ci(deps): bump actions/setup-python #49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: bootstrap-infrastructure-deployment | |
| env: | |
| PYTHON_VERSION: "3.13" | |
| on: | |
| push: | |
| branches: ["main"] | |
| paths: | |
| - "infrastructure/bootstrap/**" | |
| - ".github/workflows/infra-pipeline.yml" | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write # This is required for requesting the JWT | |
| jobs: | |
| conventional-commit-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Conventional commit check | |
| uses: cocogitto/cocogitto-action@v3 | |
| run-unit-tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - conventional-commit-check | |
| defaults: | |
| run: | |
| working-directory: infrastructure/bootstrap | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Log in to Azure using OIDC | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZ_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZ_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.5.7 | |
| # https://github.com/gruntwork-io/terragrunt/issues/1202 | |
| terraform_wrapper: false | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -backend-config=./backend-config-test.hcl | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_USE_OIDC: true | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.21.0 | |
| - name: Download Go modules | |
| run: | | |
| cd tests/unit | |
| go mod download | |
| - name: Run Terratest Unit Test (via Go) | |
| run: | | |
| cd tests/unit | |
| go test -timeout 5m | |
| env: | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_USE_OIDC: true | |
| terraform-compliance: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - conventional-commit-check | |
| defaults: | |
| run: | |
| working-directory: infrastructure/bootstrap | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Log in to Azure using OIDC | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZ_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZ_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| - name: Set up Python version | |
| uses: actions/[email protected] | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: "pip" | |
| - name: Install terraform terraform-compliance | |
| run: | | |
| pip install terraform-compliance | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.5.7 | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -backend-config=./dev/backend-config.hcl | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_USE_OIDC: true | |
| - name: Terraform Plan | |
| run: | | |
| terraform plan -out plan | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_USE_OIDC: true | |
| - name: Terraform Compliance | |
| run: | | |
| terraform-compliance -f tests/compliance -p plan | |
| tf-code-lint-and-sast: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - conventional-commit-check | |
| defaults: | |
| run: | |
| working-directory: infrastructure/bootstrap | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install TFSec | |
| run: | | |
| curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash | |
| - name: TFSec Static Code Analysis | |
| run: tfsec . | |
| - name: Install TFLint | |
| uses: terraform-linters/setup-tflint@v4 | |
| with: | |
| tflint_version: latest | |
| - name: Lint TF code | |
| run: tflint --chdir ./ | |
| - name: Log in to Azure using OIDC | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZ_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZ_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -backend-config=./backend-config-test.hcl | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_USE_OIDC: true | |
| - name: Check TF code fmt and validation | |
| run: terraform fmt --diff --check --recursive && terraform validate | |
| dev-terraform-plan: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - run-unit-tests | |
| - terraform-compliance | |
| - tf-code-lint-and-sast | |
| defaults: | |
| run: | |
| working-directory: infrastructure/bootstrap | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Log in to Azure using OIDC | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZ_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZ_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.5.7 | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -backend-config=./dev/backend-config.hcl -var-file=./dev/terraform.tfvars | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_USE_OIDC: true | |
| - name: Terraform Plan | |
| run: | | |
| terraform plan -var-file=./dev/terraform.tfvars -out plan | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_USE_OIDC: true | |
| dev-terraform-apply: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - dev-terraform-plan | |
| defaults: | |
| run: | |
| working-directory: infrastructure/bootstrap | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Log in to Azure using OIDC | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZ_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZ_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.5.7 | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -backend-config=./dev/backend-config.hcl -var-file=./dev/terraform.tfvars | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_USE_OIDC: true | |
| - name: Terraform Apply | |
| run: | | |
| terraform apply --auto-approve -var-file=./dev/terraform.tfvars | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_USE_OIDC: true | |
| placeholder-dev-infra-e2e-test: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - dev-terraform-apply | |
| steps: | |
| - name: Placeholder for placeholder-dev-infra-e2e-test | |
| run: | | |
| echo "Implement e2e test and execute them here in the pipeline" | |
| placeholder-pre-terraform-plan: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - placeholder-dev-infra-e2e-test | |
| steps: | |
| - name: Placeholder for placeholder-dev-infra-e2e-test | |
| run: | | |
| echo "Implement e2e test and execute them here in the pipeline" | |
| placeholder-pre-terraform-apply: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - placeholder-pre-terraform-plan | |
| steps: | |
| - name: Placeholder for placeholder-dev-infra-e2e-test | |
| run: | | |
| echo "Implement e2e test and execute them here in the pipeline" | |
| placeholder-pre-infra-e2e-test: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - placeholder-pre-terraform-apply | |
| steps: | |
| - name: Placeholder for placeholder-dev-infra-e2e-test | |
| run: | | |
| echo "Implement e2e test and execute them here in the pipeline" | |
| placeholder-prod-terraform-plan: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - placeholder-pre-infra-e2e-test | |
| steps: | |
| - name: Placeholder for placeholder-dev-infra-e2e-test | |
| run: | | |
| echo "Implement e2e test and execute them here in the pipeline" | |
| placeholder-prod-change-management: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - placeholder-prod-terraform-plan | |
| steps: | |
| - name: Placeholder for placeholder-dev-infra-e2e-test | |
| run: | | |
| echo "Implement e2e test and execute them here in the pipeline" | |
| placeholder-prod-manual-approval: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - placeholder-prod-change-management | |
| steps: | |
| - name: Placeholder for placeholder-dev-infra-e2e-test | |
| run: | | |
| echo "Implement e2e test and execute them here in the pipeline" | |
| placeholder-prod-terraform-apply: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - placeholder-prod-manual-approval | |
| steps: | |
| - name: Placeholder for placeholder-dev-infra-e2e-test | |
| run: | | |
| echo "Implement e2e test and execute them here in the pipeline" | |
| placeholder-prod-e2e-test: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - placeholder-prod-terraform-apply | |
| steps: | |
| - name: Placeholder for placeholder-dev-infra-e2e-test | |
| run: | | |
| echo "Implement e2e test and execute them here in the pipeline" |