ci: migrate AWS-credentialed CI jobs from CircleCI to GitHub Actions #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AWS Tests | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| release: | |
| types: [created] | |
| workflow_dispatch: | |
| env: | |
| K8S_VERSION: "v1.28.0" | |
| jobs: | |
| # --------------------------------------------------------------------------- | |
| # Terraform module tests (terraform + opentofu matrix) | |
| # --------------------------------------------------------------------------- | |
| terraform-tests: | |
| name: Terraform Tests (${{ matrix.iac }}) | |
| if: >- | |
| github.event_name != 'release' && ( | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| iac: [terraform, tofu] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install mise | |
| uses: jdx/mise-action@v3 | |
| with: | |
| version: 2025.12.10 | |
| experimental: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Go module cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::087285199408:role/terratest-gha | |
| aws-region: us-east-1 | |
| - name: Switch to OpenTofu | |
| if: matrix.iac == 'tofu' | |
| run: | | |
| # Remove terraform binary so terratest auto-detects tofu | |
| # (modules/terraform/cmd.go:252 - defaultTerraformExecutable falls back to tofu) | |
| sudo rm -f "$(which terraform 2>/dev/null)" || true | |
| tofu version | |
| - name: Run terraform module tests | |
| run: | | |
| mkdir -p /tmp/logs | |
| go test -v -p 1 -count=1 -timeout 30m ./modules/terraform/... 2>&1 | tee /tmp/logs/test_output.log | |
| - name: Upload test logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: terraform-test-logs-${{ matrix.iac }} | |
| path: /tmp/logs/ | |
| retention-days: 14 | |
| # --------------------------------------------------------------------------- | |
| # Terragrunt module tests (terraform + opentofu matrix) | |
| # --------------------------------------------------------------------------- | |
| terragrunt-tests: | |
| name: Terragrunt Tests (${{ matrix.iac }}) | |
| if: >- | |
| github.event_name != 'release' && ( | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| iac: [terraform, tofu] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install mise | |
| uses: jdx/mise-action@v3 | |
| with: | |
| version: 2025.12.10 | |
| experimental: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Go module cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::087285199408:role/terratest-gha | |
| aws-region: us-east-1 | |
| - name: Switch to OpenTofu | |
| if: matrix.iac == 'tofu' | |
| run: | | |
| # Remove terraform binary so terratest auto-detects tofu | |
| sudo rm -f "$(which terraform 2>/dev/null)" || true | |
| tofu version | |
| - name: Run terragrunt module tests | |
| run: | | |
| mkdir -p /tmp/logs | |
| go test -v -p 1 -count=1 -timeout 30m ./modules/terragrunt/... 2>&1 | tee /tmp/logs/test_output.log | |
| - name: Upload test logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: terragrunt-test-logs-${{ matrix.iac }} | |
| path: /tmp/logs/ | |
| retention-days: 14 | |
| # --------------------------------------------------------------------------- | |
| # Kubernetes tests | |
| # --------------------------------------------------------------------------- | |
| kubernetes-tests: | |
| name: Kubernetes Tests | |
| if: >- | |
| github.event_name != 'release' && ( | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install mise | |
| uses: jdx/mise-action@v3 | |
| with: | |
| version: 2025.12.10 | |
| experimental: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Go module cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::087285199408:role/terratest-gha | |
| aws-region: us-east-1 | |
| - name: Start minikube | |
| run: minikube start --driver=docker --kubernetes-version=${{ env.K8S_VERSION }} | |
| - name: Run k8s module tests | |
| run: | | |
| mkdir -p /tmp/logs | |
| go test -v -tags kubernetes -count=1 -timeout 20m ./modules/k8s/... 2>&1 | tee /tmp/logs/test_output.log | |
| - name: Run k8s integration tests | |
| run: | | |
| go test -v -tags kubernetes -run TestKubernetes -count=1 -timeout 20m ./test/... 2>&1 | tee -a /tmp/logs/test_output.log | |
| - name: Upload test logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: kubernetes-test-logs | |
| path: /tmp/logs/ | |
| retention-days: 14 | |
| # --------------------------------------------------------------------------- | |
| # Helm tests | |
| # --------------------------------------------------------------------------- | |
| helm-tests: | |
| name: Helm Tests | |
| if: >- | |
| github.event_name != 'release' && ( | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install mise | |
| uses: jdx/mise-action@v3 | |
| with: | |
| version: 2025.12.10 | |
| experimental: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Go module cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::087285199408:role/terratest-gha | |
| aws-region: us-east-1 | |
| - name: Start minikube | |
| run: minikube start --driver=docker --kubernetes-version=${{ env.K8S_VERSION }} | |
| - name: Run helm module tests | |
| run: | | |
| mkdir -p /tmp/logs | |
| go test -v -tags helm -count=1 -timeout 20m ./modules/helm/... 2>&1 | tee /tmp/logs/test_output.log | |
| - name: Run helm integration tests | |
| run: | | |
| go test -v -tags helm -run TestHelm -count=1 -timeout 20m ./test/... 2>&1 | tee -a /tmp/logs/test_output.log | |
| - name: Upload test logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: helm-test-logs | |
| path: /tmp/logs/ | |
| retention-days: 14 | |
| # --------------------------------------------------------------------------- | |
| # Build binaries (compile check on PRs, artifacts for release) | |
| # --------------------------------------------------------------------------- | |
| build: | |
| name: Build (${{ matrix.os }}/${{ matrix.arch }}) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [linux, darwin, windows] | |
| arch: [amd64, arm64, "386"] | |
| exclude: | |
| - os: darwin | |
| arch: "386" | |
| - os: windows | |
| arch: arm64 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install mise | |
| uses: jdx/mise-action@v3 | |
| with: | |
| version: 2025.12.10 | |
| experimental: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Go module cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Build binaries | |
| run: | | |
| mkdir -p cmd/bin | |
| EXT="" | |
| if [ "${{ matrix.os }}" = "windows" ]; then EXT=".exe"; fi | |
| CGO_ENABLED=0 GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} \ | |
| go build -o "cmd/bin/terratest_log_parser_${{ matrix.os }}_${{ matrix.arch }}${EXT}" \ | |
| ./cmd/terratest_log_parser | |
| CGO_ENABLED=0 GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} \ | |
| go build -o "cmd/bin/pick-instance-type_${{ matrix.os }}_${{ matrix.arch }}${EXT}" \ | |
| ./cmd/pick-instance-type | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: binaries-${{ matrix.os }}-${{ matrix.arch }} | |
| path: cmd/bin/ | |
| retention-days: 7 | |
| # --------------------------------------------------------------------------- | |
| # Release (triggered by GitHub release creation) | |
| # --------------------------------------------------------------------------- | |
| release: | |
| name: Release | |
| if: github.event_name == 'release' | |
| needs: build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download all build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: cmd/bin/ | |
| pattern: binaries-* | |
| merge-multiple: true | |
| - name: Generate SHA256SUMS | |
| run: cd cmd/bin && sha256sum -- * > SHA256SUMS | |
| - name: Upload release assets | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| for f in cmd/bin/*; do | |
| gh release upload "${{ github.ref_name }}" "$f" --clobber | |
| done |