha integration tests (test-gha-eks.yml) | |
| cluster_id: ${{ steps.short_git_sha.outputs.short_git_sha }}-g | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| fetch-depth: 0 | |
| - name: Get Short GitHub SHA | |
| id: short_git_sha | |
| run: echo "short_git_sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
| - name: Extract Test Functions | |
| id: extract_test_functions | |
| run: | | |
| test_functions=$(grep -rho 'func \(Test[^ ]*\)' ./test/src/ | sed 's/func \(Test[^ ]*\)(t/\1/' | tr '\n' ',' | sed 's/,$//') | |
| echo "test_functions=$test_functions" | |
| : # Extract test names marked to be skipped from the commit message description | |
| commit_message=$(git log -1 --pretty=format:"%B") | |
| echo "commit_message=$commit_message" | |
| skipped_tests=$(echo "$commit_message" | grep 'skip-tests' | sed 's/skip-tests://') | |
| echo "skipped_tests=$skipped_tests" | |
| : # If all tests are marked to be skipped, then clear the test_functions list completely | |
| if [ "$skipped_tests" == "all" ]; then | |
| test_functions="" | |
| echo "Skipping all tests (skip-tests:all found), this workflow will fail. \ | |
| If you want to skip-tests for a PR, please use the label 'testing-ci-not-necessary'" | |
| else | |
| : # Otherwise, remove the tests marked to be skipped from the test_functions list | |
| if [ -n "$skipped_tests" ]; then | |
| for test in $(echo "$skipped_tests" | tr ',' '\n'); do | |
| echo "Skipping test: $test" | |
| test_functions=$(echo "$test_functions" | sed "s/$test//g" | sed 's/,,/,/g' | sed 's/^,//' | sed 's/,$//') | |
| echo "test_functions=$test_functions" | |
| done | |
| fi | |
| fi | |
| : # to json array | |
| IFS=',' read -ra array <<< "$test_functions" | |
| json_array="[" | |
| for element in "${array[@]}" | |
| do | |
| json_array+="\"$element\"," | |
| done | |
| test_functions="${json_array%,}]" | |
| echo "test_functions=${test_functions}" >> "$GITHUB_OUTPUT" | |
| echo "test_functions=${test_functions}" | |
| integration-tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - configure-tests | |
| strategy: | |
| fail-fast: false # don't propagate failing jobs | |
| matrix: | |
| test_function: ${{ fromJson(needs.configure-tests.outputs.test_functions) }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Install tooling using asdf | |
| uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3 | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3 | |
| with: | |
| url: ${{ secrets.VAULT_ADDR }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| exportEnv: false | |
| secrets: | | |
| secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY; | |
| secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY; | |
| # Official action does not support profiles | |
| - name: Add profile credentials to ~/.aws/credentials | |
| run: | | |
| aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} | |
| - name: Get go.mod details | |
| uses: Eun/go-mod-details@b719cd324463e2037cf3a0dd1dd6091bdc2730f4 # v1 | |
| id: go-mod-details | |
| with: | |
| modfile: ${{ github.workspace }}/test/src/go.mod | |
| - name: Launch test | |
| timeout-minutes: 125 | |
| run: | | |
| export TESTS_CLUSTER_ID="${{ needs.configure-tests.outputs.cluster_id }}" | |
| export TESTS_CLUSTER_REGION="${{ env.AWS_REGION }}" | |
| export TESTS_TF_BINARY_NAME="${{ env.TESTS_TF_BINARY_NAME }}" | |
| just test ${{ matrix.test_function }} "--junitfile ${{ matrix.test_function }}_unit-tests.xml" | |
| # this is a workaround for test report not working as expected due to https://github.com/test-summary/action/issues/5 | |
| - name: Filter logger.go from the test report (too large) | |
| if: always() | |
| run: | | |
| sed 's/
/\n/g' < "./test/src/${{ matrix.test_function }}_unit-tests.xml" | | |
| grep -E -v '^.*logger\.go.*$' | | |
| sed 's/\n/
/g' > "./test/src/${{ matrix.test_function }}_unit-tests_filtered.xml" | |
| - name: Upload test reports | |
| if: always() | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 | |
| with: | |
| name: test-reports-${{ matrix.test_function }} | |
| path: ./test/src/${{ matrix.test_function }}_unit-tests_filtered.xml | |
| retention-days: 1 | |
| - name: Remove profile credentials from ~/.aws/credentials | |
| if: always() | |
| run: | | |
| rm -rf ~/.aws/credentials | |
| test-report: | |
| runs-on: ubuntu-latest | |
| if: ${{ always() && needs.configure-tests.result == 'success' }} | |
| needs: | |
| - configure-tests | |
| - integration-tests | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| pattern: test-reports-* | |
| path: /tmp/testreports | |
| merge-multiple: true | |
| - name: Run test-summary | |
| uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2 | |
| with: | |
| paths: /tmp/testreports/**/*.xml | |
| cleanup-resources: | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: | |
| - configure-tests | |
| - integration-tests | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| fetch-depth: 0 | |
| - name: Install tooling using asdf | |
| uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3 | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3 | |
| with: | |
| url: ${{ secrets.VAULT_ADDR }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| exportEnv: false | |
| secrets: | | |
| secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY; | |
| secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY; | |
| # Official action does not support profiles | |
| - name: Add profile credentials to ~/.aws/credentials | |
| run: | | |
| aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} | |
| - name: Delete resources of this run | |
| timeout-minutes: 125 | |
| if: always() | |
| uses: ./.github/actions/eks-cleanup-resources | |
| with: | |
| tf-bucket: ${{ env.TF_STATE_BUCKET }} | |
| tf-bucket-region: ${{ env.TF_STATE_BUCKET_REGION }} | |
| max-age-hours: '0' | |
| target: ${{ needs.configure-tests.outputs.cluster_id }} | |
| notify-on-failure: | |
| runs-on: ubuntu-latest | |
| if: failure() | |
| needs: | |
| - configure-tests | |
| - integration-tests | |
| - test-report | |
| - cleanup-resources | |
| steps: | |
| - name: Notify in Slack in case of failure | |
| id: slack-notification | |
| if: github.event_name == 'schedule' | |
| uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@1b6af8e7117e4e9bdf777911b7a724879b59fcfe # 1.2.4 | |
| with: | |
| vault_addr: ${{ secrets.VAULT_ADDR }} | |
| vault_role_id: ${{ secrets.VAULT_ROLE_ID }} | |
| vault_secret_id: ${{ secrets.VAULT_SECRET_ID }} |