-
Notifications
You must be signed in to change notification settings - Fork 84
117 lines (105 loc) · 3.44 KB
/
go-test-deployment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
---
name: Deployment test
on:
pull_request_target:
types: ['opened', 'reopened', 'synchronize', 'labeled']
workflow_dispatch:
inputs:
test_filter:
type: string
default: ''
description: Filter for the tests to run
required: false
terratest_log:
type: string
default: ''
description: Enable Terratest logging
required: false
permissions:
contents: read
pull-requests: read
id-token: write
actions: read
checks: read
deployments: read
concurrency:
group: deploytest-${{ github.event.pull_request.head.repo.full_name }}/${{ github.head_ref || github.run_id }}
cancel-in-progress: false
jobs:
deploytest:
name: Deployment test
environment: CSUTF
if: |
(
(
contains(github.event.pull_request.labels.*.name, 'PR: Safe to test :test_tube:')
)
||
(
github.event_name == 'workflow_dispatch'
)
)
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
azapi_version: ['latest']
azurerm_version: ['latest']
terraform_version: ['latest']
steps:
- name: Show env
run: env | sort
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ matrix.terraform_version }}
terraform_wrapper: false
- name: Setup go
uses: actions/setup-go@v4
with:
go-version: '1.20.x'
cache-dependency-path: tests/go.sum
- name: Azure login
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
allow-no-subscriptions: true
# This is a terrible hack but this is due to the fact that AZURE_TENANT_ID is required,
# it allows MSI to be tried for authentication. As GitHub actions runners are in Azure, this fails.
# This only works on Linux based runners
- name: iptables block MSI endpoint
run: sudo iptables -I OUTPUT --destination 169.254.169.254 -j REJECT
- name: Set GOMAXPROCS to 2 * number of cores
run: |
CORES="$(grep -Pc '^processor\t' /proc/cpuinfo)"
((DOUBLE=CORES*2))
echo "Setting GOMAXPROCS to $DOUBLE"
echo "GOMAXPROCS=$DOUBLE" >> "$GITHUB_ENV"
- name: Go test
run: make TESTARGS='-v' TESTFILTER='${{ github.event.inputs.test_filter }}' testdeploy
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_USE_OIDC: true
AZURE_BILLING_SCOPE: ${{ secrets.AZURE_BILLING_SCOPE }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZAPI_VERSION: ${{ matrix.azapi_version }}
AZURERM_VERSION: ${{ matrix.azurerm_version }}
TERRATEST_LOG: ${{ github.event.inputs.terratest_log }}
# This only works on Linux based runners
- name: Azure logout
uses: azure/CLI@v1
if: always()
with:
inlineScript: |
az logout
az cache purge
az account clear