Update check-compliance.yml #49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Release, and Check Compliance | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| install: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download Privateer install script | |
| run: | | |
| curl -sSL https://raw.githubusercontent.com/privateerproj/privateer/03ced90caae9f3c9203eb7f82f2c46ccf2ff15fc/install.sh -o install_privateer.sh | |
| - name: Set execute permissions on install script | |
| run: chmod +x install_privateer.sh | |
| - name: Run Privateer install script | |
| run: bash ./install_privateer.sh | |
| - name: Verify Privateer installation | |
| run: | | |
| ls -al ~/.privateer/bin | |
| echo 'export PATH="/home/runner/.privateer/bin:$PATH"' >> ~/.bash_profile | |
| source ~/.bash_profile | |
| privateer version | |
| privateer help | |
| - name: Run Privateer help | |
| run: | | |
| source ~/.bash_profile | |
| privateer help | |
| build-privateer: | |
| if: github.repository == 'octo-org/octo-repo-prod' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Privateer repository | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: privateerproj/privateer | |
| path: privateer | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: 1.22 | |
| - name: Install dependencies | |
| run: | | |
| cd privateer | |
| go mod download | |
| - name: Run make release | |
| run: | | |
| cd privateer | |
| make release | |
| ls | |
| - name: Run privateer help command | |
| run: | | |
| cd privateer/ | |
| # Assuming the binary is named 'privateer'. Adjust if it's named differently. | |
| ./privateer help | |
| - name: 'Tar files' | |
| run: | | |
| cd privateer | |
| tar -cvf test_harness.tar privateer | |
| - name: Archive release artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: release-artifacts | |
| path: privateer/test_harness.tar | |
| build-azure-blob-storage: | |
| if: github.repository == 'octo-org/octo-repo-prod' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Azure Blob Storage repository | |
| uses: actions/checkout@v3 | |
| with: | |
| # repository: eddie-knight/raid-azure-blob-storage | |
| repository: krumio/raid-azure-blob-storage | |
| path: raid-azure-blob-storage | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: 1.22 | |
| - name: RUN ls | |
| run: | | |
| ls | |
| - name: Install dependencies | |
| run: | | |
| cd raid-azure-blob-storage | |
| go mod download | |
| - name: Run make release | |
| run: | | |
| cd raid-azure-blob-storage | |
| make release | |
| ls | |
| - name: 'Tar files' | |
| run: | | |
| cd raid-azure-blob-storage | |
| tar -cvf ABS.tar ABS | |
| - name: Archive release artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: release-artifacts | |
| path: raid-azure-blob-storage/ABS.tar | |
| terraform: | |
| if: github.repository == 'octo-org/octo-repo-prod' | |
| name: 'Terraform' | |
| env: | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| TF_LOG: INFO | |
| runs-on: ubuntu-latest | |
| environment: production | |
| # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| # Checkout the repository to the GitHub Actions runner | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| # Install the latest version of Terraform CLI | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v1 | |
| - name: cd into examples/basic directory | |
| run: | | |
| cd examples/basic | |
| # run ls command | |
| ls | |
| # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. | |
| - name: Terraform Init | |
| run: terraform init -reconfigure | |
| working-directory: examples/basic | |
| # Checks that all Terraform configuration files adhere to a canonical format | |
| - name: Terraform Format | |
| run: terraform fmt -check | |
| working-directory: examples/basic | |
| # Generates an execution plan for Terraform | |
| - name: Terraform Plan | |
| run: terraform plan -input=false | |
| working-directory: examples/basic | |
| # On push to "master", build or change infrastructure according to Terraform configuration files | |
| - name: Terraform Apply | |
| # if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' | |
| run: terraform apply -auto-approve -input=false | |
| working-directory: examples/basic | |
| - name: Terraform Destroy | |
| run: terraform destroy -auto-approve -input=false | |
| working-directory: examples/basic | |
| check-compliance: | |
| if: github.repository == 'octo-org/octo-repo-prod' | |
| needs: [build-privateer, build-azure-blob-storage] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: release-artifacts | |
| path: artifacts | |
| - name: RUN ls | |
| run: | | |
| ls -al | |
| - name: Extract test harness | |
| run: | | |
| cd artifacts | |
| tar -xf test_harness.tar | |
| tar -xf ABS.tar | |
| cp ../config.yml ./ | |
| cat config.yml | |
| ls -al | |
| - name: RUN sally command | |
| run: | | |
| cd artifacts | |
| ls -al | |
| ./privateer sally ABS -c config.yml -b ./ | |