-
Notifications
You must be signed in to change notification settings - Fork 33
189 lines (188 loc) · 6.69 KB
/
tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: 'Tests'
on:
push:
branches:
- 'main'
pull_request:
paths:
- "**.tf"
- "**.go"
jobs:
pre_run:
name: 'setup-gh-workers'
permissions:
id-token: write
contents: read
runs-on: 'ubuntu-latest'
steps:
- name: Clone repo
uses: actions/checkout@master
- id: 'auth'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROVIDER_NAME }} # this is the output provider_name from the TF module
service_account: ${{ secrets.SVC_ACCOUNT_EMAIL }} # this is a SA email configured to create gh-runner MIGs
export_environment_variables: false
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.1.9
terraform_wrapper: false
- name: Set Secrets
id: secrets
run: |
bash test/setup/github-runners/scripts/fetch_vsphere_secrets.sh \
${{ steps.auth.outputs.project_id }} \
${{ steps.auth.outputs.credentials_file_path }} \
${{ secrets.SVC_ACCOUNT_EMAIL }} \
${{ secrets.VSPHERE_SERVER_SECRET }} \
${{ secrets.VSPHERE_USER_SECRET }} \
${{ secrets.VSPHERE_PASSWORD_SECRET }}
shell: bash
- name: Terraform Init
id: init
run: |
echo "bucket=\"${{ secrets.TF_BACKEND_BUCKET }}\"" > backend.tfvars
terraform init -backend-config=backend.tfvars
working-directory: ./test/setup/github-runners # Use your environment folder
shell: bash
- name: Terraform Plan
id: plan
run: |
echo ${{ secrets.GH_RUNNER_TFVAR }} | base64 -d > terraform.tfvars
terraform plan
working-directory: ./test/setup/github-runners # Use your environment folder
shell: bash
- name: Terraform Destroy
id: destroy
run: |
echo ${{ secrets.GH_RUNNER_TFVAR }} | base64 -d > terraform.tfvars
terraform destroy -auto-approve && terraform destroy -auto-approve && sleep 5
working-directory: ./test/setup/github-runners # Use your environment folder
shell: bash
- name: Terraform Apply
id: apply
run: |
echo ${{ secrets.GH_RUNNER_TFVAR }} | base64 -d > terraform.tfvars
terraform apply -auto-approve
working-directory: ./test/setup/github-runners # Use your environment folder
shell: bash
run_tests:
name: 'run-gcve-test'
needs: pre_run
permissions:
id-token: write
contents: read
runs-on: 'self-hosted'
container:
image: gcr.io/cloud-foundation-cicd/cft/developer-tools:1
steps:
- name: Clone repo
uses: actions/checkout@master
- id: 'auth'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROVIDER_NAME }} # this is the output provider_name from the TF module
service_account: ${{ secrets.SVC_ACCOUNT_EMAIL }} # this is a SA email configured to create gh-runner MIGs
export_environment_variables: false
- name: Set Secrets
id: secrets
run: |
bash test/setup/github-runners/scripts/fetch_vsphere_secrets.sh \
${{ steps.auth.outputs.project_id }} \
${{ steps.auth.outputs.credentials_file_path }} \
${{ secrets.SVC_ACCOUNT_EMAIL }} \
${{ secrets.VSPHERE_SERVER_SECRET }} \
${{ secrets.VSPHERE_USER_SECRET }} \
${{ secrets.VSPHERE_PASSWORD_SECRET }} \
${{ secrets.NSXT_SERVER_SECRET }} \
${{ secrets.NSXT_USER_SECRET }} \
${{ secrets.NSXT_PASSWORD_SECRET }}
shell: bash
- name: CFT Test Init
id: cft_init
run: |
cft test run all --stage init --verbose
shell: bash
env:
TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}
- name: CFT Test Apply
id: cft_apply
run: |
cft test run all --stage apply --verbose
shell: bash
env:
TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}
- name: CFT Test Verify
id: cft_verify
run: |
cft test run all --stage verify --verbose
shell: bash
env:
TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}
- name: CFT Test Destroy
id: cft_destroy
run: |
cft test run all --stage destroy --verbose || cft test run all --stage destroy --verbose
shell: bash
env:
TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}
post_run:
name: 'cleanup-gh-workers'
needs: run_tests
permissions:
id-token: write
contents: read
runs-on: 'ubuntu-latest'
steps:
- name: Clone repo
uses: actions/checkout@master
- id: 'auth'
uses: 'google-github-actions/auth@v0.4.0'
with:
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROVIDER_NAME }} # this is the output provider_name from the TF module
service_account: ${{ secrets.SVC_ACCOUNT_EMAIL }} # this is a SA email configured to create gh-runner MIGs
export_environment_variables: false
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.1.9
terraform_wrapper: false
- name: Set Secrets
id: secrets
run: |
bash test/setup/github-runners/scripts/fetch_vsphere_secrets.sh \
${{ steps.auth.outputs.project_id }} \
${{ steps.auth.outputs.credentials_file_path }} \
${{ secrets.SVC_ACCOUNT_EMAIL }} \
${{ secrets.VSPHERE_SERVER_SECRET }} \
${{ secrets.VSPHERE_USER_SECRET }} \
${{ secrets.VSPHERE_PASSWORD_SECRET }}
shell: bash
- name: Terraform Init
id: init
run: |
echo "bucket=\"${{ secrets.TF_BACKEND_BUCKET }}\"" > backend.tfvars
terraform init -backend-config=backend.tfvars
working-directory: ./test/setup/github-runners # Use your environment folder
shell: bash
- name: Terraform Destroy
id: destroy
run: |
echo ${{ secrets.GH_RUNNER_TFVAR }} | base64 -d > terraform.tfvars
terraform destroy -auto-approve
working-directory: ./test/setup/github-runners # Use your environment folder
shell: bash