Fix missing newline at end of file in staging environment Terraform v… #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Tests | |
| on: | |
| push: | |
| branches: [ main, master ] | |
| pull_request: | |
| branches: [ main, master ] | |
| workflow_dispatch: | |
| env: | |
| TF_VERSION: "1.6.0" | |
| GO_VERSION: "1.21" | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| jobs: | |
| validate: | |
| name: Validate Terraform | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TF_VERSION }} | |
| - name: Terraform Format Check | |
| run: terraform fmt -check -recursive | |
| - name: Terraform Init | |
| run: terraform init -backend=false | |
| - name: Terraform Validate | |
| run: terraform validate | |
| unit-tests: | |
| name: Unit Tests | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TF_VERSION }} | |
| terraform_wrapper: false | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules | |
| working-directory: ./test | |
| run: go mod download | |
| - name: Run Unit Tests | |
| working-directory: ./test | |
| run: | | |
| go test -v -timeout 30m ./unit/... -run TestTerraform | |
| integration-tests: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| needs: unit-tests | |
| if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository | |
| strategy: | |
| matrix: | |
| test_scenario: [basic, network, monitoring] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TF_VERSION }} | |
| terraform_wrapper: false | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| creds: | | |
| { | |
| "clientId": "${{ secrets.ARM_CLIENT_ID }}", | |
| "clientSecret": "${{ secrets.ARM_CLIENT_SECRET }}", | |
| "subscriptionId": "${{ secrets.ARM_SUBSCRIPTION_ID }}", | |
| "tenantId": "${{ secrets.ARM_TENANT_ID }}" | |
| } | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules | |
| working-directory: ./test | |
| run: go mod download | |
| - name: Run Integration Tests - ${{ matrix.test_scenario }} | |
| working-directory: ./test | |
| env: | |
| RUN_INTEGRATION_TESTS: "true" | |
| TEST_LOCATION: "East US" | |
| run: | | |
| case "${{ matrix.test_scenario }}" in | |
| basic) | |
| go test -v -timeout 45m ./integration/... -run TestAKSClusterDeployment | |
| ;; | |
| network) | |
| go test -v -timeout 30m ./integration/... -run TestNetwork | |
| ;; | |
| monitoring) | |
| go test -v -timeout 30m ./integration/... -run TestMonitoring | |
| ;; | |
| esac | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Checkov | |
| id: checkov | |
| uses: bridgecrewio/checkov-action@master | |
| with: | |
| directory: . | |
| framework: terraform | |
| quiet: true | |
| soft_fail: true | |
| output_format: github_failed_only | |
| download_external_modules: true | |
| - name: Run tfsec | |
| uses: aquasecurity/[email protected] | |
| with: | |
| soft_fail: true | |
| format: github | |
| cost-estimation: | |
| name: Cost Estimation | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Infracost | |
| uses: infracost/actions/setup@v3 | |
| with: | |
| api-key: ${{ secrets.INFRACOST_API_KEY }} | |
| - name: Generate Infracost JSON | |
| run: | | |
| infracost breakdown --path . \ | |
| --format json \ | |
| --out-file /tmp/infracost.json | |
| - name: Post Infracost comment | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| infracost comment github --path=/tmp/infracost.json \ | |
| --repo=$GITHUB_REPOSITORY \ | |
| --pull-request=${{ github.event.pull_request.number }} \ | |
| --github-token=${{ secrets.GITHUB_TOKEN }} \ | |
| --behavior=update | |
| cleanup: | |
| name: Cleanup Test Resources | |
| runs-on: ubuntu-latest | |
| needs: [integration-tests] | |
| if: always() | |
| steps: | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| creds: | | |
| { | |
| "clientId": "${{ secrets.ARM_CLIENT_ID }}", | |
| "clientSecret": "${{ secrets.ARM_CLIENT_SECRET }}", | |
| "subscriptionId": "${{ secrets.ARM_SUBSCRIPTION_ID }}", | |
| "tenantId": "${{ secrets.ARM_TENANT_ID }}" | |
| } | |
| - name: Cleanup Test Resource Groups | |
| run: | | |
| # List and delete resource groups created by tests | |
| az group list --query "[?tags.Purpose=='terratest' && tags.Temporary=='true'].name" -o tsv | while read -r rg; do | |
| echo "Deleting resource group: $rg" | |
| az group delete --name "$rg" --yes --no-wait || true | |
| done |