-
Notifications
You must be signed in to change notification settings - Fork 8
107 lines (103 loc) · 3.53 KB
/
tf_testing.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: Terraform testing
on:
push:
branches:
- 'feature/policy_testing'
# Run this workflow manually from the Actions tab
# workflow_dispatch:
# inputs:
# resource_priority_list:
# type: string
# description: Priority list for resources (you can remove unnecessary resources during testing)
# default: 'efs'
# required: true
concurrency:
group: ${{ github.workflow }}
env:
TF_VAR_project_name: ${{ secrets.TF_VAR_project }}
TF_VAR_region: ${{ vars.AWS_REGION }}
TF_DATA_DIR: ${{ github.workspace }}/auto_policy_testing
CORE_TESTING_FOLDER: ${{ github.workspace }}
OUTPUT_DIR: ${{ github.workspace }}/auto_policy_testing/output
AWS_DEFAULT_REGION: ${{ vars.AWS_REGION }}
resource_priority_list: 'directory'
RED: '\033[0;31m'
jobs:
terraform_test_policy_green_flights:
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-22.04
steps:
- name: Git clone the repository
uses: actions/checkout@v4
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CI_ASSUME_ROLE }}
role-session-name: ECC-AWS-RULEPACK_CI-GREEN
role-duration-seconds: 43200
aws-region: ${{ vars.AWS_REGION }}
- name: Install dependencies
shell: bash
working-directory: auto_policy_testing/scripts
run: |
pip install -r requirements.txt
sudo apt-get install -y oathtool
- name: terraform_test_policy_green_flights
shell: bash
working-directory: auto_policy_testing/scripts
run: |
python main.py \
--cloud AWS \
--infra_color green \
-l $resource_priority_list \
--base_dir $GITHUB_WORKSPACE \
--output_dir $OUTPUT_DIR \
--sa "github_ci_readonly_ecc-aws-rulepack"
echo -e "${RED}Failed policies:"
cat $OUTPUT_DIR/.failed
echo -e "${RED}Failed terraforms:"
cat $OUTPUT_DIR/.tf_failed
test -s $OUTPUT_DIR/.failed && exit 1
test -s $OUTPUT_DIR/.tf_failed && exit 1
exit 0
terraform_test_policy_red_flights:
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-22.04
steps:
- name: Git clone the repository
uses: actions/checkout@v4
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CI_ASSUME_ROLE }}
role-session-name: ECC-AWS-RULEPACK_CI-RED
aws-region: ${{ vars.AWS_REGION }}
role-duration-seconds: 43200
- name: Install dependencies
shell: bash
working-directory: auto_policy_testing/scripts
run: |
pip install -r requirements.txt
sudo apt-get install -y oathtool
- name: terraform_test_policy_red_flights
shell: bash
working-directory: auto_policy_testing/scripts
run: |
python main.py \
--cloud AWS \
--infra_color red \
-l $resource_priority_list \
--base_dir $GITHUB_WORKSPACE \
--output_dir $OUTPUT_DIR \
--sa "github_ci_readonly_ecc-aws-rulepack"
echo -e "${RED}Failed policies:"
cat $OUTPUT_DIR/.failed
echo -e "${RED}Failed terraforms:"
cat $OUTPUT_DIR/.tf_failed
test -s $OUTPUT_DIR/.failed && exit 1
test -s $OUTPUT_DIR/.tf_failed && exit 1
exit 0