-
Notifications
You must be signed in to change notification settings - Fork 0
190 lines (153 loc) · 5.48 KB
/
ci.yml
File metadata and controls
190 lines (153 loc) · 5.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
name: Continuous Integration
on:
pull_request:
types: [opened, edited, synchronize, ready_for_review]
branches:
- main
jobs:
lint-test:
name: Lint and Test Python code
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Python 3.8.1
uses: actions/setup-python@v2
with:
python-version: 3.8.1
- name: Install dependencies
run: |
make setup
- name: Lint our code
run: |
make lints.format.check
- name: Test our code
run: |
make test.coverage
create-lambda-layer-zip:
name: Create lambda layer zip
needs: lint-test
runs-on: ubuntu-20.04
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Python 3.8.1
uses: actions/setup-python@v2
with:
python-version: 3.8.1
- name: Install aws-xray-sdk
run: |
pip3 install aws-xray-sdk -t ./python
- name: Zip aws-xray-sdk
run: |
zip -r layer.zip ./python
- name: Upload layer.zip artifact
uses: actions/upload-artifact@v4
with:
name: layer
path: ./layer.zip
test-infra:
needs: create-lambda-layer-zip
name: Test Infrastructure w/ Localstack
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Start Localstack
run: |
pip install localstack awscli-local[ver1] # install LocalStack cli and awslocal
docker pull localstack/localstack # Make sure to pull the latest version of the image
localstack start -d # Start LocalStack in the background
echo "Waiting for LocalStack startup..." # Wait 30 seconds for the LocalStack container
localstack wait -t 30 # to become ready before timing out
echo "Startup complete"
- name: Override AWS Provider
run: cp tests/test_provider.tf providers.tf
- name: Initialize Terraform against our localstack
run: terraform init
- name: Download layer.zip from previous job
uses: actions/download-artifact@v3
with:
name: layer
- name: Apply Terraform to Localstack
run: terraform apply -auto-approve -input=false -var access_key=test -var secret_key=test
- name: Invoke Lambda
run: |
awslocal lambda list-functions
awslocal lambda invoke --function-name lambda --payload '{ "foo": "bar" }' response.json
# grep "Hello from lambda" response.json
cat response.json
- name: Destroy Terraform Resources in Localstack
run: terraform destroy -var access_key=test -var secret_key=test -auto-approve
plan-infra:
needs: [test-infra]
name: Plan Infrastructure w/ Terraform
runs-on: ubuntu-20.04
permissions:
contents: read
id-token: write
packages: read
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Generate .auto.tfvars
run: |
echo "access_key=\"${{ secrets.AWS_ACCESS_KEY_ID }}\"" >> ./.auto.tfvars
echo "secret_key=\"${{ secrets.AWS_SECRET_ACCESS_KEY }}\"" >> ./.auto.tfvars
echo "---------------------------------------------------------"
cat ./.auto.tfvars
echo "---------------------------------------------------------"
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terrform format
id: fmt
run: terraform fmt -check
- name: Terraform Init
id: init
env:
TF_TOKEN: ${{ secrets.TF_API_TOKEN }}
run: terraform init
- name: Download layer.zip from previous job
uses: actions/download-artifact@v3
with:
name: layer
- name: Terraform validate
id: validate
run: terraform validate -no-color
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
run: terraform plan -no-color -input=false
continue-on-error: true
- name: Update Pull Request
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1