fix: update modules, workflows, tests, examples, etc (#156) #131
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| AWS_REGION: us-west-2 | |
| AWS_ROLE: arn:aws:iam::270074865685:role/terraform-module-ci-test | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory | |
| AWS_MAX_ATTEMPTS: 100 | |
| AWS_RETRY_MODE: adaptive | |
| NIX_INSTALL_SHA: e9d447ce3d2ff62d7ff9cb6ef401de6fa8acb148839dd00f7271945d7b638b14 | |
| NIX_INSTALL_VERSION: 2.34.7 | |
| permissions: write-all | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release_pr: ${{ steps.release-please.outputs.pr }} | |
| steps: | |
| # https://github.com/googleapis/release-please-action/releases | |
| - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0 | |
| id: release-please | |
| with: | |
| release-type: terraform-module | |
| # https://github.com/actions/github-script/releases | |
| - uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 | |
| if: steps.release-please.outputs.pr | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: ${{ fromJson(steps.release-please.outputs.pr).number }}, | |
| owner: "${{ github.repository_owner }}", | |
| repo: "${{ github.event.repository.name }}", | |
| body: "Please make sure e2e tests pass before merging this PR! \n ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| }) | |
| test: | |
| needs: | |
| - release | |
| if: needs.release.outputs.release_pr | |
| runs-on: ubuntu-latest | |
| steps: | |
| # https://github.com/actions/checkout/releases | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| token: ${{secrets.GITHUB_TOKEN}} | |
| fetch-depth: 0 | |
| - id: aws-creds | |
| # https://github.com/aws-actions/configure-aws-credentials/releases | |
| uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 | |
| with: | |
| role-to-assume: ${{env.AWS_ROLE}} | |
| role-session-name: ${{github.run_id}} | |
| aws-region: ${{env.AWS_REGION}} | |
| role-duration-seconds: 28800 # 8 hours | |
| output-credentials: true | |
| - name: install-nix | |
| run: | | |
| curl -L -o install-nix.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install" | |
| echo "${NIX_INSTALL_SHA} install-nix.sh" | sha256sum -c - | |
| chmod +x install-nix.sh | |
| ./install-nix.sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| rm -f install-nix.sh | |
| - name: run_tests | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| ZONE: ${{secrets.ZONE}} | |
| IDENTIFIER: ${{github.run_id}} | |
| run: | | |
| # nix ignores environment variables that are not specifically kept | |
| export AWS_MAX_ATTEMPTS="100" | |
| export AWS_RETRY_MODE="adaptive" | |
| export GITHUB_OWNER="rancher" | |
| export ACME_SERVER_URL="https://acme-v02.api.letsencrypt.org/directory" | |
| export RANCHER_INSECURE="false" | |
| ./run_tests.sh -s | |
| cleanup: | |
| needs: | |
| - release | |
| - test | |
| if: always() && needs.release.outputs.release_pr | |
| runs-on: ubuntu-latest | |
| steps: | |
| # https://github.com/actions/checkout/releases | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| token: ${{secrets.GITHUB_TOKEN}} | |
| fetch-depth: 0 | |
| - id: aws-creds | |
| # https://github.com/aws-actions/configure-aws-credentials/releases | |
| uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 | |
| with: | |
| role-to-assume: ${{env.AWS_ROLE}} | |
| role-session-name: ${{github.run_id}}-cleanup | |
| aws-region: ${{env.AWS_REGION}} | |
| role-duration-seconds: 3600 # 1 hour | |
| output-credentials: true | |
| - name: install-nix | |
| run: | | |
| curl -L -o install-nix.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install" | |
| echo "${NIX_INSTALL_SHA} install-nix.sh" | sha256sum -c - | |
| chmod +x install-nix.sh | |
| ./install-nix.sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| rm -f install-nix.sh | |
| - name: cleanup | |
| shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| IDENTIFIER: ${{github.run_id}} | |
| run: | | |
| export AWS_MAX_ATTEMPTS="100" | |
| ./run_tests.sh -c $IDENTIFIER | |
| report: | |
| needs: | |
| - release | |
| - test | |
| - cleanup | |
| if: success() && needs.release.outputs.release_pr #Ensure the test jobs succeeded, and that a release PR was created. | |
| runs-on: ubuntu-latest | |
| steps: | |
| # https://github.com/actions/github-script/releases | |
| - uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: ${{ fromJson(needs.release.outputs.release_pr).number }}, | |
| owner: "${{ github.repository_owner }}", | |
| repo: "${{ github.event.repository.name }}", | |
| body: "End to End Tests Passed! \n ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| }) |