add GH integration tests (actual deployment)

alexcasalboni · Mar 20, 2023 · ed0757b · ed0757b
1 parent 485f384
commit ed0757b
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 5 deletions.
diff --git a/.github/iam-oidc.yml b/.github/iam-oidc.yml
@@ -0,0 +1,33 @@
+Parameters:
+  OIDCAudience:
+    Description: Audience supplied to configure-aws-credentials.
+    Type: String
+
+Resources:
+  Role:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+          - Effect: Allow
+            Action: sts:AssumeRoleWithWebIdentity
+            Principal:
+              Federated: !Ref GithubOidc
+            Condition:
+              StringEquals:
+                token.actions.githubusercontent.com:aud: !Ref OIDCAudience
+              StringLike:
+                token.actions.githubusercontent.com:sub: !Sub repo:alexcasalboni/aws-lambda-power-tuning:*
+
+  GithubOidc:
+    Type: AWS::IAM::OIDCProvider
+    Properties:
+      Url: https://token.actions.githubusercontent.com
+      ClientIdList: 
+        - sts.amazonaws.com
+      ThumbprintList:
+        - 6938fd4d98bab03faadb97b34396831e3780aea1
+
+Outputs:
+  Role:
+    Value: !GetAtt Role.Arn 
diff --git a/.github/workflows/tests-integration.yml b/.github/workflows/tests-integration.yml
@@ -0,0 +1,31 @@
+name: aws-lambda-power-tuning-tests
+run-name: ${{ github.actor }} is running integration tests
+on:
+  push:
+    branches:
+      - 'master'
+  pull_request:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [16.x]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - uses: aws-actions/configure-aws-credentials@v1
+        with:
+          audience: ${{ secrets.AWS_ROLE_AUDIENCE }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - run: npm ci
+      - uses: aws-actions/setup-sam@v2
+
+      - run: sam build --use-container
+      - run: sam deploy --no-confirm-changeset --no-fail-on-empty-changeset --stack-name aws-lambda-power-tuning-gh-${GITHUB_REF##*/} --s3-bucket ${{ secrets.AWS_S3_BUCKET }} --capabilities CAPABILITY_IAM --region ${{ secrets.AWS_REGION }}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -1,5 +1,5 @@
 name: aws-lambda-power-tuning-tests
-run-name: ${{ github.actor }} is running integration tests
+run-name: ${{ github.actor }} is running unit tests
 on:
   push:
     branches:
@@ -24,7 +24,4 @@ jobs:
       - name: Coveralls
         uses: coverallsapp/github-action@v1
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - uses: aws-actions/setup-sam@v2
-      - run: sam build --use-container
+          github-token: ${{ secrets.GITHUB_TOKEN }}