Integration of Trusted Compute sprint-1 fixes into EMF #488
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2025 Intel Corporation | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Orch Installer - IaC Test | |
| on: | |
| # Trigger tests only on pull request | |
| pull_request: | |
| types: [opened, synchronize, reopened, labeled] | |
| # Only run at most 1 workflow concurrently per PR, unlimited for branches | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: false | |
| permissions: {} | |
| jobs: | |
| check-changed-files: | |
| permissions: | |
| contents: read | |
| name: Filter list of changed files | |
| runs-on: ubuntu-latest | |
| outputs: | |
| iac: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/') }} | |
| acm: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/acm') }} | |
| alb: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/alb') }} | |
| ec2log: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/ec2log') }} | |
| efs: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/efs') }} | |
| eks: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/eks') }} | |
| kms: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/kms') }} | |
| lb_sg: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/lb_sg') }} | |
| nlb: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/nlb') }} | |
| pull-through-cache-proxy: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/pull-through-cache-proxy') }} | |
| rds: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/rds') }} | |
| route53: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/route53') }} | |
| s3: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/s3') }} | |
| state_bucket: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/state_bucket') }} | |
| vpc: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/vpc') }} | |
| waf: ${{ contains(steps.check-files.outputs.changed_files, 'new-installer/targets/aws/iac/waf') }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Discover Changed Files | |
| id: check-files | |
| uses: open-edge-platform/orch-ci/discover-changed-files@main # zizmor: ignore[unpinned-uses] | |
| with: | |
| project_folder: "." | |
| # Check if `run-iac-tests` label exists on the PR | |
| # fail the pipeline if label does not exist when IAC folder is changed | |
| check-iac-label: | |
| permissions: | |
| contents: read | |
| name: Check PR label | |
| needs: | |
| - check-changed-files | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Check for IAC label | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| if (!${{ contains(github.event.pull_request.labels.*.name, 'run-iac-tests') }}) { | |
| core.setFailed('run-iac-tests label is not set on the PR. This label is required to execute the IAC tests and qualify the PR to merge.'); | |
| } | |
| if: | | |
| needs.check-changed-files.outputs.iac == 'true' | |
| test-iac: | |
| permissions: | |
| contents: read | |
| name: Test Terraform modules | |
| needs: | |
| - check-changed-files | |
| - check-iac-label | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Set up git credentials | |
| shell: bash | |
| run: | | |
| echo "GOPRIVATE=github.com/open-edge-platform" >> $GITHUB_ENV | |
| git config --global url."https://${{ secrets.SYS_ORCH_GITHUB }}:[email protected]/".insteadOf "https://github.com/" | |
| - name: Setup asdf and install dependencies | |
| uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.0.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.ORCH_AWS_NONPROD_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.ORCH_AWS_NONPROD_SECRET_KEY }} | |
| aws-region: us-west-2 | |
| - name: Test new installer IaC - state_bucket | |
| if: needs.check-changed-files.outputs.state_bucket == 'true' | |
| run: mage newinstaller:testiac state_bucket | |
| - name: Test new installer IaC - vpc | |
| if: needs.check-changed-files.outputs.vpc == 'true' | |
| run: mage newinstaller:testiac vpc | |
| - name: Test new installer IaC - acm | |
| if: needs.check-changed-files.outputs.acm == 'true' | |
| run: mage newinstaller:testiac acm | |
| - name: Test new installer IaC - alb | |
| if: needs.check-changed-files.outputs.alb == 'true' | |
| run: mage newinstaller:testiac alb | |
| - name: Test new installer IaC - ec2log | |
| if: needs.check-changed-files.outputs.ec2log == 'true' | |
| run: mage newinstaller:testiac ec2log | |
| - name: Test new installer IaC - efs | |
| if: needs.check-changed-files.outputs.efs == 'true' | |
| run: mage newinstaller:testiac efs | |
| - name: Test new installer IaC - eks | |
| if: needs.check-changed-files.outputs.eks == 'true' | |
| run: mage newinstaller:testiac eks | |
| - name: Test new installer IaC - kms | |
| if: needs.check-changed-files.outputs.kms == 'true' | |
| run: mage newinstaller:testiac kms | |
| - name: Test new installer IaC - lb_sg | |
| if: needs.check-changed-files.outputs.lb_sg == 'true' | |
| run: mage newinstaller:testiac lb_sg | |
| - name: Test new installer IaC - nlb | |
| if: needs.check-changed-files.outputs.nlb == 'true' | |
| run: mage newinstaller:testiac nlb | |
| - name: Test new installer IaC - pull-through-cache-proxy | |
| if: needs.check-changed-files.outputs.pull-through-cache-proxy == 'true' | |
| run: mage newinstaller:testiac pull-through-cache-proxy | |
| - name: Test new installer IaC - rds | |
| if: needs.check-changed-files.outputs.rds == 'true' | |
| run: mage newinstaller:testiac rds | |
| - name: Test new installer IaC - route53 | |
| if: needs.check-changed-files.outputs.route53 == 'true' | |
| run: mage newinstaller:testiac route53 | |
| - name: Test new installer IaC - s3 | |
| if: needs.check-changed-files.outputs.s3 == 'true' | |
| run: mage newinstaller:testiac s3 | |
| - name: Test new installer IaC - waf | |
| if: needs.check-changed-files.outputs.waf == 'true' | |
| run: mage newinstaller:testiac waf |