-
-
Notifications
You must be signed in to change notification settings - Fork 8
139 lines (122 loc) · 5.07 KB
/
leverage-cli-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Leverage CLI Test
on:
pull_request:
workflow_dispatch:
inputs:
leverage_version:
description: "Leverage CLI version to test"
required: false
type: string
default: 1.9.1
leverage_repo:
description: "Whether to use pypi.org or test.pypi.org"
required: false
type: string
default: "pypi.org"
leverage_toolbox_version:
description: "Leverage Toolbox version to test"
required: false
type: string
default: 1.2.7-0.1.6
jobs:
test_leverage:
runs-on: ubuntu-latest
env:
LEVERAGE_VERSION: 1.10.0
LEVERAGE_REPO: pypi.org
LEVERAGE_TOOLBOX_VERSION: 1.2.7-0.1.6
steps:
- name: Checkout base branch
uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: install_dependencies
run: |
pip3 install --user --upgrade pipenv
shell: bash
- id: cache-pipenv
uses: actions/cache@v3
with:
path: /home/runner/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-${{ github.run_id }}
- name: Installing Leverage CLI
run: |
printf "[INFO] Installing Leverage CLI\n"
if [[ "${{ inputs.leverage_version }}" == "" ]] || [[ "${{ inputs.leverage_repo }}" == "" ]];
then
echo "Installing https://${LEVERAGE_REPO}/simple/ leverage==${LEVERAGE_VERSION}"
python -m pipenv install -i https://${LEVERAGE_REPO}/simple/ leverage==${LEVERAGE_VERSION}
else
echo "Installing https://${{ inputs.leverage_repo }}/simple/ leverage==${{ inputs.leverage_version }}"
python -m pipenv install -i https://${{ inputs.leverage_repo }}/simple/ leverage==${{ inputs.leverage_version }}
fi
working-directory: ./apps-devstg/global/cli-test-layer
- name: patch_dependencies
run: |
python -m pipenv install requests==2.29.0
working-directory: ./apps-devstg/global/cli-test-layer
- name: Set Leverage Toolbox version
run: |
printf "[INFO] Setting Leverage Toolbox version\n"
if [[ "${{ inputs.leverage_toolbox_version }}" == "" ]];
then
echo "Using Toolbox ${LEVERAGE_TOOLBOX_VERSION} version"
sed -E -i 's/^TERRAFORM_IMAGE_TAG=.+$/TERRAFORM_IMAGE_TAG='${LEVERAGE_TOOLBOX_VERSION}'/' build.env;
else
echo "Using Toolbox ${{ inputs.leverage_toolbox_version }} version"
sed -E -i 's/^TERRAFORM_IMAGE_TAG=.+$/TERRAFORM_IMAGE_TAG='${{ inputs.leverage_toolbox_version }}'/' build.env;
fi
- name: Set up credentials
run: |
printf "[INFO] Setting up credentials\n"
mkdir -p ~/.aws/bb
aws configure set region us-east-1 --profile bb-apps-devstg-devops
aws configure set output json --profile bb-apps-devstg-devops
aws configure set role_arn arn:aws:iam::${{ secrets.AWS_DEVSTG_ACCOUNT_ID }}:role/DeployMaster --profile bb-apps-devstg-devops
aws configure set source_profile bb-deploymaster --profile bb-apps-devstg-devops
cat << EOF > ~/.aws/credentials
[bb-deploymaster]
aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}
EOF
cp ~/.aws/credentials ~/.aws/bb/
cp ~/.aws/config ~/.aws/bb/
- name: Configure Reference Architecture
run: |
echo "[INFO] Configure Reference Architecture\n"
cat << EOF > ./config/common.tfvars
project = "bb"
project_long = "binbash"
region_primary = "us-east-1"
region_secondary = "us-east-2"
vault_address = "vault_trash"
vault_token = "vault_trash"
sso_region = "us-east-1"
sso_enabled = false
sso_start_url = "sso_trash"
accounts = {
security = {
id = ${{ secrets.AWS_SECURITY_ACCOUNT_ID }}
}
}
EOF
echo "[INFO] Disable MFA\n"
sed -i "s/^\(MFA_ENABLED=\)true/\1false/" build.env
- name: Test Reference Architecture
run: |
# These are later mounted in the container
mkdir ~/.ssh && touch ~/.gitconfig
printf "[INFO] Initializing layer\n"
python -m pipenv run leverage tf init
printf "[INFO] Generating plan\n"
python -m pipenv run leverage tf plan
printf "[INFO] Applying changes\n"
python -m pipenv run leverage tf apply -auto-approve
printf "[INFO] Checking if all changes were applied\n"
python -m pipenv run leverage tf plan -detailed-exitcode
[[ $? -eq 2 ]] && printf "[WARN] There are still remaining changes\n"
[[ $? -eq 0 ]] && printf "[INFO] Apply checks out\n"
printf "[INFO] Destroying all generated created resources\n"
python -m pipenv run leverage tf destroy -auto-approve
working-directory: ./apps-devstg/global/cli-test-layer