Merge branch 'main' of github.com:navapbc/template-infra #1022
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Template CI Infra Checks | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
paths: | |
- bin/** | |
- infra/** | |
- template-only-bin/** | |
- template-only-infra/** | |
- template-only-test/** | |
- .github/workflows/template-only-ci-infra.yml | |
- app/Dockerfile | |
workflow_dispatch: | |
# For now, only allow one workflow run at a time, since this provisions an OIDC | |
# provider for github actions and only one OIDC provider can exist at a time. | |
concurrency: platform-template-only-ci-infra | |
jobs: | |
lint: | |
name: Lint template scripts | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Shellcheck | |
run: make -f template-only.mak lint-template-scripts | |
test: | |
name: Infra Tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.8.3 | |
terraform_wrapper: false | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ">=1.19.0" | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
aws-region: us-east-1 | |
# Use access key credentials for the template infra test workflow | |
# instead of using GitHub OIDC because only one GitHub OIDC provider | |
# can be added to the Platform accoutn, and we want to create a | |
# GitHub OIDC provider as part of the template test. | |
# (see https://docs.aws.amazon.com/cli/latest/reference/iam/create-open-id-connect-provider.html) | |
# | |
# For this test, use PlatformTestUser20220726 credentials | |
aws-access-key-id: ${{ secrets.TESTER_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.TESTER_AWS_SECRET_ACCESS_KEY }} | |
- name: Run Terratest | |
run: make -f template-only.mak test | |
env: | |
# GitHub token needed for GitHub CLI which is used during tests to check GitHub Actions auth | |
GH_TOKEN: ${{ secrets.PLATFORM_TESTER_GITHUB_TOKEN }} |