Skip to content

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.0 #1306

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.0

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.0 #1306

---
name: Deployment test
on:
pull_request_target:
types: ['opened', 'reopened', 'synchronize', 'labeled']
workflow_dispatch:
inputs:
test_filter:
type: string
default: ''
description: Filter for the tests to run
required: false
terratest_log:
type: string
default: ''
description: Enable Terratest logging
required: false
permissions:
contents: read
pull-requests: read
id-token: write
actions: read
checks: read
deployments: read
concurrency:
group: deploytest-${{ github.event.pull_request.head.repo.full_name }}/${{ github.head_ref || github.run_id }}
cancel-in-progress: false
jobs:
deploytest:
name: Deployment test
environment: CSUTF
if: |
(
(
contains(github.event.pull_request.labels.*.name, 'PR: Safe to test :test_tube:')
)
||
(
github.event_name == 'workflow_dispatch'
)
)
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
azapi_version: ['latest']
azurerm_version: ['latest']
terraform_version: ['latest']
steps:
- name: Show env
run: env | sort
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ matrix.terraform_version }}
terraform_wrapper: false
- name: Setup go
uses: actions/setup-go@v5
with:
go-version: '1.20.x'
cache-dependency-path: tests/go.sum
- name: Azure login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
allow-no-subscriptions: true
# This is a terrible hack but this is due to the fact that AZURE_TENANT_ID is required,
# it allows MSI to be tried for authentication. As GitHub actions runners are in Azure, this fails.
# This only works on Linux based runners
- name: iptables block MSI endpoint
run: sudo iptables -I OUTPUT --destination 169.254.169.254 -j REJECT
- name: Set GOMAXPROCS to 2 * number of cores
run: |
CORES="$(grep -Pc '^processor\t' /proc/cpuinfo)"
((DOUBLE=CORES*2))
echo "Setting GOMAXPROCS to $DOUBLE"
echo "GOMAXPROCS=$DOUBLE" >> "$GITHUB_ENV"
- name: Go test
run: make TESTARGS='-v' TESTFILTER='${{ github.event.inputs.test_filter }}' testdeploy
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_USE_OIDC: true
AZURE_BILLING_SCOPE: ${{ secrets.AZURE_BILLING_SCOPE }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZAPI_VERSION: ${{ matrix.azapi_version }}
AZURERM_VERSION: ${{ matrix.azurerm_version }}
TERRATEST_LOG: ${{ github.event.inputs.terratest_log }}
# This only works on Linux based runners
- name: Azure logout
uses: azure/CLI@v2
if: always()
with:
inlineScript: |
az logout
az cache purge
az account clear