243 lines
7.3 KiB
YAML
243 lines
7.3 KiB
YAML
name: CI Workflow
|
|
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- alpha
|
|
- main
|
|
workflow_dispatch:
|
|
schedule:
|
|
# every sunday at 00:00
|
|
# - cron: '0 0 * * 0'
|
|
# every day at 00:00
|
|
- cron: '0 0 * * *'
|
|
push:
|
|
branches:
|
|
- '!main'
|
|
- '!alpha'
|
|
|
|
env:
|
|
GO_VERSION: "1.25"
|
|
CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile
|
|
CODE_COVERAGE_ARTIFACT_NAME: "code-coverage"
|
|
|
|
jobs:
|
|
publish_test:
|
|
name: "Test readiness for publishing provider"
|
|
needs: config
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: read # Required to identify workflow run.
|
|
checks: write # Required to add status summary.
|
|
contents: read # Required to checkout repository.
|
|
pull-requests: write # Required to add PR comment.
|
|
steps:
|
|
- name: Install needed tools
|
|
run: |
|
|
apt-get -y -qq update
|
|
apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v6
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
|
|
- name: Install go tools
|
|
run: |
|
|
go install golang.org/x/tools/cmd/goimports@latest
|
|
go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
|
|
go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
|
|
|
|
- name: Setup JAVA
|
|
uses: actions/setup-java@v5
|
|
with:
|
|
distribution: 'temurin' # See 'Supported distributions' for available options
|
|
java-version: '21'
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Run build pkg directory
|
|
run: |
|
|
go run cmd/main.go build
|
|
|
|
- name: Set up s3cfg
|
|
run: |
|
|
cat <<'EOF' >> ~/.s3cfg
|
|
[default]
|
|
host_base = https://object.storage.eu01.onstackit.cloud
|
|
host_bucket = https://%(bucket).object.storage.eu01.onstackit.cloud
|
|
check_ssl_certificate = False
|
|
access_key = ${{ secrets.S3_ACCESS_KEY }}
|
|
secret_key = ${{ secrets.S3_SECRET_KEY }}
|
|
EOF
|
|
|
|
- name: Import GPG key
|
|
run: |
|
|
echo "${{ secrets.PRIVATE_KEY_PEM }}" > ~/private.key.pem
|
|
gpg --import ~/private.key.pem
|
|
rm ~/private.key.pem
|
|
|
|
- name: Run GoReleaser with SNAPSHOT
|
|
id: goreleaser
|
|
env:
|
|
GITHUB_TOKEN: ${{ env.FORGEJO_TOKEN }}
|
|
GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
|
|
uses: goreleaser/goreleaser-action@v7
|
|
with:
|
|
args: release --skip publish --clean --snapshot
|
|
|
|
- name: Prepare key file
|
|
run: |
|
|
echo "${{ secrets.PUBLIC_KEY_PEM }}" >public_key.pem
|
|
|
|
- name: Prepare provider directory structure
|
|
run: |
|
|
VERSION=$(jq -r .version < dist/metadata.json)
|
|
go run cmd/main.go \
|
|
publish \
|
|
--namespace=mhenselin \
|
|
--providerName=stackitprivatepreview \
|
|
--repoName=terraform-provider-stackitprivatepreview \
|
|
--domain=tfregistry.sysops.stackit.rocks \
|
|
--gpgFingerprint="${{ secrets.GPG_FINGERPRINT }}" \
|
|
--gpgPubKeyFile=public_key.pem \
|
|
--version=${VERSION}
|
|
|
|
testing:
|
|
name: CI run tests
|
|
runs-on: ubuntu-latest
|
|
needs: config
|
|
env:
|
|
TF_ACC_PROJECT_ID: ${{ vars.TF_ACC_PROJECT_ID }}
|
|
TF_ACC_REGION: ${{ vars.TF_ACC_REGION }}
|
|
TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL: ${{ vars.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL }}
|
|
TF_ACC_SERVICE_ACCOUNT_FILE: "~/service_account.json"
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Build
|
|
uses: ./.github/actions/build
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
|
|
- name: Setup Terraform
|
|
uses: hashicorp/setup-terraform@v2
|
|
with:
|
|
terraform_wrapper: false
|
|
|
|
- name: Create service account json file
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
run: |
|
|
echo "${{ secrets.TF_ACC_SERVICE_ACCOUNT_JSON }}" >~/service_account.json
|
|
|
|
- name: Run go mod tidy
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
run: go mod tidy
|
|
|
|
- name: Testing
|
|
run: make test
|
|
|
|
- name: Acceptance Testing
|
|
env:
|
|
TF_ACC: "1"
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
run: make test-acceptance-tf
|
|
|
|
- name: Check coverage threshold
|
|
shell: bash
|
|
run: |
|
|
make coverage
|
|
COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
|
|
echo "Coverage: $COVERAGE%"
|
|
if (( $(echo "$COVERAGE < 80" | bc -l) )); then
|
|
echo "Coverage is below 80%"
|
|
# exit 1
|
|
fi
|
|
|
|
- name: Archive code coverage results
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }}
|
|
path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}"
|
|
|
|
main:
|
|
if: ${{ github.event_name != 'schedule' }}
|
|
name: CI run build and linting
|
|
runs-on: ubuntu-latest
|
|
needs: config
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
|
|
- uses: actions/cache@v5
|
|
id: cache
|
|
with:
|
|
path: path/to/dependencies
|
|
key: ${{ runner.os }}-${{ hashFiles('**/lockfiles') }}
|
|
|
|
- name: Install Dependencies
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
run: /install.sh
|
|
|
|
- name: Build
|
|
uses: ./.github/actions/build
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
|
|
- name: Setup Terraform
|
|
uses: hashicorp/setup-terraform@v2
|
|
with:
|
|
terraform_wrapper: false
|
|
|
|
- name: "Ensure docs are up-to-date"
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
run: ./scripts/check-docs.sh
|
|
continue-on-error: true
|
|
|
|
- name: "Run go mod tidy"
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
run: go mod tidy
|
|
|
|
- name: golangci-lint
|
|
uses: golangci/golangci-lint-action@v9
|
|
with:
|
|
version: v2.10
|
|
args: --config=golang-ci.yaml --allow-parallel-runners --timeout=5m
|
|
continue-on-error: true
|
|
|
|
- name: Linting terraform files
|
|
run: make lint-tf
|
|
continue-on-error: true
|
|
|
|
config:
|
|
if: ${{ github.event_name != 'schedule' }}
|
|
name: Check GoReleaser config
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Check GoReleaser
|
|
uses: goreleaser/goreleaser-action@v7
|
|
with:
|
|
args: check
|
|
|
|
code_coverage:
|
|
name: "Code coverage report"
|
|
if: github.event_name == 'pull_request' # Do not run when workflow is triggered by push to main branch
|
|
runs-on: ubuntu-latest
|
|
needs: main
|
|
permissions:
|
|
contents: read
|
|
actions: read # to download code coverage results from "main" job
|
|
pull-requests: write # write permission needed to comment on PR
|
|
steps:
|
|
- name: Check new code coverage
|
|
uses: fgrosse/go-coverage-report@v1.2.0
|
|
continue-on-error: true # Add this line to prevent pipeline failures in forks
|
|
with:
|
|
coverage-artifact-name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }}
|
|
coverage-file-name: ${{ env.CODE_COVERAGE_FILE_NAME }}
|
|
root-package: 'github.com/stackitcloud/terraform-provider-stackit'
|