-
Notifications
You must be signed in to change notification settings - Fork 97
237 lines (196 loc) · 8.45 KB
/
ci-sync-preview.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
# Copyright 2023 Terramate GmbH
# SPDX-License-Identifier: MPL-2.0
name: ci
on:
pull_request:
jobs:
build_test:
name: Build and Test
runs-on: ${{ matrix.os.value }}
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
pull-requests: write
checks: read
strategy:
fail-fast: false
matrix:
os:
- name: ubuntu-focal
value: "ubuntu-20.04"
- name: macos-ventura
value: "macos-13"
go: ["1.21"]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go }}
- name: check all packages with tests are Terramate Stacks
run: ./hack/check-stacks.sh
- uses: opentofu/setup-opentofu@v1
with:
tofu_version: 1.6.2
tofu_wrapper: false
github_token: ${{ secrets.GITHUB_TOKEN }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.7.5"
terraform_wrapper: false
- name: Install Terramate
uses: terramate-io/terramate-action@i4k-fix-macos
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: build Terramate
run: make build && cp -v ./bin/terramate /usr/local/bin/terramate-bin
- name: make generate
run: make generate
### Check for changed stacks
- name: List changed Go packages
id: list_go_packages
run: terramate list --tags golang --changed
- name: List changed e2e tests packages
id: list_e2e_packages
run: terramate list --tags e2etests --changed
### Linting
- name: linting code
if: ${{ steps.list_go_packages.outputs.stdout || steps.list_e2e_packages }}
run: make lint
- name: checking go mod tidyness
if: ${{ steps.list_go_packages.outputs.stdout || steps.list_e2e_packages }}
run: make mod/check
- name: checking license on source code
if: ${{ steps.list_go_packages.outputs.stdout || steps.list_e2e_packages }}
run: make license/check
- name: Check Terramate formatting
run: terramate fmt --check
- name: Check Terraform formatting
if: ${{ steps.list_go_packages.outputs.stdout || steps.list_e2e_packages }}
run: terraform fmt -recursive -check -diff
### Run the Terramate tests and create a Cloud Preview
- name: Temporary PR Preview Link generation
run: echo >preview_url.txt "https://cloud.terramate.io/o/terramate-tests/review-requests"
- name: Run Preview on changed Go packages
if: ${{ steps.list_go_packages.outputs.stdout }}
timeout-minutes: 30
run: terramate script run --changed --tags golang --target "${{ matrix.os.name }}-go-packages" --parallel 12 preview
env:
GITHUB_TOKEN: ${{ github.token }}
TM_TEST_TERRAFORM_REQUIRED_VERSION: "1.7.5"
- name: Run all e2e tests Preview if any Go packages changed
if: ${{ steps.list_go_packages.outputs.stdout }}
timeout-minutes: 30
run: terramate script run --tags e2etests --target "${{ matrix.os.name }}-e2e" --parallel 12 preview
env:
GITHUB_TOKEN: ${{ github.token }}
TM_TEST_TERRAFORM_REQUIRED_VERSION: "1.7.5"
- name: Else only run the changed e2e packages
if: ${{ !steps.list_e2e_packages.outputs.stdout && steps.list_e2e_packages.outputs.stdout }}
timeout-minutes: 30
run: terramate script run --tags e2etests --changed --target "${{ matrix.os.name }}-e2e" --parallel 12 preview
env:
GITHUB_TOKEN: ${{ github.token }}
TM_TEST_TERRAFORM_REQUIRED_VERSION: "1.7.5"
### Update Pull Request comment
- name: Generate Preview Comment
if: ${{ steps.list_go_packages.outputs.stdout || steps.list_e2e_packages.outputs.stdout }}
id: comment
run: |
echo >>pr-comment.txt "## Preview of ${{ matrix.os.name }}/go${{matrix.go}} tests in ${{ github.event.pull_request.head.sha }}"
echo >>pr-comment.txt
echo >>pr-comment.txt "[:mag: View Details on Terramate Cloud]($(cat preview_url.txt))"
echo >>pr-comment.txt
echo >>pr-comment.txt "### "
echo >>pr-comment.txt
echo >>pr-comment.txt '```bash'
echo >>pr-comment.txt "${{ steps.list_go_packages.outputs.stdout }}"
echo >>pr-comment.txt "${{ steps.list_e2e_packages.outputs.stdout }}"
echo >>pr-comment.txt '```'
cat pr-comment.txt >>$GITHUB_STEP_SUMMARY
- name: Inform about no Changed Stacks
if: ${{ success() && !(steps.list_go_packages.outputs.stdout || steps.list_go_packages.outputs.stdout) }}
run: |
echo >>pr-comment.txt "## Preview of ${{ matrix.os.name }}/go${{matrix.go}} tests in ${{ github.event.pull_request.head.sha }}"
echo >>pr-comment.txt
echo >>pr-comment.txt "### Changed Stacks"
echo >>pr-comment.txt
echo >>pr-comment.txt 'No changed stacks, no detailed preview will be generated.'
cat pr-comment.txt >>$GITHUB_STEP_SUMMARY
- name: Inform about failure
if: ${{ failure() }}
run: |
echo >>pr-comment.txt "## Preview of ${{ matrix.os.name }}/go${{matrix.go}} tests in ${{ github.event.pull_request.head.sha }}"
echo >>pr-comment.txt
echo >>pr-comment.txt "[:mag: View Details on Terramate Cloud]($(cat preview_url.txt))"
echo >>pr-comment.txt
echo >>pr-comment.txt "### Changed Stacks"
echo >>pr-comment.txt
echo >>pr-comment.txt '```bash'
echo >>pr-comment.txt "${{ steps.list_go_packages.outputs.stdout }}"
echo >>pr-comment.txt "${{ steps.list_e2e_packages.outputs.stdout }}"
echo >>pr-comment.txt '```'
echo >>pr-comment.txt ":boom: Generating preview failed. [Please see details on Terramate Cloud]($(cat preview_url.txt))"
cat pr-comment.txt >>$GITHUB_STEP_SUMMARY
- name: Publish Plans for Changed Stacks
uses: marocchino/sticky-pull-request-comment@v2
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
header: preview-${{ matrix.os.name }}-go-${{matrix.go}}
path: pr-comment.txt
release_dry_run:
name: Release Dry Run
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: install cosign
run: go install github.com/sigstore/cosign/v2/cmd/[email protected]
- name: install goreleaser
run: |
curl -sL https://github.com/goreleaser/goreleaser-pro/releases/download/v1.14.0-pro/goreleaser-pro_Linux_x86_64.tar.gz -o /tmp/goreleaser.tar.gz
cd /tmp && tar -xzf goreleaser.tar.gz && chmod +x goreleaser
sudo mv /tmp/goreleaser /usr/local/bin/
- name: Create cosign.pub file
run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
- name: release dry run
run: make release/dry-run
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_KEY: ${{ secrets.GORELEASER_API_KEY }}
FURY_TOKEN: ${{ secrets.FURY_TOKEN}}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD}}
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY }}
- name: Locate checksum file
id: find_checksum
run: |
if [ -z "$(ls dist/*checksums.txt)" ]; then
echo "Error: Checksum file not found."
exit 1
fi
echo "CHECKSUM_FILE=$(ls dist/*checksums.txt)" >> $GITHUB_ENV
- name: Locate signature file
id: find_signature
run: |
if [ -z "$(ls dist/*checksum*.txt.sig)" ]; then
echo "Error: Signature file not found."
exit 1
fi
echo "SIGNATURE_FILE=$(ls dist/*checksum*.txt.sig)" >> $GITHUB_ENV
- name: Verify checksums with cosign
run: |
cosign verify-blob --key cosign.pub --signature ${{ env.SIGNATURE_FILE }} ${{ env.CHECKSUM_FILE }}
ci:
needs:
- build_test
runs-on: ubuntu-20.04
steps:
- run: echo "All jobs ran successfully"