hashicorp/hashicat-azure/infrastructure-tests #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) HashiCorp, Inc. | |
| # SPDX-License-Identifier: MPL-2.0 | |
| name: hashicorp/hashicat-azure/infrastructure-tests | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'master' | |
| env: | |
| # See IL-574 for the source of these | |
| ARM_CLIENT_ID: ${{ vars.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_SUBSCRIPTION_ID: ${{ vars.ARM_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }} | |
| TF_VAR_prefix: gha-infrastructure-tests-${{ github.run_id }}-${{ github.run_number }} | |
| permissions: {} | |
| jobs: | |
| terraform-init: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: docker.mirror.hashicorp.services/hashicorp/terraform:light | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
| - name: Terraform Init | |
| run: terraform init | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: "tf-code" | |
| path: ${{ github.workspace }} | |
| azurerm-vms-available: | |
| # We do this to aid things like IL-878, where Azure tells us we have no | |
| # VMs of a certain size; this runs to show you what *was* available at | |
| # the time | |
| runs-on: ubuntu-latest | |
| needs: | |
| - terraform-init | |
| steps: | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: "tf-code" | |
| path: ${{ github.workspace }} | |
| # Either upload or download-artifact does not preserve the exec bit on | |
| # binaries, so fix that here | |
| - name: fix-perms | |
| run: |- | |
| # e.g. .terraform/providers/registry.terraform.io/hashicorp/null/3.2.1/linux_amd64/terraform-provider-null_v3.2.1_x5 | |
| chmod +x .terraform/providers/*/*/*/*/*/terraform-provider-* | |
| - name: set TF vars if set | |
| # GH upcases variable names, that's why this looks odd.... | |
| run: |- | |
| if [ -n "${{ vars.TF_VAR_LOCATION }}" ]; then | |
| echo "TF_VAR_location=${{ vars.TF_VAR_LOCATION }}" >> "${GITHUB_ENV}" | |
| fi | |
| if [ -n "${{ vars.TF_VAR_VM_SIZE }}" ]; then | |
| echo "TF_VAR_vm_size=${{ vars.TF_VAR_VM_SIZE }}" >> "${GITHUB_ENV}" | |
| fi | |
| - name: check VMs | |
| run: |- | |
| # Whether we're using the defaults in the varables.tf file, or have overriden | |
| # them with environment variables, 'terraform console' will tell us the current | |
| # value that TF would use | |
| location=$(echo "var.location" | terraform console | sed 's/^"//' | sed 's/"$//') | |
| az login --service-principal -u "${ARM_CLIENT_ID}" -p "${ARM_CLIENT_SECRET}" --tenant "${ARM_TENANT_ID}" | |
| az vm list-skus --location "${location}" --zone --output table | |
| terraform-validate: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: docker.mirror.hashicorp.services/hashicorp/terraform:light | |
| needs: | |
| - terraform-init | |
| steps: | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: "tf-code" | |
| path: ${{ github.workspace }} | |
| # Either upload or download-artifact does not preserve the exec bit on | |
| # binaries, so fix that here | |
| - name: fix-perms | |
| run: |- | |
| # e.g. .terraform/providers/registry.terraform.io/hashicorp/null/3.2.1/linux_amd64/terraform-provider-null_v3.2.1_x5 | |
| chmod +x .terraform/providers/*/*/*/*/*/terraform-provider-* | |
| - name: Terraform Validate | |
| run: terraform validate | |
| terraform-plan: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: docker.mirror.hashicorp.services/hashicorp/terraform:light | |
| needs: | |
| - terraform-validate | |
| steps: | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: "tf-code" | |
| path: ${{ github.workspace }} | |
| # Either upload or download-artifact does not preserve the exec bit on | |
| # binaries, so fix that here | |
| - name: fix-perms | |
| run: |- | |
| # e.g. .terraform/providers/registry.terraform.io/hashicorp/null/3.2.1/linux_amd64/terraform-provider-null_v3.2.1_x5 | |
| chmod +x .terraform/providers/*/*/*/*/*/terraform-provider-* | |
| - name: set TF vars if set | |
| # GH upcases variable names, that's why this looks odd.... | |
| run: |- | |
| if [ -n "${{ vars.TF_VAR_LOCATION }}" ]; then | |
| echo "TF_VAR_location=${{ vars.TF_VAR_LOCATION }}" >> "${GITHUB_ENV}" | |
| fi | |
| if [ -n "${{ vars.TF_VAR_VM_SIZE }}" ]; then | |
| echo "TF_VAR_vm_size=${{ vars.TF_VAR_VM_SIZE }}" >> "${GITHUB_ENV}" | |
| fi | |
| - name: Terraform Plan | |
| run: terraform plan -out=gha-infrastructure-tests-${{ github.run_id }}-${{ github.run_number }}.plan | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: "tf-code" | |
| path: ${{ github.workspace }} | |
| terraform-apply: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: docker.mirror.hashicorp.services/hashicorp/terraform:light | |
| needs: | |
| - terraform-plan | |
| steps: | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: "tf-code" | |
| path: ${{ github.workspace }} | |
| # Either upload or download-artifact does not preserve the exec bit on | |
| # binaries, so fix that here | |
| - name: fix-perms | |
| run: |- | |
| # e.g. .terraform/providers/registry.terraform.io/hashicorp/null/3.2.1/linux_amd64/terraform-provider-null_v3.2.1_x5 | |
| chmod +x .terraform/providers/*/*/*/*/*/terraform-provider-* | |
| - name: set TF vars if set | |
| # GH upcases variable names, that's why this looks odd.... | |
| run: |- | |
| if [ -n "${{ vars.TF_VAR_LOCATION }}" ]; then | |
| echo "TF_VAR_location=${{ vars.TF_VAR_LOCATION }}" >> "${GITHUB_ENV}" | |
| fi | |
| if [ -n "${{ vars.TF_VAR_VM_SIZE }}" ]; then | |
| echo "TF_VAR_vm_size=${{ vars.TF_VAR_VM_SIZE }}" >> "${GITHUB_ENV}" | |
| fi | |
| - name: Terraform Apply | |
| run: terraform apply -auto-approve gha-infrastructure-tests-${{ github.run_id }}-${{ github.run_number }}.plan | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: "tf-code" | |
| path: ${{ github.workspace }} | |
| terraform-destroy: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: docker.mirror.hashicorp.services/hashicorp/terraform:light | |
| needs: | |
| - terraform-apply | |
| steps: | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: "tf-code" | |
| path: ${{ github.workspace }} | |
| # Either upload or download-artifact does not preserve the exec bit on | |
| # binaries, so fix that here | |
| - name: fix-perms | |
| run: |- | |
| # e.g. .terraform/providers/registry.terraform.io/hashicorp/null/3.2.1/linux_amd64/terraform-provider-null_v3.2.1_x5 | |
| chmod +x .terraform/providers/*/*/*/*/*/terraform-provider-* | |
| - name: set TF vars if set | |
| # GH upcases variable names, that's why this looks odd.... | |
| run: |- | |
| if [ -n "${{ vars.TF_VAR_LOCATION }}" ]; then | |
| echo "TF_VAR_location=${{ vars.TF_VAR_LOCATION }}" >> "${GITHUB_ENV}" | |
| fi | |
| if [ -n "${{ vars.TF_VAR_VM_SIZE }}" ]; then | |
| echo "TF_VAR_vm_size=${{ vars.TF_VAR_VM_SIZE }}" >> "${GITHUB_ENV}" | |
| fi | |
| - name: Terraform Destroy | |
| run: terraform destroy -auto-approve |