Skip to content
plan-examples

Fix CI #590

Sign in to view logs

Fix CI

Fix CI #590

Workflow file for this run

.github/workflows/plan-examples.yml at c2395ec
name: plan-examples
on:
# this will allow to run test on main and not modify the status badge when opening a PR
push:
workflow_dispatch:
concurrency:
group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
cancel-in-progress: true
jobs:
getExampleDirectories:
name: Get example directories
runs-on: ubuntu-latest
# Do not remove environment setup without considering changes to pull_request_target and checkout of PR, as it may lead to checks running automatically against malicious code in PRs.
environment: Observability Test
# Skip running on forks since it won't have access to secrets
if: github.repository == 'aws-observability/terraform-aws-observability-accelerator'
outputs:
directories: ${{ steps.dirs.outputs.directories }}
steps:
# Be careful not to change this to explicit checkout from PR ref/code, as below we run a python code that may change from the PR code.
- name: Checkout
uses: actions/checkout@v3
- name: Get Terraform directories for evaluation
id: dirs
run: |
DIRS=$(python3 .github/workflows/plan-examples.py)
echo "directories=$DIRS" >> $GITHUB_OUTPUT
plan:
name: Plan examples
needs: getExampleDirectories
runs-on: ubuntu-latest
# Skip running on forks since it won't have access to secrets
if: github.repository == 'aws-observability/terraform-aws-observability-accelerator'
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
matrix:
directory: ${{ fromJson(needs.getExampleDirectories.outputs.directories) }}
steps:
- name: Remove default Terraform
run: rm -rf $(which terraform)
- name: checkout-merge
if: "contains(github.event_name, 'pull_request')"
uses: actions/checkout@v3
with:
ref: refs/pull/${{github.event.pull_request.number}}/merge
- name: checkout
if: "!contains(github.event_name, 'pull_request')"
uses: actions/checkout@v3
- uses: dorny/paths-filter@v2
id: changes
with:
# Need to check not only the example directory
# but also the supporting module(s) code
# for plans (not for pre-commit)
filters: |
src:
- '${{ matrix.directory }}/**/*.(tf|yml|yaml)'
- 'modules/**/*.(tf|yml|yaml)'
- '*.tf'
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v2
if: steps.changes.outputs.src== 'true'
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
aws-region: us-west-2
role-duration-seconds: 3600
role-session-name: GithubActions-Session
- name: Terraform plan from CodeBuild
if: steps.changes.outputs.src== 'true'
uses: aws-actions/aws-codebuild-run-build@v1
env:
TF_VAR_aws_region: us-west-2
TF_VAR_managed_grafana_workspace_id: ${{ secrets.GRAFANA_WORKSPACE_ID }}
TF_VAR_eks_cluster_id: e2e-tests
TF_VAR_eks_cluster_1_id: e2e-tests
TF_VAR_eks_cluster_2_id: e2e-tests
TF_VAR_managed_prometheus_workspace_ids: ${{ secrets.PROMETHEUS_WORKSPACE_ID }}
with:
project-name: terraform-plan
disable-source-override: false
env-vars-for-codebuild: |
TF_VAR_aws_region,
TF_VAR_managed_grafana_workspace_id,
TF_VAR_eks_cluster_id,
TF_VAR_managed_prometheus_workspace_ids,
TF_VAR_eks_cluster_1_id,
TF_VAR_eks_cluster_2_id
buildspec-override: |
version: 0.2
phases:
build:
commands:
- export TF_VAR_grafana_api_key="fakeapikey"
- curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
- sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
- sudo apt-get update && sudo apt-get install -y terraform
- terraform -version
- aws --version
- cd ${{ matrix.directory }}
- sed -i 's/#//' versions.tf
- terraform init
- terraform plan