Removed erroneous vars option #52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terratest | |
| on: | |
| push: | |
| branches: [ main, master ] | |
| pull_request: | |
| branches: [ main, master ] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| terratest: | |
| name: Run Terratest | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| env: | |
| TF_VAR_aws_region: ${{ secrets.TF_VAR_AWS_REGION }} | |
| TF_VAR_subnet_id: ${{ secrets.TF_VAR_SUBNET_ID }} | |
| TF_VAR_vpc_id: ${{ secrets.TF_VAR_VPC_ID }} | |
| TF_VAR_aws_tags: ${{ vars.TF_VAR_AWS_TAGS }} | |
| TF_VAR_SDM_API_ACCESS_KEY: ${{ secrets.SDM_API_ACCESS_KEY }} | |
| TF_VAR_SDM_API_SECRET_KEY: ${{ secrets.SDM_API_SECRET_KEY }} | |
| TF_VAR_SDM_ADMIN_TOKEN: ${{ secrets.SDM_ADMIN_TOKEN }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install SDM CLI | |
| run: | | |
| curl -J -O -L https://app.strongdm.com/releases/cli/linux | |
| unzip sdmcli* && rm sdmcli*.zip | |
| sudo mv sdm /usr/local/bin/ | |
| sdm --version | |
| - name: Authenticate SDM CLI | |
| run: | | |
| sdm login --admin-token='${{ secrets.SDM_ADMIN_TOKEN }}' | |
| - name: Setup Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.21' | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ~1.12 | |
| - name: Run Terraform unit tests | |
| run: | | |
| terraform init | |
| make unit-test | |
| env: | |
| AWS_ACCESS_KEY_ID: "fake" | |
| AWS_SECRET_ACCESS_KEY: "fake" | |
| AWS_DEFAULT_REGION: "us-west-2" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.TF_VAR_AWS_REGION }} | |
| - name: Deploy Prerequisites and Get Role ARN | |
| id: prereqs | |
| run: | | |
| cd tests/integration/prerequisites | |
| terraform init | |
| terraform apply -auto-approve | |
| echo "role-arn=$(terraform output -raw github_actions_role_arn)" >> $GITHUB_OUTPUT | |
| - name: Configure AWS credentials with assumed role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: ${{ steps.prereqs.outputs.role-arn }} | |
| role-session-name: integration-test-session | |
| aws-region: ${{ secrets.TF_VAR_AWS_REGION }} | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Run Terratest integration tests | |
| run: make integration-test | |
| - name: Cleanup Terratest Resources | |
| if: always() | |
| run: | | |
| cd tests/integration | |
| terraform destroy -auto-approve || true | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.TF_VAR_AWS_REGION }} | |
| - name: Cleanup Prerequisites | |
| if: always() | |
| run: | | |
| cd tests/integration/prerequisites | |
| terraform destroy -auto-approve | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.TF_VAR_AWS_REGION }} |