.github/workflows/tests-integration.yaml

name: Tests | Integration

on: [pull_request, workflow_dispatch]

jobs:
  integration_tests:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: build_image
        run: |
          echo "[INFO] Building image"
          make build-image
        shell: bash

      - name: run_integration_tests
        run: |
          echo "[INFO] Running integration tests"
          make test-int
        shell: bash

  integration_tests_cli_refarch:
    runs-on: ubuntu-latest
    strategy:
      max-parallel: 1
      matrix:
        python-version: [3.8.14,3.9.15,3.10.8]
    steps:
      - name: Checkout base branch
        uses: actions/checkout@v3

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v2
        with:
          python-version: ${{ matrix.python-version }}

      - name: Build Leverage CLI
        run: |
          printf "[INFO] Building Leverage CLI\n"
          if ! (which pipenv 2>/dev/null); then printf "Installing pipenv..." && pip install pipenv && pipenv --python $(which python) ; else printf "pipenv is already installed"; fi
          printf "Working with python version $(python --version)"
          make build
          pip install -e .

      - name: Create directories
        run: |
          mkdir -p ../theadamproject
          # These are later mounted in the container
          mkdir ~/.ssh && touch ~/.gitconfig

      - name: Project Init
        run: |
          printf "[INFO] Project Init\n"
          leverage project init
          if [[ -f project.yaml ]];
          then
              printf "[INFO]    OK \n"
          else
              printf "[ERROR]    Fail \n"
              exit 1
          fi
        working-directory: ../theadamproject

      - name: Set project file and create
        run: |
          printf "[INFO] Setting Project file\n"
          sed 's/<project name>/the-adam-project/' -i project.yaml
          sed 's/<short project name>/bb/' -i project.yaml
          sed 's/<management email address>/bb@domainmgmt/' -i project.yaml
          sed 's/<security email address>/bb@domainsec/' -i project.yaml
          sed 's/<shared email address>/bb@domainshared/' -i project.yaml
          sed 's/<user.name>/bbuser/' -i project.yaml
          printf "[INFO] Creating Project"
          leverage project create
          printf "[INFO] Checking Project"
          for i in config management security shared; do if [[ ! -d $i ]]; then echo '[ERROR] Fail' && exit 1; fi ;done

        working-directory: ../theadamproject

      - name: Set up credentials
        run: |
          printf "[INFO] Setting up credentials\n"
          mkdir -p  ~/.aws/bb
          aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile bb-deploymaster
          aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile bb-deploymaster
          aws configure set region us-east-1 --profile bb-apps-devstg-devops
          aws configure set output json --profile bb-apps-devstg-devops
          aws configure set role_arn arn:aws:iam::${{ secrets.AWS_DEVSTG_ACCOUNT_ID }}:role/DeployMaster --profile bb-apps-devstg-devops
          aws configure set source_profile bb-deploymaster --profile bb-apps-devstg-devops
          cat << EOF > ~/.aws/credentials
          [bb-deploymaster]
          aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          EOF
          cp ~/.aws/credentials ~/.aws/bb/
          cp ~/.aws/config ~/.aws/bb/

      - name: Configure Reference Architecture
        run: |
          echo "[INFO] Configure Reference Architecture\n"
          cat << EOF > ./config/common.tfvars
          project = "bb"
          project_long = "binbash"
          region_primary = "us-east-1"
          region_secondary = "us-east-2"
          vault_address = "vault_trash"
          vault_token = "vault_trash"
          sso_region = "us-east-1"
          sso_enabled = false
          sso_start_url = "sso_trash"

          accounts = {
            security = {
              id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }}
            }
          }
          EOF
          echo "[INFO] Disable MFA\n"
          sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env
        working-directory: ../theadamproject

      - name: Test Terraform
        env:
          LEVERAGE_INTERACTIVE: 0
        run: |
          printf "[INFO] Testing terraform\n"

          printf "[INFO]     Initializing layer\n"
          leverage tf init --skip-validation

        working-directory: ../theadamproject/security/us-east-1/base-tf-backend

      - name: Test AWS
        run: |
          printf "[INFO] Testing AWS\n"

          printf "[INFO]     Getting identity\n"
          ID=$(leverage aws sts get-caller-identity --profile bb-apps-devstg-devops | grep Account | sed -E 's/^.*("Account.+")[0-9]{12}".*$/\1************"/')
          if [[ "$ID" == "\"Account\": \"************\"" ]];
          then
              printf "[INFO]    OK \n"
          else
              printf "[ERROR]    Fail \n"
              exit 1
          fi

        working-directory: ../theadamproject/security/us-east-1/base-tf-backend


      - name: Clone Testing Reference Architecture repo
        run: |
          printf "[INFO] Cloning repo...\n"
          git clone https://github.com/binbashar/le-tf-infra-aws.git ../theblairwitchproject

      - name: Configure Testing Reference Architecture
        run: |
          echo "[INFO] Configure Reference Architecture\n"
          cat << EOF > ./config/common.tfvars
          project = "bb"
          project_long = "binbash"
          region_primary = "us-east-1"
          region_secondary = "us-east-2"
          vault_address = "vault_trash"
          vault_token = "vault_trash"
          sso_region = "us-east-1"
          sso_enabled = false
          sso_start_url = "sso_trash"

          accounts = {
            security = {
              id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }}
            }
          }
          EOF
          echo "[INFO] Disable MFA\n"
          sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env
          sed -E -i 's/^TERRAFORM_IMAGE_TAG=.+$/TERRAFORM_IMAGE_TAG=1.2.7-0.0.5/' build.env;
        working-directory: ../theblairwitchproject

      - name: Test Testing Reference Architecture
        env:
          LEVERAGE_INTERACTIVE: 0
        run: |

          printf "[INFO] Initializing layer\n"
          leverage tf init --layers cli-test-layer,base-identities

          printf "[INFO] Generating plan\n"
          leverage tf plan --layers cli-test-layer

          printf "[INFO] Applying changes\n"
          leverage tf apply -auto-approve --layers cli-test-layer

          printf "[INFO] Checking if all changes were applied\n"
          leverage tf plan -detailed-exitcode --layers cli-test-layer
          [[ $? -eq 2 ]] && printf "[WARN] There are still remaining changes\n"
          [[ $? -eq 0 ]] && printf "[INFO] Apply checks out\n"

          printf "[INFO] Destroying all generated created resources\n"
          leverage tf destroy -auto-approve --layers cli-test-layer
        working-directory: ../theblairwitchproject/apps-devstg/global