-
-
Notifications
You must be signed in to change notification settings - Fork 2
221 lines (188 loc) · 7.82 KB
/
tests-integration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
name: Tests | Integration
on: [pull_request, workflow_dispatch]
jobs:
integration_tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: build_image
run: |
echo "[INFO] Building image"
make build-image
shell: bash
- name: run_integration_tests
run: |
echo "[INFO] Running integration tests"
make test-int
shell: bash
integration_tests_cli_refarch:
runs-on: ubuntu-latest
strategy:
max-parallel: 1
matrix:
python-version: ['3.9.15', '3.10.8', '3.11.8', '3.12.7']
toolbox-image-tag: ['1.3.5-0.2.0', '1.5.0-0.2.0', '1.6.0-0.2.0']
steps:
- name: Checkout base branch
uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}
- name: Install Poetry
run: |
echo "[INFO] Installing Poetry..."
curl -sSL https://install.python-poetry.org | POETRY_VERSION=1.8.2 python -
echo "[INFO] Configuring Poetry..."
poetry config virtualenvs.create false # This prevents poetry from creating a virtual environment
- name: Install dependencies using Poetry
run: |
echo "[INFO] Installing dependencies..."
export ENV POETRY_VIRTUALENVS_CREATE=false
export PATH="${PATH}:${HOME}/.poetry/bin"
poetry install --with=dev
- name: Build Leverage CLI
run: |
echo "[INFO] Building Leverage CLI"
echo "[INFO] Working with python version $(python --version)"
make build
pip install -e .
- name: Create directories
run: |
mkdir -p ../theadamproject
# These are later mounted in the container
mkdir ~/.ssh && touch ~/.gitconfig
- name: Project Init
run: |
printf "[INFO] Project Init\n"
leverage project init
if [[ -f project.yaml ]];
then
printf "[INFO] OK \n"
else
printf "[ERROR] Fail \n"
exit 1
fi
working-directory: ../theadamproject
- name: Set project file and create
run: |
printf "[INFO] Setting Project file\n"
sed 's/<project name>/the-adam-project/' -i project.yaml
sed 's/<short project name>/bb/' -i project.yaml
sed 's/<management email address>/bb@domainmgmt/' -i project.yaml
sed 's/<security email address>/bb@domainsec/' -i project.yaml
sed 's/<shared email address>/bb@domainshared/' -i project.yaml
sed 's/<user.name>/bbuser/' -i project.yaml
printf "[INFO] Creating Project"
leverage project create
printf "[INFO] Checking Project"
for i in config management security shared; do if [[ ! -d $i ]]; then echo '[ERROR] Fail' && exit 1; fi ;done
working-directory: ../theadamproject
- name: Set up credentials
run: |
printf "[INFO] Setting up credentials\n"
mkdir -p ~/.aws/bb
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile bb-deploymaster
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile bb-deploymaster
aws configure set region us-east-1 --profile bb-apps-devstg-devops
aws configure set output json --profile bb-apps-devstg-devops
aws configure set role_arn arn:aws:iam::${{ secrets.AWS_DEVSTG_ACCOUNT_ID }}:role/DeployMaster --profile bb-apps-devstg-devops
aws configure set source_profile bb-deploymaster --profile bb-apps-devstg-devops
cat << EOF > ~/.aws/credentials
[bb-deploymaster]
aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}
EOF
cp ~/.aws/credentials ~/.aws/bb/
cp ~/.aws/config ~/.aws/bb/
- name: Configure Reference Architecture
run: |
echo "[INFO] Configure Reference Architecture\n"
cat << EOF > ./config/common.tfvars
project = "bb"
project_long = "binbash"
region_primary = "us-east-1"
region_secondary = "us-east-2"
vault_address = "vault_trash"
vault_token = "vault_trash"
sso_region = "us-east-1"
sso_enabled = false
sso_start_url = "sso_trash"
accounts = {
security = {
id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }}
}
}
EOF
echo "[INFO] Disable MFA\n"
sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env
working-directory: ../theadamproject
- name: Test Terraform
env:
LEVERAGE_INTERACTIVE: 0
run: |
printf "[INFO] Testing terraform\n"
printf "[INFO] Initializing layer\n"
leverage tf init --skip-validation
working-directory: ../theadamproject/security/us-east-1/base-tf-backend
- name: Test AWS
run: |
printf "[INFO] Testing AWS\n"
printf "[INFO] Getting identity\n"
ID=$(leverage aws sts get-caller-identity --profile bb-apps-devstg-devops | grep Account | sed -E 's/^.*("Account.+")[0-9]{12}".*$/\1************"/')
if [[ "$ID" == "\"Account\": \"************\"" ]];
then
printf "[INFO] OK \n"
else
printf "[ERROR] Fail \n"
exit 1
fi
working-directory: ../theadamproject/security/us-east-1/base-tf-backend
- name: Clone Testing Reference Architecture repo
run: |
printf "[INFO] Cloning repo...\n"
git clone https://github.com/binbashar/le-tf-infra-aws.git ../theblairwitchproject
- name: Set Toolbox Image Tag for the cloned ref arch repo
run: |
echo "Updating Terraform Image Tag to ${{ matrix.toolbox-image-tag }}"
sed -E -i 's/^TERRAFORM_IMAGE_TAG=.+$/TERRAFORM_IMAGE_TAG=${{ matrix.toolbox-image-tag }}/' build.env
working-directory: ../theblairwitchproject
- name: Configure Testing Reference Architecture
run: |
echo "[INFO] Configure Reference Architecture\n"
cat << EOF > ./config/common.tfvars
project = "bb"
project_long = "binbash"
region_primary = "us-east-1"
region_secondary = "us-east-2"
vault_address = "vault_trash"
vault_token = "vault_trash"
sso_region = "us-east-1"
sso_enabled = false
sso_start_url = "sso_trash"
accounts = {
security = {
id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }}
}
}
EOF
echo "[INFO] Disable MFA\n"
sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env
working-directory: ../theblairwitchproject
- name: Test Testing Reference Architecture
env:
LEVERAGE_INTERACTIVE: 0
run: |
printf "[INFO] Initializing layer\n"
leverage tf init --layers cli-test-layer,base-identities
printf "[INFO] Generating plan\n"
leverage tf plan --layers cli-test-layer
printf "[INFO] Applying changes\n"
leverage tf apply -auto-approve --layers cli-test-layer
printf "[INFO] Checking if all changes were applied\n"
leverage tf plan -detailed-exitcode --layers cli-test-layer
[[ $? -eq 2 ]] && printf "[WARN] There are still remaining changes\n"
[[ $? -eq 0 ]] && printf "[INFO] Apply checks out\n"
printf "[INFO] Destroying all generated created resources\n"
leverage tf destroy -auto-approve --layers cli-test-layer
working-directory: ../theblairwitchproject/apps-devstg/global