From 86430af5c6207dae60aab6465963002f2f15261f Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 07:49:58 +0200 Subject: [PATCH 01/50] New feature terraform test for modules: feat: terraform test action. feat: matrix for test action. feat: test report action. feat: workflow for tf module testing. --- .github/workflows/terraform-ci-cd-default.yml | 39 ++- .github/workflows/terraform-module-ci.yaml | 168 +++++++++++ README.md | 12 +- create-test-report/action.yaml | 97 +++++++ create-tftest-matrix/action.yaml | 52 ++++ create-tftest-matrix/helpers.sh | 40 +++ terraform-test/action.yml | 261 ++++++++++++++++++ terraform-test/helpers.sh | 40 +++ terraform-test/helpers_additional.sh | 9 + 9 files changed, 701 insertions(+), 17 deletions(-) create mode 100644 .github/workflows/terraform-module-ci.yaml create mode 100644 create-test-report/action.yaml create mode 100644 create-tftest-matrix/action.yaml create mode 100755 create-tftest-matrix/helpers.sh create mode 100644 terraform-test/action.yml create mode 100755 terraform-test/helpers.sh create mode 100644 terraform-test/helpers_additional.sh diff --git a/.github/workflows/terraform-ci-cd-default.yml b/.github/workflows/terraform-ci-cd-default.yml index 9a29f2f..88a86de 100644 --- a/.github/workflows/terraform-ci-cd-default.yml +++ b/.github/workflows/terraform-ci-cd-default.yml @@ -187,7 +187,8 @@ jobs: uses: actions/checkout@v4 - name: "๐ŸŽฐ Create env matrix" id: create-matrix - uses: dsb-norge/github-actions-terraform/create-tf-vars-matrix@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-tf-vars-matrix@tf-test with: inputs-json: ${{ toJSON(inputs) }} @@ -210,7 +211,8 @@ jobs: uses: actions/checkout@v4 - name: "๐ŸŽฐ Export environment variables and secrets" - uses: dsb-norge/github-actions-terraform/export-env-vars@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/export-env-vars@tf-test with: extra-envs: ${{ toJSON(matrix.vars.extra-envs) }} extra-envs-from-secrets: ${{ toJSON(matrix.vars.extra-envs-from-secrets) }} @@ -225,12 +227,14 @@ jobs: - name: "๐Ÿ—„๏ธ Setup Terraform provider plugin cache" id: setup-terraform-cache - uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tf-test - name: "๐Ÿ“ฅ Setup TFLint" id: setup-tflint if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'lint') - uses: dsb-norge/github-actions-terraform/setup-tflint@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/setup-tflint@tf-test with: tflint-version: ${{ matrix.vars.tflint-version }} working-directory: ${{ matrix.vars.project-dir }} @@ -245,7 +249,8 @@ jobs: - name: โš™๏ธ Terraform Init id: init if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'init') - uses: dsb-norge/github-actions-terraform/terraform-init@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-init@tf-test with: working-directory: ${{ matrix.vars.project-dir }} additional-dirs-json: ${{ toJSON(matrix.vars.terraform-init-additional-dirs) }} @@ -255,7 +260,8 @@ jobs: - name: ๐Ÿ–Œ Terraform Format id: fmt if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'format') - uses: dsb-norge/github-actions-terraform/terraform-fmt@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-fmt@tf-test with: working-directory: ${{ matrix.vars.project-dir }} format-check-in-root-dir: ${{ matrix.vars.format-check-in-root-dir }} @@ -264,7 +270,8 @@ jobs: - name: โœ” Terraform Validate id: validate if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'validate') - uses: dsb-norge/github-actions-terraform/terraform-validate@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-validate@tf-test with: working-directory: ${{ matrix.vars.project-dir }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -272,7 +279,8 @@ jobs: - name: ๐Ÿงน Lint with TFLint id: lint if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'lint') - uses: dsb-norge/github-actions-terraform/lint-with-tflint@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/lint-with-tflint@tf-test with: working-directory: ${{ matrix.vars.project-dir }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -280,7 +288,8 @@ jobs: - name: ๐Ÿ“– Terraform Plan id: plan if: steps.init.outcome == 'success' && ( contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'plan') ) - uses: dsb-norge/github-actions-terraform/terraform-plan@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-plan@tf-test with: working-directory: ${{ matrix.vars.project-dir }} environment-name: ${{ matrix.vars.github-environment }} @@ -289,7 +298,8 @@ jobs: - name: ๐Ÿ“ Create validation summary id: create-validation-summary if: github.event_name == 'pull_request' && matrix.vars.add-pr-comment == 'true' - uses: dsb-norge/github-actions-terraform/create-validation-summary@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-test with: environment-name: ${{ matrix.vars.github-environment }} plan-txt-output-file: ${{ steps.plan.outputs.txt-output-file }} @@ -377,7 +387,8 @@ jobs: && github.event_name == 'pull_request' && github.base_ref == matrix.vars.caller-repo-default-branch ) ) - uses: dsb-norge/github-actions-terraform/terraform-apply@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-apply@tf-test with: working-directory: ${{ matrix.vars.project-dir }} terraform-plan-file: ${{ steps.plan.outputs.terraform-plan-file }} @@ -389,7 +400,8 @@ jobs: if: | steps.init.outcome == 'success' && contains(matrix.vars.goals, 'destroy-plan') - uses: dsb-norge/github-actions-terraform/terraform-plan@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-plan@tf-test with: working-directory: ${{ matrix.vars.project-dir }} environment-name: "${{ matrix.vars.github-environment }}-destroy" @@ -416,7 +428,8 @@ jobs: && github.event_name == 'pull_request' && github.base_ref == matrix.vars.caller-repo-default-branch ) ) - uses: dsb-norge/github-actions-terraform/terraform-apply@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-apply@tf-test with: working-directory: ${{ matrix.vars.project-dir }} terraform-plan-file: ${{ steps.destroy-plan.outputs.terraform-plan-file }} diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml new file mode 100644 index 0000000..89da737 --- /dev/null +++ b/.github/workflows/terraform-module-ci.yaml @@ -0,0 +1,168 @@ +name: "DSB Terraform Module CI" +# +# A requirement for this workflow to run is that the following 'permissions' are granted by the calling workflow: +# permissions: +# id-token: write # required for Azure password-less auth +# contents: read # required for actions/checkout +# pull-requests: write # required for commenting on PRs +# +# Additionally for the workflow to have access to secrets (required when using the input 'extra-envs-from-secrets-yml'), +# all secrets available to the calling workflow must be passe down to this one by: +# secrets: inherit +# +on: + workflow_call: + +jobs: + create-matrix: + name: Create job matrix + runs-on: [self-hosted, dsb-terraformer, linux, x64] + defaults: + run: + shell: bash + outputs: + all_tests: ${{ steps.create-matrix.outputs.all_tests }} + steps: + - name: "๐Ÿงน Clean workspace" + uses: dsb-norge/directory-recreate@v1 + - name: "โฌ‡ Checkout working branch" + uses: actions/checkout@v4 + - name: "๐ŸŽฐ Create env matrix" + id: create-matrix + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-tftest-matrix@tf-test + + terraform-module-ci: + name: "Terraform" + needs: create-matrix + runs-on: [self-hosted, dsb-terraformer, linux, x64] + strategy: + fail-fast: false # Allow jobs to continue even though one more env(s) fail + matrix: + files: ${{ fromJSON(needs.create-matrix.outputs.all_tests).files }} + defaults: + run: + shell: bash + steps: + - name: "โฌ‡ Checkout" + uses: actions/checkout@v4 + + - name: "๐Ÿ“ฅ Setup Terraform" + uses: hashicorp/setup-terraform@v4 + with: + terraform_version: 1.9.7 + terraform_wrapper: false + + - name: โš™๏ธ Terraform Init + id: init + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-init@tf-test + with: + working-directory: ${{ github.workspace }} + additional-dirs-json: null + continue-on-error: true # allow job to continue, step outcome is evaluated later + + - name: ๐Ÿ–Œ Terraform Format + id: fmt + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-fmt@tf-test + with: + working-directory: ${{ github.workspace }} + format-check-in-root-dir: true + continue-on-error: true # allow job to continue, step outcome is evaluated later + + - name: โœ” Terraform Validate + id: validate + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-validate@tf-test + with: + working-directory: ${{ github.workspace }} + continue-on-error: true # allow job to continue, step outcome is evaluated later + + - name: ๐Ÿงช Terraform Tes + id: test + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-test@tf-test + with: + working-directory: ${{ github.workspace }} + test-file: ${{ matrix.files }} + continue-on-error: true # allow job to continue, step outcome is evaluated later + + - name: ๐Ÿ“ Create test report + id: create-test-report + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-test-report@tf-test + with: + test-out-file: ${{ steps.test.outputs.test-out-file }} + status-init: ${{ steps.init.outcome }} + status-fmt: ${{ steps.fmt.outcome }} + status-validate: ${{ steps.validate.outcome }} + status-test: ${{ steps.test.outcome }} + test-summary: ${{ steps.test.outputs.test-summary }} + test-report: ${{ steps.test.outputs.test-report }} + continue-on-error: true # allow job to continue, step outcome is evaluated later + + - name: ๐Ÿท๏ธ Add validation summary as pull request comment + id: validation-summary-on-pr + if: steps.create-test-report.outcome == 'success' + uses: dsb-norge/github-actions/ci-cd/comment-on-pr@v2 + with: + pr-comment-text: ${{ steps.create-test-report.outputs.summary }} + delete-comments-starting-with: ${{ steps.create-test-report.outputs.prefix }} + continue-on-error: true # allow job to continue, step outcome is ignored + + # Terminate the job with 'failure' if any validation check did not succeed. + # If 'allow-failing-terraform-operations' is 'true' for the environment the job will not terminate. + + - name: "๐Ÿง Validation outcome: โš™๏ธ Init" + run: | + if [ ! "${{ steps.init.outcome }}" == 'success' ]; then + echo "::error title=Init failed::Outcome of terraform init step was '${{ steps.init.outcome }}'!" + exit 1 + fi + # do not terminate if configured to ignore, fromJSON ensures bool + continue-on-error: true + - name: "๐Ÿง Validation outcome: ๐Ÿ–Œ Format" + run: | + if [ ! "${{ steps.fmt.outcome }}" == 'success' ]; then + echo "::error title=Format check failed::Outcome of terraform fmt step was '${{ steps.fmt.outcome }}'!" + exit 1 + fi + # do not terminate if configured to ignore, fromJSON ensures bool + continue-on-error: true + - name: "๐Ÿง Validation outcome: โœ” Validate" + run: | + if [ ! "${{ steps.validate.outcome }}" == 'success' ]; then + echo "::error title=Validate failed::Outcome of terraform validate step was '${{ steps.validate.outcome }}' !" + exit 1 + fi + # do not terminate if configured to ignore, fromJSON ensures bool + continue-on-error: true + - name: "๐Ÿง Validation outcome: ๐Ÿงช Test" + run: | + if [ ! "${{ steps.test.outcome }}" == 'success' ]; then + echo "::error title=Test failed::Outcome of terraform test step was '${{ steps.test.outcome }}' for file '${{ matrix.files }}'!" + exit 1 + fi + # do not terminate if configured to ignore, fromJSON ensures bool + continue-on-error: true + + # create a global result indicating if workflow steps succeeded or not, + # handy for branch protection rules + conclusion: + if: always() + name: "Terraform conclusion" + needs: [create-matrix, terraform-module-ci] + runs-on: [self-hosted, dsb-terraformer, linux, x64] + defaults: + run: + shell: bash + steps: + - run: exit 1 + # for explanation of '>-' below see https://stackoverflow.com/a/67532120/4907315 + # job 'result': possible values are 'success', 'failure', 'cancelled', or 'skipped' + if: >- + ${{ + contains(needs.*.result, 'failure') + || contains(needs.*.result, 'cancelled') + }} diff --git a/README.md b/README.md index c9ad27b..a1e17ff 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,8 @@ on: jobs: tf: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-test secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -125,7 +126,8 @@ Example of how to add terraform CI/CD with default operations to a github repo c # snip, 'name:' and 'on:' fields removed jobs: tf: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-test secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -148,7 +150,8 @@ jobs: # you can achieve passwordless auth to Azure tf-1: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-test secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: id-token: write # required for Azure password-less auth @@ -175,7 +178,8 @@ jobs: # hardcoded versions and modify what steps are executed tf-2: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-test secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout diff --git a/create-test-report/action.yaml b/create-test-report/action.yaml new file mode 100644 index 0000000..a622eae --- /dev/null +++ b/create-test-report/action.yaml @@ -0,0 +1,97 @@ +name: "Create terraform test summary" +description: | + Create comment to be added to pull request with summary of validation results and test report. +author: "Artjoms Laivins" + +inputs: + test-out-file: + description: Path of file with test output in json format. + required: true + status-init: + description: Outcome of init step. + required: true + status-fmt: + description: Outcome of fmt step. + required: true + status-validate: + description: Outcome of validate step. + required: true + status-test: + description: Outcome of test step. + required: true + test-summary: + description: Summary of test results. + required: true + test-report: + description: Report of test results. + required: true + + +outputs: + prefix: + description: Test summary prefix string. + value: ${{ steps.create-test-summary.outputs.prefix }} + summary: + description: Test summary content string. + value: ${{ steps.create-test-summary.outputs.summary }} + +runs: + using: "composite" + steps: + - id: create-test-summary + shell: bash + env: + TEST_OUT_FILE: ${{ inputs.test-out-file }} + STATUS_INIT: ${{ inputs.status-init }} + STATUS_FMT: ${{ inputs.status-fmt }} + STATUS_VALIDATE: ${{ inputs.status-validate }} + STATUS_TEST: ${{ inputs.status-test }} + TEST_SUMMARY: ${{ inputs.test-summary }} + TEST_REPORT: ${{ inputs.test-report }} + run: | + # Build pull request comment + + set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; + + log-info "creating pull request comment ..." + COMMENT_PREFIX='### Terraform CI run summary for file: `${{ matrix.files }}`' + COMMENT_CONTENT="${COMMENT_PREFIX} + | | Step | Result | + |:---:|---|---| + | โš™๏ธ | Initialization | $([ "${STATUS_INIT}" == 'success' ] && echo "\`${STATUS_INIT}\`" || echo "${STATUS_INIT}") | + | ๐Ÿ–Œ | Format and Style | $([ "${STATUS_FMT}" == 'success' ] && echo "\`${STATUS_FMT}\`" || echo "${STATUS_FMT}") | + | โœ” | Validate | $([ "${STATUS_VALIDATE}" == 'success' ] && echo "\`${STATUS_VALIDATE}\`" || echo "${STATUS_VALIDATE}") | + | ๐Ÿ“– | Tests | $([ "${STATUS_TEST}" == 'success' ] && echo "\`${STATUS_TEST}\`" || echo "${STATUS_TEST}") |" + + # add plan output if exists + if [ -f "${TEST_REPORT}" ]; then + # Cap plan output at 65k characters + TEST_OUT=$(cat "${TEST_REPORT}" | tail -c 65000 ) + + # don't touch the indenting here + COMMENT_CONTENT="${COMMENT_CONTENT} + + Test summary: "${TEST_SUMMARY}" +
Show Test Report + + \`\`\`terraform + ${TEST_OUT} + \`\`\` +
" + else + # don't touch the indenting here + COMMENT_CONTENT="${COMMENT_CONTENT} + + Test report not available ๐Ÿคทโ€โ™€๏ธ" + fi + + COMMENT_CONTENT="${COMMENT_CONTENT} + + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${GITHUB_WORKFLOW}\`*" + + log-info "Final validation summary prefix: ${COMMENT_PREFIX}" + log-multiline "Final validation summary " "${COMMENT_CONTENT}" + + set-output 'prefix' "${COMMENT_PREFIX}" + set-multiline-output 'summary' "${COMMENT_CONTENT}" + diff --git a/create-tftest-matrix/action.yaml b/create-tftest-matrix/action.yaml new file mode 100644 index 0000000..2f9bd05 --- /dev/null +++ b/create-tftest-matrix/action.yaml @@ -0,0 +1,52 @@ +name: "Create common DSB terraform module testing matrix" +description: | + Create a matrix of jobs to test the DSB terraform modules +author: "Artjoms Laivins" + +outputs: + all_tests: + description: "JSON matrix of all tests to run" + value: ${{ steps.create-job-matrix.outputs.all_tests }} + +runs: + using: composite + steps: + - id: create-job-matrix + working-directory: ${{ github.workspace }} + shell: bash + run: | + # Create a matrix of jobs to test the DSB terraform modules + set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; + + declare -a unitTestFiles=() + declare -a integrationTestFiles=() + declare -a otherTestFiles=() + + readarray -t testFilePaths < <(find . -type f -name '*.tftest.hcl'| sed 's|^./||') + + for testFilePath in "${testFilePaths[@]}"; do + testFile=$(basename "$testFilePath") + allTestFiles+=("$testFile") + if [[ $testFile == "unit"* ]]; then + unitTestFiles+=("$testFilePath") + elif [[ $testFile == "integration"* ]]; then + integrationTestFiles+=("$testFilePath") + else + otherTestFiles+=("$testFilePath") + fi + done + + echo "Total number of tests: ${#allTestFiles[@]}" + echo "- unit tests: ${#unitTestFiles[@]}" + echo "- integration tests: ${#integrationTestFiles[@]}" + echo "- other tests: ${#otherTestFiles[@]}" + + json_string=$(printf '%s\n' "${allTestFiles[@]}" | jq -R . | jq -s .) + final_out=$(jq -n --argjson files "$json_string" '{files: $files}') + + log-multiline "JSON matrix output" "$final_out" + + # Ensure no extra whitespaces or new lines + final_out=$(echo "$final_out" | jq -c .) + + set-output "all_tests" "$final_out" \ No newline at end of file diff --git a/create-tftest-matrix/helpers.sh b/create-tftest-matrix/helpers.sh new file mode 100755 index 0000000..f8a0e47 --- /dev/null +++ b/create-tftest-matrix/helpers.sh @@ -0,0 +1,40 @@ +#!/bin/env bash + +# Helper consts +_action_name="$(basename "$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)")" + +# Helper functions +function _log { echo "${1}${_action_name}: ${2}"; } +function log-info { _log "" "${*}"; } +function log-debug { _log "DEBUG: " "${*}"; } +function log-warn { _log "WARN: " "${*}"; } +function log-error { _log "ERROR: " "${*}"; } +function start-group { echo "::group::${_action_name}: ${*}"; } +function end-group { echo "::endgroup::"; } +function log-multiline { + start-group "${1}" + echo "${2}" + end-group +} +function mask-value { echo "::add-mask::${*}"; } +function set-output { echo "${1}=${2}" >>$GITHUB_OUTPUT; } +function set-multiline-output { + local outputName outputValue delimiter + outputName="${1}" + outputValue="${2}" + delimiter=$(echo $RANDOM | md5sum | head -c 20) + echo "${outputName}<<\"${delimiter}\"" >>$GITHUB_OUTPUT + echo "${outputValue}" >>$GITHUB_OUTPUT + echo "\"${delimiter}\"" >>$GITHUB_OUTPUT +} +function ws-path { + local inPath + inPath="${1}" + realpath --relative-to="${GITHUB_WORKSPACE}" "${inPath}" +} + +log-info "'$(basename ${BASH_SOURCE[0]})' loaded." + +if [ -f "${GITHUB_ACTION_PATH}/helpers_additional.sh" ]; then + source "${GITHUB_ACTION_PATH}/helpers_additional.sh" +fi diff --git a/terraform-test/action.yml b/terraform-test/action.yml new file mode 100644 index 0000000..2b36064 --- /dev/null +++ b/terraform-test/action.yml @@ -0,0 +1,261 @@ +name: "Run terraform test" +description: | + Terraform test for modules. +author: "Artjoms Laivins" + +inputs: + test-file: + description: Test file to run. + required: true + +outputs: + exit-code: + description: The exit code from the terraform test command. + value: ${{ steps.run-tests.outputs.exit-code }} + summary: + description: Summary of the test run. + value: ${{ steps.run-tests.outputs.summary }} + report: + description: Report of the test run. + value: ${{ steps.run-tests.outputs.report }} + json: + description: JSON output of the test run. + value: ${{ steps.run-tests.outputs.json }} + + +runs: + using: "composite" + steps: + - id: check-prereqs + shell: bash + run: | + # Make sure terraform is available + + set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; + + start-group "check prerequisite: terraform binary" + if ! command -v terraform version &>/dev/null; then + log-error "terraform is not available on path, please install using the 'setup-terraform' action!" + exit 1 + else + log-info "using $(terraform version)" + fi + end-group + + - id: run-tests + working-directory: ${{ github.workspace }} + if: steps.init.outcome == 'success' + shell: bash + continue-on-error: true + env: + TF_IN_AUTOMATION: true + run: | + set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; + set -o allexport; source "${{ github.action_path }}/helpers_additional.sh"; set +o allexport; + + TEST_RESULT_JSON="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-results.json" + TEST_REPORT_FILE="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-report.txt" + #Outputs definition + set-multiline-output 'report' "${TEST_REPORT_FILE}" + set-multiline-output 'json' "${TEST_RESULT_JSON}" + + TEST_CMD="terraform test --filter=tests/${{ inputs.test-file}} -json" + + log-info "Running test command: ${TEST_CMD}" + start-group "'terraform test' " + #Run test + set -o pipefail + + set +e + ${TEST_CMD} | tee ${TEST_RESULT_JSON} + TEST_EXIT_CODE=${?} + + # remove last line that contains gha debug in when failed. + if [ "${TEST_EXIT_CODE}" != "0" ]; then + sed -i '$d' ${TEST_RESULT_JSON} + fi + log-multiline "Final JSON output" "$TEST_RESULT_JSON" + set-output "exit-code" "${TEST_EXIT_CODE}" + + + TEST_SUMMARY=$(jq '. | select(.type == "test_summary") | .["@message"]' ${TEST_RESULT_JSON}) + + log info "" + log-info "Test summary: ${TEST_SUMMARY}" + set-output "summary" "${TEST_SUMMARY}" + if [ "${TEST_EXIT_CODE}" == "0" ]; then + log-info 'All tests passed! ๐ŸŽ‰' + else + log-error "One or more tests failed, exit code: ${TEST_EXIT_CODE}" + TEST_RUN_RESULT="failure" + TEST_EXIT_CODE=-1 + fi + + # Creating report data. + declare -a TESTS_RUNNED=() + + readarray -t TESTS_RUNNED < <(jq '. | select(.type == "test_run") | select(.test_run.progress == "complete" ) | .test_run.run' ${TEST_RESULT_JSON}) + + echo "Test result for file: ${{ inputs.test-file }}" > ${TEST_REPORT_FILE} + echo "overall result: "${TEST_RUN_RESULT}"" >> ${TEST_REPORT_FILE} + echo "exit code: "${TEST_EXIT_CODE}"" >> ${TEST_REPORT_FILE} + echo " " >> ${TEST_REPORT_FILE} + + echo "output: " >> ${TEST_REPORT_FILE} + + for test in "${TESTS_RUNNED[@]}"; do + test=$(sed 's/\"//g' <<< "$test") + RUN_STATUS=$(queryStatus $test ${TEST_RESULT_JSON}) + #RUN_STATUS=$(jq --arg test_run "$test" '. | select(.type == "test_run") | select(.test_run.run == $test_run) | select(.test_run.progress == "complete") | .test_run.status' $TEST_RESULT_JSON) + if [ ${RUN_STATUS} == "\"error\"" ]; then + printf 'Test: "'%s'" -----> '%s' \u274c \n' "${test}" "${RUN_STATUS}" >> ${TEST_REPORT_FILE} + echo "See error details below: " >> ${TEST_REPORT_FILE} + echo " " >> ${TEST_REPORT_FILE} + FILE=$(jq '. | select(.type == "diagnostic")| .diagnostic.range["filename"]' $TEST_RESULT_JSON) + RESOURCE=$(jq '. | select(.type == "diagnostic")| .diagnostic["address"]' $TEST_RESULT_JSON) + MESSAGE=$(jq '. | select(.type == "diagnostic")| .diagnostic["summary"]' $TEST_RESULT_JSON) + echo " | File: ${FILE}" >> ${TEST_REPORT_FILE} + echo " | Resource: ${RESOURCE}" >> ${TEST_REPORT_FILE} + echo " | Message: ${MESSAGE}" >> ${TEST_REPORT_FILE} + echo " " >> ${TEST_REPORT_FILE} + elif + [ ${RUN_STATUS} == "\"skip\"" ]; then + printf 'Test: "'%s'" -----> '%s' \u26a0 \n' "${test}" "${RUN_STATUS}" >> ${TEST_REPORT_FILE} + else + printf 'Test: "'%s'" -----> '%s' \u2705 \n' "${test}" "${RUN_STATUS}" >> ${TEST_REPORT_FILE} + fi + done + + printSection "Test summary for file: ${TEST_SUMMARY}" >> ${TEST_REPORT_FILE} + + end-group + + exit ${TEST_EXIT_CODE} + - id: upload-test-results + uses: actions/upload-artifact@v4 + with: + name: test-results-output-${{ inputs.test-file }} + path: ${{ steps.run-tests.outputs.json }} + + - id: test-status + if: ( steps.run-tests.outcome == 'failure' || steps.run-tests.outcome == 'cancelled' ) + shell: bash + run: exit 1 + +#inputs: +# working-directory: +# description: From what directory to invoke terraform. +# required: true +# extra-global-args: +# description: | +# String with more args to pass to terraform as 'global options', those in front of the test command. +# required: false +# default: "" +# extra-test-args: +# description: | +# String with more args to pass to terraform as 'options' to the test command, these are the ones coming after the test command. +# required: false +# default: "" +# fail-on-failed-test: +# description: | +# Boolean as string, if 'true' the action will exit with a non-zero exit code. +# required: false +# default: "true" +# +# +#outputs: +# exitcode: +# description: | +# The exit code from the terraform test command. +# Note that 'terraform test' exits with exit code 2 upon success when changes are present, +# ref. https://www.terraform.io/docs/commands/plan.html#detailed-exitcode +# value: ${{ steps.plan.outputs.tf-plan-exitcode }} +# console-output-file: +# description: "The console output captured during execution of 'terraform plan'." +# value: ${{ steps.plan.outputs.tf-plan-console-output-file }} +# terraform-plan-file: +# description: "The plan file created by the 'terraform plan' command." +# value: ${{ steps.plan.outputs.tf-plan-tf-output-file }} +# txt-output-file: +# description: "The output of the terraform plan in plain txt format, ie. processed by the 'terraform show' command." +# value: ${{ steps.plan-show.outputs.tf-plan-txt-output-file }} + + +#runs: +# using: "composite" +# steps: +# - id: test +# shell: bash +# working-directory: ${{ inputs.working-directory }} +# env: +# TF_IN_AUTOMATION: "true" +# run: | +# # run terraform test +# +# set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; +# +# # PLAN_CONSOLE_OUT_FILE="${GITHUB_WORKSPACE}/tf-plan-console-output-${{ inputs.environment-name }}.txt" +# # PLAN_TF_OUT_FILE="${GITHUB_WORKSPACE}/tf-plan-${{ inputs.environment-name }}.plan" +# # #set-output 'tf-plan-console-output-file' "${PLAN_CONSOLE_OUT_FILE}" +# # set-output 'tf-plan-tf-output-file' "${PLAN_TF_OUT_FILE}" +# +# TEST_CMD="terraform ${{ inputs.extra-global-args }} test +# log-info "command string is '${TEST_CMD}'" +# start-group "'terraform plan' in '$(ws-path $(pwd))'" +# +# # Need this to properly catch terraform exit code +# set -o pipefail +# +# # Github runner gets confused by set commands, make sure 'continue-on-error: true' still applies after 'set -o pipefail' +# set +e +# ${PLAN_CMD} 2>&1 | tee ${PLAN_CONSOLE_OUT_FILE} +# PLAN_EXIT_CODE=${?} +# +# set-output 'tf-plan-exitcode' "${PLAN_EXIT_CODE}" +# +# # make sure '2' is consider 'success' +# # 'terraform plan' exits with exit code 2 upon success when changes are present +# # https://www.terraform.io/docs/commands/plan.html#detailed-exitcode +# if [ "${PLAN_EXIT_CODE}" == "0" ]; then +# log-info 'successfully planned Terraform configuration, no changes indicated.' +# elif [ "${PLAN_EXIT_CODE}" == "2" ]; then +# PLAN_EXIT_CODE=0 +# log-info 'successfully planned Terraform configuration, changes indicated!' +# else +# log-error "failed to plan Terraform configuration, exit code: ${PLAN_EXIT_CODE}" +# PLAN_EXIT_CODE=-1 +# fi +# end-group +# +# exit ${PLAN_EXIT_CODE} +# continue-on-error: true # allow action to continue, execution status is returned by the last step +# - id: plan-upload +# if: steps.plan.outcome != 'cancelled' && steps.plan.outcome != 'skipped' +# uses: actions/upload-artifact@v4 +# with: +# name: ${{ inputs.environment-name }}-terraform-plan-console-output +# path: ${{ steps.plan.outputs.tf-plan-console-output-file }} +# continue-on-error: true # allow action to continue, execution status is returned by the last step +# - id: plan-show +# if: steps.plan.outcome == 'success' +# shell: bash +# working-directory: ${{ inputs.working-directory }} +# run: | +# # create plan.txt file +# +# set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; +# +# start-group "output the plan as txt" +# PLAN_TF_OUT_FILE="${{ steps.plan.outputs.tf-plan-tf-output-file }}" +# PLAN_TXT_OUT_FILE="${GITHUB_WORKSPACE}/tf-plan-${{ inputs.environment-name }}.txt" +# set-output 'tf-plan-txt-output-file' "${PLAN_TXT_OUT_FILE}" +# terraform show -no-color ${PLAN_TF_OUT_FILE} 2>&1 | tee ${PLAN_TXT_OUT_FILE} +# end-group +# continue-on-error: true # allow action to continue, execution status is returned by the last step +# - id: plan-status +# if: | +# inputs.fail-on-failed-plan == 'true' +# && ( steps.plan.outcome == 'failure' || steps.plan.outcome == 'cancelled' ) +# shell: bash +# run: exit 1 +# \ No newline at end of file diff --git a/terraform-test/helpers.sh b/terraform-test/helpers.sh new file mode 100755 index 0000000..f8a0e47 --- /dev/null +++ b/terraform-test/helpers.sh @@ -0,0 +1,40 @@ +#!/bin/env bash + +# Helper consts +_action_name="$(basename "$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)")" + +# Helper functions +function _log { echo "${1}${_action_name}: ${2}"; } +function log-info { _log "" "${*}"; } +function log-debug { _log "DEBUG: " "${*}"; } +function log-warn { _log "WARN: " "${*}"; } +function log-error { _log "ERROR: " "${*}"; } +function start-group { echo "::group::${_action_name}: ${*}"; } +function end-group { echo "::endgroup::"; } +function log-multiline { + start-group "${1}" + echo "${2}" + end-group +} +function mask-value { echo "::add-mask::${*}"; } +function set-output { echo "${1}=${2}" >>$GITHUB_OUTPUT; } +function set-multiline-output { + local outputName outputValue delimiter + outputName="${1}" + outputValue="${2}" + delimiter=$(echo $RANDOM | md5sum | head -c 20) + echo "${outputName}<<\"${delimiter}\"" >>$GITHUB_OUTPUT + echo "${outputValue}" >>$GITHUB_OUTPUT + echo "\"${delimiter}\"" >>$GITHUB_OUTPUT +} +function ws-path { + local inPath + inPath="${1}" + realpath --relative-to="${GITHUB_WORKSPACE}" "${inPath}" +} + +log-info "'$(basename ${BASH_SOURCE[0]})' loaded." + +if [ -f "${GITHUB_ACTION_PATH}/helpers_additional.sh" ]; then + source "${GITHUB_ACTION_PATH}/helpers_additional.sh" +fi diff --git a/terraform-test/helpers_additional.sh b/terraform-test/helpers_additional.sh new file mode 100644 index 0000000..5f7736d --- /dev/null +++ b/terraform-test/helpers_additional.sh @@ -0,0 +1,9 @@ +#!/bin/env bash + +function getSeparator { printf '=%.0s' {1..100}; } +function printSection { echo -e "\n\n${1}\n$(getSeparator)\n"; } +function queryStatus { + local test_run=$1 + local json_file=$2 + jq --arg test_run "$test_run" '. | select(.type == "test_run") | select(.test_run.run == $test_run) | select(.test_run.progress == "complete") | .test_run.status' ${json_file} +} \ No newline at end of file From 645e2c50bfc20f05607573d95fd20e4d59028716 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 08:05:40 +0200 Subject: [PATCH 02/50] fix: wrong action version --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 89da737..8683983 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -48,7 +48,7 @@ jobs: uses: actions/checkout@v4 - name: "๐Ÿ“ฅ Setup Terraform" - uses: hashicorp/setup-terraform@v4 + uses: hashicorp/setup-terraform@v3 with: terraform_version: 1.9.7 terraform_wrapper: false From 353db7ee2fc43c2787ff28313f9baaeee38bb9c9 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 08:20:59 +0200 Subject: [PATCH 03/50] feat: add icon to report depending on status. refactor: change some icons. fix: typo --- .github/workflows/terraform-module-ci.yaml | 3 +- create-test-report/action.yaml | 15 ++- terraform-test/action.yml | 123 +-------------------- 3 files changed, 16 insertions(+), 125 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 8683983..fc81880 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -79,12 +79,11 @@ jobs: working-directory: ${{ github.workspace }} continue-on-error: true # allow job to continue, step outcome is evaluated later - - name: ๐Ÿงช Terraform Tes + - name: ๐Ÿงช Terraform Test id: test # TODO revert to @v0 uses: dsb-norge/github-actions-terraform/terraform-test@tf-test with: - working-directory: ${{ github.workspace }} test-file: ${{ matrix.files }} continue-on-error: true # allow job to continue, step outcome is evaluated later diff --git a/create-test-report/action.yaml b/create-test-report/action.yaml index a622eae..3e68360 100644 --- a/create-test-report/action.yaml +++ b/create-test-report/action.yaml @@ -61,17 +61,24 @@ runs: | โš™๏ธ | Initialization | $([ "${STATUS_INIT}" == 'success' ] && echo "\`${STATUS_INIT}\`" || echo "${STATUS_INIT}") | | ๐Ÿ–Œ | Format and Style | $([ "${STATUS_FMT}" == 'success' ] && echo "\`${STATUS_FMT}\`" || echo "${STATUS_FMT}") | | โœ” | Validate | $([ "${STATUS_VALIDATE}" == 'success' ] && echo "\`${STATUS_VALIDATE}\`" || echo "${STATUS_VALIDATE}") | - | ๐Ÿ“– | Tests | $([ "${STATUS_TEST}" == 'success' ] && echo "\`${STATUS_TEST}\`" || echo "${STATUS_TEST}") |" + | ๐Ÿงช | Tests | $([ "${STATUS_TEST}" == 'success' ] && echo "\`${STATUS_TEST}\`" || echo "${STATUS_TEST}") |" - # add plan output if exists + # add icon depending on the status in test_summary contains word "success" or "failure" + if [[ "${TEST_SUMMARY}" == *"Success!"* ]]; then + COMMENT_SUMMARY="โœ… ${TEST_SUMMARY}" + else + COMMENT_SUMMARY="โŒ ${TEST_SUMMARY}" + fi + + # add test output if exists if [ -f "${TEST_REPORT}" ]; then - # Cap plan output at 65k characters + # Cap test output at 65k characters TEST_OUT=$(cat "${TEST_REPORT}" | tail -c 65000 ) # don't touch the indenting here COMMENT_CONTENT="${COMMENT_CONTENT} - Test summary: "${TEST_SUMMARY}" + Test summary: "${COMMENT_SUMMARY}"
Show Test Report \`\`\`terraform diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 2b36064..55877cb 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -83,8 +83,10 @@ runs: log info "" log-info "Test summary: ${TEST_SUMMARY}" set-output "summary" "${TEST_SUMMARY}" + if [ "${TEST_EXIT_CODE}" == "0" ]; then log-info 'All tests passed! ๐ŸŽ‰' + TEST_RUN_RESULT="success" else log-error "One or more tests failed, exit code: ${TEST_EXIT_CODE}" TEST_RUN_RESULT="failure" @@ -131,6 +133,7 @@ runs: end-group exit ${TEST_EXIT_CODE} + - id: upload-test-results uses: actions/upload-artifact@v4 with: @@ -140,122 +143,4 @@ runs: - id: test-status if: ( steps.run-tests.outcome == 'failure' || steps.run-tests.outcome == 'cancelled' ) shell: bash - run: exit 1 - -#inputs: -# working-directory: -# description: From what directory to invoke terraform. -# required: true -# extra-global-args: -# description: | -# String with more args to pass to terraform as 'global options', those in front of the test command. -# required: false -# default: "" -# extra-test-args: -# description: | -# String with more args to pass to terraform as 'options' to the test command, these are the ones coming after the test command. -# required: false -# default: "" -# fail-on-failed-test: -# description: | -# Boolean as string, if 'true' the action will exit with a non-zero exit code. -# required: false -# default: "true" -# -# -#outputs: -# exitcode: -# description: | -# The exit code from the terraform test command. -# Note that 'terraform test' exits with exit code 2 upon success when changes are present, -# ref. https://www.terraform.io/docs/commands/plan.html#detailed-exitcode -# value: ${{ steps.plan.outputs.tf-plan-exitcode }} -# console-output-file: -# description: "The console output captured during execution of 'terraform plan'." -# value: ${{ steps.plan.outputs.tf-plan-console-output-file }} -# terraform-plan-file: -# description: "The plan file created by the 'terraform plan' command." -# value: ${{ steps.plan.outputs.tf-plan-tf-output-file }} -# txt-output-file: -# description: "The output of the terraform plan in plain txt format, ie. processed by the 'terraform show' command." -# value: ${{ steps.plan-show.outputs.tf-plan-txt-output-file }} - - -#runs: -# using: "composite" -# steps: -# - id: test -# shell: bash -# working-directory: ${{ inputs.working-directory }} -# env: -# TF_IN_AUTOMATION: "true" -# run: | -# # run terraform test -# -# set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; -# -# # PLAN_CONSOLE_OUT_FILE="${GITHUB_WORKSPACE}/tf-plan-console-output-${{ inputs.environment-name }}.txt" -# # PLAN_TF_OUT_FILE="${GITHUB_WORKSPACE}/tf-plan-${{ inputs.environment-name }}.plan" -# # #set-output 'tf-plan-console-output-file' "${PLAN_CONSOLE_OUT_FILE}" -# # set-output 'tf-plan-tf-output-file' "${PLAN_TF_OUT_FILE}" -# -# TEST_CMD="terraform ${{ inputs.extra-global-args }} test -# log-info "command string is '${TEST_CMD}'" -# start-group "'terraform plan' in '$(ws-path $(pwd))'" -# -# # Need this to properly catch terraform exit code -# set -o pipefail -# -# # Github runner gets confused by set commands, make sure 'continue-on-error: true' still applies after 'set -o pipefail' -# set +e -# ${PLAN_CMD} 2>&1 | tee ${PLAN_CONSOLE_OUT_FILE} -# PLAN_EXIT_CODE=${?} -# -# set-output 'tf-plan-exitcode' "${PLAN_EXIT_CODE}" -# -# # make sure '2' is consider 'success' -# # 'terraform plan' exits with exit code 2 upon success when changes are present -# # https://www.terraform.io/docs/commands/plan.html#detailed-exitcode -# if [ "${PLAN_EXIT_CODE}" == "0" ]; then -# log-info 'successfully planned Terraform configuration, no changes indicated.' -# elif [ "${PLAN_EXIT_CODE}" == "2" ]; then -# PLAN_EXIT_CODE=0 -# log-info 'successfully planned Terraform configuration, changes indicated!' -# else -# log-error "failed to plan Terraform configuration, exit code: ${PLAN_EXIT_CODE}" -# PLAN_EXIT_CODE=-1 -# fi -# end-group -# -# exit ${PLAN_EXIT_CODE} -# continue-on-error: true # allow action to continue, execution status is returned by the last step -# - id: plan-upload -# if: steps.plan.outcome != 'cancelled' && steps.plan.outcome != 'skipped' -# uses: actions/upload-artifact@v4 -# with: -# name: ${{ inputs.environment-name }}-terraform-plan-console-output -# path: ${{ steps.plan.outputs.tf-plan-console-output-file }} -# continue-on-error: true # allow action to continue, execution status is returned by the last step -# - id: plan-show -# if: steps.plan.outcome == 'success' -# shell: bash -# working-directory: ${{ inputs.working-directory }} -# run: | -# # create plan.txt file -# -# set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; -# -# start-group "output the plan as txt" -# PLAN_TF_OUT_FILE="${{ steps.plan.outputs.tf-plan-tf-output-file }}" -# PLAN_TXT_OUT_FILE="${GITHUB_WORKSPACE}/tf-plan-${{ inputs.environment-name }}.txt" -# set-output 'tf-plan-txt-output-file' "${PLAN_TXT_OUT_FILE}" -# terraform show -no-color ${PLAN_TF_OUT_FILE} 2>&1 | tee ${PLAN_TXT_OUT_FILE} -# end-group -# continue-on-error: true # allow action to continue, execution status is returned by the last step -# - id: plan-status -# if: | -# inputs.fail-on-failed-plan == 'true' -# && ( steps.plan.outcome == 'failure' || steps.plan.outcome == 'cancelled' ) -# shell: bash -# run: exit 1 -# \ No newline at end of file + run: exit 1 \ No newline at end of file From ad02af90f67e19a498e5ec40c2fa26d240830dd3 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 08:32:10 +0200 Subject: [PATCH 04/50] fix: remove wrong if condition --- terraform-test/action.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 55877cb..23f509d 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -44,7 +44,6 @@ runs: - id: run-tests working-directory: ${{ github.workspace }} - if: steps.init.outcome == 'success' shell: bash continue-on-error: true env: From 742c5bc55560a9c01107937a69cbb807de878712 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 08:48:04 +0200 Subject: [PATCH 05/50] chore: add debug --- terraform-test/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 23f509d..17ee1e9 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -77,10 +77,10 @@ runs: set-output "exit-code" "${TEST_EXIT_CODE}" - TEST_SUMMARY=$(jq '. | select(.type == "test_summary") | .["@message"]' ${TEST_RESULT_JSON}) + TEST_SUMMARY=$(jq '. | select(.type == "test_summary") | .["@message"]' "${TEST_RESULT_JSON}") - log info "" - log-info "Test summary: ${TEST_SUMMARY}" + echo "DEBUG: TEST_SUMMARY: ${TEST_SUMMARY}" + log-info "Test summary: "${TEST_SUMMARY}"" set-output "summary" "${TEST_SUMMARY}" if [ "${TEST_EXIT_CODE}" == "0" ]; then From 4a6cc8b24e0c3a9644428c7e432f51441462a389 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 08:52:34 +0200 Subject: [PATCH 06/50] chore: debug --- terraform-test/action.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 17ee1e9..6f22fdd 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -55,8 +55,6 @@ runs: TEST_RESULT_JSON="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-results.json" TEST_REPORT_FILE="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-report.txt" #Outputs definition - set-multiline-output 'report' "${TEST_REPORT_FILE}" - set-multiline-output 'json' "${TEST_RESULT_JSON}" TEST_CMD="terraform test --filter=tests/${{ inputs.test-file}} -json" @@ -75,6 +73,7 @@ runs: fi log-multiline "Final JSON output" "$TEST_RESULT_JSON" set-output "exit-code" "${TEST_EXIT_CODE}" + set-multiline-output 'json' "${TEST_RESULT_JSON}" TEST_SUMMARY=$(jq '. | select(.type == "test_summary") | .["@message"]' "${TEST_RESULT_JSON}") @@ -128,6 +127,8 @@ runs: done printSection "Test summary for file: ${TEST_SUMMARY}" >> ${TEST_REPORT_FILE} + + set-multiline-output 'report' "${TEST_REPORT_FILE}" end-group From 125023ab17e2031a798b5820a0c9219b41f5fd8a Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 09:08:35 +0200 Subject: [PATCH 07/50] feat: add azure login --- terraform-test/action.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 6f22fdd..8eb7133 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -42,6 +42,13 @@ runs: fi end-group + - id: azure-login + uses: azure/login@v2 + with: + tenant-id: ${{ env.ARM_TENANT_ID }} + subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }} + client-id: ${{ env.ARM_CLIENT_ID }} + - id: run-tests working-directory: ${{ github.workspace }} shell: bash @@ -54,8 +61,6 @@ runs: TEST_RESULT_JSON="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-results.json" TEST_REPORT_FILE="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-report.txt" - #Outputs definition - TEST_CMD="terraform test --filter=tests/${{ inputs.test-file}} -json" log-info "Running test command: ${TEST_CMD}" @@ -76,7 +81,7 @@ runs: set-multiline-output 'json' "${TEST_RESULT_JSON}" - TEST_SUMMARY=$(jq '. | select(.type == "test_summary") | .["@message"]' "${TEST_RESULT_JSON}") + TEST_SUMMARY=$(jq '. | select(.type == "test_summary") | .["@message"]' ${TEST_RESULT_JSON}) echo "DEBUG: TEST_SUMMARY: ${TEST_SUMMARY}" log-info "Test summary: "${TEST_SUMMARY}"" From aeb02b9803a92d7661a2860d05d9d399bdd6c682 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 09:24:33 +0200 Subject: [PATCH 08/50] chore: azure login variables --- .github/workflows/terraform-module-ci.yaml | 16 ++++++++++++++++ terraform-test/action.yml | 15 ++++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index fc81880..6002fc9 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -12,6 +12,19 @@ name: "DSB Terraform Module CI" # on: workflow_call: + inputs: + tenant-id: + description: "Azure tenant ID." + type: string + required: true + subscription-id: + description: "Azure subscription ID." + type: string + required: true + client-id: + description: "Azure client ID." + type: string + required: true jobs: create-matrix: @@ -85,6 +98,9 @@ jobs: uses: dsb-norge/github-actions-terraform/terraform-test@tf-test with: test-file: ${{ matrix.files }} + tenant-id: ${{ inputs.tenant-id }} + subscription-id: ${{ inputs.subscription-id }} + client-id: ${{ inputs.client-id }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿ“ Create test report diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 8eb7133..ad0d0a3 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -7,6 +7,15 @@ inputs: test-file: description: Test file to run. required: true + tenant-id: + description: Azure tenant ID. + required: true + subscription-id: + description: Azure subscription ID. + required: true + client-id: + description: Azure client ID. + required: true outputs: exit-code: @@ -45,9 +54,9 @@ runs: - id: azure-login uses: azure/login@v2 with: - tenant-id: ${{ env.ARM_TENANT_ID }} - subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }} - client-id: ${{ env.ARM_CLIENT_ID }} + tenant-id: ${{ inputs.tenant-id }} + subscription-id: ${{ inputs.subscription-id }} + client-id: ${{ inputs.client-id }} - id: run-tests working-directory: ${{ github.workspace }} From 7d52d1ffe93dc569e711d6fb2f1bdd1725c77e66 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 09:31:56 +0200 Subject: [PATCH 09/50] fix: az login --- .github/workflows/terraform-module-ci.yaml | 16 ---------------- terraform-test/action.yml | 15 +++------------ 2 files changed, 3 insertions(+), 28 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 6002fc9..fc81880 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -12,19 +12,6 @@ name: "DSB Terraform Module CI" # on: workflow_call: - inputs: - tenant-id: - description: "Azure tenant ID." - type: string - required: true - subscription-id: - description: "Azure subscription ID." - type: string - required: true - client-id: - description: "Azure client ID." - type: string - required: true jobs: create-matrix: @@ -98,9 +85,6 @@ jobs: uses: dsb-norge/github-actions-terraform/terraform-test@tf-test with: test-file: ${{ matrix.files }} - tenant-id: ${{ inputs.tenant-id }} - subscription-id: ${{ inputs.subscription-id }} - client-id: ${{ inputs.client-id }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿ“ Create test report diff --git a/terraform-test/action.yml b/terraform-test/action.yml index ad0d0a3..00bae6f 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -7,15 +7,6 @@ inputs: test-file: description: Test file to run. required: true - tenant-id: - description: Azure tenant ID. - required: true - subscription-id: - description: Azure subscription ID. - required: true - client-id: - description: Azure client ID. - required: true outputs: exit-code: @@ -54,9 +45,9 @@ runs: - id: azure-login uses: azure/login@v2 with: - tenant-id: ${{ inputs.tenant-id }} - subscription-id: ${{ inputs.subscription-id }} - client-id: ${{ inputs.client-id }} + tenant-id: ${{ env.ARM_TENANT_ID }} + subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }} + client-id: ${{ env.ARM_CLIENT_ID }} - id: run-tests working-directory: ${{ github.workspace }} From 44268200837cb3d57d249eb1133d41d10acfaab7 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 10:06:58 +0200 Subject: [PATCH 10/50] chore: testing with env --- .github/workflows/terraform-module-ci.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index fc81880..937b051 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -13,6 +13,14 @@ name: "DSB Terraform Module CI" on: workflow_call: +env: + ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_IDย }} + ARM_SUBSCRIPTION_ID: ${{ secrets.REPO_AZURE_SUBSCRIPTION_IDย }} + ARM_CLIENT_ID: ${{ secrets.REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL }} + ARM_USE_OIDC: true + ARM_USE_AZUREAD: true + TF_IN_AUTOMATION: true + jobs: create-matrix: name: Create job matrix From 6cecea9b8b170d3c341006fb6b650d6e25e22145 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 10:14:31 +0200 Subject: [PATCH 11/50] fix: add helpers to create-test-report action --- create-test-report/helpers.sh | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100755 create-test-report/helpers.sh diff --git a/create-test-report/helpers.sh b/create-test-report/helpers.sh new file mode 100755 index 0000000..f8a0e47 --- /dev/null +++ b/create-test-report/helpers.sh @@ -0,0 +1,40 @@ +#!/bin/env bash + +# Helper consts +_action_name="$(basename "$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)")" + +# Helper functions +function _log { echo "${1}${_action_name}: ${2}"; } +function log-info { _log "" "${*}"; } +function log-debug { _log "DEBUG: " "${*}"; } +function log-warn { _log "WARN: " "${*}"; } +function log-error { _log "ERROR: " "${*}"; } +function start-group { echo "::group::${_action_name}: ${*}"; } +function end-group { echo "::endgroup::"; } +function log-multiline { + start-group "${1}" + echo "${2}" + end-group +} +function mask-value { echo "::add-mask::${*}"; } +function set-output { echo "${1}=${2}" >>$GITHUB_OUTPUT; } +function set-multiline-output { + local outputName outputValue delimiter + outputName="${1}" + outputValue="${2}" + delimiter=$(echo $RANDOM | md5sum | head -c 20) + echo "${outputName}<<\"${delimiter}\"" >>$GITHUB_OUTPUT + echo "${outputValue}" >>$GITHUB_OUTPUT + echo "\"${delimiter}\"" >>$GITHUB_OUTPUT +} +function ws-path { + local inPath + inPath="${1}" + realpath --relative-to="${GITHUB_WORKSPACE}" "${inPath}" +} + +log-info "'$(basename ${BASH_SOURCE[0]})' loaded." + +if [ -f "${GITHUB_ACTION_PATH}/helpers_additional.sh" ]; then + source "${GITHUB_ACTION_PATH}/helpers_additional.sh" +fi From 0e2af1bab78041148b682cdb0b71941b45e10315 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 10:50:27 +0200 Subject: [PATCH 12/50] fix: inputs --- .github/workflows/terraform-module-ci.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 937b051..640c549 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -20,7 +20,7 @@ env: ARM_USE_OIDC: true ARM_USE_AZUREAD: true TF_IN_AUTOMATION: true - + jobs: create-matrix: name: Create job matrix @@ -100,13 +100,13 @@ jobs: # TODO revert to @v0 uses: dsb-norge/github-actions-terraform/create-test-report@tf-test with: - test-out-file: ${{ steps.test.outputs.test-out-file }} + test-out-file: ${{ steps.test.outputs.json }} status-init: ${{ steps.init.outcome }} status-fmt: ${{ steps.fmt.outcome }} status-validate: ${{ steps.validate.outcome }} status-test: ${{ steps.test.outcome }} - test-summary: ${{ steps.test.outputs.test-summary }} - test-report: ${{ steps.test.outputs.test-report }} + test-summary: ${{ steps.test.outputs.summary }} + test-report: ${{ steps.test.outputs.report }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿท๏ธ Add validation summary as pull request comment From 221654c996fa5d7e8d454786781c51e5a9885bc0 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 10:59:28 +0200 Subject: [PATCH 13/50] fix: remove result correction as not needed --- terraform-test/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 00bae6f..a235245 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -73,9 +73,9 @@ runs: TEST_EXIT_CODE=${?} # remove last line that contains gha debug in when failed. - if [ "${TEST_EXIT_CODE}" != "0" ]; then - sed -i '$d' ${TEST_RESULT_JSON} - fi + #if [ "${TEST_EXIT_CODE}" != "0" ]; then + # sed -i '$d' ${TEST_RESULT_JSON} + #fi log-multiline "Final JSON output" "$TEST_RESULT_JSON" set-output "exit-code" "${TEST_EXIT_CODE}" set-multiline-output 'json' "${TEST_RESULT_JSON}" From 5b767fc015472af4736814523cd16207ee2b51ac Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 12:32:04 +0200 Subject: [PATCH 14/50] chore: cleanup. chore: add input tf version --- .github/workflows/terraform-module-ci.yaml | 7 ++++++- terraform-test/action.yml | 9 ++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 640c549..0a8e75d 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -12,6 +12,11 @@ name: "DSB Terraform Module CI" # on: workflow_call: + inputs: + terraform-version: + description: "Terraform version to use for the tests." + required: true + type : string env: ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_IDย }} @@ -58,7 +63,7 @@ jobs: - name: "๐Ÿ“ฅ Setup Terraform" uses: hashicorp/setup-terraform@v3 with: - terraform_version: 1.9.7 + terraform_version: ${{ inputs.terraform-version }} terraform_wrapper: false - name: โš™๏ธ Terraform Init diff --git a/terraform-test/action.yml b/terraform-test/action.yml index a235245..e731ce4 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -16,7 +16,7 @@ outputs: description: Summary of the test run. value: ${{ steps.run-tests.outputs.summary }} report: - description: Report of the test run. + description: Report file of the test run. value: ${{ steps.run-tests.outputs.report }} json: description: JSON output of the test run. @@ -71,11 +71,7 @@ runs: set +e ${TEST_CMD} | tee ${TEST_RESULT_JSON} TEST_EXIT_CODE=${?} - - # remove last line that contains gha debug in when failed. - #if [ "${TEST_EXIT_CODE}" != "0" ]; then - # sed -i '$d' ${TEST_RESULT_JSON} - #fi + log-multiline "Final JSON output" "$TEST_RESULT_JSON" set-output "exit-code" "${TEST_EXIT_CODE}" set-multiline-output 'json' "${TEST_RESULT_JSON}" @@ -83,7 +79,6 @@ runs: TEST_SUMMARY=$(jq '. | select(.type == "test_summary") | .["@message"]' ${TEST_RESULT_JSON}) - echo "DEBUG: TEST_SUMMARY: ${TEST_SUMMARY}" log-info "Test summary: "${TEST_SUMMARY}"" set-output "summary" "${TEST_SUMMARY}" From 7e9636ddb40c108511972eb7e47729c67885bd69 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins Date: Thu, 17 Oct 2024 14:49:49 +0200 Subject: [PATCH 15/50] fix: outcome don't fail --- .github/workflows/terraform-module-ci.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 0a8e75d..feca9c7 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -133,7 +133,7 @@ jobs: exit 1 fi # do not terminate if configured to ignore, fromJSON ensures bool - continue-on-error: true + continue-on-error: false - name: "๐Ÿง Validation outcome: ๐Ÿ–Œ Format" run: | if [ ! "${{ steps.fmt.outcome }}" == 'success' ]; then @@ -141,7 +141,7 @@ jobs: exit 1 fi # do not terminate if configured to ignore, fromJSON ensures bool - continue-on-error: true + continue-on-error: false - name: "๐Ÿง Validation outcome: โœ” Validate" run: | if [ ! "${{ steps.validate.outcome }}" == 'success' ]; then @@ -149,7 +149,7 @@ jobs: exit 1 fi # do not terminate if configured to ignore, fromJSON ensures bool - continue-on-error: true + continue-on-error: false - name: "๐Ÿง Validation outcome: ๐Ÿงช Test" run: | if [ ! "${{ steps.test.outcome }}" == 'success' ]; then @@ -157,7 +157,7 @@ jobs: exit 1 fi # do not terminate if configured to ignore, fromJSON ensures bool - continue-on-error: true + continue-on-error: false # create a global result indicating if workflow steps succeeded or not, # handy for branch protection rules From 05840c39c1cf055f3ff21317f6e53f8dfc4ff457 Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 11:45:53 +0200 Subject: [PATCH 16/50] feat: add tflint to pipeline. docs: update README.md. --- .github/workflows/terraform-module-ci.yaml | 31 ++++- README.md | 134 ++++++++++++++++++--- 2 files changed, 141 insertions(+), 24 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index feca9c7..460be13 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -17,6 +17,10 @@ on: description: "Terraform version to use for the tests." required: true type : string + tflint-version: + description: "TFLint version to use for the tests." + required: true + type : string env: ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_IDย }} @@ -65,6 +69,14 @@ jobs: with: terraform_version: ${{ inputs.terraform-version }} terraform_wrapper: false + + - name: "๐Ÿ“ฅ Setup TFLint" + id: setup-tflint + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/setup-tflint@tf-test + with: + tflint-version: ${{ inputs.tflint-version }} + working-directory: ${{ github.workspace }} - name: โš™๏ธ Terraform Init id: init @@ -92,6 +104,14 @@ jobs: working-directory: ${{ github.workspace }} continue-on-error: true # allow job to continue, step outcome is evaluated later + - name: ๐Ÿงน Lint with TFLint + id: lint + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/lint-with-tflint@tf-test + with: + working-directory: ${{ github.workspace }} + continue-on-error: true # allow job to continue, step outcome is evaluated later + - name: ๐Ÿงช Terraform Test id: test # TODO revert to @v0 @@ -132,7 +152,6 @@ jobs: echo "::error title=Init failed::Outcome of terraform init step was '${{ steps.init.outcome }}'!" exit 1 fi - # do not terminate if configured to ignore, fromJSON ensures bool continue-on-error: false - name: "๐Ÿง Validation outcome: ๐Ÿ–Œ Format" run: | @@ -140,7 +159,6 @@ jobs: echo "::error title=Format check failed::Outcome of terraform fmt step was '${{ steps.fmt.outcome }}'!" exit 1 fi - # do not terminate if configured to ignore, fromJSON ensures bool continue-on-error: false - name: "๐Ÿง Validation outcome: โœ” Validate" run: | @@ -148,7 +166,13 @@ jobs: echo "::error title=Validate failed::Outcome of terraform validate step was '${{ steps.validate.outcome }}' !" exit 1 fi - # do not terminate if configured to ignore, fromJSON ensures bool + continue-on-error: false + - name: "๐Ÿง Validation outcome: ๐Ÿงน TFLint" + run: | + if [ ! "${{ steps.lint.outcome }}" == 'success' ]; then + echo "::error title=Lint failed::Outcome of TFLint step was '${{ steps.lint.outcome }}'!" + exit 1 + fi continue-on-error: false - name: "๐Ÿง Validation outcome: ๐Ÿงช Test" run: | @@ -156,7 +180,6 @@ jobs: echo "::error title=Test failed::Outcome of terraform test step was '${{ steps.test.outcome }}' for file '${{ matrix.files }}'!" exit 1 fi - # do not terminate if configured to ignore, fromJSON ensures bool continue-on-error: false # create a global result indicating if workflow steps succeeded or not, diff --git a/README.md b/README.md index a1e17ff..be5b0a1 100644 --- a/README.md +++ b/README.md @@ -2,30 +2,36 @@ Collection of DSB custom GitHub actions and reusable workflows for terraform projects. - ## Actions The actions are used by the CI/CD workflow(s) in [.github/workflows](.github/workflows). For documentation refer to the `description` section of each specific action as well as comments within their definition. -``` +```text . +โ”œโ”€โ”€ create-test-report --> creates comment report with terraform test action results. โ”œโ”€โ”€ create-tf-vars-matrix --> creates common DSB terraform CI/CD variables +โ”œโ”€โ”€ create-tftest-matrix --> creates matrix for running terraform module test โ”œโ”€โ”€ export-env-vars --> export environment variables for use in subsequent action steps โ”œโ”€โ”€ lint-with-tflint --> run linting of terraform code with TFLint โ”œโ”€โ”€ setup-tflint --> install TFLint and make available to subsequent action steps -โ””โ”€โ”€ terraform-plan --> run terraform plan in directory +โ”œโ”€โ”€ terraform-plan --> run terraform plan in directory +โ””โ”€โ”€ terraform-test --> run terraform test in directory ``` + ## Workflows -``` + +```text . โ””โ”€โ”€ .github/workflows --> directory for reusable workflows - โ””โ”€โ”€ terraform-terraform-ci-cd-default.yml --> default ci/cd workflow for DSB's terraform projects + โ”œโ”€โ”€ terraform-terraform-ci-cd-default.yml --> default ci/cd workflow for DSB's + โ””โ”€โ”€ terraform-module-ci --> default ci workflow for module testing + terraform projects ``` - -### Workflow [`terraform-terraform-ci-cd-default`](.github/workflows/terraform-ci-cd-default.yml) +### Workflow [`terraform-ci-cd-default`](.github/workflows/terraform-ci-cd-default.yml) Default DSB CI/CD workflow for terraform projects that performs various operations depending on from what github event it was called and given input. Default behavior (when not modified by inputs): + 1. Install `latest` version of terraform 2. Install `latest` version of TFLint 3. Run `terraform init` @@ -39,7 +45,6 @@ Default DSB CI/CD workflow for terraform projects that performs various operatio What steps to execute and when can be modified using the input `goals-yml`, see description pf the input documented in the [workflow](.github/workflows/terraform-ci-cd-default.yml). - #### **Inputs** All inputs are documented in the [workflow declaration](.github/workflows/terraform-ci-cd-default.yml). @@ -57,6 +62,7 @@ Given that this is a list of environments (potentially with differing configurat Only one field is required for each entry in this yaml list: **`environment`** - string. Using default behavior this is the name of a directory found within the `/envs` directory in the root of the calling repo. This directory is where all workflow steps are executed. **Example** have the workflow execute steps within `/envs/my-tf-environment` of the calling repo: + ```yaml environments-yml: | - environment: "my-tf-environment" @@ -66,7 +72,6 @@ See more examples under [example usage](#example-usage) further down. There are several optional fields for each entry in `environments-yml`, see description of each in the [workflow declaration](.github/workflows/terraform-ci-cd-default.yml). - #### Variables and secrets Normally you'll have the need to pass some variables or secrets to terraform in order to perform authentication or otherwise configure the terraform operations. This can be achieved by specifying them in `extra-envs-yml` and/or `extra-envs-from-secrets-yml`. @@ -75,18 +80,18 @@ For _global_ values, those to be passed for all terraform environments specified For environment specific values specify **the fields** `extra-envs-yml` and `extra-envs-from-secrets-yml` for one or more environment defined in the `environments-yml` workflow input. - #### Example usage #### Basic Basic example of how to add terraform CI/CD to a github repo containing one environment under `/envs/my-tf-environment`. This would result in: - - On PRs in the calling repo: - - Perform: `init`, `format`, `validate`, `lint` and `plan` - - Add comment on PR with results - - When merging PRs in the calling repo: - - First perform: `init`, `format`, `validate`, `lint` and `plan` - - If successful, perfomr `apply` + +- On PRs in the calling repo: + - Perform: `init`, `format`, `validate`, `lint` and `plan` + - Add comment on PR with results +- When merging PRs in the calling repo: + - First perform: `init`, `format`, `validate`, `lint` and `plan` + - If successful, perform `apply` The following would be saved as `.github/workflows/ci-cd.yml` in the calling repo. @@ -197,6 +202,91 @@ jobs: goals-yml: [all, destroy-plan, destroy, apply-on-pr, destroy-on-pr] ``` +### Workflow [`terraform-module-ci`](.github/workflows/terraform-module-ci.yaml) + + This GitHub Actions workflow is designed for Continuous Integration (CI) of Terraform modules. + Requirements: + +- The calling workflow must grant the following permissions: + +```text + permissions: + id-token: write # Required for Azure password-less authentication + contents: read # Required for actions/checkout + pull-requests: write # Required for commenting on PRs +``` + + Inputs: + +- terraform-version: The version of Terraform to use for the tests (required). + + Environment Variables: + +- ARM_TENANT_ID: Azure Tenant ID (from REPO secrets) +- ARM_SUBSCRIPTION_ID: Azure Subscription ID (from REPO secrets) +- ARM_CLIENT_ID: Azure Service Principal Client ID (from REPO secrets) +- ARM_USE_OIDC: Enable OIDC for Azure authentication +- ARM_USE_AZUREAD: Enable Azure AD for authentication +- TF_IN_AUTOMATION: Set to true to indicate Terraform is running in automation + +Jobs: + + 1. create-matrix: + - Steps: + - Clean workspace + - Checkout working branch + - Create job matrix that contains list of test files to run ( for parallelism ). + + 2. terraform-module-ci: + - Steps: + - Checkout working branch + - Setup Terraform + - Terraform Init + - Terraform Format + - Terraform Validate + - Terraform Test + - Create test report + - Add validation summary as pull request comment + - Validate outcomes of Init, Format, Validate, and Test steps + + 3. conclusion: + - Steps: + - Exit with status 1 if any of the previous jobs failed or were cancelled + +Example: + +```yaml +name: "tf" + +on: + push: + branches: + - main + pull_request: + branches: + - main + types: [opened, synchronize, reopened] + workflow_dispatch: # allows manual build + +env: + ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_IDย }} + ARM_SUBSCRIPTION_ID: ${{ secrets.REPO_AZURE_SUBSCRIPTION_IDย }} + ARM_CLIENT_ID: ${{ secrets.REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL }} + ARM_USE_OIDC: true + ARM_USE_AZUREAD: true + TF_IN_AUTOMATION: true + +jobs: + tf: + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-module-ci.yaml@tf-test + secrets: inherit + permissions: + contents: read # required for checkout action. + id-token: write # required for Azre passwodless login + pull-requests: write # required for commenting on PR + with: + terraform-version: "1.9.x" +``` ## Maintenance @@ -210,23 +300,29 @@ jobs: 2. Make your changes and commit your changes on a branch, for example `my-feature-branch`. 3. Tag latest commit on you branch: + ```bash git tag -f -a 'my-feature' git push -f origin 'refs/tags/my-feature' ``` + 4. To try out your changes, in the calling repo change the calling workflow to call using your **branch name**. Ex. with a dev branch named `my-feature-branch`: + ```yaml jobs: ci-cd: # TODO revert to '@v2' uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@my-feature-branch ``` + 5. Test your changes from the calling repo. Make changes and remember to always move your tag `my-feature` to the latest commit. 6. When ready remove your temporary tag: + ```bash git tag --delete 'my-feature' git push --delete origin 'my-feature' ``` + and revert from using the temporary tag to the version-tag for your release in actions, i.e. `@my-feature` becomes `@v2` or `@v3` or whatever. Replace regex pattern for vscode: @@ -234,17 +330,16 @@ jobs: - Replace: `$2$3v2` 7. Create PR and merge to main. - ### Release After merge to main use tags to release. - #### Minor release Ex. for smaller backwards compatible changes. Add a new minor version tag ex `v1.0` with a description of the changes and amend the description to the major version tag. Example for release `v1.1`: + ```bash git checkout origin/main git pull origin main @@ -258,12 +353,12 @@ git push -f origin 'refs/tags/v1' **Note:** If you are having problems pulling main after a release, try to force fetch the tags: `git fetch --tags -f`. - #### Major release Same as minor release except that the major version tag is a new one. I.e. we do not need to force tag/push. Example for release `v1`: + ```bash git checkout origin/main git pull origin main @@ -276,4 +371,3 @@ git push -f origin 'refs/tags/v1' ``` **Note:** If you are having problems pulling main after a release, try to force fetch the tags: `git fetch --tags -f`. - From 85578be5a0f93418c4f71851c9982b9682a64dc8 Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 12:20:59 +0200 Subject: [PATCH 17/50] chore: add outcome of lint to report. docs: update README.md with lint step. --- .github/workflows/terraform-module-ci.yaml | 1 + README.md | 3 +++ create-test-report/action.yaml | 5 +++++ 3 files changed, 9 insertions(+) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 460be13..d8cbae1 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -132,6 +132,7 @@ jobs: status-test: ${{ steps.test.outcome }} test-summary: ${{ steps.test.outputs.summary }} test-report: ${{ steps.test.outputs.report }} + status-lint: ${{ steps.lint.outcome }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿท๏ธ Add validation summary as pull request comment diff --git a/README.md b/README.md index be5b0a1..c29099a 100644 --- a/README.md +++ b/README.md @@ -219,6 +219,7 @@ jobs: Inputs: - terraform-version: The version of Terraform to use for the tests (required). +- tflint-version: The version of tflint (required) Environment Variables: @@ -244,6 +245,7 @@ Jobs: - Terraform Init - Terraform Format - Terraform Validate + - tflint - Terraform Test - Create test report - Add validation summary as pull request comment @@ -286,6 +288,7 @@ jobs: pull-requests: write # required for commenting on PR with: terraform-version: "1.9.x" + tflint-version: "v0.53.0" ``` ## Maintenance diff --git a/create-test-report/action.yaml b/create-test-report/action.yaml index 3e68360..d222734 100644 --- a/create-test-report/action.yaml +++ b/create-test-report/action.yaml @@ -25,6 +25,9 @@ inputs: test-report: description: Report of test results. required: true + status-lint: + description: Outcome of lint step. + required: true outputs: @@ -48,6 +51,7 @@ runs: STATUS_TEST: ${{ inputs.status-test }} TEST_SUMMARY: ${{ inputs.test-summary }} TEST_REPORT: ${{ inputs.test-report }} + STATUS_LINT: ${{ inputs.status-lint }} run: | # Build pull request comment @@ -61,6 +65,7 @@ runs: | โš™๏ธ | Initialization | $([ "${STATUS_INIT}" == 'success' ] && echo "\`${STATUS_INIT}\`" || echo "${STATUS_INIT}") | | ๐Ÿ–Œ | Format and Style | $([ "${STATUS_FMT}" == 'success' ] && echo "\`${STATUS_FMT}\`" || echo "${STATUS_FMT}") | | โœ” | Validate | $([ "${STATUS_VALIDATE}" == 'success' ] && echo "\`${STATUS_VALIDATE}\`" || echo "${STATUS_VALIDATE}") | + | ๐Ÿงน | TFLint | $([ "${STATUS_LINT}" == 'success' ] && echo "\`${STATUS_LINT}\`" || echo "${STATUS_LINT}") | | ๐Ÿงช | Tests | $([ "${STATUS_TEST}" == 'success' ] && echo "\`${STATUS_TEST}\`" || echo "${STATUS_TEST}") |" # add icon depending on the status in test_summary contains word "success" or "failure" From ac50918bec0d6089f7aed9d51baf8874169e60ac Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 13:07:33 +0200 Subject: [PATCH 18/50] chore: change of flow --- .github/workflows/terraform-module-ci.yaml | 128 +++++++++++++++------ 1 file changed, 90 insertions(+), 38 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index d8cbae1..577b196 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -42,28 +42,15 @@ jobs: steps: - name: "๐Ÿงน Clean workspace" uses: dsb-norge/directory-recreate@v1 + - name: "โฌ‡ Checkout working branch" uses: actions/checkout@v4 + - name: "๐ŸŽฐ Create env matrix" id: create-matrix # TODO revert to @v0 uses: dsb-norge/github-actions-terraform/create-tftest-matrix@tf-test - terraform-module-ci: - name: "Terraform" - needs: create-matrix - runs-on: [self-hosted, dsb-terraformer, linux, x64] - strategy: - fail-fast: false # Allow jobs to continue even though one more env(s) fail - matrix: - files: ${{ fromJSON(needs.create-matrix.outputs.all_tests).files }} - defaults: - run: - shell: bash - steps: - - name: "โฌ‡ Checkout" - uses: actions/checkout@v4 - - name: "๐Ÿ“ฅ Setup Terraform" uses: hashicorp/setup-terraform@v3 with: @@ -77,7 +64,7 @@ jobs: with: tflint-version: ${{ inputs.tflint-version }} working-directory: ${{ github.workspace }} - + - name: โš™๏ธ Terraform Init id: init # TODO revert to @v0 @@ -86,7 +73,7 @@ jobs: working-directory: ${{ github.workspace }} additional-dirs-json: null continue-on-error: true # allow job to continue, step outcome is evaluated later - + - name: ๐Ÿ–Œ Terraform Format id: fmt # TODO revert to @v0 @@ -112,6 +99,90 @@ jobs: working-directory: ${{ github.workspace }} continue-on-error: true # allow job to continue, step outcome is evaluated later + - name: ๐Ÿ“ Create validation summary + id: create-validation-summary + if: github.event_name == 'pull_request' + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-test + with: + environment-name: ${{ matrix.vars.github-environment }} + plan-txt-output-file: ${{ steps.plan.outputs.txt-output-file }} + status-init: ${{ steps.init.outcome }} + status-fmt: ${{ steps.fmt.outcome }} + status-validate: ${{ steps.validate.outcome }} + status-lint: ${{ steps.lint.outcome }} + status-plan: ${{ steps.plan.outcome }} + continue-on-error: true # allow job to continue, step outcome is ignored + + - name: ๐Ÿท๏ธ Add validation summary as pull request comment + id: validation-summary-on-pr + if: steps.create-validation-summary.outcome == 'success' + uses: dsb-norge/github-actions/ci-cd/comment-on-pr@v2 + with: + pr-comment-text: ${{ steps.create-validation-summary.outputs.summary }} + delete-comments-starting-with: ${{ steps.create-validation-summary.outputs.prefix }} + continue-on-error: true # allow job to continue, step outcome is ignored + + - name: "๐Ÿง Validation outcome: โš™๏ธ Init" + run: | + if [ ! "${{ steps.init.outcome }}" == 'success' ]; then + echo "::error title=Init failed::Outcome of terraform init step was '${{ steps.init.outcome }}'!" + exit 1 + fi + continue-on-error: false + - name: "๐Ÿง Validation outcome: ๐Ÿ–Œ Format" + run: | + if [ ! "${{ steps.fmt.outcome }}" == 'success' ]; then + echo "::error title=Format check failed::Outcome of terraform fmt step was '${{ steps.fmt.outcome }}'!" + exit 1 + fi + continue-on-error: false + - name: "๐Ÿง Validation outcome: โœ” Validate" + run: | + if [ ! "${{ steps.validate.outcome }}" == 'success' ]; then + echo "::error title=Validate failed::Outcome of terraform validate step was '${{ steps.validate.outcome }}' !" + exit 1 + fi + continue-on-error: false + - name: "๐Ÿง Validation outcome: ๐Ÿงน TFLint" + run: | + if [ ! "${{ steps.lint.outcome }}" == 'success' ]; then + echo "::error title=Lint failed::Outcome of TFLint step was '${{ steps.lint.outcome }}'!" + exit 1 + fi + continue-on-error: false + + + terraform-module-ci: + name: "Terraform" + needs: create-matrix + runs-on: [self-hosted, dsb-terraformer, linux, x64] + strategy: + fail-fast: false # Allow jobs to continue even though one more env(s) fail + matrix: + files: ${{ fromJSON(needs.create-matrix.outputs.all_tests).files }} + defaults: + run: + shell: bash + steps: + - name: "โฌ‡ Checkout" + uses: actions/checkout@v4 + + - name: "๐Ÿ“ฅ Setup Terraform" + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: ${{ inputs.terraform-version }} + terraform_wrapper: false + + - name: โš™๏ธ Terraform Init + id: init + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-init@tf-test + with: + working-directory: ${{ github.workspace }} + additional-dirs-json: null + continue-on-error: true # allow job to continue, step outcome is evaluated later + - name: ๐Ÿงช Terraform Test id: test # TODO revert to @v0 @@ -122,6 +193,7 @@ jobs: - name: ๐Ÿ“ Create test report id: create-test-report + if: github.event_name == 'pull_request' # TODO revert to @v0 uses: dsb-norge/github-actions-terraform/create-test-report@tf-test with: @@ -154,27 +226,7 @@ jobs: exit 1 fi continue-on-error: false - - name: "๐Ÿง Validation outcome: ๐Ÿ–Œ Format" - run: | - if [ ! "${{ steps.fmt.outcome }}" == 'success' ]; then - echo "::error title=Format check failed::Outcome of terraform fmt step was '${{ steps.fmt.outcome }}'!" - exit 1 - fi - continue-on-error: false - - name: "๐Ÿง Validation outcome: โœ” Validate" - run: | - if [ ! "${{ steps.validate.outcome }}" == 'success' ]; then - echo "::error title=Validate failed::Outcome of terraform validate step was '${{ steps.validate.outcome }}' !" - exit 1 - fi - continue-on-error: false - - name: "๐Ÿง Validation outcome: ๐Ÿงน TFLint" - run: | - if [ ! "${{ steps.lint.outcome }}" == 'success' ]; then - echo "::error title=Lint failed::Outcome of TFLint step was '${{ steps.lint.outcome }}'!" - exit 1 - fi - continue-on-error: false + - name: "๐Ÿง Validation outcome: ๐Ÿงช Test" run: | if [ ! "${{ steps.test.outcome }}" == 'success' ]; then From d1f2e3a22c30c849604e0e65bfa84bace11f4bef Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 13:25:05 +0200 Subject: [PATCH 19/50] chore: add repo as env --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 577b196..c4484ed 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -105,7 +105,7 @@ jobs: # TODO revert to @v0 uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-test with: - environment-name: ${{ matrix.vars.github-environment }} + environment-name: ${{ github.repository }} plan-txt-output-file: ${{ steps.plan.outputs.txt-output-file }} status-init: ${{ steps.init.outcome }} status-fmt: ${{ steps.fmt.outcome }} From ad75e236e222d00a31eee860201191c312b1fb8d Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 13:37:20 +0200 Subject: [PATCH 20/50] feat: plugin cache --- .github/workflows/terraform-module-ci.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index c4484ed..31a86ea 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -57,6 +57,12 @@ jobs: terraform_version: ${{ inputs.terraform-version }} terraform_wrapper: false + - name: "๐Ÿ—„๏ธ Setup Terraform provider plugin cache" + id: setup-terraform-cache + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tf-test + + - name: "๐Ÿ“ฅ Setup TFLint" id: setup-tflint # TODO revert to @v0 @@ -65,6 +71,12 @@ jobs: tflint-version: ${{ inputs.tflint-version }} working-directory: ${{ github.workspace }} + - name: "๐Ÿš€ Cache Terraform provider plugins" + uses: actions/cache@v4 + with: + path: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} + key: "terraform-provider-plugin-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('./.terraform.lock.hcl') }}" + - name: โš™๏ธ Terraform Init id: init # TODO revert to @v0 From ada23e59c62b1fb230a07a33d14ee56f7b9d4dad Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 13:51:52 +0200 Subject: [PATCH 21/50] chore: adjustments --- .github/workflows/terraform-module-ci.yaml | 2 +- create-validation-summary/action.yml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 31a86ea..bbda854 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -117,7 +117,7 @@ jobs: # TODO revert to @v0 uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-test with: - environment-name: ${{ github.repository }} + environment-name: "module" plan-txt-output-file: ${{ steps.plan.outputs.txt-output-file }} status-init: ${{ steps.init.outcome }} status-fmt: ${{ steps.fmt.outcome }} diff --git a/create-validation-summary/action.yml b/create-validation-summary/action.yml index 9a80290..04d7013 100644 --- a/create-validation-summary/action.yml +++ b/create-validation-summary/action.yml @@ -47,6 +47,10 @@ runs: # Build pull request comment set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; + #if variable $STATUS_PLAN is empty set it to "N/A" + if [ -z "${STATUS_PLAN}" ]; then + STATUS_PLAN="N/A" + fi log-info "creating pull request comment ..." COMMENT_PREFIX='### Terraform validation summary for environment: `${{ inputs.environment-name }}`' From b8556fe2dd67731cb6f2286dbab7457e577e62f2 Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 13:58:48 +0200 Subject: [PATCH 22/50] feat: cache --- .github/workflows/terraform-module-ci.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index bbda854..68f1fb8 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -39,6 +39,7 @@ jobs: shell: bash outputs: all_tests: ${{ steps.create-matrix.outputs.all_tests }} + plugin_cache_directory: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} steps: - name: "๐Ÿงน Clean workspace" uses: dsb-norge/directory-recreate@v1 @@ -61,7 +62,6 @@ jobs: id: setup-terraform-cache # TODO revert to @v0 uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tf-test - - name: "๐Ÿ“ฅ Setup TFLint" id: setup-tflint @@ -185,6 +185,12 @@ jobs: with: terraform_version: ${{ inputs.terraform-version }} terraform_wrapper: false + + - name: "๐Ÿš€ Cache Terraform provider plugins" + uses: actions/cache@v4 + with: + path: ${{ needs.create-matrix.outputs.plugin_cache_directory }} + key: "terraform-provider-plugin-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('./.terraform.lock.hcl') }}" - name: โš™๏ธ Terraform Init id: init From 818f5123842e658fb34e8b4459adcb40e3d1875f Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 14:06:10 +0200 Subject: [PATCH 23/50] chore: bump test raport, remove unused fields --- .github/workflows/terraform-module-ci.yaml | 5 +---- create-test-report/action.yaml | 16 ---------------- 2 files changed, 1 insertion(+), 20 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 68f1fb8..df1bbf4 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -216,13 +216,10 @@ jobs: uses: dsb-norge/github-actions-terraform/create-test-report@tf-test with: test-out-file: ${{ steps.test.outputs.json }} - status-init: ${{ steps.init.outcome }} - status-fmt: ${{ steps.fmt.outcome }} - status-validate: ${{ steps.validate.outcome }} + status-init: ${{ steps.init.outcome }}come }} status-test: ${{ steps.test.outcome }} test-summary: ${{ steps.test.outputs.summary }} test-report: ${{ steps.test.outputs.report }} - status-lint: ${{ steps.lint.outcome }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿท๏ธ Add validation summary as pull request comment diff --git a/create-test-report/action.yaml b/create-test-report/action.yaml index d222734..66c3ba4 100644 --- a/create-test-report/action.yaml +++ b/create-test-report/action.yaml @@ -10,12 +10,6 @@ inputs: status-init: description: Outcome of init step. required: true - status-fmt: - description: Outcome of fmt step. - required: true - status-validate: - description: Outcome of validate step. - required: true status-test: description: Outcome of test step. required: true @@ -25,10 +19,6 @@ inputs: test-report: description: Report of test results. required: true - status-lint: - description: Outcome of lint step. - required: true - outputs: prefix: @@ -46,12 +36,9 @@ runs: env: TEST_OUT_FILE: ${{ inputs.test-out-file }} STATUS_INIT: ${{ inputs.status-init }} - STATUS_FMT: ${{ inputs.status-fmt }} - STATUS_VALIDATE: ${{ inputs.status-validate }} STATUS_TEST: ${{ inputs.status-test }} TEST_SUMMARY: ${{ inputs.test-summary }} TEST_REPORT: ${{ inputs.test-report }} - STATUS_LINT: ${{ inputs.status-lint }} run: | # Build pull request comment @@ -63,9 +50,6 @@ runs: | | Step | Result | |:---:|---|---| | โš™๏ธ | Initialization | $([ "${STATUS_INIT}" == 'success' ] && echo "\`${STATUS_INIT}\`" || echo "${STATUS_INIT}") | - | ๐Ÿ–Œ | Format and Style | $([ "${STATUS_FMT}" == 'success' ] && echo "\`${STATUS_FMT}\`" || echo "${STATUS_FMT}") | - | โœ” | Validate | $([ "${STATUS_VALIDATE}" == 'success' ] && echo "\`${STATUS_VALIDATE}\`" || echo "${STATUS_VALIDATE}") | - | ๐Ÿงน | TFLint | $([ "${STATUS_LINT}" == 'success' ] && echo "\`${STATUS_LINT}\`" || echo "${STATUS_LINT}") | | ๐Ÿงช | Tests | $([ "${STATUS_TEST}" == 'success' ] && echo "\`${STATUS_TEST}\`" || echo "${STATUS_TEST}") |" # add icon depending on the status in test_summary contains word "success" or "failure" From 994548b5d93d921a21e9e3c7da9cd36dfe86eef3 Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 14:12:00 +0200 Subject: [PATCH 24/50] chore: update test report text --- create-test-report/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/create-test-report/action.yaml b/create-test-report/action.yaml index 66c3ba4..52795ea 100644 --- a/create-test-report/action.yaml +++ b/create-test-report/action.yaml @@ -45,7 +45,7 @@ runs: set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; log-info "creating pull request comment ..." - COMMENT_PREFIX='### Terraform CI run summary for file: `${{ matrix.files }}`' + COMMENT_PREFIX='### Terraform test summary for file: `${{ matrix.files }}`' COMMENT_CONTENT="${COMMENT_PREFIX} | | Step | Result | |:---:|---|---| From 78129be1c48919fdff3705114850d6fa07b8542d Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 14:16:28 +0200 Subject: [PATCH 25/50] fix: typo in comment --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index df1bbf4..fc95bea 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -216,7 +216,7 @@ jobs: uses: dsb-norge/github-actions-terraform/create-test-report@tf-test with: test-out-file: ${{ steps.test.outputs.json }} - status-init: ${{ steps.init.outcome }}come }} + status-init: ${{ steps.init.outcome }} status-test: ${{ steps.test.outcome }} test-summary: ${{ steps.test.outputs.summary }} test-report: ${{ steps.test.outputs.report }} From fb1dea5ac224b24ecfaf3c4083b7e5c1baee9a0a Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 21 Oct 2024 14:22:25 +0200 Subject: [PATCH 26/50] docs: update README.md --- README.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c29099a..c634cdd 100644 --- a/README.md +++ b/README.md @@ -237,19 +237,25 @@ Jobs: - Clean workspace - Checkout working branch - Create job matrix that contains list of test files to run ( for parallelism ). - - 2. terraform-module-ci: - - Steps: - - Checkout working branch - Setup Terraform + - install tfflint + - Setup terraform provider plugin cache - Terraform Init - Terraform Format - Terraform Validate - tflint + - Create init report + - Add validation summary as pull request comment + - Validate outcomes of init, validate, format and tflint steps + + 2. terraform-module-ci: + - Steps: + - Checkout working branch + - Setup Terraform - Terraform Test - Create test report - Add validation summary as pull request comment - - Validate outcomes of Init, Format, Validate, and Test steps + - Validate outcomes of init and test 3. conclusion: - Steps: From 6748755a7d67ba141e305b3578bcd3c88f336f4e Mon Sep 17 00:00:00 2001 From: artlvns Date: Wed, 23 Oct 2024 13:48:27 +0200 Subject: [PATCH 27/50] chore: remove sourcinf helpers_additional as it is handled in helpers.sh allready --- terraform-test/action.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform-test/action.yml b/terraform-test/action.yml index e731ce4..1852085 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -57,7 +57,6 @@ runs: TF_IN_AUTOMATION: true run: | set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; - set -o allexport; source "${{ github.action_path }}/helpers_additional.sh"; set +o allexport; TEST_RESULT_JSON="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-results.json" TEST_REPORT_FILE="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-report.txt" From a0e71c90721837397790e5e29e555ff8be31dd2f Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 09:50:23 +0200 Subject: [PATCH 28/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index fc95bea..8721a9a 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -118,7 +118,7 @@ jobs: uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-test with: environment-name: "module" - plan-txt-output-file: ${{ steps.plan.outputs.txt-output-file }} + plan-txt-output-file: "" status-init: ${{ steps.init.outcome }} status-fmt: ${{ steps.fmt.outcome }} status-validate: ${{ steps.validate.outcome }} From 2bff8db14f772adf72fd826afe1844e312ca843c Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 09:55:45 +0200 Subject: [PATCH 29/50] Update create-validation-summary/action.yml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- create-validation-summary/action.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/create-validation-summary/action.yml b/create-validation-summary/action.yml index 04d7013..9a80290 100644 --- a/create-validation-summary/action.yml +++ b/create-validation-summary/action.yml @@ -47,10 +47,6 @@ runs: # Build pull request comment set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; - #if variable $STATUS_PLAN is empty set it to "N/A" - if [ -z "${STATUS_PLAN}" ]; then - STATUS_PLAN="N/A" - fi log-info "creating pull request comment ..." COMMENT_PREFIX='### Terraform validation summary for environment: `${{ inputs.environment-name }}`' From d8f07a133c9a73c2eebe4ec98ad03e7bf31d8f81 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 09:56:04 +0200 Subject: [PATCH 30/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 8721a9a..ae35e78 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -6,9 +6,18 @@ name: "DSB Terraform Module CI" # contents: read # required for actions/checkout # pull-requests: write # required for commenting on PRs # -# Additionally for the workflow to have access to secrets (required when using the input 'extra-envs-from-secrets-yml'), -# all secrets available to the calling workflow must be passe down to this one by: +# The following secrets must be available in the github 'secrets' context: +# - secrets.REPO_AZURE_DSB_TENANT_IDย  <-- ID of the Azure tenant to run the workflow in context of +# - secrets.REPO_AZURE_SUBSCRIPTION_IDย  <-- ID of the Azure subscription to run the workflow in context of +# - secrets.REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL <-- ID of the Entra ID service principal with access to the Azure subscription +# +# From the calling workflow this can be achieved by either handing over all secrets: # secrets: inherit +# or by handing over just the required secrets from the calling workflow: +# secrets: +# REPO_AZURE_DSB_TENANT_ID: "secret value" +# REPO_AZURE_SUBSCRIPTION_ID: "secret value" +# REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL: "secret value" # on: workflow_call: From 196745385bba39219040f8cc29d1de4b0ee9d78e Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:01:20 +0200 Subject: [PATCH 31/50] Update README.md Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- README.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/README.md b/README.md index c634cdd..e196db5 100644 --- a/README.md +++ b/README.md @@ -276,14 +276,6 @@ on: types: [opened, synchronize, reopened] workflow_dispatch: # allows manual build -env: - ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_IDย }} - ARM_SUBSCRIPTION_ID: ${{ secrets.REPO_AZURE_SUBSCRIPTION_IDย }} - ARM_CLIENT_ID: ${{ secrets.REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL }} - ARM_USE_OIDC: true - ARM_USE_AZUREAD: true - TF_IN_AUTOMATION: true - jobs: tf: uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-module-ci.yaml@tf-test From d811e6aed1be33f4c904aa3d16d5cad01562ce8c Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:03:41 +0200 Subject: [PATCH 32/50] Update terraform-test/helpers_additional.sh Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- terraform-test/helpers_additional.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-test/helpers_additional.sh b/terraform-test/helpers_additional.sh index 5f7736d..a11bb92 100644 --- a/terraform-test/helpers_additional.sh +++ b/terraform-test/helpers_additional.sh @@ -5,5 +5,5 @@ function printSection { echo -e "\n\n${1}\n$(getSeparator)\n"; } function queryStatus { local test_run=$1 local json_file=$2 - jq --arg test_run "$test_run" '. | select(.type == "test_run") | select(.test_run.run == $test_run) | select(.test_run.progress == "complete") | .test_run.status' ${json_file} + jq --arg test_run "$test_run" '. | select(.type == "test_run") | select(.test_run.run == $test_run) | select(.test_run.progress == "complete") | .test_run.status' "${json_file}" } \ No newline at end of file From 2d6ab381007096a3560e21989efcbe5ee7cd3bff Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:13:03 +0200 Subject: [PATCH 33/50] Update terraform-test/action.yml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- terraform-test/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 1852085..562a729 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -60,7 +60,7 @@ runs: TEST_RESULT_JSON="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-results.json" TEST_REPORT_FILE="${GITHUB_WORKSPACE}/${{ github.run_id }}-${{ inputs.test-file }}-$(date +%Y%m%d%H%M%S)-test-report.txt" - TEST_CMD="terraform test --filter=tests/${{ inputs.test-file}} -json" + TEST_CMD="terraform test -filter=tests/${{ inputs.test-file}} -json" log-info "Running test command: ${TEST_CMD}" start-group "'terraform test' " From bd0d7e6b4d63484ead246342f9d1c96790af7fb6 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:13:53 +0200 Subject: [PATCH 34/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index ae35e78..b72cd48 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -47,8 +47,9 @@ jobs: run: shell: bash outputs: - all_tests: ${{ steps.create-matrix.outputs.all_tests }} - plugin_cache_directory: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} + all-tests: ${{ steps.create-matrix.outputs.all-tests }} + plugin-cache-directory: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} + plugin-cache-key-monthly-rolling: ${{ steps.setup-terraform-cache.outputs.plugin-cache-key-monthly-rolling }} steps: - name: "๐Ÿงน Clean workspace" uses: dsb-norge/directory-recreate@v1 From ef194456cd9ed53f2c15119a2c04da32e3c3c186 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:14:20 +0200 Subject: [PATCH 35/50] Update create-tftest-matrix/action.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- create-tftest-matrix/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/create-tftest-matrix/action.yaml b/create-tftest-matrix/action.yaml index 2f9bd05..3662f46 100644 --- a/create-tftest-matrix/action.yaml +++ b/create-tftest-matrix/action.yaml @@ -4,9 +4,9 @@ description: | author: "Artjoms Laivins" outputs: - all_tests: + all-tests: description: "JSON matrix of all tests to run" - value: ${{ steps.create-job-matrix.outputs.all_tests }} + value: ${{ steps.create-job-matrix.outputs.all-tests }} runs: using: composite From df4d3ec078b730ef2185353403c09ce4bc23aff7 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:15:37 +0200 Subject: [PATCH 36/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index b72cd48..cead13f 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -66,6 +66,7 @@ jobs: uses: hashicorp/setup-terraform@v3 with: terraform_version: ${{ inputs.terraform-version }} + # woraround for extra gibberish in output https://github.com/hashicorp/setup-terraform/issues/20 terraform_wrapper: false - name: "๐Ÿ—„๏ธ Setup Terraform provider plugin cache" From 0a025a58c65a6cff3a29caedfb9ad62654670700 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:19:09 +0200 Subject: [PATCH 37/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index cead13f..10dfc1c 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -195,6 +195,7 @@ jobs: uses: hashicorp/setup-terraform@v3 with: terraform_version: ${{ inputs.terraform-version }} + # woraround for extra gibberish in output https://github.com/hashicorp/setup-terraform/issues/20 terraform_wrapper: false - name: "๐Ÿš€ Cache Terraform provider plugins" From fd3ac81c9b43ad277921c1fe9b3d735c45956dac Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:20:38 +0200 Subject: [PATCH 38/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 10dfc1c..cd87702 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -183,7 +183,7 @@ jobs: strategy: fail-fast: false # Allow jobs to continue even though one more env(s) fail matrix: - files: ${{ fromJSON(needs.create-matrix.outputs.all_tests).files }} + test-file: ${{ fromJSON(needs.create-matrix.outputs.all_tests).files }} defaults: run: shell: bash From 6424a6333490537c99d4f176d3465be683bf1b66 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:21:14 +0200 Subject: [PATCH 39/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index cd87702..89aa01f 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -218,7 +218,7 @@ jobs: # TODO revert to @v0 uses: dsb-norge/github-actions-terraform/terraform-test@tf-test with: - test-file: ${{ matrix.files }} + test-file: ${{ matrix.test-file }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿ“ Create test report From e5ee90d4a59ae4c3afb70f183f89dd5fd420c6ab Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:25:13 +0200 Subject: [PATCH 40/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 89aa01f..256e234 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -177,7 +177,7 @@ jobs: terraform-module-ci: - name: "Terraform" + name: "Terraform Test" needs: create-matrix runs-on: [self-hosted, dsb-terraformer, linux, x64] strategy: From c3f7e925f6a90cb2e1d2f4af582a880c77077d90 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:27:29 +0200 Subject: [PATCH 41/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 256e234..4a8a42b 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -268,7 +268,7 @@ jobs: if: always() name: "Terraform conclusion" needs: [create-matrix, terraform-module-ci] - runs-on: [self-hosted, dsb-terraformer, linux, x64] + runs-on: ubuntu-latest # no need to schedule this on our own runners defaults: run: shell: bash From 7e2e24097b9ea18b38e3e9b3fd600b1bf9defe50 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:40:00 +0200 Subject: [PATCH 42/50] Update terraform-test/action.yml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- terraform-test/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 562a729..85afabe 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -45,9 +45,9 @@ runs: - id: azure-login uses: azure/login@v2 with: - tenant-id: ${{ env.ARM_TENANT_ID }} - subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }} - client-id: ${{ env.ARM_CLIENT_ID }} + tenant-id: ${{ env.ARM_TENANT_ID }} + subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }} + client-id: ${{ env.ARM_CLIENT_ID }} - id: run-tests working-directory: ${{ github.workspace }} From 3a16ab323eef2fc82d295763c69b10fd6232f7fc Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 25 Oct 2024 10:54:39 +0200 Subject: [PATCH 43/50] Review requested changes: refactor: output variable names to hyphen. docs: Possible ways to pass inn secrets. --- .github/workflows/terraform-module-ci.yaml | 4 ++-- README.md | 10 ++++++++-- create-tftest-matrix/action.yaml | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 4a8a42b..51406c9 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -134,7 +134,7 @@ jobs: status-fmt: ${{ steps.fmt.outcome }} status-validate: ${{ steps.validate.outcome }} status-lint: ${{ steps.lint.outcome }} - status-plan: ${{ steps.plan.outcome }} + status-plan: "N/A" continue-on-error: true # allow job to continue, step outcome is ignored - name: ๐Ÿท๏ธ Add validation summary as pull request comment @@ -183,7 +183,7 @@ jobs: strategy: fail-fast: false # Allow jobs to continue even though one more env(s) fail matrix: - test-file: ${{ fromJSON(needs.create-matrix.outputs.all_tests).files }} + test-file: ${{ fromJSON(needs.create-matrix.outputs.all-tests).files }} defaults: run: shell: bash diff --git a/README.md b/README.md index e196db5..6823d56 100644 --- a/README.md +++ b/README.md @@ -221,11 +221,17 @@ jobs: - terraform-version: The version of Terraform to use for the tests (required). - tflint-version: The version of tflint (required) - Environment Variables: +#### Secrets + +There are two possibilities to pass secrets to this action. +Either use of ```secrets: inherit``` or through environment variables: - ARM_TENANT_ID: Azure Tenant ID (from REPO secrets) - ARM_SUBSCRIPTION_ID: Azure Subscription ID (from REPO secrets) -- ARM_CLIENT_ID: Azure Service Principal Client ID (from REPO secrets) +- ARM_CLIENT_ID: Azure Service Principal Client ID (from REPO secrets) + +Env variables below are required. + - ARM_USE_OIDC: Enable OIDC for Azure authentication - ARM_USE_AZUREAD: Enable Azure AD for authentication - TF_IN_AUTOMATION: Set to true to indicate Terraform is running in automation diff --git a/create-tftest-matrix/action.yaml b/create-tftest-matrix/action.yaml index 3662f46..5093715 100644 --- a/create-tftest-matrix/action.yaml +++ b/create-tftest-matrix/action.yaml @@ -49,4 +49,4 @@ runs: # Ensure no extra whitespaces or new lines final_out=$(echo "$final_out" | jq -c .) - set-output "all_tests" "$final_out" \ No newline at end of file + set-output "all-tests" "$final_out" \ No newline at end of file From f31b3feacc11772c93ae2eb8ed58e6d5fe22ca48 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 12:13:41 +0200 Subject: [PATCH 44/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 51406c9..ae29794 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -86,7 +86,7 @@ jobs: uses: actions/cache@v4 with: path: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} - key: "terraform-provider-plugin-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('./.terraform.lock.hcl') }}" + key: ${{ steps.setup-terraform-cache.outputs.plugin-cache-key-monthly-rolling }} - name: โš™๏ธ Terraform Init id: init From bf7c70290f02014fe00f60959ed263882ee2450f Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 25 Oct 2024 12:16:55 +0200 Subject: [PATCH 45/50] chore: requested changes --- .github/workflows/terraform-module-ci.yaml | 1 + create-test-report/action.yaml | 5 ++++- setup-terraform-plugin-cache/action.yml | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index ae29794..2d56226 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -232,6 +232,7 @@ jobs: status-test: ${{ steps.test.outcome }} test-summary: ${{ steps.test.outputs.summary }} test-report: ${{ steps.test.outputs.report }} + test-file: ${{ matrix.test-file }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿท๏ธ Add validation summary as pull request comment diff --git a/create-test-report/action.yaml b/create-test-report/action.yaml index 52795ea..a0d0c69 100644 --- a/create-test-report/action.yaml +++ b/create-test-report/action.yaml @@ -4,6 +4,9 @@ description: | author: "Artjoms Laivins" inputs: + test-file: + description: File name of the test file. + required: true test-out-file: description: Path of file with test output in json format. required: true @@ -45,7 +48,7 @@ runs: set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; log-info "creating pull request comment ..." - COMMENT_PREFIX='### Terraform test summary for file: `${{ matrix.files }}`' + COMMENT_PREFIX='### Terraform test summary for file: `${{ inputs.test-file }}`' COMMENT_CONTENT="${COMMENT_PREFIX} | | Step | Result | |:---:|---|---| diff --git a/setup-terraform-plugin-cache/action.yml b/setup-terraform-plugin-cache/action.yml index cf9a710..ca4690f 100644 --- a/setup-terraform-plugin-cache/action.yml +++ b/setup-terraform-plugin-cache/action.yml @@ -6,6 +6,9 @@ outputs: plugin-cache-directory: description: The path to the plugin cache directory. value: ${{ steps.configure.outputs.plugin-cache-directory }} + plugin-cache-key-monthly-rolling: + description: A cache key to use for a monthly rolling cache. + value: ${{ steps.cache-key.outputs.monthly-rolling }} runs: using: "composite" steps: @@ -35,3 +38,14 @@ runs: log-multiline "contents of .terraformrc is" "$(cat ${CLI_CFG_FILE_PATH})" set-output 'plugin-cache-directory' "${PLUGIN_CACHE_DIR}" + - id: cache-key + shell: bash + run: | + # generate a cache key for a monthly rolling cache + + set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; + + log-info "Monthly rolling cache key format is: terraform-provider-plugin-cache-[os]-[arch]-[month num]-[year num]" + CACHE_KEY_MONTHLY_ROLLING="terraform-provider-plugin-cache-${RUNNER_OS,,}-${RUNNER_ARCH,,}-$(date +%b)-$(date +%y)" + log-info "Monthly rolling cache key is: ${CACHE_KEY_MONTHLY_ROLLING}" + set-output 'monthly-rolling' "${CACHE_KEY_MONTHLY_ROLLING}" From bd99501e8bcd1664a34c97b548c2105f15edc8c3 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 12:18:29 +0200 Subject: [PATCH 46/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 2d56226..c3e7f25 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -95,6 +95,7 @@ jobs: with: working-directory: ${{ github.workspace }} additional-dirs-json: null + plugin-cache-directory: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿ–Œ Terraform Format From cb37fa8de6fc5d3655e562948b8795bfa05a1aba Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 12:18:44 +0200 Subject: [PATCH 47/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index c3e7f25..0998641 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -202,8 +202,8 @@ jobs: - name: "๐Ÿš€ Cache Terraform provider plugins" uses: actions/cache@v4 with: - path: ${{ needs.create-matrix.outputs.plugin_cache_directory }} - key: "terraform-provider-plugin-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('./.terraform.lock.hcl') }}" + path: ${{ needs.create-matrix.outputs.plugin-cache-directory }} + key: ${{ needs.create-matrix.outputs.plugin-cache-key-monthly-rolling }} - name: โš™๏ธ Terraform Init id: init From 4791eddb08fd5eb135df64b0c730c082b2846b11 Mon Sep 17 00:00:00 2001 From: Artjoms Laivins <38862673+Artlvns@users.noreply.github.com> Date: Fri, 25 Oct 2024 12:18:56 +0200 Subject: [PATCH 48/50] Update .github/workflows/terraform-module-ci.yaml Co-authored-by: Peder Schmedling <24737456+Laffs2k5@users.noreply.github.com> --- .github/workflows/terraform-module-ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 0998641..528eae5 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -212,6 +212,7 @@ jobs: with: working-directory: ${{ github.workspace }} additional-dirs-json: null + plugin-cache-directory: ${{ needs.create-matrix.outputs.plugin_cache_directory }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿงช Terraform Test From 5caa7aaf0ae3550ac04f5fd8d0641ce548cb8591 Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 25 Oct 2024 12:41:39 +0200 Subject: [PATCH 49/50] fix: wrong variable refs in workflow --- .github/workflows/terraform-module-ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 528eae5..6c265f7 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -212,7 +212,7 @@ jobs: with: working-directory: ${{ github.workspace }} additional-dirs-json: null - plugin-cache-directory: ${{ needs.create-matrix.outputs.plugin_cache_directory }} + plugin-cache-directory: ${{ needs.create-matrix.outputs.plugin-cache-directory }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿงช Terraform Test @@ -260,7 +260,7 @@ jobs: - name: "๐Ÿง Validation outcome: ๐Ÿงช Test" run: | if [ ! "${{ steps.test.outcome }}" == 'success' ]; then - echo "::error title=Test failed::Outcome of terraform test step was '${{ steps.test.outcome }}' for file '${{ matrix.files }}'!" + echo "::error title=Test failed::Outcome of terraform test step was '${{ steps.test.outcome }}' for file '${{ matrix.test-file }}'!" exit 1 fi continue-on-error: false From d1a4a6d37e11699ed731229ecc8dc0078cdea1ac Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 25 Oct 2024 14:58:05 +0200 Subject: [PATCH 50/50] chore: revert dev tag back to v0 --- .github/workflows/terraform-ci-cd-default.yml | 39 +++++++------------ .github/workflows/terraform-module-ci.yaml | 33 ++++++---------- README.md | 12 ++---- 3 files changed, 28 insertions(+), 56 deletions(-) diff --git a/.github/workflows/terraform-ci-cd-default.yml b/.github/workflows/terraform-ci-cd-default.yml index 88a86de..9a29f2f 100644 --- a/.github/workflows/terraform-ci-cd-default.yml +++ b/.github/workflows/terraform-ci-cd-default.yml @@ -187,8 +187,7 @@ jobs: uses: actions/checkout@v4 - name: "๐ŸŽฐ Create env matrix" id: create-matrix - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-tf-vars-matrix@tf-test + uses: dsb-norge/github-actions-terraform/create-tf-vars-matrix@v0 with: inputs-json: ${{ toJSON(inputs) }} @@ -211,8 +210,7 @@ jobs: uses: actions/checkout@v4 - name: "๐ŸŽฐ Export environment variables and secrets" - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/export-env-vars@tf-test + uses: dsb-norge/github-actions-terraform/export-env-vars@v0 with: extra-envs: ${{ toJSON(matrix.vars.extra-envs) }} extra-envs-from-secrets: ${{ toJSON(matrix.vars.extra-envs-from-secrets) }} @@ -227,14 +225,12 @@ jobs: - name: "๐Ÿ—„๏ธ Setup Terraform provider plugin cache" id: setup-terraform-cache - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tf-test + uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@v0 - name: "๐Ÿ“ฅ Setup TFLint" id: setup-tflint if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'lint') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/setup-tflint@tf-test + uses: dsb-norge/github-actions-terraform/setup-tflint@v0 with: tflint-version: ${{ matrix.vars.tflint-version }} working-directory: ${{ matrix.vars.project-dir }} @@ -249,8 +245,7 @@ jobs: - name: โš™๏ธ Terraform Init id: init if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'init') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-init@tf-test + uses: dsb-norge/github-actions-terraform/terraform-init@v0 with: working-directory: ${{ matrix.vars.project-dir }} additional-dirs-json: ${{ toJSON(matrix.vars.terraform-init-additional-dirs) }} @@ -260,8 +255,7 @@ jobs: - name: ๐Ÿ–Œ Terraform Format id: fmt if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'format') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-fmt@tf-test + uses: dsb-norge/github-actions-terraform/terraform-fmt@v0 with: working-directory: ${{ matrix.vars.project-dir }} format-check-in-root-dir: ${{ matrix.vars.format-check-in-root-dir }} @@ -270,8 +264,7 @@ jobs: - name: โœ” Terraform Validate id: validate if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'validate') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-validate@tf-test + uses: dsb-norge/github-actions-terraform/terraform-validate@v0 with: working-directory: ${{ matrix.vars.project-dir }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -279,8 +272,7 @@ jobs: - name: ๐Ÿงน Lint with TFLint id: lint if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'lint') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/lint-with-tflint@tf-test + uses: dsb-norge/github-actions-terraform/lint-with-tflint@v0 with: working-directory: ${{ matrix.vars.project-dir }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -288,8 +280,7 @@ jobs: - name: ๐Ÿ“– Terraform Plan id: plan if: steps.init.outcome == 'success' && ( contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'plan') ) - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-plan@tf-test + uses: dsb-norge/github-actions-terraform/terraform-plan@v0 with: working-directory: ${{ matrix.vars.project-dir }} environment-name: ${{ matrix.vars.github-environment }} @@ -298,8 +289,7 @@ jobs: - name: ๐Ÿ“ Create validation summary id: create-validation-summary if: github.event_name == 'pull_request' && matrix.vars.add-pr-comment == 'true' - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-test + uses: dsb-norge/github-actions-terraform/create-validation-summary@v0 with: environment-name: ${{ matrix.vars.github-environment }} plan-txt-output-file: ${{ steps.plan.outputs.txt-output-file }} @@ -387,8 +377,7 @@ jobs: && github.event_name == 'pull_request' && github.base_ref == matrix.vars.caller-repo-default-branch ) ) - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-apply@tf-test + uses: dsb-norge/github-actions-terraform/terraform-apply@v0 with: working-directory: ${{ matrix.vars.project-dir }} terraform-plan-file: ${{ steps.plan.outputs.terraform-plan-file }} @@ -400,8 +389,7 @@ jobs: if: | steps.init.outcome == 'success' && contains(matrix.vars.goals, 'destroy-plan') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-plan@tf-test + uses: dsb-norge/github-actions-terraform/terraform-plan@v0 with: working-directory: ${{ matrix.vars.project-dir }} environment-name: "${{ matrix.vars.github-environment }}-destroy" @@ -428,8 +416,7 @@ jobs: && github.event_name == 'pull_request' && github.base_ref == matrix.vars.caller-repo-default-branch ) ) - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-apply@tf-test + uses: dsb-norge/github-actions-terraform/terraform-apply@v0 with: working-directory: ${{ matrix.vars.project-dir }} terraform-plan-file: ${{ steps.destroy-plan.outputs.terraform-plan-file }} diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 6c265f7..7d9eeac 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -59,8 +59,7 @@ jobs: - name: "๐ŸŽฐ Create env matrix" id: create-matrix - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-tftest-matrix@tf-test + uses: dsb-norge/github-actions-terraform/create-tftest-matrix@v0 - name: "๐Ÿ“ฅ Setup Terraform" uses: hashicorp/setup-terraform@v3 @@ -71,13 +70,11 @@ jobs: - name: "๐Ÿ—„๏ธ Setup Terraform provider plugin cache" id: setup-terraform-cache - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tf-test + uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@v0 - name: "๐Ÿ“ฅ Setup TFLint" id: setup-tflint - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/setup-tflint@tf-test + uses: dsb-norge/github-actions-terraform/setup-tflint@v0 with: tflint-version: ${{ inputs.tflint-version }} working-directory: ${{ github.workspace }} @@ -90,8 +87,7 @@ jobs: - name: โš™๏ธ Terraform Init id: init - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-init@tf-test + uses: dsb-norge/github-actions-terraform/terraform-init@v0 with: working-directory: ${{ github.workspace }} additional-dirs-json: null @@ -100,8 +96,7 @@ jobs: - name: ๐Ÿ–Œ Terraform Format id: fmt - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-fmt@tf-test + uses: dsb-norge/github-actions-terraform/terraform-fmt@v0 with: working-directory: ${{ github.workspace }} format-check-in-root-dir: true @@ -109,16 +104,14 @@ jobs: - name: โœ” Terraform Validate id: validate - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-validate@tf-test + uses: dsb-norge/github-actions-terraform/terraform-validate@v0 with: working-directory: ${{ github.workspace }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿงน Lint with TFLint id: lint - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/lint-with-tflint@tf-test + uses: dsb-norge/github-actions-terraform/lint-with-tflint@v0 with: working-directory: ${{ github.workspace }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -126,8 +119,7 @@ jobs: - name: ๐Ÿ“ Create validation summary id: create-validation-summary if: github.event_name == 'pull_request' - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-test + uses: dsb-norge/github-actions-terraform/create-validation-summary@v0 with: environment-name: "module" plan-txt-output-file: "" @@ -207,8 +199,7 @@ jobs: - name: โš™๏ธ Terraform Init id: init - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-init@tf-test + uses: dsb-norge/github-actions-terraform/terraform-init@v0 with: working-directory: ${{ github.workspace }} additional-dirs-json: null @@ -217,8 +208,7 @@ jobs: - name: ๐Ÿงช Terraform Test id: test - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-test@tf-test + uses: dsb-norge/github-actions-terraform/terraform-test@v0 with: test-file: ${{ matrix.test-file }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -226,8 +216,7 @@ jobs: - name: ๐Ÿ“ Create test report id: create-test-report if: github.event_name == 'pull_request' - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-test-report@tf-test + uses: dsb-norge/github-actions-terraform/create-test-report@v0 with: test-out-file: ${{ steps.test.outputs.json }} status-init: ${{ steps.init.outcome }} diff --git a/README.md b/README.md index 6823d56..e97c144 100644 --- a/README.md +++ b/README.md @@ -112,8 +112,7 @@ on: jobs: tf: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-test + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -131,8 +130,7 @@ Example of how to add terraform CI/CD with default operations to a github repo c # snip, 'name:' and 'on:' fields removed jobs: tf: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-test + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -155,8 +153,7 @@ jobs: # you can achieve passwordless auth to Azure tf-1: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-test + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: id-token: write # required for Azure password-less auth @@ -183,8 +180,7 @@ jobs: # hardcoded versions and modify what steps are executed tf-2: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-test + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout