Skip to content

skip: update autotest for secrets #131

skip: update autotest for secrets

skip: update autotest for secrets #131

Workflow file for this run

name: Terraform testing
on:
push:
branches:
- 'feature/policy_testing'
# Run this workflow manually from the Actions tab
# workflow_dispatch:
# inputs:
# resource_priority_list:
# type: string
# description: Priority list for resources (you can remove unnecessary resources during testing)
# default: 'efsdata.terraform_remote_state.common.outputs.sg_1_id'
# required: true
concurrency:
group: ${{ github.workflow }}
env:
TF_VAR_project_name: ${{ secrets.TF_VAR_project }}
TF_VAR_region: ${{ vars.AWS_REGION }}
TF_DATA_DIR: ${{ github.workspace }}/auto_policy_testing
CORE_TESTING_FOLDER: ${{ github.workspace }}
OUTPUT_DIR: ${{ github.workspace }}/auto_policy_testing/output
AWS_DEFAULT_REGION: ${{ vars.AWS_REGION }}
resource_priority_list: 'secrets'
RED: '\033[0;31m'
jobs:
terraform_test_policy_green_flights:
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-22.04
steps:
- name: Git clone the repository
uses: actions/checkout@v4
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CI_ASSUME_ROLE }}
role-session-name: ECC-AWS-RULEPACK_CI-GREEN
role-duration-seconds: 43200
aws-region: ${{ vars.AWS_REGION }}
- name: Install dependencies
shell: bash
working-directory: auto_policy_testing/scripts
run: |
pip install -r requirements.txt
sudo apt-get install -y oathtool
- name: terraform_test_policy_green_flights
shell: bash
working-directory: auto_policy_testing/scripts
run: |
python main.py \
--cloud AWS \
--infra_color green \
-l $resource_priority_list \
--base_dir $GITHUB_WORKSPACE \
--output_dir $OUTPUT_DIR \
--sa "github_ci_readonly_ecc-aws-rulepack"
echo -e "${RED}Failed policies:"
cat $OUTPUT_DIR/.failed
echo -e "${RED}Failed terraforms:"
cat $OUTPUT_DIR/.tf_failed
test -s $OUTPUT_DIR/.failed && exit 1
test -s $OUTPUT_DIR/.tf_failed && exit 1
exit 0
terraform_test_policy_red_flights:
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-22.04
steps:
- name: Git clone the repository
uses: actions/checkout@v4
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CI_ASSUME_ROLE }}
role-session-name: ECC-AWS-RULEPACK_CI-RED
aws-region: ${{ vars.AWS_REGION }}
role-duration-seconds: 43200
- name: Install dependencies
shell: bash
working-directory: auto_policy_testing/scripts
run: |
pip install -r requirements.txt
sudo apt-get install -y oathtool
- name: terraform_test_policy_red_flights
shell: bash
working-directory: auto_policy_testing/scripts
run: |
python main.py \
--cloud AWS \
--infra_color red \
-l $resource_priority_list \
--base_dir $GITHUB_WORKSPACE \
--output_dir $OUTPUT_DIR \
--sa "github_ci_readonly_ecc-aws-rulepack"
echo -e "${RED}Failed policies:"
cat $OUTPUT_DIR/.failed
echo -e "${RED}Failed terraforms:"
cat $OUTPUT_DIR/.tf_failed
test -s $OUTPUT_DIR/.failed && exit 1
test -s $OUTPUT_DIR/.tf_failed && exit 1
exit 0