-
Notifications
You must be signed in to change notification settings - Fork 0
164 lines (145 loc) · 6.08 KB
/
tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Main Branch and Release Testing
on:
push:
branches: ["main"]
tags: ["v*.*.*"]
pull_request:
branches: ["main"]
jobs:
tests:
permissions:
id-token: write
contents: read
runs-on: ubuntu-latest
env:
CI: true
STAC_SERVER_TAG: v3.5.0
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '18'
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.7.3"
- name: Setting Pre-Requisites
id: prereqs
run: |
#echo "REPOSITORY_NAME=`echo \"${{ github.ref_name }}\" | tr -d '.' | cut -c1-8`" >> $GITHUB_ENV
echo "REPOSITORY_NAME=main" >> $GITHUB_ENV
- name: Prepararing Environment
id: prep_env
run: |
sed -n '5,$p' default.tfvars > test.tfvars
echo "environment = \"git\"" >> test.tfvars
echo "project_name = \"${REPOSITORY_NAME}\"" >> test.tfvars
sed -i -e 's/deploy_stac_server_opensearch_serverless = false/deploy_stac_server_opensearch_serverless = true/g' test.tfvars
sed -i -e 's/deploy_analytics = true/deploy_analytics = false/g' test.tfvars
cat test.tfvars
echo "Creating terraform backend file ..."
echo 'terraform {' >> test.s3.backend.tf
echo ' backend "s3" {' >> test.s3.backend.tf
echo ' encrypt = true' >> test.s3.backend.tf
echo " bucket = \"${{ secrets.TF_STATE_BUCKET }}\"" >> test.s3.backend.tf
echo " dynamodb_table = \"${{ secrets.TF_STATE_LOCK_TABLE }}\"" >> test.s3.backend.tf
echo " key = \"${REPOSITORY_NAME}-github-test.tfstate\"" >> test.s3.backend.tf
echo " region = \"${{ secrets.AWS_REGION }}\"" >> test.s3.backend.tf
echo ' }' >> test.s3.backend.tf
echo '}' >> test.s3.backend.tf
cat test.s3.backend.tf
- name: Update stac-server lambdas
id: update_stac_lambdas
run: ./scripts/update-lambdas.sh
- name: Configure Terraform Init Credentials
id: init_creds
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: GitHubReleaseInit
- name: Terraform Init
id: tf_init
run: terraform init
- name: Terraform Validate
id: tf_validate
run: terraform validate
- name: Configure Terraform Plan Credentials
id: plan_creds
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: GitHubReleasePlan
- name: Terraform Plan
id: tf_plan
run: terraform plan -var-file="test.tfvars" -out test.tfplan -lock=false
- name: Configure Terraform Apply Credentials
id: apply_creds
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: GitHubReleaseApply
- name: Terraform Apply
id: tf_apply
run: terraform apply -lock=false -input=false test.tfplan
- name: Configure Terraform OpenSearch Cleanup Credentials
id: opensearch_cleanup_creds
if: always()
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: GitHubReleaseOpenSearchCleanup
- name: Deleting OpenSearch Domain
id: delete_opensearch_domain
if: always()
run: |
export stac_opensearch_domain_name=fd-${REPOSITORY_NAME}-git-stac-server
if [[ "$stac_opensearch_domain_name" != "" && !("$stac_opensearch_domain_name" =~ ".aoss.amazonaws.com") && "$stac_opensearch_domain_name" != *"Warning"* ]]; then
echo "We detected a Stac Server OpenSearch Domain $stac_opensearch_domain_name running in FilmDrop environment, will attempt to delete it..."
terraform state rm "module.filmdrop.module.stac-server[0].module.stac-server.aws_opensearch_domain.stac_server_opensearch_domain"
aws opensearch delete-domain --domain-name fd-${REPOSITORY_NAME}-git-stac-server --output text > .opensearch.info
echo "Stac Server OpenSearch Domain $stac_opensearch_domain_name has been deleted..."
fi
- name: Configure Terraform Cleanup Check Credentials
id: cleanup_check_creds
if: always()
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: GitHubReleaseCleanupCheck
- name: Terraform Destroy Pre-Check
id: tf_destroy_plan
if: always()
run: terraform plan -destroy -var-file="test.tfvars" -out test-cleanup.tfplan -lock=false
- name: Configure Terraform Cleanup Credentials
id: cleanup_creds
if: always()
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: GitHubReleaseCleanup
- name: Terraform Destroy
id: tf_destroy_apply
if: always()
run: terraform apply -destroy -lock=false -input=false test-cleanup.tfplan
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.7.3"
- uses: terraform-linters/setup-tflint@v3
with:
tflint_version: "v0.49.0"
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install pre-commit
run: pip install pre-commit
- name: Run pre-commit
run: pre-commit run --all-files