Add example e2e workflow and provider build artifact workflow

ewgenius · ewgenius · commit 35bace0e3c01 · 2025-12-11T12:38:01.000+09:00
diff --git a/.github/examples/e2e-consumer-workflow.yml b/.github/examples/e2e-consumer-workflow.yml
@@ -0,0 +1,146 @@
+# Example workflow for spicehq/cloud to consume the terraform provider artifact
+# Copy and adapt this workflow to your e2e test needs
+#
+# This workflow demonstrates how to:
+# 1. Download the pre-built provider from terraform-provider-spiceai (internal repo)
+# 2. Configure Terraform to use it via dev overrides
+# 3. Run e2e tests with the provider
+#
+# IMPORTANT: Since terraform-provider-spiceai is an internal repo, you need a PAT
+# or GitHub App token with `actions:read` permission on the source repo.
+# The default GITHUB_TOKEN does NOT work for cross-repo artifact access.
+
+name: E2E Tests
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  e2e:
+    name: E2E Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - uses: actions/checkout@v4
+
+      # Download the provider artifact from terraform-provider-spiceai repo
+      #
+      # Required secret: GH_PAT
+      # Create a Personal Access Token (classic) or Fine-grained PAT with:
+      #   - actions:read permission on spicehq/terraform-provider-spiceai
+      # Or use a GitHub App installation token with Actions read permission
+      #
+      # To create the secret:
+      #   1. Go to spicehq/cloud -> Settings -> Secrets and variables -> Actions
+      #   2. Create a new secret named GH_PAT with your token
+      - name: Download Terraform Provider
+        uses: dawidd6/action-download-artifact@v6
+        with:
+          github_token: ${{ secrets.GH_PAT }}
+          repo: spicehq/terraform-provider-spiceai
+          workflow: build-artifact.yml
+          branch: main
+          name: terraform-provider-spiceai_linux_amd64
+          path: .terraform-provider
+
+      # Alternative: Download using GitHub CLI
+      # Uncomment this block and comment out the above step if you prefer gh cli
+      # - name: Download Terraform Provider (gh cli)
+      #   env:
+      #     GH_TOKEN: ${{ secrets.GH_PAT }}
+      #   run: |
+      #     mkdir -p .terraform-provider
+      #     
+      #     # Get the latest successful workflow run
+      #     RUN_ID=$(gh run list \
+      #       --repo spicehq/terraform-provider-spiceai \
+      #       --workflow build-artifact.yml \
+      #       --branch main \
+      #       --status success \
+      #       --limit 1 \
+      #       --json databaseId \
+      #       --jq '.[0].databaseId')
+      #     
+      #     # Download the artifact
+      #     gh run download "$RUN_ID" \
+      #       --repo spicehq/terraform-provider-spiceai \
+      #       --name terraform-provider-spiceai_linux_amd64 \
+      #       --dir .terraform-provider
+
+      - name: Setup Terraform Provider
+        run: |
+          chmod +x .terraform-provider/terraform-provider-spiceai_linux_amd64
+          
+          # Rename binary to match what Terraform expects
+          mv .terraform-provider/terraform-provider-spiceai_linux_amd64 \
+             .terraform-provider/terraform-provider-spiceai
+          
+          # Create Terraform CLI config with dev override
+          mkdir -p ~/.terraform.d
+          cat > ~/.terraform.d/terraformrc << EOF
+          provider_installation {
+            dev_overrides {
+              "spiceai/spiceai" = "${{ github.workspace }}/.terraform-provider"
+            }
+            direct {}
+          }
+          EOF
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_wrapper: false
+
+      # Your e2e test steps go here
+      - name: Run E2E Tests
+        env:
+          SPICEAI_CLIENT_ID: ${{ secrets.SPICEAI_CLIENT_ID }}
+          SPICEAI_CLIENT_SECRET: ${{ secrets.SPICEAI_CLIENT_SECRET }}
+          TF_CLI_CONFIG_FILE: ~/.terraform.d/terraformrc
+        run: |
+          cd path/to/your/terraform/configs
+          
+          # Note: With dev overrides, Terraform will warn that it's using
+          # a locally-installed provider. This is expected behavior.
+          terraform plan
+          terraform apply -auto-approve
+          
+          # Run your e2e test assertions here
+          
+          # Cleanup
+          terraform destroy -auto-approve
+
+# =============================================================================
+# Setup Instructions
+# =============================================================================
+#
+# 1. Create a PAT (Personal Access Token):
+#    - Go to GitHub Settings -> Developer settings -> Personal access tokens
+#    - For Fine-grained token (recommended):
+#      - Resource owner: spicehq
+#      - Repository access: Select "spicehq/terraform-provider-spiceai"
+#      - Permissions: Actions (read)
+#    - For Classic token:
+#      - Select scope: repo (for internal repos)
+#
+# 2. Add the PAT as a secret in spicehq/cloud:
+#    - Go to spicehq/cloud -> Settings -> Secrets and variables -> Actions
+#    - New repository secret: GH_PAT = <your-token>
+#
+# 3. Also add Spice.ai credentials as secrets:
+#    - SPICEAI_CLIENT_ID
+#    - SPICEAI_CLIENT_SECRET
+#
+# =============================================================================
+# Notes
+# =============================================================================
+#
+# - Artifacts are retained for 90 days by default
+# - For macOS runners, use macos-latest and download darwin_arm64 or darwin_amd64
+# - The provider is built on every merge to main in terraform-provider-spiceai
diff --git a/.github/workflows/build-artifact.yml b/.github/workflows/build-artifact.yml
@@ -0,0 +1,70 @@
+# Build and upload provider artifact on merge to trunk
+name: Build Artifact
+
+on:
+  pull_request:
+
+  push:
+    branches:
+      - trunk
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build Provider
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        include:
+          - goos: linux
+            goarch: amd64
+          - goos: linux
+            goarch: arm64
+          - goos: darwin
+            goarch: amd64
+          - goos: darwin
+            goarch: arm64
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+
+      - name: Build provider
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+          CGO_ENABLED: '0'
+        run: |
+          go build -trimpath -ldflags="-s -w" -o terraform-provider-spiceai_${{ matrix.goos }}_${{ matrix.goarch }} .
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: terraform-provider-spiceai_${{ matrix.goos }}_${{ matrix.goarch }}
+          path: terraform-provider-spiceai_${{ matrix.goos }}_${{ matrix.goarch }}
+          retention-days: 90
+
+  # Combine all platform artifacts into a single artifact for convenience
+  combine:
+    name: Combine Artifacts
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download all artifacts
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        with:
+          path: artifacts
+          pattern: terraform-provider-spiceai_*
+          merge-multiple: true
+
+      - name: Upload combined artifact
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: terraform-provider-spiceai
+          path: artifacts/
+          retention-days: 90
