.github/workflows/tests-integration.yaml

Merge pull request #221 from observeinc/jdaines/control-tower-config #340

Workflow file for this run

.github/workflows/tests-integration.yaml at 9a87fd9

	name: Run IAC Integration Tests
Check failure on line 1 in .github/workflows/tests-integration.yaml View workflow run for this annotation GitHub Actions / .github/workflows/tests-integration.yaml Invalid workflow file `(Line: 35, Col: 12): Unexpected value '', (Line: 36, Col: 7): Unexpected value 'directory'`

	on:
	pull_request:
	workflow_dispatch:
	inputs:
	debug_enabled:
	type: boolean
	description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
	required: false
	default: false
	workflow_call:
	schedule:
	- cron: '0 0 * * 2' # Tuesday at 00:00 UTC

	jobs:
	permission_check:
	runs-on: ubuntu-latest
	outputs:
	can-write: ${{ steps.check.outputs.can-write }}
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	steps:
	- id: check
	run: \|
	# If the AWS_ACCESS_KEY_ID secret is MIA we can't run tests
	if [[ -z "$AWS_ACCESS_KEY_ID" ]]; then
	echo "can-write=false" >> $GITHUB_OUTPUT
	else
	echo "can-write=true" >> $GITHUB_OUTPUT
	fi
	- name: Terraform min/max versions
	id: minMax
	uses: clowdhaus/[email protected]
	with:
	directory: ${{ matrix.directory }}
	- name: Install Terraform v${{ steps.minMax.outputs.minVersion }}
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: ${{ steps.minMax.outputs.minVersion }}

	prepare_matrix:
	needs: [permission_check]
	if: needs.permission_check.outputs.can-write == 'true'
	runs-on: ubuntu-latest
	outputs:
	matrix: ${{ steps.find_hcl_files.outputs.matrix }}
	steps:
	- uses: actions/checkout@v4

	- name: Setup the test matrix
	id: find_hcl_files
	run: \|
	echo "matrix=$( find . -type d -name tests -print \| sed 's:/[^/]*$::' \| jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT

	- uses: actions/checkout@v4

	- name: DCE Provision
	uses: observeinc/[email protected]
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	budget-amount: ${{ vars.BUDGET_AMOUNT }}
	budget-currency: 'USD'
	expiry: '30m'
	email: '[email protected]'

	- name: Setup tmate session
	uses: mxschmitt/action-tmate@v3
	if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
	with:
	limit-access-to-actor: true

	test-integration:
	runs-on: ubuntu-latest
	needs: [permission_check, prepare_matrix]
	if: needs.permission_check.outputs.can-write == 'true'
	strategy:
	matrix:
	testfile: ${{fromJson(needs.prepare_matrix.outputs.matrix)}}
	steps:
	- name: DCE Use
	id: dce_setup
	uses: observeinc/[email protected]
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: checkout
	uses: actions/checkout@v4

	- name: Integration test for ${{ matrix.testfile }}
	run: DIR=${{ matrix.testfile }} make test-dir
	env:
	AWS_REGION: us-west-2

	cleanup:
	needs: [permission_check, test-integration]
	runs-on: ubuntu-latest
	if: always()
	steps:
	- name: DCE Cleanup
	if: needs.permission_check.outputs.can-write == 'true'
	uses: observeinc/[email protected]
	with:
	action-type: 'decommission'
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Merge pull request #221 from observeinc/jdaines/control-tower-config #340

Workflow file

Merge pull request #221 from observeinc/jdaines/control-tower-config #340

Uh oh!

Jobs

Run details

Workflow file for this run

GitHub Actions / .github/workflows/tests-integration.yaml