fix policy #369
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Terraform modules tests | |
| on: | |
| schedule: | |
| - cron: '0 1 * * 2' | |
| workflow_dispatch: | |
| pull_request: | |
| # the paths should be synced with ../labeler.yml | |
| paths: | |
| - test/**.go | |
| - test/**/go.mod | |
| - modules/fixtures/** | |
| - modules/**.tf | |
| - .tool-versions | |
| - .github/workflows/tests.yml | |
| - justfile | |
| # limit to a single execution per ref of this workflow | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.ref }}" | |
| cancel-in-progress: true | |
| env: | |
| AWS_PROFILE: "infex" | |
| AWS_REGION: "eu-west-2" # /!\ always use one of the available test region https://github.com/camunda/infraex-common-config | |
| TESTS_TF_BINARY_NAME: "terraform" | |
| jobs: | |
| # We can skip some tests using the commit description (skip-tests:NameOfTest1,NameOfTest2) or all tests (skip-tests:all) (see `DEVELOPER.md`) | |
| # If all tests are skipped, the result of this workflow will be `failed` on purpose | |
| # If you want to skip tests and have no error, you need to use `testing-ci-not-necessary` as a label on the PR | |
| configure-tests: | |
| runs-on: ubuntu-latest | |
| if: >- | |
| github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || ( | |
| github.event_name == 'pull_request' && | |
| !contains(github.event.pull_request.labels.*.name, 'testing-ci-not-necessary') | |
| ) | |
| outputs: | |
| test_functions: ${{ steps.extract_test_functions.outputs.test_functions }} | |
| cluster_id: ${{ steps.short_git_sha.outputs.short_git_sha }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| fetch-depth: 0 | |
| - name: Get Short GitHub SHA | |
| id: short_git_sha | |
| run: echo "short_git_sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
| - name: Extract Test Functions | |
| id: extract_test_functions | |
| run: | | |
| test_functions=$(grep -rho 'func \(Test[^ ]*\)' ./test/src/ | sed 's/func \(Test[^ ]*\)(t/\1/' | tr '\n' ',' | sed 's/,$//') | |
| echo "test_functions=$test_functions" | |
| : # Extract test names marked to be skipped from the commit message description | |
| commit_message=$(git log -1 --pretty=format:"%B") | |
| echo "commit_message=$commit_message" | |
| skipped_tests=$(echo "$commit_message" | grep 'skip-tests' | sed 's/skip-tests://') | |
| echo "skipped_tests=$skipped_tests" | |
| : # If all tests are marked to be skipped, then clear the test_functions list completely | |
| if [ "$skipped_tests" == "all" ]; then | |
| test_functions="" | |
| echo "Skipping all tests (skip-tests:all found), this workflow will fail. If you want to skip-tests for a PR, please use the label 'testing-ci-not-necessary'" | |
| else | |
| : # Otherwise, remove the tests marked to be skipped from the test_functions list | |
| if [ -n "$skipped_tests" ]; then | |
| for test in $(echo "$skipped_tests" | tr ',' '\n'); do | |
| echo "Skipping test: $test" | |
| test_functions=$(echo "$test_functions" | sed "s/$test//g" | sed 's/,,/,/g' | sed 's/^,//' | sed 's/,$//') | |
| echo "test_functions=$test_functions" | |
| done | |
| fi | |
| fi | |
| : # to json array | |
| IFS=',' read -ra array <<< "$test_functions" | |
| json_array="[" | |
| for element in "${array[@]}" | |
| do | |
| json_array+="\"$element\"," | |
| done | |
| test_functions="${json_array%,}]" | |
| echo "test_functions=${test_functions}" >> "$GITHUB_OUTPUT" | |
| echo "test_functions=${test_functions}" | |
| integration-tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - configure-tests | |
| strategy: | |
| fail-fast: false # don't propagate failing jobs | |
| matrix: | |
| test_function: ${{ fromJson(needs.configure-tests.outputs.test_functions) }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Install tooling using asdf | |
| uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3 | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3 | |
| with: | |
| url: ${{ secrets.VAULT_ADDR }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| exportEnv: false | |
| secrets: | | |
| secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY; | |
| secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY; | |
| # Official action does not support profiles | |
| - name: Add profile credentials to ~/.aws/credentials | |
| run: | | |
| aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} | |
| - name: Get go.mod details | |
| uses: Eun/go-mod-details@b719cd324463e2037cf3a0dd1dd6091bdc2730f4 # v1 | |
| id: go-mod-details | |
| with: | |
| modfile: ${{ github.workspace }}/test/src/go.mod | |
| - name: Launch test | |
| timeout-minutes: 125 | |
| run: | | |
| export TESTS_CLUSTER_ID="${{ needs.configure-tests.outputs.cluster_id }}" | |
| export TESTS_CLUSTER_REGION="${{ env.AWS_REGION }}" | |
| export TESTS_TF_BINARY_NAME="${{ env.TESTS_TF_BINARY_NAME }}" | |
| just test ${{ matrix.test_function }} "--junitfile ${{ matrix.test_function }}_unit-tests.xml" | |
| # this is a workaround for test report not working as expected due to https://github.com/test-summary/action/issues/5 | |
| - name: Filter logger.go from the test report (too large) | |
| if: always() | |
| run: | | |
| sed 's/
/\n/g' < "./test/src/${{ matrix.test_function }}_unit-tests.xml" | grep -E -v '^.*logger\.go.*$' | sed 's/\n/
/g' > "./test/src/${{ matrix.test_function }}_unit-tests_filtered.xml" | |
| - name: Upload test reports | |
| if: always() | |
| uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 | |
| with: | |
| name: test-reports-${{ matrix.test_function }} | |
| path: "./test/src/${{ matrix.test_function }}_unit-tests_filtered.xml" | |
| retention-days: 1 | |
| - name: Remove profile credentials from ~/.aws/credentials | |
| if: always() | |
| run: | | |
| rm -rf ~/.aws/credentials | |
| test-report: | |
| runs-on: ubuntu-latest | |
| if: ${{ always() && needs.configure-tests.result == 'success' }} | |
| needs: | |
| - configure-tests | |
| - integration-tests | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| pattern: test-reports-* | |
| path: /tmp/testreports | |
| merge-multiple: true | |
| - name: Run test-summary | |
| uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2 | |
| with: | |
| paths: /tmp/testreports/**/*.xml | |
| notify-on-failure: | |
| runs-on: ubuntu-latest | |
| if: failure() | |
| needs: | |
| - configure-tests | |
| - integration-tests | |
| - test-report | |
| steps: | |
| - name: Notify in Slack in case of failure | |
| id: slack-notification | |
| if: github.event_name == 'schedule' | |
| uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@305746fcb09d1b606f32ac365e6cf1f1b66e48fd # main | |
| with: | |
| vault_addr: ${{ secrets.VAULT_ADDR }} | |
| vault_role_id: ${{ secrets.VAULT_ROLE_ID }} | |
| vault_secret_id: ${{ secrets.VAULT_SECRET_ID }} |