restrict-cloudwatch-permissions #1025
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
permissions: | |
id-token: write | |
contents: read | |
name: Run Tests | |
on: | |
pull_request: | |
branches: | |
- '*' | |
concurrency: staging_environment | |
jobs: | |
test-cli: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
max-parallel: 1 | |
matrix: | |
include: | |
- {python-version: '3.9', os: ubuntu-latest, dashboard: cudos } | |
- {python-version: '3.10', os: macos-latest, dashboard: cudos } | |
- {python-version: '3.11', os: ubuntu-latest, dashboard: cudos } | |
- {python-version: '3.12', os: macos-latest, dashboard: cudos } | |
steps: | |
- name: Git clone the repository | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install | |
run: | | |
python -m pip install --upgrade pip | |
pip install ./ | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE }} | |
role-session-name: ${{ secrets.AWS_SESSION_NAME }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Basic check | |
run: | | |
cid-cmd status | |
- name: Install Bats | |
run: | | |
sudo apt-get install -y bats | |
- name: Check Bats Verson | |
run: | | |
bats -v | |
- name: Run Bats Tests | |
run: | | |
bats cid/test/bats/10-deploy-update-delete/${{ matrix.dashboard }}.bats | |
- name: Save logs | |
if: always() | |
run: | | |
aws s3 cp ./cid.log s3://aws-cid-stage-logs/$GITHUB_EVENT_NAME/$GITHUB_REF_NAME/$GITHUB_RUN_NUMBER/python${{ matrix.python-version }}-${{ matrix.os }}/ | |
publish-lambda-layer: | |
needs: test-cli | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
max-parallel: 1 | |
steps: | |
- name: Git clone the repository | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.x' | |
- name: Install | |
run: | | |
python -m pip install --upgrade pip | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE }} | |
role-session-name: ${{ secrets.AWS_SESSION_NAME }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Push LambdaLayer to S3 | |
run: | | |
./assets/publish_lambda_layer.sh | |
test-cfn: | |
needs: publish-lambda-layer | |
runs-on: 'ubuntu-latest' | |
steps: | |
- name: Git clone the repository | |
uses: actions/checkout@v3 | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE }} | |
role-session-name: ${{ secrets.AWS_SESSION_NAME }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Install Bats | |
run: | | |
sudo apt-get install -y bats | |
bats -v | |
- name: Run Bats Tests for CloudFormation | |
run: | | |
export lambda_bucket='aws-cid-stage' | |
# bats cfn-templates/cid-cfn.tests.bats |