[BV-195] Run toolbox with the host user #107
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | Integration | |
on: [pull_request, workflow_dispatch] | |
jobs: | |
integration_tests: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: build_image | |
run: | | |
echo "[INFO] Building image" | |
make build-image | |
shell: bash | |
- name: run_integration_tests | |
run: | | |
echo "[INFO] Running integration tests" | |
make test-int | |
shell: bash | |
integration_tests_cli_refarch: | |
runs-on: ubuntu-latest | |
strategy: | |
max-parallel: 1 | |
matrix: | |
python-version: ['3.8.14', '3.9.15', '3.10.8', '3.11.8', '3.12.5'] | |
toolbox-image-tag: ['1.3.5-0.1.15', '1.5.0-0.1.15', '1.6.0-0.1.15'] | |
steps: | |
- name: Checkout base branch | |
uses: actions/checkout@v3 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v2 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install Poetry | |
run: | | |
echo "[INFO] Installing Poetry..." | |
curl -sSL https://install.python-poetry.org | POETRY_VERSION=1.8.2 python - | |
echo "[INFO] Configuring Poetry..." | |
poetry config virtualenvs.create false # This prevents poetry from creating a virtual environment | |
- name: Install dependencies using Poetry | |
run: | | |
echo "[INFO] Installing dependencies..." | |
export ENV POETRY_VIRTUALENVS_CREATE=false | |
export PATH="${PATH}:${HOME}/.poetry/bin" | |
poetry install --with=dev | |
- name: Build Leverage CLI | |
run: | | |
echo "[INFO] Building Leverage CLI" | |
echo "[INFO] Working with python version $(python --version)" | |
make build | |
pip install -e . | |
- name: Create directories | |
run: | | |
mkdir -p ../theadamproject | |
# These are later mounted in the container | |
mkdir ~/.ssh && touch ~/.gitconfig | |
- name: Project Init | |
run: | | |
printf "[INFO] Project Init\n" | |
leverage project init | |
if [[ -f project.yaml ]]; | |
then | |
printf "[INFO] OK \n" | |
else | |
printf "[ERROR] Fail \n" | |
exit 1 | |
fi | |
working-directory: ../theadamproject | |
- name: Set project file and create | |
run: | | |
printf "[INFO] Setting Project file\n" | |
sed 's/<project name>/the-adam-project/' -i project.yaml | |
sed 's/<short project name>/bb/' -i project.yaml | |
sed 's/<management email address>/bb@domainmgmt/' -i project.yaml | |
sed 's/<security email address>/bb@domainsec/' -i project.yaml | |
sed 's/<shared email address>/bb@domainshared/' -i project.yaml | |
sed 's/<user.name>/bbuser/' -i project.yaml | |
printf "[INFO] Creating Project" | |
leverage project create | |
printf "[INFO] Checking Project" | |
for i in config management security shared; do if [[ ! -d $i ]]; then echo '[ERROR] Fail' && exit 1; fi ;done | |
working-directory: ../theadamproject | |
- name: Set up credentials | |
run: | | |
printf "[INFO] Setting up credentials\n" | |
mkdir -p ~/.aws/bb | |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile bb-deploymaster | |
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile bb-deploymaster | |
aws configure set region us-east-1 --profile bb-apps-devstg-devops | |
aws configure set output json --profile bb-apps-devstg-devops | |
aws configure set role_arn arn:aws:iam::${{ secrets.AWS_DEVSTG_ACCOUNT_ID }}:role/DeployMaster --profile bb-apps-devstg-devops | |
aws configure set source_profile bb-deploymaster --profile bb-apps-devstg-devops | |
cat << EOF > ~/.aws/credentials | |
[bb-deploymaster] | |
aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
EOF | |
cp ~/.aws/credentials ~/.aws/bb/ | |
cp ~/.aws/config ~/.aws/bb/ | |
- name: Configure Reference Architecture | |
run: | | |
echo "[INFO] Configure Reference Architecture\n" | |
cat << EOF > ./config/common.tfvars | |
project = "bb" | |
project_long = "binbash" | |
region_primary = "us-east-1" | |
region_secondary = "us-east-2" | |
vault_address = "vault_trash" | |
vault_token = "vault_trash" | |
sso_region = "us-east-1" | |
sso_enabled = false | |
sso_start_url = "sso_trash" | |
accounts = { | |
security = { | |
id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }} | |
} | |
} | |
EOF | |
echo "[INFO] Disable MFA\n" | |
sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env | |
working-directory: ../theadamproject | |
- name: Test Terraform | |
env: | |
LEVERAGE_INTERACTIVE: 0 | |
run: | | |
printf "[INFO] Testing terraform\n" | |
printf "[INFO] Initializing layer\n" | |
leverage tf init --skip-validation | |
working-directory: ../theadamproject/security/us-east-1/base-tf-backend | |
- name: Test AWS | |
run: | | |
printf "[INFO] Testing AWS\n" | |
printf "[INFO] Getting identity\n" | |
ID=$(leverage aws sts get-caller-identity --profile bb-apps-devstg-devops | grep Account | sed -E 's/^.*("Account.+")[0-9]{12}".*$/\1************"/') | |
if [[ "$ID" == "\"Account\": \"************\"" ]]; | |
then | |
printf "[INFO] OK \n" | |
else | |
printf "[ERROR] Fail \n" | |
exit 1 | |
fi | |
working-directory: ../theadamproject/security/us-east-1/base-tf-backend | |
- name: Clone Testing Reference Architecture repo | |
run: | | |
printf "[INFO] Cloning repo...\n" | |
git clone https://github.com/binbashar/le-tf-infra-aws.git ../theblairwitchproject | |
- name: Set Toolbox Image Tag for the cloned ref arch repo | |
run: | | |
echo "Updating Terraform Image Tag to ${{ matrix.toolbox-image-tag }}" | |
sed -E -i 's/^TERRAFORM_IMAGE_TAG=.+$/TERRAFORM_IMAGE_TAG=${{ matrix.toolbox-image-tag }}/' build.env | |
working-directory: ../theblairwitchproject | |
- name: Configure Testing Reference Architecture | |
run: | | |
echo "[INFO] Configure Reference Architecture\n" | |
cat << EOF > ./config/common.tfvars | |
project = "bb" | |
project_long = "binbash" | |
region_primary = "us-east-1" | |
region_secondary = "us-east-2" | |
vault_address = "vault_trash" | |
vault_token = "vault_trash" | |
sso_region = "us-east-1" | |
sso_enabled = false | |
sso_start_url = "sso_trash" | |
accounts = { | |
security = { | |
id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }} | |
} | |
} | |
EOF | |
echo "[INFO] Disable MFA\n" | |
sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env | |
working-directory: ../theblairwitchproject | |
- name: Test Testing Reference Architecture | |
env: | |
LEVERAGE_INTERACTIVE: 0 | |
run: | | |
printf "[INFO] Initializing layer\n" | |
leverage tf init --layers cli-test-layer,base-identities | |
printf "[INFO] Generating plan\n" | |
leverage tf plan --layers cli-test-layer | |
printf "[INFO] Applying changes\n" | |
leverage tf apply -auto-approve --layers cli-test-layer | |
printf "[INFO] Checking if all changes were applied\n" | |
leverage tf plan -detailed-exitcode --layers cli-test-layer | |
[[ $? -eq 2 ]] && printf "[WARN] There are still remaining changes\n" | |
[[ $? -eq 0 ]] && printf "[INFO] Apply checks out\n" | |
printf "[INFO] Destroying all generated created resources\n" | |
leverage tf destroy -auto-approve --layers cli-test-layer | |
working-directory: ../theblairwitchproject/apps-devstg/global |