ENHANCEMENT/ improved doc #282
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Leverage CLI Test | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| leverage_version: | |
| description: "Leverage CLI version to test" | |
| required: false | |
| type: string | |
| default: 1.9.1 | |
| leverage_repo: | |
| description: "Whether to use pypi.org or test.pypi.org" | |
| required: false | |
| type: string | |
| default: "pypi.org" | |
| leverage_toolbox_version: | |
| description: "Leverage Toolbox version to test" | |
| required: false | |
| type: string | |
| default: 1.2.7-0.1.6 | |
| jobs: | |
| test_leverage: | |
| runs-on: ubuntu-latest | |
| env: | |
| LEVERAGE_VERSION: 1.10.0 | |
| LEVERAGE_REPO: pypi.org | |
| LEVERAGE_TOOLBOX_VERSION: 1.2.7-0.1.6 | |
| steps: | |
| - name: Checkout base branch | |
| uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: install_dependencies | |
| run: | | |
| pip3 install --user --upgrade pipenv | |
| shell: bash | |
| - id: cache-pipenv | |
| uses: actions/cache@v3 | |
| with: | |
| path: /home/runner/.local/share/virtualenvs | |
| key: ${{ runner.os }}-pipenv-${{ github.run_id }} | |
| - name: Installing Leverage CLI | |
| run: | | |
| printf "[INFO] Installing Leverage CLI\n" | |
| if [[ "${{ inputs.leverage_version }}" == "" ]] || [[ "${{ inputs.leverage_repo }}" == "" ]]; | |
| then | |
| echo "Installing https://${LEVERAGE_REPO}/simple/ leverage==${LEVERAGE_VERSION}" | |
| python -m pipenv install -i https://${LEVERAGE_REPO}/simple/ leverage==${LEVERAGE_VERSION} | |
| else | |
| echo "Installing https://${{ inputs.leverage_repo }}/simple/ leverage==${{ inputs.leverage_version }}" | |
| python -m pipenv install -i https://${{ inputs.leverage_repo }}/simple/ leverage==${{ inputs.leverage_version }} | |
| fi | |
| working-directory: ./apps-devstg/global/cli-test-layer | |
| - name: patch_dependencies | |
| run: | | |
| python -m pipenv install requests==2.29.0 | |
| working-directory: ./apps-devstg/global/cli-test-layer | |
| - name: Set Leverage Toolbox version | |
| run: | | |
| printf "[INFO] Setting Leverage Toolbox version\n" | |
| if [[ "${{ inputs.leverage_toolbox_version }}" == "" ]]; | |
| then | |
| echo "Using Toolbox ${LEVERAGE_TOOLBOX_VERSION} version" | |
| sed -E -i 's/^TERRAFORM_IMAGE_TAG=.+$/TERRAFORM_IMAGE_TAG='${LEVERAGE_TOOLBOX_VERSION}'/' build.env; | |
| else | |
| echo "Using Toolbox ${{ inputs.leverage_toolbox_version }} version" | |
| sed -E -i 's/^TERRAFORM_IMAGE_TAG=.+$/TERRAFORM_IMAGE_TAG='${{ inputs.leverage_toolbox_version }}'/' build.env; | |
| fi | |
| - name: Set up credentials | |
| run: | | |
| printf "[INFO] Setting up credentials\n" | |
| mkdir -p ~/.aws/bb | |
| aws configure set region us-east-1 --profile bb-apps-devstg-devops | |
| aws configure set output json --profile bb-apps-devstg-devops | |
| aws configure set role_arn arn:aws:iam::${{ secrets.AWS_DEVSTG_ACCOUNT_ID }}:role/DeployMaster --profile bb-apps-devstg-devops | |
| aws configure set source_profile bb-deploymaster --profile bb-apps-devstg-devops | |
| cat << EOF > ~/.aws/credentials | |
| [bb-deploymaster] | |
| aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| EOF | |
| cp ~/.aws/credentials ~/.aws/bb/ | |
| cp ~/.aws/config ~/.aws/bb/ | |
| - name: Configure Reference Architecture | |
| run: | | |
| echo "[INFO] Configure Reference Architecture\n" | |
| cat << EOF > ./config/common.tfvars | |
| project = "bb" | |
| project_long = "binbash" | |
| region_primary = "us-east-1" | |
| region_secondary = "us-east-2" | |
| vault_address = "vault_trash" | |
| vault_token = "vault_trash" | |
| sso_region = "us-east-1" | |
| sso_enabled = false | |
| sso_start_url = "sso_trash" | |
| accounts = { | |
| security = { | |
| id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }} | |
| } | |
| } | |
| EOF | |
| echo "[INFO] Disable MFA\n" | |
| sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env | |
| - name: Test Reference Architecture | |
| run: | | |
| # These are later mounted in the container | |
| mkdir ~/.ssh && touch ~/.gitconfig | |
| printf "[INFO] Initializing layer\n" | |
| python -m pipenv run leverage tf init | |
| printf "[INFO] Generating plan\n" | |
| python -m pipenv run leverage tf plan | |
| printf "[INFO] Applying changes\n" | |
| python -m pipenv run leverage tf apply -auto-approve | |
| printf "[INFO] Checking if all changes were applied\n" | |
| python -m pipenv run leverage tf plan -detailed-exitcode | |
| [[ $? -eq 2 ]] && printf "[WARN] There are still remaining changes\n" | |
| [[ $? -eq 0 ]] && printf "[INFO] Apply checks out\n" | |
| printf "[INFO] Destroying all generated created resources\n" | |
| python -m pipenv run leverage tf destroy -auto-approve | |
| working-directory: ./apps-devstg/global/cli-test-layer |