Add container image scanning workflow #185
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
# SPDX-License-Identifier: Apache-2.0 | |
name: Run Integration Test for Amazon CloudWatch Observability Helm Chart | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
types: [ opened, reopened, synchronize, ready_for_review ] | |
branches: | |
- main | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref_name }} | |
cancel-in-progress: true | |
permissions: | |
id-token: write | |
contents: read | |
env: | |
TERRAFORM_AWS_ASSUME_ROLE: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }} | |
AWS_DEFAULT_REGION: us-west-2 | |
jobs: | |
HelmChartsIntegrationTest: | |
name: HelmChartsIntegrationTest | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Generate testing id | |
run: echo TESTING_ID="${{ github.run_id }}-${{ github.run_number }}" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
# local directory to store the kubernetes config | |
- name: Create kubeconfig directory | |
run: mkdir -p ${{ github.workspace }}/../../../.kube | |
- name: Set KUBECONFIG environment variable | |
run: echo KUBECONFIG="${{ github.workspace }}/../../../.kube/config" >> $GITHUB_ENV | |
- name: Verify Terraform version | |
run: terraform --version | |
- name: Terraform apply | |
uses: nick-fields/retry@v2 | |
with: | |
max_attempts: 1 | |
timeout_minutes: 60 # EKS takes about 20 minutes to spin up a cluster and service on the cluster | |
retry_wait_seconds: 5 | |
command: | | |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm | |
terraform init | |
if terraform apply -auto-approve \ | |
-var="kube_dir=${{ github.workspace }}/../../../.kube"; then | |
terraform destroy -auto-approve | |
else | |
terraform destroy -auto-approve && exit 1 | |
fi | |
- name: Terraform destroy | |
if: ${{ cancelled() || failure() }} | |
uses: nick-fields/retry@v2 | |
with: | |
max_attempts: 3 | |
timeout_minutes: 8 | |
retry_wait_seconds: 5 | |
command: | | |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm | |
terraform destroy --auto-approve | |
HelmChartsIntegrationTestWindows-2022: | |
name: HelmChartsIntegrationTestWindows-2022 | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Generate testing id | |
run: echo TESTING_ID="${{ github.run_id }}-${{ github.run_number }}" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
# local directory to store the kubernetes config | |
- name: Create kubeconfig directory | |
run: mkdir -p ${{ github.workspace }}/../../../.kube | |
- name: Set KUBECONFIG environment variable | |
run: echo KUBECONFIG="${{ github.workspace }}/../../../.kube/config" >> $GITHUB_ENV | |
- name: Verify Terraform version | |
run: terraform --version | |
- name: Terraform apply | |
uses: nick-fields/retry@v2 | |
with: | |
max_attempts: 1 | |
timeout_minutes: 60 # EKS takes about 20 minutes to spin up a cluster and service on the cluster | |
retry_wait_seconds: 5 | |
command: | | |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm-windows | |
terraform init | |
if terraform apply -auto-approve \ | |
-var="windows_os_version=WINDOWS_CORE_2022_x86_64" -var="kube_dir=${{ github.workspace }}/../../../.kube"; then | |
terraform destroy -auto-approve | |
else | |
terraform destroy -auto-approve && exit 1 | |
fi | |
- name: Terraform destroy | |
if: ${{ cancelled() || failure() }} | |
uses: nick-fields/retry@v2 | |
with: | |
max_attempts: 3 | |
timeout_minutes: 8 | |
retry_wait_seconds: 5 | |
command: | | |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm-windows | |
terraform destroy --auto-approve | |
HelmChartsIntegrationTestWindows-2019: | |
name: HelmChartsIntegrationTestWindows-2019 | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Generate testing id | |
run: echo TESTING_ID="${{ github.run_id }}-${{ github.run_number }}" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
# local directory to store the kubernetes config | |
- name: Create kubeconfig directory | |
run: mkdir -p ${{ github.workspace }}/../../../.kube | |
- name: Set KUBECONFIG environment variable | |
run: echo KUBECONFIG="${{ github.workspace }}/../../../.kube/config" >> $GITHUB_ENV | |
- name: Verify Terraform version | |
run: terraform --version | |
- name: Terraform apply | |
uses: nick-fields/retry@v2 | |
with: | |
max_attempts: 1 | |
timeout_minutes: 60 # EKS takes about 20 minutes to spin up a cluster and service on the cluster | |
retry_wait_seconds: 5 | |
command: | | |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm-windows | |
terraform init | |
if terraform apply -auto-approve \ | |
-var="windows_os_version=WINDOWS_CORE_2019_x86_64" -var="kube_dir=${{ github.workspace }}/../../../.kube"; then | |
terraform destroy -auto-approve | |
else | |
terraform destroy -auto-approve && exit 1 | |
fi | |
- name: Terraform destroy | |
if: ${{ cancelled() || failure() }} | |
uses: nick-fields/retry@v2 | |
with: | |
max_attempts: 3 | |
timeout_minutes: 8 | |
retry_wait_seconds: 5 | |
command: | | |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm-windows | |
terraform destroy --auto-approve |