Skip to content

add IAM policies to work against policy enforcement #9

add IAM policies to work against policy enforcement

add IAM policies to work against policy enforcement #9

name: Run Integration Tests
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
# “At 00:00 on Sunday.”
- cron: "0 0 * * 0"
workflow_dispatch:
inputs:
runner-os:
default: ubuntu-latest
type: choice
options:
- ubuntu-latest
jobs:
integration-test-job:
name: Run integration tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python 3.11
id: setup-python
uses: actions/setup-python@v2
with:
python-version: 3.11
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Set up Dependencies
run: |
pip install requests boto3 pytest
- name: Start LocalStack
uses: LocalStack/[email protected]
with:
image-tag: 'latest'
use-pro: 'true'
configuration: LS_LOG=trace
install-awslocal: 'true'
env:
LOCALSTACK_API_KEY: ${{ secrets.LOCALSTACK_API_KEY }}
- name: Deploy infrastructure
run: |
bash bin/deploy.sh
- name: Run Integration Tests
env:
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: test
AWS_SECRET_ACCESS_KEY: test
run: |
pytest tests/test_infra.py
- name: Run Outages Tests
env:
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: test
AWS_SECRET_ACCESS_KEY: test
run: |
pytest tests/test_outage.py
- name: Show localstack logs
if: always()
run: |
localstack logs
- name: Send a Slack notification
if: failure() || github.event_name != 'pull_request'
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
token: ${{ secrets.GITHUB_TOKEN }}
notification_title: "{workflow} has {status_message}"
message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>"
footer: "Linked Repo <{repo_url}|{repo}> | <{run_url}|View Workflow run>"
notify_when: "failure"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
- name: Generate a Diagnostic Report
if: failure()
run: |
curl -s localhost:4566/_localstack/diagnose | gzip -cf > diagnose.json.gz
- name: Upload the Diagnostic Report
if: failure()
uses: actions/upload-artifact@v3
with:
name: diagnose.json.gz
path: ./diagnose.json.gz