Skip to content

Commit

Permalink
Merge pull request #19 from infralovers/terraform-custom
Browse files Browse the repository at this point in the history 
feat: Adding custom terraform test flow
  • Loading branch information
@mabunixda
mabunixda authored Aug 14, 2024
2 parents db25c25 + ea0610f commit 674bb80
Showing 1 changed file with 84 additions and 6 deletions.
90 changes: 84 additions & 6 deletions .github/workflows/terratest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,35 @@ name: Analyze Terraform
on:
workflow_call:
inputs:
tfdir:
sourceDir:
description: 'Terraform directory to analyze'
required: true
default: '.'
type: string
test_timeout:
description: 'Test timeout'
required: false
default: '30m'
type: string
terraform_version:
description: 'Terraform version'
required: false
default: '1.9.0'
type: string
aws_region:
description: 'AWS region'
required: false
default: 'eu-central-1'
type: string
aws_role:
description: 'AWS role'
required: false
default: 'training'
type: string

permissions:
contents: read
id-token: write

jobs:

Expand All @@ -19,14 +43,68 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4

- name: Check if ${{ inputs.tfdir }} changed
- name: Check if ${{ inputs.sourceDir }} changed
id: detect
uses: tj-actions/changed-files@v44
with:
path: ${{ inputs.tfdir }}
path: ${{ inputs.sourceDir }}

- name: Import Secrets
id: import-secrets
uses: hashicorp/vault-action@v2
with:
url: https://vault-eu-central-1-public-vault-d0c4b76c.55bfc018.z1.hashicorp.cloud:8200
namespace: admin
method: jwt
path: jwt_github
role: tf_mod
# jwtGithubAudience: sigstore
secrets: |
kv/data/op/hcp_packer_service_principal username | HCP_CLIENT_ID;
kv/data/op/hcp_packer_service_principal password | HCP_CLIENT_SECRET;
kv/data/op/terraform_il_machine Token | TFE_TOKEN;
aws-dev-${{ inputs.aws_region }}/creds/${{ inputs.aws_role }} * | AWS_;
- name: Run Terratest
uses: cloudposse/github-action-terratest@main
- name: Setup HCP Terraform authentication
if: steps.detect.outputs.all_changed_files != '' || github.event_name == 'workflow_dispatch'
uses: hashicorp/setup-terraform@v3
with:
sourceDir: ${{ inputs.tfdir }}
terraform_version: ${{ inputs.terraform_version }}
cli_config_credentials_token: ${{ steps.import-secrets.outputs.TFE_TOKEN }}

- uses: actions/setup-go@v5
if: steps.detect.outputs.all_changed_files != '' || github.event_name == 'workflow_dispatch'
with:
go-version-file: ${{ inputs.sourceDir }}/go.mod
cache: true
cache-dependency-path: ${{ inputs.sourceDir }}/go.mod

- name: Run Tests
if: steps.detect.outputs.all_changed_files != '' || github.event_name == 'workflow_dispatch'
shell: bash
working-directory: ${{ inputs.sourceDir }}
env:
AWS_REGION: ${{ inputs.aws_region }}
AWS_ACCESS_KEY_ID: ${{ steps.import-secrets.outputs.AWS_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ steps.import-secrets.outputs.AWS_SECRET_KEY }}
HCP_CLIENT_ID: ${{ steps.import-secrets.outputs.HCP_CLIENT_ID }}
HCP_CLIENT_SECRET: ${{ steps.import-secrets.outputs.HCP_CLIENT_SECRET }}
run: |
env
go install github.com/jstemmer/go-junit-report@latest
go test -timeout ${{ inputs.test_timeout }} -v ./... | go-junit-report -set-exit-code > report.xml
- name: Post Test Summary
uses: test-summary/action@v2
with:
paths: |
${{ inputs.sourceDir }}/report.xml
if: always()

# - name: Run Terratest
# uses: cloudposse/github-action-terratest@main
# if: steps.detect.outputs.all_changed_files != '' || github.event_name == 'workflow_dispatch'
# with:
# sourceDir: ${{ inputs.tfdir }}
# env:
# TFE_TOKEN: ${{ secrets.TFE_TOKEN }}

0 comments on commit 674bb80

Please sign in to comment.