Skip to content

Integration gcp detectors firebase #4194

Integration gcp detectors firebase

Integration gcp detectors firebase #4194

Workflow file for this run

# This is a basic workflow to help you get started with Actions
name: Detectors
# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the master branch
on: [push, pull_request]
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
pre_job:
# continue-on-error: true # Uncomment once integration is finished
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
name: Skip Duplicate Actions
uses: fkirc/skip-duplicate-actions@v4.0.0
with:
concurrent_skipping: 'same_content'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
paths: '["**.tf", "**.yaml", "scripts/**", "Makefile", ".github/workflows/main.yml"]'
changed_files:
runs-on: ubuntu-latest
outputs:
modules_tf: ${{ steps.changes.outputs.modules_tf }}
modules_yaml: ${{ steps.changes.outputs.modules_yaml }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Get changed files
id: changes
# Set outputs using the command.
run: |
echo ${GITHUB_REF}
if [ "${GITHUB_REF}" == "refs/heads/master" ]; then
echo "::set-output name=modules_tf::*,"
echo "::set-output name=modules_yaml::*,"
echo "master detected, consider all files as changed"
else
changed_files=$(git diff --name-only --diff-filter=ACMRT $(git merge-base --fork-point origin/master))
changed_files_tf=$(echo "${changed_files}" | grep '\.tf$') || changed_files_tf=""
changed_files_yaml=$(echo "${changed_files}" | grep '\.yaml$') || changed_files_yaml=""
echo ::set-output name=modules_tf::$(dirname $(echo "${changed_files_tf}") | uniq | tr '\n' ',') || true
echo ::set-output name=modules_yaml::$(dirname $(echo "${changed_files_yaml}") | uniq | tr '\n' ',') || true
echo -e "tf changed files:\n${changed_files_tf}"
echo -e "yaml changed files:\n${changed_files_yaml}"
fi
continue-on-error: true
deployment:
# The type of runner that the job will run on
needs: [pre_job, changed_files]
if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
#runs-on: hashicorp/terraform:full
runs-on: ubuntu-latest
container:
image: "claranet/terraform-ci:latest"
env:
SFX_AUTH_TOKEN: ${{ secrets.SFX_TOKEN }}
TF_VAR_environment: "ci-testing"
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.7
terraform_wrapper: false
- name: Generate example stack importing changed modules
run: |
make init-stack-common
echo "${{needs.changed_files.outputs.modules_tf}}" | while read -d ',' dir; do
echo "process ${dir}.."
make init-stack-modules "$(basename ${dir})"
done
- name: Terraform fmt
run: terraform fmt -recursive -write=false -diff -check .
- name: Terraform init
if: env.SFX_AUTH_TOKEN != null
run: terraform -chdir=examples/stack init
- name: Terraform validate
if: env.SFX_AUTH_TOKEN != null
run: terraform -chdir=examples/stack validate
# - name: Terraform Plan
# run: terraform plan -input=false -lock=false -detailed-exitcode examples/stack || if [ $? -ne 2 ]; then exit $?; fi
- name: Enable destroy
if: env.SFX_AUTH_TOKEN != null
run: echo ::set-output name=enabled::1
id: destroy
- name: Terraform Apply
#if: github.ref == 'refs/heads/master' && github.event_name == 'push' && ${{ always() }}
if: env.SFX_AUTH_TOKEN != null
run: terraform -chdir=examples/stack apply -input=false -lock=false -refresh=false -auto-approve
- name: Terraform Destroy
if: always() && steps.destroy.outputs.enabled == '1' && env.SFX_AUTH_TOKEN != null
run: terraform -chdir=examples/stack destroy -input=false -lock=false -refresh=false -auto-approve
compliance:
needs: [pre_job, changed_files]
if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
runs-on: ubuntu-latest
container:
image: "claranet/terraform-ci:latest"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Check and lint
run: |
echo "${{needs.changed_files.outputs.modules_tf}}" | while read -d ',' dir; do
echo "process ${dir}.."
make check-module "$(basename ${dir})"
done
outputs:
needs: [pre_job, changed_files]
if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
runs-on: ubuntu-latest
container:
image: "claranet/terraform-ci:latest"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Generate modules outputs
run: |
echo "${{needs.changed_files.outputs.modules_tf}}" | while read -d ',' dir; do
echo "process ${dir}.."
make update-module-outputs "$(basename ${dir})"
done
- name: Check for changes
run: git diff --exit-code
gen:
needs: [pre_job, changed_files]
if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
runs-on: ubuntu-latest
container:
image: "claranet/terraform-ci:latest"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Generate modules detectors from preset configs
run: |
echo "${{needs.changed_files.outputs.modules_yaml}}"
echo -n "${{needs.changed_files.outputs.modules_yaml}}" | while read -d ',' dir; do
echo "process $(dirname ${dir}).."
make update-module-detectors "$(basename $(dirname ${dir}))"
done
- name: Check for changes
run: |
git diff --exit-code
! [ -n "$(git status --porcelain)" ]