Skip to content

Commit

Permalink
Added iam-auth-enabled input
Browse files Browse the repository at this point in the history
  • Loading branch information
@goruha
goruha committed Sep 13, 2024
1 parent 720bcf5 commit ce02b8f
Show file tree
Hide file tree
Showing 2 changed files with 176 additions and 0 deletions.
171 changes: 171 additions & 0 deletions .github/workflows/test-iam-auth-skipped.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,171 @@
name: "Test - Changes exists"

on:
workflow_dispatch: {}
pull_request:
types: [opened, synchronize]

env:
AWS_REGION: us-east-2

# Permissions required for assuming AWS identity
permissions:
id-token: write
contents: read

jobs:
setup:
runs-on: ubuntu-latest
steps:
- name: Setup
run: echo "Do setup"

test:
runs-on: ubuntu-latest
continue-on-error: true
needs: [setup]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}

- shell: bash
run: |
mkdir -p ${{ runner.temp }}
cp ./tests/terraform/atmos.yaml ${{ runner.temp }}/atmos.yaml
sed -i -e 's#__INFRACOST_ENABLED__#false#g' ${{ runner.temp }}/atmos.yaml
sed -i -e 's#__STORAGE_REGION__#${{ env.AWS_REGION }}#g' ${{ runner.temp }}/atmos.yaml
sed -i -e 's#__STORAGE_BUCKET__#${{ secrets.TERRAFORM_STATE_BUCKET }}#g' ${{ runner.temp }}/atmos.yaml
sed -i -e 's#__STORAGE_TABLE__#${{ secrets.TERRAFORM_STATE_TABLE }}#g' ${{ runner.temp }}/atmos.yaml
sed -i -e 's#__STORAGE_TABLE__#${{ secrets.TERRAFORM_STATE_TABLE }}#g' ${{ runner.temp }}/atmos.yaml
sed -i -e 's#__STORAGE_ROLE__#${{ secrets.TERRAFORM_STATE_ROLE }}#g' ${{ runner.temp }}/atmos.yaml
sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml
sed -i -e 's#__APPLY_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml
- name: Configure Plan AWS Credentials
uses: aws-actions/[email protected]
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.TERRAFORM_PLAN_ROLE }}
role-session-name: "atmos-terraform-plan-gitops"
mask-aws-account-id: "no"

- name: Plan Atmos Component
id: current
uses: ./
with:
component: "foobar/changes"
stack: "plat-ue2-sandbox"
sha: ${{ github.sha }}
atmos-config-path: ${{ runner.temp }}
atmos-version: 1.81.0
iam-auth-enabled: false

outputs:
result: ${{ steps.current.outcome }}
summary: ${{ steps.current.outputs.summary }}

assert:
runs-on: ubuntu-latest
needs: [test]
steps:
- uses: nick-fields/assert-action@v2
with:
expected: 'success'
actual: "${{ needs.test.outputs.result }}"

- name: Display structure of downloaded files
id: metadata
run: |
set +e
test -d ./metadata
DIR_EXISTS=$?
echo "dir_exists=${DIR_EXISTS}" >> $GITHUB_OUTPUT
- uses: nick-fields/assert-action@v2
with:
actual: "${{ steps.metadata.outputs.dir_exists }}"
expected: "1"

- uses: nick-fields/assert-action@v2
with:
actual: "${{ fromJSON(needs.test.outputs.summary) }}"
expected: |
## Changes Found for `foobar/changes` in `plat-ue2-sandbox`
<a href="https://cloudposse.com/"><img src="https://cloudposse.com/logo-300x69.svg" width="100px" align="right"/></a>
[![create](https://shields.io/badge/PLAN-CREATE-success?style=for-the-badge)](#user-content-create-plat-ue2-sandbox-foobar_changes)
<details><summary><a id="result-plat-ue2-sandbox-foobar_changes" />Plan: 1 to add, 0 to change, 0 to destroy.</summary>
<br/>
To reproduce this locally, run:<br/><br/>
```shell
atmos terraform plan foobar/changes -s plat-ue2-sandbox
```
---
### <a id="create-plat-ue2-sandbox-foobar_changes" />Create
```diff
+ random_id.foo[0]
```
</details>
<details><summary>Terraform <strong>Plan</strong> Summary</summary>
```hcl
# random_id.foo[0] will be created
+ resource "random_id" "foo" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
+ keepers = {
+ "seed" = "foo-plat-ue2-sandbox-blue"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Warning: Test warning summary
with data.validation_warning.warn[0],
on main.tf line 20, in data "validation_warning" "warn":
20: data "validation_warning" "warn" {
Test warning details
```
</details>
> [!WARNING]
> ```
> Warning: Test warning summary
>
> with data.validation_warning.warn[0],
> on main.tf line 20, in data "validation_warning" "warn":
> 20: data "validation_warning" "warn" {
>
> Test warning details
> ```
teardown:
runs-on: ubuntu-latest
needs: [assert]
if: ${{ always() }}
steps:
- name: Tear down
run: echo "Do Tear down"
5 changes: 5 additions & 0 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ inputs:
description: "Indicate whether this action is used in drift detection workflow."
required: true
default: 'false'
iam-auth-enabled:
description: Whether to assume the Terraform plan IAM role prior to running atmos commands
required: false
default: "true"
atmos-version:
description: The version of atmos to install
required: false
Expand Down Expand Up @@ -109,6 +113,7 @@ runs:
- name: Configure Plan AWS Credentials
uses: aws-actions/[email protected]
if: ${{ inputs.iam-auth-enabled == 'true' }}
with:
aws-region: ${{ steps.config.outputs.aws-region }}
role-to-assume: ${{ steps.config.outputs.terraform-plan-role }}
Expand Down

0 comments on commit ce02b8f

Please sign in to comment.