feat: azure OIDC account support #156
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration Tests | |
'on': | |
workflow_dispatch: {} | |
push: {} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_wrapper: false | |
- name: Set up Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.20.5 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install Python JWT module | |
run: pip install jwt | |
# In order to test git integration, we need a token generated from a JWT. | |
# The first step is to generate a JWT from the GitHub App private key. | |
# https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app#example-using-python-to-generate-a-jwt | |
- name: Generate a JWT | |
run: ./github-app-jwt.py >> "$GITHUB_ENV" | |
env: | |
GH_APP_ID: ${{ secrets.GH_APP_ID }} | |
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
# The next step is to generate an access token from the JWT. | |
# https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app#generating-an-installation-access-token | |
- name: Generate an access token | |
run: | | |
curl \ | |
--silent \ | |
--request POST \ | |
--url "https://api.github.com/app/installations/${GH_APP_INSTALLATION_ID}/access_tokens" \ | |
--header "Accept: application/vnd.github+json" \ | |
--header "Authorization: Bearer ${{ env.jwt }}" \ | |
--header "X-GitHub-Api-Version: 2022-11-28" | jq -r '"GIT_CREDENTIAL=" + .token' > "$GITHUB_ENV" | |
env: | |
GH_APP_INSTALLATION_ID: ${{ secrets.GH_APP_INSTALLATION_ID }} | |
- name: Install Dependencies | |
run: go get ./... | |
shell: bash | |
- name: Build the Terraform provider from source | |
run: go build -o terraform-provider-octopusdeploy | |
- name: Override the location used by Terraform provider | |
run: |- | |
cat <<EOT >> ~/.terraformrc | |
provider_installation { | |
dev_overrides { | |
"octopusdeploylabs/octopusdeploy" = "${{ github.workspace }}" | |
} | |
direct {} | |
} | |
EOT | |
- name: Install gotestsum | |
run: go install gotest.tools/gotestsum@latest | |
shell: bash | |
# The GitHub token we generated is valid for an hour. The full test suite can run for longer than an hour. | |
# So we first run the git tests while the token is fresh, and the run the rest of the tests. | |
- name: Test Git integration | |
run: go test -v -timeout 0 -run "^\\QTestProjectWithGitUsernameExport\\E$" integration_test.go | |
shell: bash | |
env: | |
LICENSE: ${{ secrets.OCTOPUS_SERVER_BASE64_LICENSE }} | |
ECR_ACCESS_KEY: ${{ secrets.ECR_ACCESS_KEY }} | |
ECR_SECRET_KEY: ${{ secrets.ECR_SECRET_KEY }} | |
GIT_USERNAME: x-access-token | |
OCTODISABLEOCTOCONTAINERLOGGING: true | |
OCTOTESTSKIPINIT: true | |
GOMAXPROCS: 1 | |
OCTOTESTVERSION: 2023.2 | |
- name: Test everything else | |
run: gotestsum --junitfile results.xml -- -v -timeout 0 -skip "^\\QTestProjectWithGitUsernameExport\\E$" -json integration_test.go | |
shell: bash | |
env: | |
LICENSE: ${{ secrets.OCTOPUS_SERVER_BASE64_LICENSE }} | |
ECR_ACCESS_KEY: ${{ secrets.ECR_ACCESS_KEY }} | |
ECR_SECRET_KEY: ${{ secrets.ECR_SECRET_KEY }} | |
GIT_USERNAME: x-access-token | |
OCTODISABLEOCTOCONTAINERLOGGING: true | |
OCTOTESTSKIPINIT: true | |
GOMAXPROCS: 1 | |
OCTOTESTVERSION: 2023.2 | |
- if: always() | |
name: Report | |
uses: dorny/test-reporter@v1 | |
with: | |
name: Go Tests | |
path: results.xml | |
reporter: java-junit | |
fail-on-error: 'false' | |
permissions: | |
id-token: write | |
checks: write | |
contents: write |