Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Parallelize QA jobs #347

Merged
merged 11 commits into from
Sep 19, 2023
Merged

Parallelize QA jobs #347

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
aae4959
Parallelize more jobs in "QA Checks" workflow
TylerHendrickson Sep 19, 2023
747d2b8
Configure Dependabot for github-actions updates
TylerHendrickson Sep 19, 2023
436f45c
Tweak: Remove unnecessary quotes in yaml
TylerHendrickson Sep 19, 2023
bfdf8d9
Temporarily change CI trigger for testing
TylerHendrickson Sep 19, 2023
d577613
Fix typo in build summary template
TylerHendrickson Sep 19, 2023
d1d1b13
Exclude path glob matching TF_PLUGIN_CACHE_DIR env var
TylerHendrickson Sep 19, 2023
1cb00b2
Allow "Deploy Production" workflow to update releases
TylerHendrickson Sep 19, 2023
1b673dd
Undo testing mod to CI trigger
TylerHendrickson Sep 19, 2023
a558c0e
Modifications to enable PR testing (will undo)
TylerHendrickson Sep 19, 2023
2911ccf
Apply egress blocks from audit
TylerHendrickson Sep 19, 2023
8dc2694
Remove temp workarounds for CI testing
TylerHendrickson Sep 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,11 @@ updates:
directory: /
schedule:
interval: daily
- package-ecosystem: "terraform"
directory: "/terraform"
- package-ecosystem: terraform
directory: /terraform
schedule:
interval: "daily"
interval: daily
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@ jobs:
run: |
REPORT_FILE=$(mktemp -t summary.md.XXXXX)
cat >> $REPORT_FILE << 'ENDOFREPORT'
## Build Lambdas Summary
## Build CLI Summary

<details>
<summary>Compiled Checksums (before packing)</summary>
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/deploy-production.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ jobs:
update_release:
name: Update release
runs-on: ubuntu-latest
permissions:
contents: write
needs:
- tf-apply
env:
Expand Down
140 changes: 132 additions & 8 deletions .github/workflows/qa.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,20 @@ permissions:
contents: read

jobs:
qa_go:
name: QA for Go
prepare-go-qa:
name: Prepare for Go QA
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
sum.golang.org:443
storage.googleapis.com:443
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
Expand All @@ -53,15 +51,141 @@ jobs:
run: task prebuild-lambda
- name: Check Formatting
run: test -z "$(go fmt ./...)" || echo "Formatting check failed."
- name: Test

go-test:
name: Run Go Tests
runs-on: ubuntu-latest
needs:
- prepare-go-qa
steps:
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
sum.golang.org:443
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
show-progress: 'false'
persist-credentials: 'false'
- name: Restore Taskfile cache
uses: actions/cache/restore@v3
with:
key: ${{ runner.os }}-qa-taskfile
path: |
./.task
./bin
./cover.out
./cover.html
- uses: actions/setup-go@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
go-version-file: go.mod
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Run tests
run: task test
- name: Vet

go-vet:
name: Vet Go Code
runs-on: ubuntu-latest
needs:
- prepare-go-qa
steps:
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
proxy.golang.org:443
sum.golang.org:443
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
show-progress: 'false'
persist-credentials: 'false'
- uses: actions/setup-go@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
go-version-file: go.mod
- name: Vet source code
run: go vet ./...
- name: Lint

go-lint:
name: Lint Go Code
runs-on: ubuntu-latest
needs:
- prepare-go-qa
steps:
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
proxy.golang.org:443
sum.golang.org:443
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
show-progress: 'false'
persist-credentials: 'false'
- uses: actions/setup-go@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
go-version-file: go.mod
- name: Lint with Staticcheck
uses: dominikh/[email protected]
with:
install-go: false
- name: Ensure all go binaries compile

go-build:
name: Ensure Go Builds
runs-on: ubuntu-latest
needs:
- prepare-go-qa
steps:
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
sum.golang.org:443
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
show-progress: 'false'
persist-credentials: 'false'
- name: Restore Taskfile cache
uses: actions/cache/restore@v3
with:
key: ${{ runner.os }}-qa-taskfile
path: |
./.task
./bin
./cover.out
./cover.html
- uses: actions/setup-go@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
go-version-file: go.mod
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Ensure all binaries can compile
run: task build build-cli

tflint:
Expand Down
2 changes: 0 additions & 2 deletions .github/workflows/terraform-plan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,6 @@ jobs:
TF_CLI_ARGS: "-no-color"
TF_IN_AUTOMATION: "true"
TF_INPUT: 0
TF_PLUGIN_CACHE_DIR: ~/.terraform.d/plugin-cache
concurrency:
group: ${{ inputs.concurrency-group }}
cancel-in-progress: false
Expand Down Expand Up @@ -205,7 +204,6 @@ jobs:
name: ${{ env.ARTIFACTS_KEY }}
path: |
${{ github.workspace }}/terraform
!${{ env.TF_PLUGIN_CACHE_DIR }}
!${{ github.workspace }}/terraform/.terraform
if-no-files-found: error
retention-days: ${{ inputs.artifacts-retention-days }}