Skip to content

chore(ci): allow accepting runs from a fork #114

chore(ci): allow accepting runs from a fork

chore(ci): allow accepting runs from a fork #114

Workflow file for this run

name: Tests
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize]
pull_request_target:
types: [opened, synchronize]
concurrency:
group: terraform-google-artifact-registry-repository
cancel-in-progress: false
jobs:
pre-commit:
runs-on: ubuntu-latest
name: Static Analysis
steps:
- name: Checkout
# for security reasons we pin commit ids and not tags.
# actions/[email protected] -> 2541b1294d2704b0964813337f33b291d3f8596b
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
fetch-depth: 0
# - name: Setup SSH to Private Modules
# # for security reasons we pin commit ids and not tags.
# # webfactory/[email protected] -> fc49353b67b2b7c1e0e6a600572d01a69f2672dd
# uses: webfactory/ssh-agent@fc49353b67b2b7c1e0e6a600572d01a69f2672dd
# with:
# ssh-private-key: |
# ${{ secrets.DEPLOY_KEY__REPOSITORY_A }}
# ${{ secrets.DEPLOY_KEY__REPOSITORY_B }}
- name: Set up Golang
# for security reasons we pin commit ids and not tags.
# actions/[email protected] -> b22fbbc2921299758641fab08929b4ac52b32923
uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923
with:
go-version: 1.17.6
- name: Install terramate
uses: terramate-io/terramate-action@v1
- name: Set up Terradoc
# for security reasons we pin commit ids and not tags.
# mineiros-io/terradoc@main -> af1a7b3ae3635958adf5ee2f40e0c3e70fd0803a
run: go install github.com/mineiros-io/terradoc/cmd/terradoc@af1a7b3ae3635958adf5ee2f40e0c3e70fd0803a
env:
GOPROXY: direct
- name: Set up Terraform
# for security reasons we pin commit ids and not tags.
# hashicorp/[email protected] -> 17d4c9b8043b238f6f35641cdd8433da1e6f3867
uses: hashicorp/setup-terraform@17d4c9b8043b238f6f35641cdd8433da1e6f3867
with:
terraform_version: 1.3.0
terraform_wrapper: false
- name: Setup TFLint
# for security reasons we pin commit ids and not tags.
# terraform-linters/[email protected] -> 9e653e0f7de0839150e03280e0981e0c25eaf10a
uses: terraform-linters/setup-tflint@9e653e0f7de0839150e03280e0981e0c25eaf10a
with:
tflint_version: v0.41.0
- name: Setup and run pre-commit
# for security reasons we pin commit ids and not tags.
# pre-commit/[email protected] -> 9b88afc9cd57fd75b655d5c71bd38146d07135fe
uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe
unit-tests:
# needs: pre-commit
runs-on: ubuntu-latest
name: Unit Tests
steps:
- name: Get User Permission
id: checkAccess
uses: actions-cool/check-user-permission@956b2e73cdfe3bcb819bb7225e490cb3b18fd76e # v2.2.1
with:
require: write
username: ${{ github.triggering_actor }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check User Permission
if: steps.checkAccess.outputs.require-result == 'false'
run: |
echo "${{ github.triggering_actor }} does not have permissions on this repo."
echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
echo "Job originally triggered by ${{ github.actor }}"
exit 1
- name: Checkout
# for security reasons we pin commit ids and not tags.
# actions/[email protected] -> 2541b1294d2704b0964813337f33b291d3f8596b
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
fetch-depth: 0
# - name: Setup SSH to Private Modules
# # for security reasons we pin commit ids and not tags.
# # webfactory/[email protected] -> fc49353b67b2b7c1e0e6a600572d01a69f2672dd
# uses: webfactory/ssh-agent@fc49353b67b2b7c1e0e6a600572d01a69f2672dd
# with:
# ssh-private-key: |
# ${{ secrets.DEPLOY_KEY__REPOSITORY_A }}
# ${{ secrets.DEPLOY_KEY__REPOSITORY_B }}
- name: Check for Terraform file changes
# for security reasons we pin commit ids and not tags.
# getsentry/[email protected] -> b2feaf19c27470162a626bd6fa8438ae5b263721
uses: getsentry/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721
id: changes
with:
filters: |
terraform:
- '*.tf'
- 'test/**/*.tf'
- 'test/**/*.go'
- 'test/go.mod'
- 'test/go.sum'
- name: Set up Terraform
if: steps.changes.outputs.terraform == 'true'
# for security reasons we pin commit ids and not tags.
# hashicorp/[email protected] -> 17d4c9b8043b238f6f35641cdd8433da1e6f3867
uses: hashicorp/setup-terraform@17d4c9b8043b238f6f35641cdd8433da1e6f3867
with:
terraform_version: 1.2.1
terraform_wrapper: false
- name: Set up Golang
if: steps.changes.outputs.terraform == 'true'
# for security reasons we pin commit ids and not tags.
# actions/[email protected] -> b22fbbc2921299758641fab08929b4ac52b32923
uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923
with:
go-version: 1.17.6
- name: Run Unit Tests
if: steps.changes.outputs.terraform == 'true'
run: make test/unit-tests
env:
AWS_SECRET_ACCESS_KEY: ${{ secrets.MINEIROS_TESTING_AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.MINEIROS_TESTING_AWS_ACCESS_KEY_ID }}
GOOGLE_CREDENTIALS: ${{ secrets.MINEIROS_TESTING_GCP_SA_KEY_FILE }}
TEST_GCP_PROJECT: ${{ secrets.MINEIROS_TESTING_GCP_PROJECT }}
TEST_GCP_ORG_DOMAIN: ${{ secrets.MINEIROS_TESTING_GCP_ORG_DOMAIN }}
TEST_GCP_BILLING_ACCOUNT: ${{ secrets.MINEIROS_TESTING_GCP_BILLING_ACCOUNT }}