62 lines
1.6 KiB
YAML
62 lines
1.6 KiB
YAML
name: "tofu-aws-test"
|
|
description: "Test a tofu module on AWS."
|
|
|
|
inputs:
|
|
aws-access-key-id:
|
|
description: "AWS access key id."
|
|
required: true
|
|
aws-access-key-secret:
|
|
description: "AWS access key secret."
|
|
required: true
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: "fmt"
|
|
shell: "bash"
|
|
run: |
|
|
tofu fmt -check -recursive
|
|
- name: "lint"
|
|
shell: "bash"
|
|
run: |
|
|
unset GITHUB_TOKEN
|
|
tflint --init
|
|
tflint --recursive
|
|
- name: "configure AWS profiles"
|
|
shell: "bash"
|
|
run: |
|
|
REPOSITORY_NAME=$(basename ${{ github.repository }})
|
|
cat >aws_config <<EOF
|
|
[profile core]
|
|
role_arn = arn:aws:iam::563391529123:role/$REPOSITORY_NAME
|
|
source_profile = root
|
|
|
|
[profile root]
|
|
aws_access_key_id = ${{ inputs.aws-access-key-id }}
|
|
aws_secret_access_key = ${{ inputs.aws-access-key-secret }}
|
|
region = eu-west-3
|
|
|
|
[profile tests]
|
|
role_arn = arn:aws:iam::688897985379:role/$REPOSITORY_NAME
|
|
source_profile = root
|
|
EOF
|
|
- name: "check tofu providers lock files"
|
|
shell: "bash"
|
|
run: |
|
|
unset GITHUB_TOKEN
|
|
export AWS_CONFIG_FILE="$(pwd)/aws_config"
|
|
shopt -s globstar
|
|
for lockfile in **/.terraform.lock.hcl; do
|
|
(cd "$(dirname "$lockfile")"; tofu init; tofu providers lock -platform=linux_amd64)
|
|
done
|
|
git diff --exit-code
|
|
- name: "tofu test"
|
|
shell: "bash"
|
|
run: |
|
|
export AWS_CONFIG_FILE="$(pwd)/aws_config"
|
|
tofu init
|
|
tofu test
|
|
- name: "clean"
|
|
shell: "bash"
|
|
run: |
|
|
rm aws_config
|