-
Notifications
You must be signed in to change notification settings - Fork 1
137 lines (120 loc) · 4.06 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
---
# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.
name: Tests
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
terraform:
runs-on: ubuntu-latest
name: Integration (Terraform ${{ matrix.terraform_version }})
strategy:
fail-fast: false
matrix:
terraform_version:
- "1.6"
- "1.7"
- "1.8"
- "1.9"
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block # audit
allowed-endpoints: >
api.github.com:443
checkpoint-api.hashicorp.com:443
ec2.us-east-2.amazonaws.com:443
get.opentofu.org:443
github.com:443
golang.org:443
objects.githubusercontent.com:443
proxy.golang.org:443
registry.terraform.io:443
releases.hashicorp.com:443
storage.googleapis.com:443
sts.us-east-2.amazonaws.com:443
- name: Checkout Source
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: Install Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ">= 1.22.1"
cache: true
- name: Install Terraform ${{ matrix.terraform_version }}
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
with:
terraform_version: ${{ matrix.terraform_version }}
terraform_wrapper: false
- name: Run module tests with Terraform ${{ matrix.terraform_version }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ vars.AWS_REGION }}
run: |
cd tests && TF_PATH=$(which terraform) make
opentofu:
runs-on: ubuntu-latest
name: Integration (OpenTofu ${{ matrix.opentofu_version }})
strategy:
fail-fast: false
matrix:
opentofu_version:
- "1.6"
- "1.7"
- "1.8"
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block # audit
allowed-endpoints: >
api.github.com:443
checkpoint-api.hashicorp.com:443
ec2.us-east-2.amazonaws.com:443
get.opentofu.org:443
github.com:443
golang.org:443
objects.githubusercontent.com:443
proxy.golang.org:443
registry.opentofu.org:443
releases.hashicorp.com:443
storage.googleapis.com:443
sts.us-east-2.amazonaws.com:443
- name: Checkout Source
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: Install Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ">= 1.22.1"
cache: true
- name: Install OpenTofu ${{ matrix.opentofu_version }}
uses: opentofu/setup-opentofu@12f4debbf681675350b6cd1f0ff8ecfbda62027b # v1.0.4
with:
tofu_version: ~${{ matrix.opentofu_version }}
tofu_wrapper: false
- name: Run module tests with OpenTofu ${{ matrix.opentofu_version }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ vars.AWS_REGION }}
run: |
cd tests && TF_PATH=$(which tofu) make