diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index aa38d9bb..820f8cff 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,6 +15,10 @@ jobs: test: runs-on: ubuntu-latest + defaults: + run: + shell: bash + container: image: public.ecr.aws/jsii/superchain:1-bookworm-slim-node20 @@ -43,6 +47,7 @@ jobs: - name: Install dependencies run: | + set -euo pipefail make install (cd test && make install) sudo apt-get update @@ -53,12 +58,35 @@ jobs: - name: Set Build Permissions run: | + set -euo pipefail mkdir $GITHUB_WORKSPACE/test/cdk.out chmod 777 $GITHUB_WORKSPACE/test/cdk.out --recursive chmod 777 $GITHUB_WORKSPACE/lambda --recursive - name: Deploy & Destroy - run: cd test && make deploy get-secret-values DESTROY + run: | + set -euo pipefail + + function get_secret_values() { + AWS_REGION=us-east-1 aws secretsmanager describe-secret \ + --secret-id ec2-ssh-key/CFN-signing-key/private \ + --query 'Tags[?Key==`Test`].Value' --output text + } + + cd test + make deploy get-secret-values + if [ "$(get_secret_values)" != "default" ]; then + echo "Unexpected secret value" + exit 1 + fi + + TAG_VALUE=working make deploy + if [ "$(get_secret_values)" != "working" ]; then + echo "Unexpected secret value" + exit 1 + fi + + make DESTROY env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -68,5 +96,6 @@ jobs: - name: Build packages w/ jsii-pacmak run: | + set -euo pipefail npx jsii-pacmak --verbose tree dist diff --git a/test/lib/test-stack.ts b/test/lib/test-stack.ts index dc0e992a..6159b42a 100644 --- a/test/lib/test-stack.ts +++ b/test/lib/test-stack.ts @@ -20,6 +20,7 @@ export class TestStack extends Stack { super(scope, id, props); Tags.of(scope).add('Hello', 'World'); + Tags.of(scope).add('Test', process.env.TAG_VALUE ?? 'default'); const keyPair = new KeyPair(this, 'Test-Key-Pair', { keyPairName: 'test-key-pair',