add CRI resource consume test #494
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Terraform Validation | |
on: | |
pull_request: | |
paths: | |
- '**.tf' | |
- '**.json' | |
- '**.tfvars' | |
- 'modules/terraform/**' | |
env: | |
TERRAFORM_AZURE_MODULES_DIR: modules/terraform/azure | |
TERRAFORM_AWS_MODULES_DIR: modules/terraform/aws | |
AWS_REGION: us-east-1 | |
jobs: | |
terraform-validation: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.10.0 | |
- name: Terraform Format Check | |
if: always() | |
run: | | |
terraform fmt --check -recursive --diff | |
if [ $? -ne 0 ]; then | |
echo "Please run 'terraform fmt -recursive' from root directory to format the code." | |
exit 1 | |
fi | |
- name: Terraform Azure Validation Check | |
if: always() | |
working-directory: ${{ env.TERRAFORM_AZURE_MODULES_DIR }} | |
run: | | |
terraform init | |
terraform validate | |
- name: Terraform AWS Validation Check | |
if: always() | |
working-directory: ${{ env.TERRAFORM_AWS_MODULES_DIR }} | |
run: | | |
terraform init | |
terraform validate | |
- uses: terraform-linters/setup-tflint@v4 | |
name: Setup TFLint | |
- name: Show version | |
run: tflint --version | |
- name: Init TFLint | |
run: tflint --init | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Terraform Lint Check | |
run: tflint --recursive --config "$GITHUB_WORKSPACE/.tflint.hcl" --minimum-failure-severity=warning | |
- name: Terraform AWS Test | |
working-directory: ${{ env.TERRAFORM_AWS_MODULES_DIR }} | |
run: terraform test | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
setup-matrix: | |
runs-on: ubuntu-latest | |
name: Setup terraform plan matrix for test scenarios | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup test matrix scenarios | |
id: setup-matrix-scenarios | |
run: | | |
set -eux | |
matrix=$(find $GITHUB_WORKSPACE/scenarios/ -name "*.tfvars" | grep -E '(aws|azure)' | awk -F'/' '{split($11, file_name, "."); split(file_name[1], cloud_region, "-");region= (length(cloud_region) > 1) ? substr($11, index($11, "-") + 1) : ""; cloud=cloud_region[1]; gsub(".json", "", region); print "{\"cloud\": \"" cloud "\", \"file_name\": \"" file_name[1] "\", " (region != "" ? "\"region\": \"" region "\", " : "") "\"scenario_type\": \"" $8 "\", \"scenario_name\": \"" $9 "\"},"}' | sort | uniq | sed 's/,$/,/') | |
matrix_array="[${matrix%,}]" | |
file_changes=$(git diff --name-only -r origin/main HEAD) | |
echo "PR file changes: $file_changes" | |
if [ -z "$file_changes" ]; then | |
matrix_combinations=null | |
echo "matrix_combinations=$matrix_combinations" >> "$GITHUB_OUTPUT" | |
else | |
cloud_changes=$(echo "$file_changes" | grep -E '\.tf$' | awk -F'/' '{print $3}' | uniq) | |
echo "File changes related to cloud: $cloud_changes" | |
run_all_tests=false | |
module_matrix='[]' | |
scenario_matrix='[]' | |
if [ $(echo "$cloud_changes" | wc -w) -eq 1 ]; then | |
cloud=$(echo "$cloud_changes" | cut -d' ' -f1) | |
module_matrix=$(echo "$matrix_array" | jq --arg cloud_value "$cloud" '. | map(select(.cloud == $cloud_value))') | |
elif [ $(echo "$cloud_changes" | wc -w) -eq 0 ]; then | |
run_all_tests=false | |
else | |
run_all_tests=true | |
module_matrix=$(echo "$matrix_array") | |
fi | |
echo "module_matrix: $module_matrix" | |
if [ "$run_all_tests" = false ]; then | |
changed_scenario_names=$(echo "$file_changes" | grep -E '^scenarios/' | awk -F'/' '{print $3}' | tr ' ' '\n' | sort -u) | |
echo "Test scenarios changed: $changed_scenario_names" | |
for scenario_name in $changed_scenario_names; do | |
filtered_objects=$(echo "$matrix_array" | jq --arg scenario_value "$scenario_name" '. | map(select(.scenario_name == $scenario_value))') | |
scenario_matrix=$(echo "$scenario_matrix $filtered_objects" | jq -s 'flatten | unique') | |
done | |
fi | |
updated_matrix=$(echo "$module_matrix $scenario_matrix" | jq -s 'flatten | unique') | |
echo "Test scenarios to run: $updated_matrix" | |
updated_matrix="${updated_matrix//$'\n'/''}" | |
matrix_combinations="{\"include\": ${updated_matrix%?}}" | |
echo "matrix_combinations={\"include\": ${updated_matrix} }" >> "$GITHUB_OUTPUT" | |
fi | |
echo "matrix_combinations: $matrix_combinations" | |
outputs: | |
matrix-combinations: ${{ steps.setup-matrix-scenarios.outputs.matrix_combinations }} | |
terraform-plan: | |
permissions: | |
id-token: write | |
contents: read | |
needs: setup-matrix | |
if: ${{ needs.setup-matrix.result == 'success' && needs.setup-matrix.outputs.matrix-combinations != 'null' && needs.setup-matrix.outputs.matrix-combinations['inlcude'] != '[]' }} | |
strategy: | |
fail-fast: false | |
max-parallel: 3 | |
matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix-combinations) }} | |
runs-on: ubuntu-latest | |
name: ${{ matrix.cloud }}-${{ matrix.scenario_type }}-${{ matrix.scenario_name }} ${{ matrix.region }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Get job id and set env | |
run: | | |
echo "TERRAFORM_INPUT_FILE=$GITHUB_WORKSPACE/scenarios/${{ matrix.scenario_type }}/${{ matrix.scenario_name }}/terraform-inputs/${{ matrix.file_name }}.tfvars" >> "$GITHUB_ENV" | |
echo "TERRAFORM_TEST_INPUT_FILE=$GITHUB_WORKSPACE/scenarios/${{ matrix.scenario_type }}/${{ matrix.scenario_name }}/terraform-test-inputs/${{ matrix.file_name }}.json" >> "$GITHUB_ENV" | |
echo "TERRAFORM_MODULES_DIR=modules/terraform/${{ matrix.cloud }}" >> "$GITHUB_ENV" | |
- name: Create JSON Input | |
run: | | |
INPUT_JSON_OBJECT=$(jq . ${{ env.TERRAFORM_TEST_INPUT_FILE }}) | |
INPUT_JSON_STRING=$(echo $INPUT_JSON_OBJECT | jq -c '. + {creation_time: (now | todateiso8601)}') | |
echo "INPUT_JSON=$INPUT_JSON_STRING" >> "$GITHUB_ENV" | |
- name: Azure login | |
if: ${{ matrix.cloud == 'azure' }} | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_MI }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: AWS login | |
if: ${{ matrix.cloud == 'aws' }} | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Terraform Init | |
working-directory: ${{ env.TERRAFORM_MODULES_DIR }} | |
run: terraform init | |
- name: Terraform Plan | |
working-directory: ${{ env.TERRAFORM_MODULES_DIR }} | |
run: | | |
terraform plan -var-file "$TERRAFORM_INPUT_FILE" -var="json_input=$INPUT_JSON" | |
env: | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
CLOUD: ${{ matrix.cloud }} |