🔧 Workflow rework (#108)

* ⚗️ testing matrix load from JSON

* ⬆️ update dockerfile dependencies

* 🔧 use latest hadolint tag for local lint

* ⚗️ correct multi-line JSON parsing

* extract lint to dedicated workflow, add multi-build for branches

* correct build-test workflow

* correct build-test workflow

* ⚗️ add test config generation in build-test workflow

* correct envsubst command

* update badges in ireadme, renamed lint action

* 👌 review by @pyaillet and @gmembre-zenika

* upgrade default and supported versions

* pin hadolint version in linit acion

* small readme corrections, add a dependencies upgrade cheklist

* correct az cli installation and update default tetst config

Co-authored-by: bgauduch <user.personal@users.noreply.github.com>

Author: bgauduch

.github/workflows/build-test.yml

@@ -0,0 +1,103 @@
+name: build-test
+
+# trigger on any push
+# but not on master, tags or markdown modifications
+on:
+  push:
+    tags-ignore:
+      - "**"
+    branches:
+      - "**"
+      - "!master"
+    paths-ignore:
+      - "!README.md"
+      - "!CODE_OF_CONDUCT.md"
+
+env:
+  IMAGE_NAME: "terraform-azure-cli"
+
+jobs:
+  load_supported_versions:
+    runs-on: ubuntu-20.04
+
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Save supported versions as output
+        id: set-matrix
+        run: |
+          SUPPORTED_VERSIONS=$(cat ./supported_versions.json)
+          SUPPORTED_VERSIONS="${SUPPORTED_VERSIONS//'%'/%25}"
+          SUPPORTED_VERSIONS="${SUPPORTED_VERSIONS//$'\n'/%0A}"
+          SUPPORTED_VERSIONS="${SUPPORTED_VERSIONS//$'\r'/%0D}"
+          echo "::set-output name=matrix::${SUPPORTED_VERSIONS}"
+
+  build:
+    runs-on: ubuntu-20.04
+    needs: load_supported_versions
+    strategy:
+      matrix: ${{ fromJSON(needs.load_supported_versions.outputs.matrix) }}
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Save branch name as env var
+        run: echo "BRANCH=${GITHUB_REF##*/}" >> $GITHUB_ENV
+
+      - name: Build and save image tag
+        run: echo "IMAGE_TAG=${BRANCH}_terraform-${{ matrix.tf_version }}_azcli-${{ matrix.azcli_version }}" >> $GITHUB_ENV
+
+      - name: Build image
+        run: docker image build . --file Dockerfile --build-arg TERRAFORM_VERSION=${{ matrix.tf_version }} --build-arg AZURE_CLI_VERSION=${{ matrix.azcli_version }} --tag ${IMAGE_NAME}:${IMAGE_TAG}
+
+      - name: Save image
+        run: docker image save --output ${IMAGE_NAME}_${IMAGE_TAG}.tar ${IMAGE_NAME}:${IMAGE_TAG}
+
+      - name: Upload image artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.IMAGE_NAME }}_${{ env.IMAGE_TAG }}
+          path: ${{ env.IMAGE_NAME }}_${{ env.IMAGE_TAG }}.tar
+
+  test:
+    runs-on: ubuntu-20.04
+    needs:
+      - build
+      - load_supported_versions
+    strategy:
+      matrix: ${{ fromJSON(needs.load_supported_versions.outputs.matrix) }}
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v2
+
+      - name: Save branch name as env var
+        run: echo "BRANCH=${GITHUB_REF##*/}" >> $GITHUB_ENV
+
+      - name: Build and save image tag
+        run: echo "IMAGE_TAG=${BRANCH}_terraform-${{ matrix.tf_version }}_azcli-${{ matrix.azcli_version }}" >> $GITHUB_ENV
+
+      - name: Download image artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: ${{ env.IMAGE_NAME }}_${{ env.IMAGE_TAG }}
+
+      - name: Load image
+        run: docker image load --input ${{ env.IMAGE_NAME }}_${{ env.IMAGE_TAG }}.tar
+
+      - name: Generate test config
+        run: |
+          export TF_VERSION=${{ matrix.tf_version }}
+          export AZ_VERSION=${{ matrix.azcli_version }}
+          envsubst '${TF_VERSION},${AZ_VERSION}' < tests/container-structure-tests.yml.template > tests/container-structure-tests.yml
+
+      - name: run structure tests
+        uses: plexsystems/container-structure-test-action@v0.2.0
+        with:
+          image: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          config: tests/container-structure-tests.yml

.github/workflows/lint-build-test.yml

@@ -0,0 +1,20 @@
+name: lint-dockerfile
+
+# trigger on any Dockerfile modification
+on:
+  push:
+    paths:
+      - "Dockerfile"
+
+jobs:
+  lint:
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Lint Dockerfile
+        uses: brpaz/hadolint-action@v1.3.1
+        with:
+          dockerfile: "Dockerfile"

.github/workflows/lint-dockerfile.yml

@@ -7,28 +7,16 @@ on:
       - "master"
     paths-ignore:
       - "!README.md"
+      - "!CODE_OF_CONDUCT.md"
 
 env:
   ORGANIZATION: "zenika"
   IMAGE_NAME: "terraform-azure-cli"
   IMAGE_TAG: "latest"
 
 jobs:
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v2
-
-      - name: Lint Dockerfile
-        uses: brpaz/hadolint-action@master
-        with:
-          dockerfile: "Dockerfile"
-
   build_push_latest:
-    runs-on: ubuntu-latest
-    needs: lint
+    runs-on: ubuntu-20.04
 
     steps:
       - name: Check out the repo

.github/workflows/push-latest.yml

@@ -6,34 +6,32 @@ on:
     types: [published]
 
 jobs:
-  lint:
-    runs-on: ubuntu-latest
+  load_supported_versions:
+    runs-on: ubuntu-20.04
+
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
 
     steps:
       - name: Check out the repo
         uses: actions/checkout@v2
 
-      - name: Lint Dockerfile
-        uses: brpaz/hadolint-action@master
-        with:
-          dockerfile: "Dockerfile"
+      - name: Save supported versions as output
+        id: set-matrix
+        run: |
+          SUPPORTED_VERSIONS=$(cat ./supported_versions.json)
+          SUPPORTED_VERSIONS="${SUPPORTED_VERSIONS//'%'/%25}"
+          SUPPORTED_VERSIONS="${SUPPORTED_VERSIONS//$'\n'/%0A}"
+          SUPPORTED_VERSIONS="${SUPPORTED_VERSIONS//$'\r'/%0D}"
+          echo "::set-output name=matrix::${SUPPORTED_VERSIONS}"
 
   build_push_release:
-    runs-on: ubuntu-latest
-    needs: lint
+    runs-on: ubuntu-20.04
+    needs:
+      - load_supported_versions
 
     strategy:
-      matrix:
-        tf_version:
-          - "0.11.14"
-          - "0.12.29"
-          - "0.13.5"
-          - "0.14.0"
-
-        azcli_version:
-          - "2.13.0"
-          - "2.14.2"
-          - "2.15.1"
+      matrix: ${{ fromJSON(needs.load_supported_versions.outputs.matrix) }}
 
     env:
       ORGANIZATION: "zenika"

.github/workflows/release.yml

@@ -1,16 +1,17 @@
 # Setup build arguments with default versions
-ARG AZURE_CLI_VERSION=2.15.1
-ARG TERRAFORM_VERSION=0.14.0
+ARG AZURE_CLI_VERSION=2.20.0
+ARG TERRAFORM_VERSION=0.14.8
 ARG PYTHON_MAJOR_VERSION=3.7
-ARG DEBIAN_VERSION=buster-20201012-slim
+ARG DEBIAN_VERSION=buster-20210208-slim
 
 # Download Terraform binary
 FROM debian:${DEBIAN_VERSION} as terraform-cli
 ARG TERRAFORM_VERSION
 RUN apt-get update
+RUN apt-get install -y --no-install-recommends apt-utils=1.8.2.2
 RUN apt-get install -y --no-install-recommends curl=7.64.0-4+deb10u1
-RUN apt-get install -y --no-install-recommends ca-certificates=20190110
-RUN apt-get install -y --no-install-recommends unzip=6.0-23+deb10u1
+RUN apt-get install -y --no-install-recommends ca-certificates=20200601~deb10u2
+RUN apt-get install -y --no-install-recommends unzip=6.0-23+deb10u2
 RUN apt-get install -y --no-install-recommends gnupg=2.2.12-1+deb10u1
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
@@ -27,21 +28,23 @@ FROM debian:${DEBIAN_VERSION} as azure-cli
 ARG AZURE_CLI_VERSION
 ARG PYTHON_MAJOR_VERSION
 RUN apt-get update
+RUN apt-get install -y --no-install-recommends apt-utils=1.8.2.2
 RUN apt-get install -y --no-install-recommends python3=${PYTHON_MAJOR_VERSION}.3-1
 RUN apt-get install -y --no-install-recommends python3-pip=18.1-5
 RUN apt-get install -y --no-install-recommends gcc=4:8.3.0-1
 RUN apt-get install -y --no-install-recommends python3-dev=${PYTHON_MAJOR_VERSION}.3-1
-RUN pip3 install setuptools==50.3.2
-RUN pip3 install wheel==0.35.1
-RUN pip3 install azure-cli==${AZURE_CLI_VERSION}
+RUN pip3 install --upgrade --no-cache-dir pip==21.0.1
+RUN pip3 install --no-cache-dir setuptools==54.1.1
+RUN pip3 install --no-cache-dir wheel==0.36.2
+RUN pip3 install --no-cache-dir azure-cli==${AZURE_CLI_VERSION}
 
 # Build final image
 FROM debian:${DEBIAN_VERSION}
 LABEL maintainer="bgauduch@github"
 ARG PYTHON_MAJOR_VERSION
 RUN apt-get update \
   && apt-get install -y --no-install-recommends \
-    ca-certificates=20190110 \
+    ca-certificates=20200601~deb10u2 \
     git=1:2.20.1-2+deb10u3 \
     python3=${PYTHON_MAJOR_VERSION}.3-1 \
     python3-distutils=${PYTHON_MAJOR_VERSION}.3-1 \