Skip to content

Run AWS Spec Tests #151

Run AWS Spec Tests

Run AWS Spec Tests #151

Workflow file for this run

name: Run AWS Spec Tests
permissions:
contents: write
id-token: write
packages: write
on:
pull_request:
branches:
- main
push:
branches:
- main
workflow_call:
inputs:
test_type:
description: 'Type of test: terraform or cloudformation'
required: true
type: 'string'
code_sha:
description: 'SHA of the terraform or cloudformation code to checkout'
required: true
type: 'string'
secrets:
OBSERVE_CUSTOMER:
required: true
OBSERVE_TOKEN:
required: true
OBSERVE_DOMAIN:
required: false
AWS_ROLE_ARN:
required: true
workflow_dispatch:
inputs:
test_type:
description: 'Type of test: terraform or cloudformation'
required: true
type: 'string'
code_sha:
description: 'SHA of the terraform or cloudformation code to checkout'
required: true
type: 'string'
env:
USER: gha-${{ github.run_id }}
AWS_TEST_KITCHEN_REPO: aws-test-kitchen
jobs:
permission_check:
runs-on: ubuntu-latest
outputs:
can-write: ${{ steps.check.outputs.can-write }}
env:
OBSERVE_CUSTOMER: ${{ secrets.OBSERVE_CUSTOMER }}
steps:
- id: check
run: |
# If the OBSERVE_CUSTOMER secret is MIA we can't run tests
if [[ -z "$OBSERVE_CUSTOMER" ]]; then
echo "can-write=false" >> $GITHUB_OUTPUT
else
echo "can-write=true" >> $GITHUB_OUTPUT
fi
build:
runs-on: ubuntu-latest
outputs:
image_name: ${{ steps.set_output_image_name.outputs.image_name }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
repository: ${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}
submodules: true
- name: Login to GitHub Container Registry
if: ${{ inputs.test_type == '' }}
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
if: ${{ inputs.test_type == '' }}
uses: docker/setup-buildx-action@v2
- name: Metadata for Docker Image
id: docker_metadata
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}
tags: |
type=sha
type=ref,event=branch,priority=1001
type=raw,value=latest,enable={{is_default_branch}}
- name: Set IMAGE_NAME environment variable
id: set_output_image_name
run: |
if [[ "${{ inputs.test_type }}" != "" ]]; then
IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:main"
else
IMAGE_NAME=$(echo "${DOCKER_METADATA_OUTPUT_TAGS}" | head -n 1)
fi
echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_OUTPUT
- name: Build docker image
if: ${{ inputs.test_type == '' }}
uses: docker/build-push-action@v4
with:
context: .
load: false
push: false
tags: ${{ steps.docker_metadata.outputs.tags }}
labels: ${{ steps.docker_metadata.outputs.labels }}
cache-from: |
type=gha
ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:latest
ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:main
ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:${{ github.ref_name }}
cache-to: type=gha,mode=max
determine-provider:
runs-on: ubuntu-latest
outputs:
providers: ${{ steps.set-providers.outputs.providers }}
steps:
- id: set-providers
run: |
if [[ "${{ inputs.test_type }}" == "" ]]; then
echo "providers=[\"cloudformation\", \"terraform\"]" >> $GITHUB_ENV
echo "providers=[\"cloudformation\", \"terraform\"]" >> $GITHUB_OUTPUT
else
echo "providers=[\"${{ inputs.test_type }}\"]" >> $GITHUB_ENV
echo "providers=[\"${{ inputs.test_type }}\"]" >> $GITHUB_OUTPUT
fi
test:
runs-on: ubuntu-latest
needs: [permission_check, build, determine-provider]
if: needs.permission_check.outputs.can-write == 'true'
name: test ${{ matrix.provider }}
permissions:
contents: write
id-token: write
env:
OBSERVE_CUSTOMER: ${{ secrets.OBSERVE_CUSTOMER }}
OBSERVE_TOKEN: ${{ secrets.OBSERVE_TOKEN }}
OBSERVE_DOMAIN: ${{ secrets.OBSERVE_DOMAIN }}
IMAGE_NAME: ${{ needs.build.outputs.image_name }}
strategy:
matrix:
provider: ${{fromJson(needs.determine-provider.outputs.providers)}}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
repository: ${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}
submodules: true
fetch-depth: 0
- name: Checkout Terraform SHA
if: matrix.provider == 'terraform' && inputs.code_sha != ''
run: |
cd terraform-aws-collection
git fetch --all
git checkout ${{ inputs.code_sha }}
- name: Checkout CloudFormation SHA
if: matrix.provider == 'cloudformation' && inputs.code_sha != ''
run: |
cd cloudformation-aws-collection
git fetch --all
git checkout ${{ inputs.code_sha }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Metadata for Docker Image
id: docker_metadata
if: ${{ inputs.test_type == null }}
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}
tags: |
type=sha
type=ref,event=branch,priority=1001
type=raw,value=latest,enable={{is_default_branch}}
- name: Build docker image (from cache)
if: ${{ inputs.test_type == null }}
uses: docker/build-push-action@v4
with:
context: .
load: true
push: false
tags: ${{ steps.docker_metadata.outputs.tags }}
labels: ${{ steps.docker_metadata.outputs.labels }}
cache-from: |
type=gha
ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:latest
ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:main
ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:${{ github.ref_name }}
cache-to: type=gha,mode=max
- name: Pull Docker image
if: ${{ inputs.test_type != null }}
run: docker pull $IMAGE_NAME
- name: Setup AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: us-west-2
- name: Check AWS Quota
run: |
attempts=0
until make check_aws_quota; do
if [ $attempts -ge 10 ]; then
echo "Exceeded maximum retries for quota check."
exit 1
fi
echo "Failed to meet quota. Retrying in 2 minutes..."
sleep 120
attempts=$((attempts + 1))
done
- name: Setup Infra and Run spec tests
run: make docker/test
env:
PROVIDER: ${{ matrix.provider }}
- name: Teardown test infrastructure
if: always()
continue-on-error: true
run: make docker/clean
env:
PROVIDER: ${{ matrix.provider }}
push:
runs-on: ubuntu-latest
needs: [permission_check, build, test]
if: needs.permission_check.outputs.can-write == 'true' && github.ref == 'refs/heads/main' && github.repository == 'observeinc/aws-test-kitchen'
permissions:
contents: write
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
repository: ${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}
submodules: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Metadata for Docker Image
id: docker_metadata
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}
tags: |
type=sha
type=ref,event=branch,priority=1001
type=raw,value=latest,enable={{is_default_branch}}
- name: Push Docker images
if: success()
uses: docker/build-push-action@v4
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.docker_metadata.outputs.tags }}
labels: ${{ steps.docker_metadata.outputs.labels }}
cache-from: |
type=gha
ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:latest
ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:main
ghcr.io/${{ github.repository_owner }}/${{ env.AWS_TEST_KITCHEN_REPO }}:${{ github.ref_name }}
cache-to: type=gha,mode=max