go-tfe/.github/workflows/ci.yml at a5172228583149551ee04ad28824a4c459f87793 · hashicorp/go-tfe · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
name: CI
on:
  push:
    branches: [main]
  pull_request:

concurrency:
  group: "one"

jobs:
  lint:
    name: Lint
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - name: Checkout code
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

      - uses: ./.github/actions/lint-go-tfe

  tests:
    name: Test
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        # If you adjust these parameters, also adjust the jrm input files on the "Merge reports" step below
        total: [8]
        index: [0, 1, 2, 3, 4, 5, 6, 7]

    steps:
      - name: terraform-cloud-outputs
        id: tflocal
        uses: hashicorp-forge/terraform-cloud-action/outputs@5583d5f554d268ac91b3c37fd0a5e9da2c78c017 # v1.1.0
        with:
          token: ${{ secrets.TF_WORKFLOW_TFLOCAL_CLOUD_TFC_TOKEN }}
          organization: hashicorp-v2
          workspace: tflocal-go-tfe

      - name: Checkout code
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

      - uses: ./.github/actions/test-go-tfe
        with:
          matrix_index: ${{ matrix.index }}
          matrix_total: ${{ matrix.total }}
          address: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_address }}
          token: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_token }}
          admin_configuration_token: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.configuration }}
          admin_provision_licenses_token: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.provision-licenses }}
          admin_security_maintenance_token: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.security-maintenance }}
          admin_site_admin_token: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.site-admin }}
          admin_subscription_token: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.subscription }}
          admin_support_token: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.support }}
          admin_version_maintenance_token: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.version-maintenance }}
          oauth-client-github-token: ${{ secrets.OAUTH_CLIENT_GITHUB_TOKEN }}
          datadog-workflow-token: ${{ secrets.TF_WORKFLOW_DATADOG_API_KEY }}
          skip-statement: "-skip '_RunDependent$'"

  tests-run-dependent:
    name: Run Dependent Tests
    runs-on: ubuntu-latest
    steps:
      - name: terraform-cloud-outputs
        id: tflocal
        uses: hashicorp-forge/terraform-cloud-action/outputs@5583d5f554d268ac91b3c37fd0a5e9da2c78c017 # v1.1.0
        with:
          token: ${{ secrets.TF_WORKFLOW_TFLOCAL_CLOUD_TFC_TOKEN }}
          organization: hashicorp-v2
          workspace: tflocal-go-tfe

      - name: Checkout code
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

      - name: Set up Go
        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
        with:
          go-version-file: go.mod
          cache: true
          cache-dependency-path: go.sum

      - name: Sync dependencies
        shell: bash
        run: |
          go mod download
          go mod tidy

      - name: Install gotestsum
        shell: bash
        run: go install gotest.tools/gotestsum@5768fec807c3a620b209c79845e80fb4befa5857 # v1.12.2

      - name: Download artifact
        id: download-artifact
        uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
        with:
          workflow_conclusion: success
          name: junit-test-summary
          if_no_artifact_found: warn
          branch: main

      - name: Configure Datadog Test Optimization
        uses: datadog/test-visibility-github-action@f4b026bb8b8b53f323960cf86a849a0231ff93b9 # v2.5.0
        with:
          languages: go
          api_key: ${{ secrets.TF_WORKFLOW_DATADOG_API_KEY }}
          site: datadoghq.com

      - name: Run integration tests
        shell: bash
        env:
          TFE_ADDRESS: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_address }}
          TFE_TOKEN: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_token }}
          TFE_ADMIN_CONFIGURATION_TOKEN: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.configuration }}
          TFE_ADMIN_PROVISION_LICENSES_TOKEN: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.provision-licenses }}
          TFE_ADMIN_SECURITY_MAINTENANCE_TOKEN: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.security-maintenance }}
          TFE_ADMIN_SITE_ADMIN_TOKEN: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.site-admin }}
          TFE_ADMIN_SUBSCRIPTION_TOKEN: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.subscription }}
          TFE_ADMIN_SUPPORT_TOKEN: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.support }}
          TFE_ADMIN_VERSION_MAINTENANCE_TOKEN: ${{ fromJSON(steps.tflocal.outputs.workspace-outputs-json).tfe_admin_token_by_role.version-maintenance }}
          TFC_RUN_TASK_URL: "http://testing-mocks.tfe:22180/runtasks/pass"
          GITHUB_POLICY_SET_IDENTIFIER: "Maed223/test-policy-set"
          GITHUB_REGISTRY_MODULE_IDENTIFIER: "Maed223/terraform-random-module"
          GITHUB_REGISTRY_NO_CODE_MODULE_IDENTIFIER: "hashicorp/terraform-random-no-code-module"
          OAUTH_CLIENT_GITHUB_TOKEN: "${{ secrets.OAUTH_CLIENT_GITHUB_TOKEN }}"
          GO111MODULE: "on"
        run: |
          gotestsum --junitfile run-dependent-summary.xml --format short-verbose -- -parallel=1 -timeout=59m -coverprofile cover.out -run "_RunDependent$"

      - name: Upload test artifacts
        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: junit-run-dependent-test-summary
          path: |
            summary.xml
            cover.out
          retention-days: 1

  tests-combine-summaries:
    name: Combine Test Reports
    needs: [tests, tests-run-dependent]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
        with:
          node-version: 20

      - name: Set up Go
        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
        with:
          go-version: "^1.22"
          cache: true

      - name: Download artifacts
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.18.0

      - name: Install junit-report-merger
        run: npm install -g junit-report-merger

      - name: Install gocovmerge
        run: go install github.com/wadey/gocovmerge@latest

      # Note -- we're intentionally including this in the same job as the running of the tests themselves. This is to
      # future proof for when Datadog supports tracing of Go tests rather than just uploading coverage results.
      # Ref: https://docs.datadoghq.com/continuous_integration/setup_tests/
      - name: prepare datadog-ci
        run: |
          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
          chmod +x /usr/local/bin/datadog-ci

      - name: Merge coverage reports
        run: |
          gocovmerge junit-test-summary-{0..7}/cover.out junit-run-dependent-test-summary/cover.out > merged-coverage.out

      - name: Merge junit reports
        run: jrm ./ci-summary.xml "junit-test-summary-{0..7}/*.xml" "junit-run-dependent-test-summary/*.xml"

      - name: Upload test artifacts
        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: junit-test-summary
          path: ./ci-summary.xml

      - name: upload coverage
        env:
          DATADOG_API_KEY: "${{ secrets.TF_WORKFLOW_DATADOG_API_KEY }}"
          DD_ENV: ci
        run: |
          coverage=$(go tool cover -func merged-coverage.out | tail -n 1 | awk '{print $3}' | tr -d -c 0-9.)
          datadog-ci junit upload --service "$GITHUB_REPOSITORY" --report-measures=test.code_coverage.lines_pct:$coverage ./ci-summary.xml

  tests-summarize:
    name: Summarize Tests
    needs: [tests, tests-run-dependent]
    runs-on: ubuntu-latest
    if: ${{ always() }}
    steps:
      - name: Check tests Status
        run: |
          if [ "${{ needs.tests.result }}" = "success" ] && [ "${{ needs.tests-run-dependent.result }}" = "success" ]; then
            exit 0
          fi
          exit 1