-
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(security-keys): Add localstack to github action for testing
- Loading branch information
1 parent
80216e0
commit ed03dc0
Showing
19 changed files
with
355 additions
and
229 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,205 +1,72 @@ | ||
| name: "Security Keys Layer: Unit Tests" | ||
| on: | ||
| pull_request: | ||
| branches: | ||
| - master | ||
| paths: | ||
| - apps-devstg/us-east-1/security-keys/** | ||
| - apps-devstg/us-east-2/security-keys/** | ||
| - apps-prd/us-east-1/security-keys/** | ||
| - data-science/us-east-1/security-keys/** | ||
| - management/us-east-1/security-keys/** | ||
| - network/us-east-1/security-keys/** | ||
| - network/us-eat-2/security-keys/** | ||
| - security/us-east-1/security-keys/** | ||
| - shared/us-east-1/security-keys/** | ||
| - shared/us-east-2/security-keys/** | ||
|
|
||
| pull_request: | ||
| branches: | ||
| - master | ||
| jobs: | ||
| apps-devstg: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: 1.7.0 | ||
| - uses: dorny/paths-filter@v3 | ||
| id: filter | ||
| with: | ||
| filters: | | ||
| us-east-1: | ||
| - 'apps-devstg/us-east-1/security-keys/**' | ||
| us-east-2: | ||
| - 'apps-devstg/us-east-2/security-keys/**' | ||
| - name: Terraform Init on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: apps-devstg/us-east-1/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: apps-devstg/us-east-1/security-keys | ||
| run: | | ||
| terraform test | ||
| - name: Terraform Init on us-east-2 | ||
| if: steps.filter.outputs.us-east-2 == 'true' | ||
| working-directory: apps-devstg/us-east-2/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-2 | ||
| if: steps.filter.outputs.us-east-2 == 'true' | ||
| working-directory: apps-devstg/us-east-2/security-keys | ||
| run: | | ||
| terraform test | ||
| apps-prd: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: 1.7.0 | ||
| - uses: dorny/paths-filter@v3 | ||
| id: filter | ||
| with: | ||
| filters: | | ||
| us-east-1: | ||
| - 'apps-prd/us-east-1/security-keys/**' | ||
| - name: Terraform Init on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: apps-prd/us-east-1/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: apps-prd/us-east-1/security-keys | ||
| run: | | ||
| terraform test | ||
| data-science: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: 1.7.0 | ||
| - uses: dorny/paths-filter@v3 | ||
| id: filter | ||
| with: | ||
| filters: | | ||
| us-east-1: | ||
| - 'data-science/us-east-1/security-keys/**' | ||
| - name: Terraform Init on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: data-science/us-east-1/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: data-science/us-east-1/security-keys | ||
| run: | | ||
| terraform test | ||
| management: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: 1.7.0 | ||
| - uses: dorny/paths-filter@v3 | ||
| id: filter | ||
| with: | ||
| filters: | | ||
| us-east-1: | ||
| - 'management/us-east-1/security-keys/**' | ||
| - name: Terraform Init on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: management/us-east-1/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: management/us-east-1/security-keys | ||
| run: | | ||
| terraform test | ||
| network: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: 1.7.0 | ||
| - uses: dorny/paths-filter@v3 | ||
| id: filter | ||
| with: | ||
| filters: | | ||
| us-east-1: | ||
| - 'network/us-east-1/security-keys/**' | ||
| us-east-2: | ||
| - 'network/us-east-2/security-keys/**' | ||
| - name: Terraform Init on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: network/us-east-1/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: network/us-east-1/security-keys | ||
| run: | | ||
| terraform test | ||
| - name: Terraform Init on us-east-2 | ||
| if: steps.filter.outputs.us-east-2 == 'true' | ||
| working-directory: network/us-east-2/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-2 | ||
| if: steps.filter.outputs.us-east-2 == 'true' | ||
| working-directory: network/us-east-2/security-keys | ||
| run: | | ||
| terraform test | ||
| security: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: 1.7.0 | ||
| - uses: dorny/paths-filter@v3 | ||
| id: filter | ||
| with: | ||
| filters: | | ||
| us-east-1: | ||
| - 'security/us-east-1/security-keys/**' | ||
| - name: Terraform Init on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: security/us-east-1/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: security/us-east-1/security-keys | ||
| run: | | ||
| terraform test | ||
| shared: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: 1.7.0 | ||
| - uses: dorny/paths-filter@v3 | ||
| id: filter | ||
| with: | ||
| filters: | | ||
| us-east-1: | ||
| - 'shared/us-east-1/security-keys/**' | ||
| us-east-2: | ||
| - 'shared/us-east-2/security-keys/**' | ||
| - name: Terraform Init on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: shared/us-east-1/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-1 | ||
| if: steps.filter.outputs.us-east-1 == 'true' | ||
| working-directory: shared/us-east-1/security-keys | ||
| run: | | ||
| terraform test | ||
| - name: Terraform Init on us-east-2 | ||
| if: steps.filter.outputs.us-east-2 == 'true' | ||
| working-directory: shared/us-east-2/security-keys | ||
| run: terraform init | ||
| - name: Run Unit Test on us-east-2 | ||
| if: steps.filter.outputs.us-east-2 == 'true' | ||
| working-directory: shared/us-east-2/security-keys | ||
| run: | | ||
| terraform test | ||
| testing-security-keys: | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| terraform_versions: | ||
| - 1.7 | ||
| - 1.8 | ||
| accounts: | ||
| - layer: apps-devstg/us-east-1/security-keys | ||
| aws_profile: bb-apps-devstg-devops | ||
| aws_region: us-east-1 | ||
| required_state_file: true | ||
| bucket: security | ||
| bucket_folder: identities | ||
| aws_profile_required_state_file: bb-security-devops | ||
| state_file_test_path: tests/terraform.tfstate.template | ||
| - layer: apps-devstg/us-east-2/security-keys | ||
| aws_profile: bb-apps-devstg-devops | ||
| aws_region: us-east-2 | ||
| required_state_file: false | ||
| - layer: apps-prd/us-east-1/security-keys | ||
| aws_profile: bb-apps-prd-devops | ||
| aws_region: us-east-1 | ||
| required_state_file: false | ||
| - layer: data-science/us-east-1/security-keys | ||
| aws_profile: bb-data-science-devops | ||
| aws_region: us-east-1 | ||
| required_state_file: false | ||
| - layer: management/us-east-1/security-keys | ||
| aws_profile: bb-root-oaar | ||
| aws_region: us-east-1 | ||
| required_state_file: false | ||
| - layer: network/us-east-1/security-keys | ||
| aws_profile: bb-network-devops | ||
| aws_region: us-east-1 | ||
| required_state_file: false | ||
| - layer: network/us-east-2/security-keys | ||
| aws_profile: bb-network-devops | ||
| aws_region: us-east-2 | ||
| required_state_file: false | ||
| - layer: security/us-east-1/security-keys | ||
| aws_profile: bb-security-devops | ||
| aws_region: us-east-1 | ||
| required_state_file: false | ||
| - layer: shared/us-east-1/security-keys | ||
| aws_profile: bb-shared-devops | ||
| aws_region: us-east-1 | ||
| required_state_file: false | ||
| - layer: shared/us-east-2/security-keys | ||
| aws_profile: bb-shared-devops | ||
| aws_region: us-east-2 | ||
| required_state_file: false | ||
| name: security-keys-layer | ||
| uses: ./.github/workflows/testing-workflow.yml | ||
| with: | ||
| localstack_version: '3.7.2' | ||
| terraform_version: ${{ matrix.terraform_versions }} | ||
| aws_profile: ${{ matrix.accounts.aws_profile }} | ||
| aws_region: ${{ matrix.accounts.aws_region }} | ||
| required_state_file: ${{ matrix.accounts.required_state_file }} | ||
| state_file_test_path: ${{ matrix.accounts.state_file_test_path }} | ||
| bucket_name: ${{ matrix.accounts.bucket }} | ||
| bucket_folder: ${{ matrix.accounts.bucket_folder }} | ||
| aws_profile_required_state_file: ${{ matrix.accounts.aws_profile_required_state_file }} | ||
| working_directory: ${{ matrix.accounts.layer }} | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,112 @@ | ||
| name: Testing Workflow | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| localstack_version: | ||
| description: 'Localstack version' | ||
| required: true | ||
| type: string | ||
| default: '3.7.2' | ||
| terraform_version: | ||
| description: 'Terraform version' | ||
| required: true | ||
| type: string | ||
| default: '1.7.0' | ||
| aws_profile: | ||
| description: 'AWS profile for localstack' | ||
| required: true | ||
| type: string | ||
| aws_region: | ||
| description: 'AWS region for localstack' | ||
| required: false | ||
| type: string | ||
| default: 'us-east-1' | ||
| required_state_file: | ||
| description: 'If a terraform state file is required for testing' | ||
| required: true | ||
| type: boolean | ||
| default: false | ||
| state_file_test_path: | ||
| description: 'Path to the terraform state file in the tests folder' | ||
| required: false | ||
| type: string | ||
| bucket_name: | ||
| description: 'Name of the S3 bucket to store the terraform state file' | ||
| required: false | ||
| type: string | ||
| bucket_folder: | ||
| description: 'Folder in the S3 bucket to store the terraform state file' | ||
| required: false | ||
| type: string | ||
| aws_profile_required_state_file: | ||
| description: 'AWS profile of data terraform state for getting value of another layer' | ||
| required: false | ||
| type: string | ||
| working_directory: | ||
| description: 'Working directory for the terraform code' | ||
| required: true | ||
| type: string | ||
| jobs: | ||
| testing: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Check tests folder | ||
| id: check-tests | ||
| working-directory: ${{ inputs.working_directory }} | ||
| run: | | ||
| if [ -d tests ]; then | ||
| echo "hasTests=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "hasTests=false" >> $GITHUB_OUTPUT | ||
| fi | ||
| - uses: hashicorp/setup-terraform@v3 | ||
| if: steps.check-tests.outputs.hasTests == 'true' | ||
| with: | ||
| terraform_version: ${{ inputs.terraform_version }} | ||
| - name: Install tflocal | ||
| if: steps.check-tests.outputs.hasTests == 'true' | ||
| run: | | ||
| pip install terraform-local | ||
| - uses: LocalStack/setup-localstack@v0.2.3 | ||
| if: steps.check-tests.outputs.hasTests == 'true' | ||
| with: | ||
| image-tag: ${{ inputs.localstack_version }} | ||
| install-awslocal: true | ||
| - name: Configure AWS Credentials for Localstack | ||
| if: steps.check-tests.outputs.hasTests == 'true' | ||
| run: | | ||
| awslocal configure set aws_access_key_id fake --profile ${{ inputs.aws_profile }} | ||
| awslocal configure set aws_secret_access_key fake --profile ${{ inputs.aws_profile }} | ||
| awslocal configure set region ${{ inputs.aws_region }} --profile ${{ inputs.aws_profile }} | ||
| awslocal configure set endpoint_url http://localhost:4566 --profile ${{ inputs.aws_profile }} | ||
| - name: Configure AWS Credentials for Required State File | ||
| if: ${{ inputs.required_state_file && steps.check-tests.outputs.hasTests == 'true' }} | ||
| run: | | ||
| awslocal configure set aws_access_key_id fake --profile ${{ inputs.aws_profile_required_state_file }} | ||
| awslocal configure set aws_secret_access_key fake --profile ${{ inputs.aws_profile_required_state_file }} | ||
| awslocal configure set region ${{ inputs.aws_region }} --profile ${{ inputs.aws_profile_required_state_file }} | ||
| awslocal configure set endpoint_url http://localhost:4566 --profile ${{ inputs.aws_profile_required_state_file }} | ||
| - name: Create S3 Buckets | ||
| if: ${{ inputs.required_state_file && steps.check-tests.outputs.hasTests == 'true' }} | ||
| run: | | ||
| awslocal s3 mb s3://${{ inputs.bucket_name }} --region ${{ inputs.aws_region }} | ||
| - name: Copy Terraform State File for testing to S3 Bucket | ||
| if: ${{ inputs.required_state_file && steps.check-tests.outputs.hasTests == 'true' }} | ||
| run: | | ||
| awslocal s3 cp ${{ inputs.working_directory }}/${{ inputs.state_file_test_path}} s3://${{ inputs.bucket_name }}/${{inputs.bucket_folder }}/terraform.tfstate | ||
| - name: Terraform Init | ||
| if: steps.check-tests.outputs.hasTests == 'true' | ||
| working-directory: ${{ inputs.working_directory }} | ||
| run: tflocal init -upgrade | ||
| - name: Run Test | ||
| if: steps.check-tests.outputs.hasTests == 'true' | ||
| working-directory: ${{ inputs.working_directory }} | ||
| env: | ||
| AWS_DEFAULT_REGION: ${{ inputs.aws_region }} | ||
| AWS_ACCESS_KEY_ID: fake | ||
| AWS_SECRET_ACCESS_KEY: fake | ||
| run: | | ||
| cp ../../../config/common.tfvars.example ../../../config/common.tfvars | ||
| tflocal test -var-file=../../../config/common.tfvars -var-file=../../config/account.tfvars -var-file=../../config/backend.tfvars |
Oops, something went wrong.