Skip to content

Terraform Cognito Test #767

Terraform Cognito Test

Terraform Cognito Test #767

name: Terraform Cognito Test
on:
# Run on PR configuration
push:
paths:
- deployments/cognito/terraform/**
- iaac/terraform/aws-infra/cognito/**
- iaac/terraform/aws-infra/subdomain/**
# TODO: Add relevant helm chart path
branches:
- main
# Run on schedule (every 4 hours)
schedule:
- cron: '0 0/4 * * *'
workflow_dispatch:
# Ensure that only a single workflow which deploy cognito related stack will be run at a time. TODO: enable parallel runs by creating separate hosted zones
concurrency: cognito
jobs:
build:
runs-on: ubuntu-latest
# environment enables protection rules (e.g. need approval to run the workflow)
environment: gh-actions-test
permissions:
# needed to interact with GitHub's OIDC Token endpoint
id-token: write
# needed to checkout repository
contents: read
env:
ROOT_DOMAIN_NAME: ${{ secrets.ROOT_HOSTED_ZONE_NAME }}
CLUSTER_REGION: ${{ github.event_name == 'schedule' && 'us-west-2' || secrets.AWS_REGION }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.PR_BUILD_ROLE }}
role-session-name: prrolesession-${{ github.run_id }}-${{ github.run_attempt }}
aws-region: ${{ secrets.AWS_REGION }}
role-duration-seconds: 14400
- name: Install Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.2.7
terraform_wrapper: false
- name: Install Python
uses: actions/setup-python@v4
with:
python-version: '3.8'
- name: Plan and apply terraform
run: |
cd tests/e2e
pip install -r requirements.txt
pytest tests/terraform/test_cognito.py -s -q --region $CLUSTER_REGION --root-domain-name $ROOT_DOMAIN_NAME
- name: Clean up terraform
if: failure()
# retry delete if flakiness present
run: |
cd deployments/cognito/terraform
make delete || make delete || make delete