name: CI Workflow on: pull_request: branches: - alpha - main workflow_dispatch: schedule: # every sunday at 00:00 # - cron: '0 0 * * 0' # every day at 00:00 - cron: '0 0 * * *' push: branches: - '!main' - '!alpha' env: GO_VERSION: "1.25" CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile CODE_COVERAGE_ARTIFACT_NAME: "code-coverage" jobs: config: if: ${{ github.event_name != 'schedule' }} name: Check GoReleaser config runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v6 - name: Check GoReleaser uses: goreleaser/goreleaser-action@v7 with: args: check prepare: name: Prepare GO cache runs-on: ubuntu-latest permissions: actions: read # Required to identify workflow run. checks: write # Required to add status summary. contents: read # Required to checkout repository. pull-requests: write # Required to add PR comment. steps: - name: Checkout uses: actions/checkout@v6 - name: Install Go ${{ inputs.go-version }} id: go-install uses: actions/setup-go@v6 with: # go-version: ${{ inputs.go-version }} check-latest: true go-version-file: 'go.mod' - name: Determine GOMODCACHE shell: bash id: goenv run: | set -e echo "::set-output name=gomodcache::$(go env GOMODCACHE)" - name: Restore cached GO pkg id: cache-gopkg uses: actions/cache/restore@v5 with: path: "${{ steps.goenv.outputs.gomodcache }}" key: ${{ runner.os }}-gopkg - name: Install go tools if: steps.cache-gopkg.outputs.cache-hit != 'true' run: | go install golang.org/x/tools/cmd/goimports@latest go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest - name: Get all go packages if: steps.cache-gopkg.outputs.cache-hit != 'true' shell: bash run: | set -e go get ./... - name: Save Cache if: steps.cache-gopkg.outputs.cache-hit != 'true' id: cache-gopkg-save uses: actions/cache/save@v5 with: path: | ${{ steps.goenv.outputs.gomodcache }} key: ${{ runner.os }}-gopkg publish_test: name: "Test readiness for publishing provider" needs: - config - prepare runs-on: ubuntu-latest permissions: actions: read # Required to identify workflow run. checks: write # Required to add status summary. contents: read # Required to checkout repository. pull-requests: write # Required to add PR comment. steps: - name: Install needed tools run: | apt-get -y -qq update apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget unzip bc - name: Checkout uses: actions/checkout@v6 - name: Setup Go uses: actions/setup-go@v6 with: # go-version: ${{ env.GO_VERSION }} check-latest: true go-version-file: 'go.mod' - name: Install go tools run: | go install golang.org/x/tools/cmd/goimports@latest go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest - name: Setup JAVA uses: actions/setup-java@v5 with: distribution: 'temurin' # See 'Supported distributions' for available options java-version: '21' # - name: Run build pkg directory # run: | # go run generator/main.go build - name: Set up s3cfg run: | cat <<'EOF' >> ~/.s3cfg [default] host_base = https://object.storage.eu01.onstackit.cloud host_bucket = https://%(bucket).object.storage.eu01.onstackit.cloud check_ssl_certificate = False access_key = ${{ secrets.S3_ACCESS_KEY }} secret_key = ${{ secrets.S3_SECRET_KEY }} EOF - name: Import GPG key run: | echo "${{ secrets.PRIVATE_KEY_PEM }}" > ~/private.key.pem gpg --import ~/private.key.pem rm ~/private.key.pem - name: Run GoReleaser with SNAPSHOT id: goreleaser env: GITHUB_TOKEN: ${{ env.FORGEJO_TOKEN }} GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }} uses: goreleaser/goreleaser-action@v7 with: args: release --skip publish --clean --snapshot - name: Prepare key file run: | echo "${{ secrets.PUBLIC_KEY_PEM }}" >public_key.pem - name: Prepare provider directory structure run: | VERSION=$(jq -r .version < dist/metadata.json) go run generator/main.go \ publish \ --namespace=mhenselin \ --providerName=stackitprivatepreview \ --repoName=terraform-provider-stackitprivatepreview \ --domain=tfregistry.sysops.stackit.rocks \ --gpgFingerprint="${{ secrets.GPG_FINGERPRINT }}" \ --gpgPubKeyFile=public_key.pem \ --version=${VERSION} testing: name: CI run tests runs-on: ubuntu-latest needs: - config - prepare env: TF_ACC_PROJECT_ID: ${{ vars.TF_ACC_PROJECT_ID }} TF_ACC_REGION: ${{ vars.TF_ACC_REGION }} TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL: ${{ vars.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL }} TF_ACC_SERVICE_ACCOUNT_FILE: "~/service_account.json" steps: - name: Checkout uses: actions/checkout@v6 - name: Build uses: ./.github/actions/build with: go-version: ${{ env.GO_VERSION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: terraform_wrapper: false - name: Create service account json file if: ${{ github.event_name == 'pull_request' }} run: | echo "${{ secrets.TF_ACC_SERVICE_ACCOUNT_JSON }}" >~/.service_account.json - name: Run go mod tidy if: ${{ github.event_name == 'pull_request' }} run: go mod tidy - name: Testing run: | TF_ACC_SERVICE_ACCOUNT_FILE=~/.service_account.json export TF_ACC_SERVICE_ACCOUNT_FILE make test - name: Acceptance Testing env: TF_ACC: "1" if: ${{ github.event_name == 'pull_request' }} run: make test-acceptance-tf - name: Check coverage threshold shell: bash run: | make coverage COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//') echo "Coverage: $COVERAGE%" if (( $(echo "$COVERAGE < 80" | bc -l) )); then echo "Coverage is below 80%" # exit 1 fi - name: Archive code coverage results uses: actions/upload-artifact@v4 with: name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }} path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}" main: if: ${{ github.event_name != 'schedule' }} name: CI run build and linting runs-on: ubuntu-latest needs: - config - prepare steps: - name: Checkout uses: actions/checkout@v6 # - uses: actions/cache@v5 # id: cache # with: # path: path/to/dependencies # key: ${{ runner.os }}-${{ hashFiles('**/lockfiles') }} # - name: Install Dependencies # if: steps.cache.outputs.cache-hit != 'true' # run: /install.sh - name: Build uses: ./.github/actions/build with: go-version: ${{ env.GO_VERSION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: terraform_wrapper: false - name: "Ensure docs are up-to-date" if: ${{ github.event_name == 'pull_request' }} run: ./scripts/check-docs.sh continue-on-error: true - name: "Run go mod tidy" if: ${{ github.event_name == 'pull_request' }} run: go mod tidy - name: golangci-lint uses: golangci/golangci-lint-action@v9 with: version: v2.10 args: --config=.golang-ci.yaml --allow-parallel-runners --timeout=5m continue-on-error: true - name: Linting terraform files run: make lint-tf continue-on-error: true code_coverage: name: "Code coverage report" if: github.event_name == 'pull_request' # Do not run when workflow is triggered by push to main branch runs-on: ubuntu-latest needs: - main - prepare permissions: contents: read actions: read # to download code coverage results from "main" job pull-requests: write # write permission needed to comment on PR steps: - name: Check new code coverage uses: fgrosse/go-coverage-report@v1.2.0 continue-on-error: true # Add this line to prevent pipeline failures in forks with: coverage-artifact-name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }} coverage-file-name: ${{ env.CODE_COVERAGE_FILE_NAME }} root-package: 'github.com/stackitcloud/terraform-provider-stackit'