feat: upgrade to Terraform Plugin SDK v2 and optimize performance #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ master, main ] | |
| pull_request: | |
| branches: [ master, main ] | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| GO_VERSION: '1.23' | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| checks: write | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go-version: [1.21, 1.22, 1.23] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go ${{ matrix.go-version }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| cache: true | |
| - name: Install dependencies | |
| run: go mod download | |
| - name: Run linter | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: v1.64.8 | |
| args: --timeout=5m --verbose --config=.golangci-v1.yml | |
| only-new-issues: false | |
| # Only run linter on latest Go version to avoid duplication | |
| if: matrix.go-version == env.GO_VERSION | |
| - name: Run tests | |
| run: | | |
| # Skip slow acceptance tests that require Terraform download | |
| go test -short -race -coverprofile=coverage.out -covermode=atomic -timeout=60s ./... | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.out | |
| flags: unittests-go${{ matrix.go-version }} | |
| name: codecov-go${{ matrix.go-version }} | |
| fail_ci_if_error: false | |
| # Only upload coverage for latest Go version | |
| if: matrix.go-version == env.GO_VERSION | |
| test-acceptance: | |
| name: Acceptance Tests | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main') | |
| env: | |
| TF_ACC: 1 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Install dependencies | |
| run: go mod download | |
| - name: Cache Terraform binary and plugins | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.terraform.d/plugins | |
| ~/.terraform.d/plugin-cache | |
| key: terraform-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-${{ github.run_id }} | |
| restore-keys: | | |
| terraform-${{ runner.os }}-${{ hashFiles('**/go.sum') }}- | |
| terraform-${{ runner.os }}- | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ~1.0 | |
| terraform_wrapper: false | |
| - name: Pre-cache Terraform for tests | |
| run: | | |
| # Create a temporary directory for pre-caching | |
| mkdir -p /tmp/tf-cache | |
| cd /tmp/tf-cache | |
| # Create a minimal Terraform configuration to trigger download | |
| cat > main.tf << 'EOF' | |
| terraform { | |
| required_providers { | |
| extip = { | |
| source = "petems/extip" | |
| } | |
| } | |
| } | |
| EOF | |
| # Initialize to download and cache provider requirements | |
| terraform init || true | |
| # Also pre-download common Terraform versions that the SDK might use | |
| export CHECKPOINT_DISABLE=1 | |
| export TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache | |
| mkdir -p $TF_PLUGIN_CACHE_DIR | |
| - name: Run acceptance tests | |
| run: | | |
| # Use cached Terraform and run acceptance tests with longer timeout | |
| export CHECKPOINT_DISABLE=1 | |
| export TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache | |
| TF_ACC=1 go test -race -timeout=10m ./extip/ | |
| - name: Run full test suite with coverage | |
| run: | | |
| # Run all tests including acceptance tests with extended timeout | |
| export CHECKPOINT_DISABLE=1 | |
| export TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache | |
| TF_ACC=1 go test -race -coverprofile=coverage.out -covermode=atomic -timeout=10m ./... | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.out | |
| flags: acceptance | |
| name: codecov-acceptance | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - goos: linux | |
| goarch: amd64 | |
| - goos: linux | |
| goarch: arm64 | |
| - goos: darwin | |
| goarch: amd64 | |
| - goos: darwin | |
| goarch: arm64 | |
| - goos: windows | |
| goarch: amd64 | |
| ext: .exe | |
| - goos: freebsd | |
| goarch: amd64 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Build | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: ${{ matrix.goarch }} | |
| CGO_ENABLED: 0 | |
| run: | | |
| go build -v -ldflags="-s -w -X main.version=dev -X main.commit=${{ github.sha }}" \ | |
| -o terraform-provider-extip-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.ext }} . | |
| - name: Test binary | |
| if: matrix.goos != 'windows' | |
| run: | | |
| chmod +x terraform-provider-extip-${{ matrix.goos }}-${{ matrix.goarch }} | |
| ./terraform-provider-extip-${{ matrix.goos }}-${{ matrix.goarch }} -version || echo "Version flag not supported yet" | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: terraform-provider-extip-${{ matrix.goos }}-${{ matrix.goarch }} | |
| path: terraform-provider-extip-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.ext }} | |
| retention-days: 7 | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| permissions: | |
| security-events: write | |
| actions: read | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Cache gosec | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/go/bin/gosec | |
| key: gosec-${{ runner.os }}-latest | |
| - name: Install gosec | |
| run: | | |
| if [ ! -f ~/go/bin/gosec ]; then | |
| go install github.com/securecodewarrior/gosec/v2/cmd/gosec@latest | |
| fi | |
| echo "$HOME/go/bin" >> $GITHUB_PATH | |
| - name: Run Gosec Security Scanner | |
| run: | | |
| gosec -fmt sarif -out results.sarif ./... | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: results.sarif | |
| - name: Cache govulncheck | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/go/bin/govulncheck | |
| key: govulncheck-${{ runner.os }}-latest | |
| - name: Install govulncheck | |
| run: | | |
| if [ ! -f ~/go/bin/govulncheck ]; then | |
| go install golang.org/x/vuln/cmd/govulncheck@latest | |
| fi | |
| echo "$HOME/go/bin" >> $GITHUB_PATH | |
| - name: Run govulncheck | |
| run: | | |
| govulncheck ./... | |
| validate: | |
| name: Validate | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Validate go.mod and go.sum | |
| run: | | |
| go mod verify | |
| go mod tidy | |
| git diff --exit-code go.mod go.sum | |
| - name: Check formatting | |
| run: make fmtcheck | |
| - name: Run go vet | |
| run: make vet | |
| - name: Validate vendor directory | |
| run: | | |
| go mod vendor | |
| git diff --exit-code vendor/ || ( | |
| echo "Vendor directory is out of sync. Run 'go mod vendor' and commit the changes." | |
| exit 1 | |
| ) |