Skip to content

Terraform Vanilla Test #764

Terraform Vanilla Test

Terraform Vanilla Test #764

name: Terraform Vanilla Test
on:
# Run on PR configuration
push:
paths:
- deployments/vanilla/terraform/**
- iaac/terraform/apps/**
- iaac/terraform/common/**
- iaac/terraform/utils/**
branches:
- main
# Run on schedule (every 4 hours)
schedule:
- cron: '0 0/4 * * *'
workflow_dispatch:
# Ensure that only a single workflow which deploy tf build related stack will be run at a time. TODO: enable parallel runs
concurrency: tf-build
jobs:
build:
runs-on: ubuntu-latest
# environment enables protection rules (e.g. need approval to run the workflow)
environment: gh-actions-test
permissions:
# needed to interact with GitHub's OIDC Token endpoint
id-token: write
# needed to checkout repository
contents: read
env:
CLUSTER_REGION: ${{ github.event_name == 'schedule' && 'us-west-2' || secrets.AWS_REGION }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.PR_BUILD_ROLE }}
role-session-name: prrolesession-${{ github.run_id }}-${{ github.run_attempt }}
aws-region: ${{ github.event_name == 'schedule' && 'us-west-2' || secrets.AWS_REGION }}
role-duration-seconds: 14400
- name: Install Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.2.7
terraform_wrapper: false
- name: Install Python
uses: actions/setup-python@v4
with:
python-version: '3.8'
- name: Plan and apply terraform
run: |
cd tests/e2e
pip install -r requirements.txt
pytest tests/terraform/test_vanilla.py -s -q --region $CLUSTER_REGION
- name: Clean up terraform
if: failure()
# retry delete if flakiness present
run: |
cd deployments/vanilla/terraform
make delete || make delete || make delete