GitHub Action
DWP Kitchen Terraform
GitHub Action to run Kitchen Terraform.
After cloning this repo, please run:
make bootstrap
This action runs kitchen-terraform to test Terraform modules.
The Action (and container) uses tfenv to manage Terraform versions.
Required. the command to follow the kitchen
entrypoint e.g. "test"
or "test my-scenario"
Required. AWS account number, used to redact from kitchen/terraform output
Required. Terraform version to use. Tested versions listed here. Any version can be used (including alpha and beta releases), tfenv
will install the specified version. Pre-installed versions listed here
on: [pull_request]
jobs:
test:
name: test
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Kitchen Test A
uses: dwp/[email protected]
with:
terraform-version: "1.2.5"
kitchen-command: "test scenario-a"
aws-account-number: ${{ secrets.AWS_ACCOUNT }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
GITLAB_USER: ${{ secrets.GITLAB_USER }}
GITLAB_PAT: ${{ secrets.GITLAB_PAT }}
- name: Kitchen Test B
uses: dwp/[email protected]
with:
terraform-version: "1.2.5"
kitchen-command: "test scenario-b"
aws-account-number: ${{ secrets.AWS_ACCOUNT }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
GITLAB_USER: ${{ secrets.GITLAB_USER }}
GITLAB_PAT: ${{ secrets.GITLAB_PAT }}
The image repository can be found on:
Use the Docker image to run an equivalent locally using the example commands below:
Standard Kitchen command
docker run --rm -e AWS_PROFILE=default -v $(pwd):/usr/action -v ~/.aws:/kitchen/.aws quay.io/dwp/kitchen-terraform:2.0.1 "test scenario-a"
Kitchen command with GitLab user and GitLab Personal Access Token. Used when Terraform contains references to external modules that require Git credentials.
docker run --rm -e AWS_PROFILE=default -e GITLAB_USER=user.name -e GITLAB_PAT=token -v $(pwd):/usr/action -v ~/.aws:/kitchen/.aws quay.io/dwp/kitchen-terraform:2.0.1 "test scenario-a"
Kitchen command with redacted output - output is piped to sed
and the second argument is used to find/replace, this can be a string or regex
docker run --rm -e AWS_PROFILE=default -v $(pwd):/usr/action -v ~/.aws:/kitchen/.aws quay.io/dwp/kitchen-terraform:2.0.1 "test scenario-a" "0123456789"
Kitchen command with custom certificate trusts - mounts a local directory of certificates to trust
docker run --rm -u root -e AWS_PROFILE=default -e CUSTOM_CA_DIR=/usr/share/ca-certificates/custom -v /etc/ssl/certs/:/usr/share/ca-certificates/custom -v $(pwd):/usr/action -v ~/.aws:/root/.aws quay.io/dwp/kitchen-terraform:2.0.1 "test scenario-a"