Skip to content

Merge branch 'main' of github.com:navapbc/template-infra #1022

Merge branch 'main' of github.com:navapbc/template-infra

Merge branch 'main' of github.com:navapbc/template-infra #1022

name: Template CI Infra Checks
on:
push:
branches:
- main
pull_request:
paths:
- bin/**
- infra/**
- template-only-bin/**
- template-only-infra/**
- template-only-test/**
- .github/workflows/template-only-ci-infra.yml
- app/Dockerfile
workflow_dispatch:
# For now, only allow one workflow run at a time, since this provisions an OIDC
# provider for github actions and only one OIDC provider can exist at a time.
concurrency: platform-template-only-ci-infra
jobs:
lint:
name: Lint template scripts
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Shellcheck
run: make -f template-only.mak lint-template-scripts
test:
name: Infra Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.8.3
terraform_wrapper: false
- uses: actions/setup-go@v3
with:
go-version: ">=1.19.0"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: us-east-1
# Use access key credentials for the template infra test workflow
# instead of using GitHub OIDC because only one GitHub OIDC provider
# can be added to the Platform accoutn, and we want to create a
# GitHub OIDC provider as part of the template test.
# (see https://docs.aws.amazon.com/cli/latest/reference/iam/create-open-id-connect-provider.html)
#
# For this test, use PlatformTestUser20220726 credentials
aws-access-key-id: ${{ secrets.TESTER_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.TESTER_AWS_SECRET_ACCESS_KEY }}
- name: Run Terratest
run: make -f template-only.mak test
env:
# GitHub token needed for GitHub CLI which is used during tests to check GitHub Actions auth
GH_TOKEN: ${{ secrets.PLATFORM_TESTER_GITHUB_TOKEN }}