-
Notifications
You must be signed in to change notification settings - Fork 30
212 lines (205 loc) · 7.48 KB
/
terraform-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
name: terraform-ci
on:
push:
branches:
- 'main'
- 'release/**'
pull_request:
branches:
- 'main'
- 'release/**'
env:
CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
HCP_CLIENT_ID: ${{ secrets.HCP_CLIENT_ID }}
HCP_CLIENT_SECRET: ${{ secrets.HCP_CLIENT_SECRET }}
permissions: {}
jobs:
action-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
- name: Lint workflow
uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint:latest
with:
# we need to ignore the SC2086 rule to pass unescaped $VARS to the terraform commands
args: -ignore SC2086
get-go-version:
runs-on: ubuntu-latest
needs:
- action-lint
defaults:
run:
working-directory: ./test/acceptance
outputs:
go-version: ${{ steps.get-go-version.outputs.go-version }}
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
- name: Determine Go version
id: get-go-version
# We use .go-version as our source of truth for current Go
# version, because "goenv" can react to it automatically.
run: |
echo "Building with Go $(cat .go-version)"
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
go-fmt-and-lint-acceptance:
runs-on: ubuntu-latest
needs:
- get-go-version
defaults:
run:
working-directory: ./test/acceptance
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
- name: Setup Go
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
cache-dependency-path: ./test/acceptance/go.sum
- name: Go CI lint
uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0
with:
args: "--verbose --enable gofmt"
only-new-issues: false
skip-pkg-cache: true
skip-build-cache: true
working-directory: ./test/acceptance
- name: Lint Consul retry
run: |
go install github.com/hashicorp/[email protected]
lint-consul-retry
terraform-fmt:
runs-on: ubuntu-latest
needs:
- action-lint
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.4.2
- name: Validate
run: terraform fmt -check -recursive .
acceptance:
name: ${{ matrix.name }}
runs-on: ubuntu-latest
env:
TEST_RESULTS: /tmp/test-results
GOTESTSUM_VERSION: 1.8.0
needs:
- get-go-version
- terraform-fmt
- go-fmt-and-lint-acceptance
defaults:
run:
working-directory: ./test/acceptance
strategy:
# We have a limit of 6 HCP Consul clusters.
# The following controls whether to enable HCP when testing release branches.
# HCP is always disabled for tests on PRs.
matrix:
name:
- acceptance-1.15-FARGATE-HCP
- acceptance-1.14-FARGATE-HCP
- acceptance-1.13-FARGATE
- acceptance-1.15-EC2
- acceptance-1.14-EC2
- acceptance-1.13-EC2-HCP
include:
- name: acceptance-1.15-FARGATE-HCP
consul-version: '1.15.10'
enable-hcp: true
launch-type: FARGATE
- name: acceptance-1.14-FARGATE-HCP
consul-version: '1.14.11'
enable-hcp: true
launch-type: FARGATE
- name: acceptance-1.13-FARGATE
consul-version: '1.13.9'
enable-hcp: false
launch-type: FARGATE
- name: acceptance-1.15-EC2
consul-version: '1.15.10'
enable-hcp: false
launch-type: EC2
- name: acceptance-1.14-EC2
consul-version: '1.14.11'
enable-hcp: false
launch-type: EC2
- name: acceptance-1.13-EC2-HCP
consul-version: '1.13.9'
enable-hcp: true
launch-type: EC2
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
- name: Setup Go
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
cache-dependency-path: ./test/acceptance/go.sum
- name: Install base apps
run: |
sudo apt-get install -y expect openssl jq
- name: Install gotestsum
run: |
curl -sSL "https://github.com/gotestyourself/gotestsum/releases/download/v${{ env.GOTESTSUM_VERSION }}/gotestsum_${{ env.GOTESTSUM_VERSION }}_linux_amd64.tar.gz" | \
tar -xz --overwrite -C /usr/local/bin gotestsum
- name: Install AWS CLI
run: |
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"
sudo dpkg -i session-manager-plugin.deb
aws --version
echo session-manager-plugin version "$(session-manager-plugin --version)"
- name: Install AWS ECS CLI
run: |
curl -sSL "https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-latest" -o /usr/local/bin/ecs-cli
chmod +x /usr/local/bin/ecs-cli
ecs-cli --version
- name: Assume AWS IAM Role
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 3600
- name: terraform init & apply
run: |
cd setup-terraform/
VARS="-var tags={\"build_url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID\"}"
VARS+=' -var launch_type=${{ matrix.launch-type }}'
VARS+=' -var consul_version=${{ matrix.consul-version }}'
case $GITHUB_REF_NAME in
main | release/*) VARS+=" -var enable_hcp=${{ matrix.enable-hcp }}";;
*) VARS+=" -var enable_hcp=false";;
esac
terraform init
terraform apply -auto-approve $VARS
- name: Acceptance tests
run: |
mkdir -p "$TEST_RESULTS"
cd tests/
gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" --format standard-verbose -- ./... -p 1 -timeout 1h -v -failfast
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: always()
with:
name: acceptance-test-results
path: ${{ env.TEST_RESULTS }}/gotestsum-report.xml
- name: terraform destroy
if: always()
run: |
cd setup-terraform/
VARS="-var tags={\"build_url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID\"}"
VARS+=' -var launch_type=${{ matrix.launch-type }}'
VARS+=' -var consul_version=${{ matrix.consul-version }}'
case $GITHUB_REF_NAME in
main | release/*) VARS+=" -var enable_hcp=${{ matrix.enable-hcp }}";;
*) VARS+=" -var enable_hcp=false";;
esac
terraform destroy -auto-approve $VARS