Skip to content

feat: Masking policy data source v1 #1804

feat: Masking policy data source v1

feat: Masking policy data source v1 #1804

Workflow file for this run

# Run secret-dependent integration tests only after /ok-to-test approval
on:
repository_dispatch:
types: [ok-to-test-command]
pull_request:
name: tests
jobs:
all-tests:
env:
TEST_SF_TF_TEST_OBJECT_SUFFIX: ${{ (github.event_name == 'repository_dispatch' && github.event.client_payload.pull_request.head.sha) || (github.event_name == 'pull_request' && github.event.pull_request.head.sha) }}
name: all-tests
runs-on: ubuntu-latest
if: (github.event_name == 'repository_dispatch') || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
steps:
- id: verify_sha_input
if: github.event_name == 'repository_dispatch'
run: |
echo \"${{ github.event.client_payload.pull_request.head.sha }}\"
echo \"${{ github.event.client_payload.slash_command.args.named.sha }}\"
SHAINPUT=$(echo ${{github.event.client_payload.slash_command.args.named.sha}} | cut -c1-7)
if [ ${#SHAINPUT} -le 6 ]; then echo "error::input sha not at least 7 characters long" ; exit 1
else echo "done"
fi
SHAHEAD=$(echo ${{github.event.client_payload.pull_request.head.sha}} | cut -c1-7)
echo ${#SHAINPUT}
echo ${#SHAHEAD}
if [ "${SHAHEAD}" != "${SHAINPUT}" ]; then echo "sha input from slash command does not equal the head sha" ; exit 1
else echo "shas are equal"
fi
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version-file: ./go.mod
cache: false
- name: Install dependencies
run: make dev-setup
- name: Create and populate .snowflake/config file
id: create_config
run: mkdir $HOME/.snowflake && echo "${{ secrets.SNOWFLAKE_CONFIG_FILE }}" > $HOME/.snowflake/config
- run: make test
if: ${{ !cancelled() && steps.create_config.conclusion == 'success' }}
env:
SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT: ${{ secrets.SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT }}
TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL }}
TEST_SF_TF_AWS_EXTERNAL_KEY_ID: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_KEY_ID }}
TEST_SF_TF_AWS_EXTERNAL_ROLE_ARN: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_ROLE_ARN }}
TEST_SF_TF_AWS_EXTERNAL_SECRET_KEY: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_SECRET_KEY }}
TEST_SF_TF_AZURE_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_BUCKET_URL }}
TEST_SF_TF_AZURE_EXTERNAL_SAS_TOKEN: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_SAS_TOKEN }}
TEST_SF_TF_AZURE_EXTERNAL_TENANT_ID: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_TENANT_ID }}
TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL }}
- name: Setup Terraform
if: ${{ !cancelled() && steps.create_config.conclusion == 'success' }}
uses: hashicorp/setup-terraform@v3
id: setup_terraform
with:
terraform_version: 1.7.4
terraform_wrapper: false
- run: make test-acceptance
if: ${{ !cancelled() && steps.setup_terraform.conclusion == 'success' }}
env:
SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT: ${{ secrets.SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT }}
TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL }}
TEST_SF_TF_AWS_EXTERNAL_KEY_ID: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_KEY_ID }}
TEST_SF_TF_AWS_EXTERNAL_ROLE_ARN: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_ROLE_ARN }}
TEST_SF_TF_AWS_EXTERNAL_SECRET_KEY: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_SECRET_KEY }}
TEST_SF_TF_AZURE_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_BUCKET_URL }}
TEST_SF_TF_AZURE_EXTERNAL_SAS_TOKEN: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_SAS_TOKEN }}
TEST_SF_TF_AZURE_EXTERNAL_TENANT_ID: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_TENANT_ID }}
TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL }}
- name: sweepers cleanup
if: ${{ always() }}
run: echo y | make sweep
- name: find comment
if: ${{ always() }}
uses: peter-evans/find-comment@v2
id: fc
with:
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: Integration tests ran for
- name: create or update comment
if: ${{ always() }}
uses: peter-evans/create-or-update-comment@v2
with:
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
comment-id: ${{ steps.fc.outputs.comment-id }}
body: |
Integration tests ${{ job.status }} for [${{ github.event.client_payload.slash_command.args.named.sha || github.event.pull_request.head.sha }}](https://github.com/Snowflake-Labs/terraform-provider-snowflake/actions/runs/${{ github.run_id }})
- name: set fork job status
uses: actions/github-script@v6
if: ${{ always() }}
id: update_check_run
env:
number: ${{ github.event.client_payload.pull_request.number }}
job: ${{ github.job }}
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
conclusion: ${{ job.status }}
sha: ${{ github.event.client_payload.slash_command.args.named.sha }}
event_name: ${{ github.event_name }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
if (process.env.event_name !== 'repository_dispatch') {
console.log("Not repository_dispatch... nothing to do!");
return process.env.event_name;
}
const ref = process.env.sha;
const { data: checks } = await github.rest.checks.listForRef({
...context.repo,
ref
});
const check = checks.check_runs.filter(c => c.name === process.env.job);
console.log(check);
const { data: result } = await github.rest.checks.update({
...context.repo,
check_run_id: check[0].id,
status: 'completed',
conclusion: process.env.conclusion
});
return result;