Terraform Cognito Test #760
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Terraform Cognito Test | |
on: | |
# Run on PR configuration | |
push: | |
paths: | |
- deployments/cognito/terraform/** | |
- iaac/terraform/aws-infra/cognito/** | |
- iaac/terraform/aws-infra/subdomain/** | |
# TODO: Add relevant helm chart path | |
branches: | |
- main | |
# Run on schedule (every 4 hours) | |
schedule: | |
- cron: '0 0/4 * * *' | |
workflow_dispatch: | |
# Ensure that only a single workflow which deploy cognito related stack will be run at a time. TODO: enable parallel runs by creating separate hosted zones | |
concurrency: cognito | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
# environment enables protection rules (e.g. need approval to run the workflow) | |
environment: gh-actions-test | |
permissions: | |
# needed to interact with GitHub's OIDC Token endpoint | |
id-token: write | |
# needed to checkout repository | |
contents: read | |
env: | |
ROOT_DOMAIN_NAME: ${{ secrets.ROOT_HOSTED_ZONE_NAME }} | |
CLUSTER_REGION: ${{ github.event_name == 'schedule' && 'us-west-2' || secrets.AWS_REGION }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials from Test account | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: ${{ secrets.PR_BUILD_ROLE }} | |
role-session-name: prrolesession-${{ github.run_id }}-${{ github.run_attempt }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
role-duration-seconds: 14400 | |
- name: Install Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.2.7 | |
terraform_wrapper: false | |
- name: Install Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.8' | |
- name: Plan and apply terraform | |
run: | | |
cd tests/e2e | |
pip install -r requirements.txt | |
pytest tests/terraform/test_cognito.py -s -q --region $CLUSTER_REGION --root-domain-name $ROOT_DOMAIN_NAME | |
- name: Clean up terraform | |
if: failure() | |
# retry delete if flakiness present | |
run: | | |
cd deployments/cognito/terraform | |
make delete || make delete || make delete |