Add caching to Google Sheets API calls to prevent rate limiting #1853
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR CI - Integration/E2E | |
| on: | |
| pull_request_review: | |
| types: [submitted] | |
| # Global lock-down | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: pr-queue-${{ github.event.pull_request.number }} | |
| cancel-in-progress: false | |
| jobs: | |
| # SECURITY GATEKEEPER | |
| security-check: | |
| name: security-check | |
| runs-on: ubuntu-latest | |
| if: > | |
| github.event.review.state == 'approved' && | |
| (github.event.review.author_association == 'MEMBER' || github.event.review.author_association == 'OWNER') | |
| outputs: | |
| safe_sha: ${{ steps.verify.outputs.sha }} | |
| steps: | |
| - name: Verify Reviewed Commit | |
| id: verify | |
| run: | | |
| REVIEWED_SHA="${{ github.event.review.commit_id }}" | |
| CURRENT_SHA="${{ github.event.pull_request.head.sha }}" | |
| # BLOCKER: If the code changed since the review, fail immediately. | |
| if [[ "$REVIEWED_SHA" != "$CURRENT_SHA" ]]; then | |
| echo "::error::Security Risk: The reviewed commit ($REVIEWED_SHA) is not the latest commit ($CURRENT_SHA). Re-review required." | |
| exit 1 | |
| fi | |
| echo "sha=$REVIEWED_SHA" >> $GITHUB_OUTPUT | |
| terraform_apply: | |
| name: terraform_apply | |
| needs: [security-check] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: [ '3.14' ] | |
| outputs: | |
| INSTANCE_ID: ${{ steps.terraform_instance_id.outputs.INSTANCE_ID }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ needs.security-check.outputs.safe_sha }} | |
| persist-credentials: false | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| aws-access-key-id: ${{ secrets.ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.REGION }} | |
| - name: Install terraform and terragrunt | |
| run: | | |
| # Install Terrafrom | |
| curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - | |
| sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | |
| sudo apt-get -y update && sudo apt-get install -y terraform | |
| pip3 install jinja2 | |
| # install terragrunt | |
| wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.38.6/terragrunt_linux_amd64 | |
| mv terragrunt_linux_amd64 terragrunt | |
| mv terragrunt /usr/local/bin/terragrunt | |
| chmod 775 /usr/local/bin/terragrunt | |
| - name: Create instance | |
| id: terraform_instance_id | |
| env: | |
| IMAGE_ID: ${{ secrets.IMAGE_ID }} | |
| INSTANCE_TYPE: ${{ secrets.INSTANCE_TYPE }} | |
| ACCOUNT_ID: ${{ secrets.ACCOUNT_ID }} | |
| ROLE_NAME: ${{ secrets.ROLE_NAME }} | |
| REGION_NAME: ${{ secrets.TERRAFORM_REGION }} | |
| TAG_NAME: ${{ secrets.TAG_NAME }} | |
| SUBNET_ID: ${{ secrets.SUBNET_ID }} | |
| run: | | |
| cd terraform/aws_instance | |
| # terrafrom apply | |
| terragrunt apply -auto-approve 1> /dev/null | |
| echo "INSTANCE_ID=$(terragrunt output -raw instance_id)" >> "$GITHUB_OUTPUT" | |
| - name: Cache the Terraform State File | |
| uses: actions/cache@v5 | |
| with: | |
| path: terraform/aws_instance | |
| key: terraform-state-${{ steps.terraform_instance_id.outputs.INSTANCE_ID }} | |
| integration: | |
| name: integration | |
| needs: [security-check, terraform_apply] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| python-version: [ '3.10', '3.11', '3.12', '3.13', '3.14' ] | |
| services: | |
| opensearch: | |
| image: opensearchproject/opensearch:3.2.0 | |
| env: | |
| discovery.type: single-node | |
| DISABLE_SECURITY_PLUGIN: "true" | |
| options: >- | |
| --health-cmd "curl http://localhost:9200/_cluster/health" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 10 | |
| ports: | |
| - 9200:9200 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ needs.security-check.outputs.safe_sha }} | |
| persist-credentials: false | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| # ldap requirements | |
| sudo apt update -y | |
| sudo apt-get install -y build-essential python3-dev libldap2-dev libsasl2-dev | |
| python -m pip install --upgrade pip | |
| pip install "setuptools<82" | |
| pip install ibm-cloud-sdk-core==3.24.4 ibm-platform-services==0.75.0 ibm-vpc==0.33.0 | |
| pip install pytest pytest-cov | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| if [ -f tests_requirements.txt ]; then pip install -r tests_requirements.txt; fi | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| aws-access-key-id: ${{ secrets.ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.REGION }} | |
| - name: Set GCP credentials for pytest | |
| env: | |
| GOOGLE_APPLICATION_CREDENTIALS_CONTENTS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} | |
| RUNNER_PATH: ${{ secrets.RUNNER_PATH }} | |
| run: | | |
| echo "$GOOGLE_APPLICATION_CREDENTIALS_CONTENTS" > "$RUNNER_PATH/gcp_service.json" | |
| echo "GOOGLE_APPLICATION_CREDENTIALS=$RUNNER_PATH/gcp_service.json" >> "$GITHUB_ENV" | |
| - name: Integration tests with pytest | |
| env: | |
| BUCKET: ${{ secrets.BUCKET }} | |
| REGION: ${{ secrets.REGION }} | |
| ELASTICSEARCH: 'localhost' | |
| ELASTICSEARCH_PORT: '9200' | |
| INSTANCE_ID: ${{ needs.terraform_apply.outputs.INSTANCE_ID }} | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| AZURE_ACCOUNT_ID: ${{ secrets.AZURE_ACCOUNT_ID }} | |
| GCP_DATABASE_NAME: ${{ secrets.GCP_DATABASE_NAME }} | |
| GCP_DATABASE_TABLE_NAME: ${{ secrets.GCP_DATABASE_TABLE_NAME }} | |
| run: python -m pytest -v tests/integration | |
| terraform_destroy: | |
| name: terraform_destroy | |
| needs: [security-check, terraform_apply, integration] | |
| runs-on: ubuntu-latest | |
| if: success() || failure() | |
| strategy: | |
| matrix: | |
| python-version: [ '3.14' ] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ needs.security-check.outputs.safe_sha }} | |
| persist-credentials: false | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| aws-access-key-id: ${{ secrets.ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.REGION }} | |
| - name: Get Cache of the Terraform State File | |
| uses: actions/cache@v5 | |
| with: | |
| path: terraform/aws_instance | |
| key: terraform-state-${{ needs.terraform_apply.outputs.INSTANCE_ID }} | |
| - name: Install terraform and terragrunt | |
| run: | | |
| # Install Terrafrom | |
| curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - | |
| sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | |
| sudo apt-get -y update && sudo apt-get install -y terraform | |
| pip3 install jinja2 | |
| # install terragrunt | |
| wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.38.6/terragrunt_linux_amd64 | |
| mv terragrunt_linux_amd64 terragrunt | |
| mv terragrunt /usr/local/bin/terragrunt | |
| chmod 775 /usr/local/bin/terragrunt | |
| - name: Destroy instance | |
| env: | |
| ACCOUNT_ID: ${{ secrets.ACCOUNT_ID }} | |
| ROLE_NAME: ${{ secrets.ROLE_NAME }} | |
| REGION_NAME: ${{ secrets.TERRAFORM_REGION }} | |
| run: | | |
| cd terraform/aws_instance | |
| terragrunt destroy -auto-approve 1> /dev/null | |
| e2e: | |
| name: e2e | |
| needs: [security-check, terraform_apply, integration] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: [ '3.10', '3.11', '3.12', '3.13', '3.14' ] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ needs.security-check.outputs.safe_sha }} | |
| persist-credentials: false | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| # ldap requirements | |
| sudo apt update -y | |
| sudo apt-get install -y build-essential python3-dev libldap2-dev libsasl2-dev | |
| python -m pip install --upgrade pip | |
| pip install "setuptools<82" | |
| pip install ibm-cloud-sdk-core==3.24.4 ibm-platform-services==0.75.0 ibm-vpc==0.33.0 | |
| pip install pytest pytest-cov | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| if [ -f tests_requirements.txt ]; then pip install -r tests_requirements.txt; fi | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| aws-access-key-id: ${{ secrets.ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.REGION }} | |
| - name: E2E test | |
| env: | |
| AWS_DEFAULT_REGION: ${{ secrets.REGION }} | |
| policy: ${{ secrets.POLICY }} | |
| policy_output: ${{ secrets.POLICY_OUTPUT }} | |
| RUNNER_PATH: ${{ secrets.RUNNER_PATH }} | |
| run: | | |
| PYTHONPATH=. python cloud_governance/main/main.py 1> /dev/null 2> $RUNNER_PATH/err.log | |
| if [ -s "$RUNNER_PATH/err.log" ]; then echo "Error E2E raised"; fi |