-
Notifications
You must be signed in to change notification settings - Fork 111
126 lines (107 loc) · 3.95 KB
/
e2e-parallel-full.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: e2e-parallel-full
on:
workflow_dispatch:
inputs:
TFDestroy:
description: 'Destroy TF Automatically (false/true) - Default: true'
required: true
default: 'true'
concurrency: e2e-parallel-full
env:
BUCKET_NAME: terraform-crossplane-on-eks-github-actions-state
permissions:
contents: read
jobs:
prereq-cleanup:
name: Prerequisite Cleanup
runs-on: ubuntu-latest
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- name: Auth AWS
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
aws-region: us-east-1
role-duration-seconds: 3600
role-session-name: GithubActions-Session
- name: Ensure load balancers and sgs are removed
run: |
pip3 install boto3
python3 .github/scripts/e2e-delete-sgs.py
python3 .github/scripts/e2e-delete-lbs.py
python3 .github/scripts/e2e-delete-log-groups.py
deploy:
name: Run e2e test
runs-on: ubuntu-latest
needs: prereq-cleanup
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
matrix:
include:
- example_path: bootstrap/terraform
# - example_path: bootstrap/terraform-fully-private
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- name: Setup backend
# Un-comment remote backend for use in workflow
run: sed -i "s/# //g" ${{ matrix.example_path }}/versions.tf
- name: Auth AWS
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
aws-region: us-east-1
role-duration-seconds: 3600
role-session-name: GithubActions-Session
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.8.4
- name: Terraform Apply
id: apply
working-directory: ${{ matrix.example_path }}
run: |
terraform init -upgrade=true
terraform apply -no-color -auto-approve
- name: Terraform Destroy Addons
if: github.event.inputs.TFDestroy == 'true' && (steps.apply.outcome == 'success' || steps.apply.outcome == 'failure')
working-directory: ${{ matrix.example_path }}
run: |
terraform init -upgrade=true
terraform destroy -target="module.crossplane" -no-color -auto-approve
terraform destroy -target="module.gatekeeper" -no-color -auto-approve
terraform destroy -target="module.eks_blueprints_addons" -no-color -auto-approve
terraform destroy -target="module.eks" -no-color -auto-approve
- name: Ensure load balancers and sgs are removed
run: |
pip3 install boto3
python3 .github/scripts/e2e-delete-sgs.py
python3 .github/scripts/e2e-delete-lbs.py
python3 .github/scripts/e2e-delete-log-groups.py
- name: Terraform Destroy Resources
run: |
terraform destroy -target="module.vpc" -no-color -auto-approve
terraform destroy -no-color -auto-approve
- name: Fail if TF apply failed
if: steps.apply.outcome == 'failure'
run: |
echo "Terraform Apply step failed...Please check the logs of the Terraform Apply step."
echo "Failing the job to avoid false positives."
exit 1