Skip to content

Add container image scanning workflow #185

Add container image scanning workflow

Add container image scanning workflow #185

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
name: Run Integration Test for Amazon CloudWatch Observability Helm Chart
on:
push:
branches:
- main
pull_request:
types: [ opened, reopened, synchronize, ready_for_review ]
branches:
- main
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
permissions:
id-token: write
contents: read
env:
TERRAFORM_AWS_ASSUME_ROLE: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }}
AWS_DEFAULT_REGION: us-west-2
jobs:
HelmChartsIntegrationTest:
name: HelmChartsIntegrationTest
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Generate testing id
run: echo TESTING_ID="${{ github.run_id }}-${{ github.run_number }}" >> $GITHUB_ENV
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# local directory to store the kubernetes config
- name: Create kubeconfig directory
run: mkdir -p ${{ github.workspace }}/../../../.kube
- name: Set KUBECONFIG environment variable
run: echo KUBECONFIG="${{ github.workspace }}/../../../.kube/config" >> $GITHUB_ENV
- name: Verify Terraform version
run: terraform --version
- name: Terraform apply
uses: nick-fields/retry@v2
with:
max_attempts: 1
timeout_minutes: 60 # EKS takes about 20 minutes to spin up a cluster and service on the cluster
retry_wait_seconds: 5
command: |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm
terraform init
if terraform apply -auto-approve \
-var="kube_dir=${{ github.workspace }}/../../../.kube"; then
terraform destroy -auto-approve
else
terraform destroy -auto-approve && exit 1
fi
- name: Terraform destroy
if: ${{ cancelled() || failure() }}
uses: nick-fields/retry@v2
with:
max_attempts: 3
timeout_minutes: 8
retry_wait_seconds: 5
command: |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm
terraform destroy --auto-approve
HelmChartsIntegrationTestWindows-2022:
name: HelmChartsIntegrationTestWindows-2022
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Generate testing id
run: echo TESTING_ID="${{ github.run_id }}-${{ github.run_number }}" >> $GITHUB_ENV
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# local directory to store the kubernetes config
- name: Create kubeconfig directory
run: mkdir -p ${{ github.workspace }}/../../../.kube
- name: Set KUBECONFIG environment variable
run: echo KUBECONFIG="${{ github.workspace }}/../../../.kube/config" >> $GITHUB_ENV
- name: Verify Terraform version
run: terraform --version
- name: Terraform apply
uses: nick-fields/retry@v2
with:
max_attempts: 1
timeout_minutes: 60 # EKS takes about 20 minutes to spin up a cluster and service on the cluster
retry_wait_seconds: 5
command: |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm-windows
terraform init
if terraform apply -auto-approve \
-var="windows_os_version=WINDOWS_CORE_2022_x86_64" -var="kube_dir=${{ github.workspace }}/../../../.kube"; then
terraform destroy -auto-approve
else
terraform destroy -auto-approve && exit 1
fi
- name: Terraform destroy
if: ${{ cancelled() || failure() }}
uses: nick-fields/retry@v2
with:
max_attempts: 3
timeout_minutes: 8
retry_wait_seconds: 5
command: |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm-windows
terraform destroy --auto-approve
HelmChartsIntegrationTestWindows-2019:
name: HelmChartsIntegrationTestWindows-2019
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Generate testing id
run: echo TESTING_ID="${{ github.run_id }}-${{ github.run_number }}" >> $GITHUB_ENV
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# local directory to store the kubernetes config
- name: Create kubeconfig directory
run: mkdir -p ${{ github.workspace }}/../../../.kube
- name: Set KUBECONFIG environment variable
run: echo KUBECONFIG="${{ github.workspace }}/../../../.kube/config" >> $GITHUB_ENV
- name: Verify Terraform version
run: terraform --version
- name: Terraform apply
uses: nick-fields/retry@v2
with:
max_attempts: 1
timeout_minutes: 60 # EKS takes about 20 minutes to spin up a cluster and service on the cluster
retry_wait_seconds: 5
command: |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm-windows
terraform init
if terraform apply -auto-approve \
-var="windows_os_version=WINDOWS_CORE_2019_x86_64" -var="kube_dir=${{ github.workspace }}/../../../.kube"; then
terraform destroy -auto-approve
else
terraform destroy -auto-approve && exit 1
fi
- name: Terraform destroy
if: ${{ cancelled() || failure() }}
uses: nick-fields/retry@v2
with:
max_attempts: 3
timeout_minutes: 8
retry_wait_seconds: 5
command: |
cd integration-tests/amazon-cloudwatch-observability/terraform/helm-windows
terraform destroy --auto-approve