-
Notifications
You must be signed in to change notification settings - Fork 2
152 lines (147 loc) · 5.24 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# Terraform Provider testing workflow.
name: Tests
# This GitHub action runs your tests for each pull request and push.
# Optionally, you can turn it on using a schedule for regular testing.
on:
pull_request:
paths-ignore:
- "README.md"
push:
branches:
- "main"
tags:
- "v*"
env:
AWS_REGION: "us-west-2"
permissions:
contents: write
jobs:
# Ensure project builds before running testing matrix
build:
name: Build
runs-on: ubuntu-latest
defaults:
run:
working-directory: provider
timeout-minutes: 5
steps:
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
go-version: "1.20"
cache: true
- run: go mod download
- run: go build -v .
- name: Run linters
uses: golangci/golangci-lint-action@v6
with:
version: v1.60
working-directory: provider
skip-cache: true
scan-for-secrets:
name: Scan for Secrets
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
generate:
name: Generate
runs-on: ubuntu-latest
defaults:
run:
working-directory: provider
steps:
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
go-version: "1.20"
cache: true
- run: go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs generate --provider-name cdo --rendered-provider-name "CDO Provider" --rendered-website-dir ../docs
- name: git diff
run: |
git diff --compact-summary --exit-code || \
(echo; echo "Unexpected difference in directories after docs generation. Run 'go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs generate --provider-name cdo --rendered-provider-name \"CDO Provider\" --rendered-website-dir ../docs' command from the provider directory and commit."; exit 1)
# Run unit tests
unit-test:
name: Terraform Client Unit Tests
needs: build
runs-on: ubuntu-latest
defaults:
run:
working-directory: client
timeout-minutes: 15
strategy:
fail-fast: false
steps:
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
go-version: "1.20"
cache: true
- name: Run Go Test
run: go test ./...
# Run acceptance tests in a matrix with Terraform CLI versions on merge to master
acceptance-test:
name: Terraform Provider Acceptance Tests
needs: unit-test
runs-on: ubuntu-latest
# if: github.ref == 'refs/heads/main'
defaults:
run:
working-directory: provider
timeout-minutes: 15
concurrency: "ci" # fixed group so that it never parallel, even in different PR
strategy:
fail-fast: false
max-parallel: 1 # acceptance tests create real infra, so no parallel run is enabled
matrix:
# list whatever Terraform versions here you would like to support
terraform:
- "1.3.*"
- "1.4.*"
- "1.5.*"
steps:
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
go-version: "1.20"
cache: true
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
with:
terraform_version: ${{ matrix.terraform }}
terraform_wrapper: false
- run: go mod download
- run: cat .github-action.env >> $GITHUB_ENV # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
- env:
TF_ACC: "1"
ACC_TEST_CISCO_CDO_API_TOKEN: ${{ secrets.ACC_TEST_CISCO_CDO_API_TOKEN }}
IOS_RESOURCE_PASSWORD: ${{ secrets.IOS_RESOURCE_PASSWORD }}
ASA_RESOURCE_SDC_PASSWORD: ${{ secrets.ASA_RESOURCE_SDC_PASSWORD }}
DUO_ADMIN_PANEL_RESOURCE_INTEGRATION_KEY: ${{ secrets.DUO_ADMIN_PANEL_RESOURCE_INTEGRATION_KEY }}
DUO_ADMIN_PANEL_RESOURCE_SECRET_KEY: ${{ secrets.DUO_ADMIN_PANEL_RESOURCE_SECRET_KEY }}
run: go test -v -cover -p 1 -run "TestAcc.*" ./...
timeout-minutes: 10
tag-release-version:
name: "Tag Release Version"
needs: [acceptance-test, unit-test]
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- name: Checkout repository code
uses: actions/checkout@v2
- name: Create and push tag
uses: mathieudutour/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
# we cannot trigger workflow using above's tagging, so we need to do it manually
release:
name: "Release"
if: github.ref == 'refs/heads/main'
needs: [tag-release-version]
uses: ./.github/workflows/module-release.yml
secrets: inherit