From ad7ba2a5343fee9be5570befd886d44643fc5311 Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Mon, 19 Aug 2024 13:55:30 -0400 Subject: [PATCH 1/9] feat: add IAM auth support, which is required for stack config templating as of atmos 1.18.2. --- action.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/action.yml b/action.yml index 8784f97..95265ad 100644 --- a/action.yml +++ b/action.yml @@ -112,6 +112,11 @@ runs: echo "terraform-version=$(atmos describe config -f json | jq -r '.integrations.github.gitops["terraform-version"]')" >> $GITHUB_OUTPUT echo "group-by=$(atmos describe config -f json | jq -r '.integrations.github.gitops.matrix["group-by"]')" >> $GITHUB_OUTPUT echo "sort-by=$(atmos describe config -f json | jq -r '.integrations.github.gitops.matrix["sort-by"]')" >> $GITHUB_OUTPUT + echo "aws-region=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].region')" >> $GITHUB_OUTPUT + echo "terraform-state-role=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].role')" >> $GITHUB_OUTPUT + echo "terraform-state-table=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].table')" >> $GITHUB_OUTPUT + echo "terraform-state-bucket=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].bucket')" >> $GITHUB_OUTPUT + echo "terraform-plan-role=$(atmos describe config -f json | jq -r '.integrations.github.gitops.role.plan')" >> $GITHUB_OUTPUT - name: Install Terraform if: ${{ steps.config.outputs.terraform-version != '' && steps.config.outputs.terraform-version != 'null' }} @@ -143,6 +148,14 @@ runs: run: git checkout ${{ inputs.base-ref }} working-directory: base-ref + - name: Configure Plan AWS Credentials + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + aws-region: ${{ steps.config.outputs.aws-region }} + role-to-assume: ${{ steps.config.outputs.terraform-plan-role }} + role-session-name: "atmos-terraform-plan-gitops" + mask-aws-account-id: "no" + - name: atmos affected stacks for atmos pro id: affected-pro if: ${{ inputs.atmos-pro-upload == 'true' }} From 03e5e04ca12c6fb0375dc19ed17304eba6310652 Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Mon, 19 Aug 2024 14:26:36 -0400 Subject: [PATCH 2/9] Address test issues; PR review. --- .github/workflows/test-matrix-2-levels.yml | 1 + .github/workflows/test-matrix-3-levels.yml | 1 + .github/workflows/test-no-changes.yml | 1 + .github/workflows/test-positive.yml | 1 + action.yml | 8 +++++--- 5 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-matrix-2-levels.yml b/.github/workflows/test-matrix-2-levels.yml index 50d0ec0..cafe188 100644 --- a/.github/workflows/test-matrix-2-levels.yml +++ b/.github/workflows/test-matrix-2-levels.yml @@ -28,6 +28,7 @@ jobs: - uses: ./ id: current with: + iam-auth-enabled: false install-atmos: false atmos-config-path: "./tests" nested-matrices-count: '2' diff --git a/.github/workflows/test-matrix-3-levels.yml b/.github/workflows/test-matrix-3-levels.yml index 508e92d..e8258af 100644 --- a/.github/workflows/test-matrix-3-levels.yml +++ b/.github/workflows/test-matrix-3-levels.yml @@ -28,6 +28,7 @@ jobs: - uses: ./ id: current with: + iam-auth-enabled: false install-atmos: false atmos-config-path: "./tests" nested-matrices-count: '3' diff --git a/.github/workflows/test-no-changes.yml b/.github/workflows/test-no-changes.yml index 4243bf1..1422fc6 100644 --- a/.github/workflows/test-no-changes.yml +++ b/.github/workflows/test-no-changes.yml @@ -25,6 +25,7 @@ jobs: - uses: ./ id: current with: + iam-auth-enabled: false install-atmos: true atmos-config-path: "./tests" diff --git a/.github/workflows/test-positive.yml b/.github/workflows/test-positive.yml index f83ae87..2ea4bba 100644 --- a/.github/workflows/test-positive.yml +++ b/.github/workflows/test-positive.yml @@ -28,6 +28,7 @@ jobs: - uses: ./ id: current with: + iam-auth-enabled: false install-atmos: false atmos-config-path: "./tests" diff --git a/action.yml b/action.yml index 95265ad..afc7d79 100644 --- a/action.yml +++ b/action.yml @@ -47,6 +47,10 @@ inputs: description: Whether to include dependents of affected stacks in the output required: false default: "false" + iam-auth-enabled: + description: Whether to assume the Terraform plan IAM role prior to running atmos commands + required: false + default: "true" install-jq: description: Whether to install jq required: false @@ -113,9 +117,6 @@ runs: echo "group-by=$(atmos describe config -f json | jq -r '.integrations.github.gitops.matrix["group-by"]')" >> $GITHUB_OUTPUT echo "sort-by=$(atmos describe config -f json | jq -r '.integrations.github.gitops.matrix["sort-by"]')" >> $GITHUB_OUTPUT echo "aws-region=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].region')" >> $GITHUB_OUTPUT - echo "terraform-state-role=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].role')" >> $GITHUB_OUTPUT - echo "terraform-state-table=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].table')" >> $GITHUB_OUTPUT - echo "terraform-state-bucket=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].bucket')" >> $GITHUB_OUTPUT echo "terraform-plan-role=$(atmos describe config -f json | jq -r '.integrations.github.gitops.role.plan')" >> $GITHUB_OUTPUT - name: Install Terraform @@ -149,6 +150,7 @@ runs: working-directory: base-ref - name: Configure Plan AWS Credentials + if: ${{ inputs.iam-auth-enabled == 'true' }} uses: aws-actions/configure-aws-credentials@v4.0.2 with: aws-region: ${{ steps.config.outputs.aws-region }} From 6f65be479ce2570fc7631f8a2040546102b7bd6e Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Tue, 20 Aug 2024 13:33:41 -0400 Subject: [PATCH 3/9] Inject real role into workflow; remove condition and input. --- .github/workflows/test-matrix-2-levels.yml | 13 +++++++++++-- .github/workflows/test-matrix-3-levels.yml | 13 +++++++++++-- .github/workflows/test-no-changes.yml | 13 +++++++++++-- .github/workflows/test-positive.yml | 13 +++++++++++-- action.yml | 5 ----- tests/atmos.yaml | 2 +- 6 files changed, 45 insertions(+), 14 deletions(-) diff --git a/.github/workflows/test-matrix-2-levels.yml b/.github/workflows/test-matrix-2-levels.yml index cafe188..2feaded 100644 --- a/.github/workflows/test-matrix-2-levels.yml +++ b/.github/workflows/test-matrix-2-levels.yml @@ -7,6 +7,10 @@ on: # pull_request: {} workflow_dispatch: {} +permissions: + contents: read + id-token: write + jobs: setup: runs-on: ubuntu-latest @@ -22,16 +26,21 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - shell: bash + run: | + mkdir -p ${{ runner.temp }} + cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH - uses: ./ id: current with: - iam-auth-enabled: false install-atmos: false - atmos-config-path: "./tests" nested-matrices-count: '2' + atmos-config-path: ${{ runner.temp }} outputs: affected: "${{ steps.current.outputs.affected }}" diff --git a/.github/workflows/test-matrix-3-levels.yml b/.github/workflows/test-matrix-3-levels.yml index e8258af..4a03146 100644 --- a/.github/workflows/test-matrix-3-levels.yml +++ b/.github/workflows/test-matrix-3-levels.yml @@ -7,6 +7,10 @@ on: # pull_request: {} workflow_dispatch: {} +permissions: + contents: read + id-token: write + jobs: setup: runs-on: ubuntu-latest @@ -22,16 +26,21 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - shell: bash + run: | + mkdir -p ${{ runner.temp }} + cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH - uses: ./ id: current with: - iam-auth-enabled: false install-atmos: false - atmos-config-path: "./tests" nested-matrices-count: '3' + atmos-config-path: ${{ runner.temp }} outputs: affected: "${{ steps.current.outputs.affected }}" diff --git a/.github/workflows/test-no-changes.yml b/.github/workflows/test-no-changes.yml index 1422fc6..23b6b17 100644 --- a/.github/workflows/test-no-changes.yml +++ b/.github/workflows/test-no-changes.yml @@ -7,6 +7,10 @@ on: # pull_request: {} workflow_dispatch: {} +permissions: + contents: read + id-token: write + jobs: setup: runs-on: ubuntu-latest @@ -22,12 +26,17 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - shell: bash + run: | + mkdir -p ${{ runner.temp }} + cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + - uses: ./ id: current with: - iam-auth-enabled: false install-atmos: true - atmos-config-path: "./tests" + atmos-config-path: ${{ runner.temp }} outputs: affected: "${{ steps.current.outputs.affected }}" diff --git a/.github/workflows/test-positive.yml b/.github/workflows/test-positive.yml index 2ea4bba..c197b4e 100644 --- a/.github/workflows/test-positive.yml +++ b/.github/workflows/test-positive.yml @@ -7,6 +7,10 @@ on: # pull_request: {} workflow_dispatch: {} +permissions: + contents: read + id-token: write + jobs: setup: runs-on: ubuntu-latest @@ -22,15 +26,20 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - shell: bash + run: | + mkdir -p ${{ runner.temp }} + cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH - uses: ./ id: current with: - iam-auth-enabled: false install-atmos: false - atmos-config-path: "./tests" + atmos-config-path: ${{ runner.temp }} outputs: affected: "${{ steps.current.outputs.affected }}" diff --git a/action.yml b/action.yml index afc7d79..24e3d17 100644 --- a/action.yml +++ b/action.yml @@ -47,10 +47,6 @@ inputs: description: Whether to include dependents of affected stacks in the output required: false default: "false" - iam-auth-enabled: - description: Whether to assume the Terraform plan IAM role prior to running atmos commands - required: false - default: "true" install-jq: description: Whether to install jq required: false @@ -150,7 +146,6 @@ runs: working-directory: base-ref - name: Configure Plan AWS Credentials - if: ${{ inputs.iam-auth-enabled == 'true' }} uses: aws-actions/configure-aws-credentials@v4.0.2 with: aws-region: ${{ steps.config.outputs.aws-region }} diff --git a/tests/atmos.yaml b/tests/atmos.yaml index f52ec6e..2e0f99a 100644 --- a/tests/atmos.yaml +++ b/tests/atmos.yaml @@ -257,7 +257,7 @@ integrations: table: cptest-core-ue2-auto-gitops-plan-storage role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha role: - plan: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops + plan: __PLAN_ROLE__ apply: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops matrix: sort-by: .stack_slug From fbf1f2a113b8f565eb9e30af52fc16fab3de0ca8 Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Tue, 20 Aug 2024 13:42:06 -0400 Subject: [PATCH 4/9] Checkout PR head ref. --- .github/workflows/test-matrix-2-levels.yml | 2 ++ .github/workflows/test-matrix-3-levels.yml | 2 ++ .github/workflows/test-no-changes.yml | 2 ++ .github/workflows/test-positive.yml | 2 ++ 4 files changed, 8 insertions(+) diff --git a/.github/workflows/test-matrix-2-levels.yml b/.github/workflows/test-matrix-2-levels.yml index 2feaded..5e2b615 100644 --- a/.github/workflows/test-matrix-2-levels.yml +++ b/.github/workflows/test-matrix-2-levels.yml @@ -25,6 +25,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} - shell: bash run: | diff --git a/.github/workflows/test-matrix-3-levels.yml b/.github/workflows/test-matrix-3-levels.yml index 4a03146..c718476 100644 --- a/.github/workflows/test-matrix-3-levels.yml +++ b/.github/workflows/test-matrix-3-levels.yml @@ -25,6 +25,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} - shell: bash run: | diff --git a/.github/workflows/test-no-changes.yml b/.github/workflows/test-no-changes.yml index 23b6b17..8d6b1d5 100644 --- a/.github/workflows/test-no-changes.yml +++ b/.github/workflows/test-no-changes.yml @@ -25,6 +25,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} - shell: bash run: | diff --git a/.github/workflows/test-positive.yml b/.github/workflows/test-positive.yml index c197b4e..37db298 100644 --- a/.github/workflows/test-positive.yml +++ b/.github/workflows/test-positive.yml @@ -25,6 +25,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} - shell: bash run: | From b710dbc05b2ace1a2eff8dd50edb4fb4627c2f4b Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Tue, 20 Aug 2024 14:24:13 -0400 Subject: [PATCH 5/9] Also inject values in fixtures; fix json keys in fixtures. --- .github/workflows/test-matrix-2-levels.yml | 1 + .github/workflows/test-matrix-3-levels.yml | 1 + .github/workflows/test-no-changes.yml | 1 + .github/workflows/test-positive.yml | 1 + tests/fixtures/atmos | 4 ++-- 5 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-matrix-2-levels.yml b/.github/workflows/test-matrix-2-levels.yml index 5e2b615..10bb462 100644 --- a/.github/workflows/test-matrix-2-levels.yml +++ b/.github/workflows/test-matrix-2-levels.yml @@ -33,6 +33,7 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./fixtures/atmos - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH diff --git a/.github/workflows/test-matrix-3-levels.yml b/.github/workflows/test-matrix-3-levels.yml index c718476..45caf5d 100644 --- a/.github/workflows/test-matrix-3-levels.yml +++ b/.github/workflows/test-matrix-3-levels.yml @@ -33,6 +33,7 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./fixtures/atmos - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH diff --git a/.github/workflows/test-no-changes.yml b/.github/workflows/test-no-changes.yml index 8d6b1d5..79e6c95 100644 --- a/.github/workflows/test-no-changes.yml +++ b/.github/workflows/test-no-changes.yml @@ -33,6 +33,7 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./fixtures/atmos - uses: ./ id: current diff --git a/.github/workflows/test-positive.yml b/.github/workflows/test-positive.yml index 37db298..e83c0b4 100644 --- a/.github/workflows/test-positive.yml +++ b/.github/workflows/test-positive.yml @@ -33,6 +33,7 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./fixtures/atmos - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH diff --git a/tests/fixtures/atmos b/tests/fixtures/atmos index 9001523..c1ab184 100755 --- a/tests/fixtures/atmos +++ b/tests/fixtures/atmos @@ -19,10 +19,10 @@ cat << EOF "apply": "arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops", "plan": "arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops" }, - "storage": { + "artifact-storage": { "bucket": "cptest-core-ue2-auto-gitops", "region": "us-east-2", - "role": "arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha", + "role": "__PLAN_ROLE__", "table": "cptest-core-ue2-auto-gitops-plan-storage" }, "terraform-version": "1.5.2" From db25b69ce7d02f7a6978fccf8d12121a7fe50a01 Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Tue, 20 Aug 2024 14:26:36 -0400 Subject: [PATCH 6/9] Fix fixture path. --- .github/workflows/test-matrix-2-levels.yml | 2 +- .github/workflows/test-matrix-3-levels.yml | 2 +- .github/workflows/test-no-changes.yml | 2 +- .github/workflows/test-positive.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-matrix-2-levels.yml b/.github/workflows/test-matrix-2-levels.yml index 10bb462..de7886a 100644 --- a/.github/workflows/test-matrix-2-levels.yml +++ b/.github/workflows/test-matrix-2-levels.yml @@ -33,7 +33,7 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml - sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./fixtures/atmos + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./tests/fixtures/atmos - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH diff --git a/.github/workflows/test-matrix-3-levels.yml b/.github/workflows/test-matrix-3-levels.yml index 45caf5d..da7c7ed 100644 --- a/.github/workflows/test-matrix-3-levels.yml +++ b/.github/workflows/test-matrix-3-levels.yml @@ -33,7 +33,7 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml - sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./fixtures/atmos + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./tests/fixtures/atmos - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH diff --git a/.github/workflows/test-no-changes.yml b/.github/workflows/test-no-changes.yml index 79e6c95..9c12688 100644 --- a/.github/workflows/test-no-changes.yml +++ b/.github/workflows/test-no-changes.yml @@ -33,7 +33,7 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml - sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./fixtures/atmos + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./tests/fixtures/atmos - uses: ./ id: current diff --git a/.github/workflows/test-positive.yml b/.github/workflows/test-positive.yml index e83c0b4..f2a77ba 100644 --- a/.github/workflows/test-positive.yml +++ b/.github/workflows/test-positive.yml @@ -33,7 +33,7 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml - sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./fixtures/atmos + sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./tests/fixtures/atmos - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH From a5d32d677ed1a3a90b18a3f0632d1ba89d236dd9 Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Tue, 20 Aug 2024 14:58:32 -0400 Subject: [PATCH 7/9] Use yq as part of atmos mock. --- .github/workflows/test-matrix-2-levels.yml | 7 ++++- .github/workflows/test-matrix-3-levels.yml | 7 ++++- .github/workflows/test-no-changes.yml | 7 ++++- .github/workflows/test-positive.yml | 7 ++++- tests/fixtures/atmos | 33 +--------------------- 5 files changed, 25 insertions(+), 36 deletions(-) diff --git a/.github/workflows/test-matrix-2-levels.yml b/.github/workflows/test-matrix-2-levels.yml index de7886a..3dcce34 100644 --- a/.github/workflows/test-matrix-2-levels.yml +++ b/.github/workflows/test-matrix-2-levels.yml @@ -33,11 +33,16 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml - sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./tests/fixtures/atmos - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH + - uses: cloudposse-github-actions/install-gh-releases@v1 + with: + cache: true + config: |- + mikefarah/yq:v4.44.3 + - uses: ./ id: current with: diff --git a/.github/workflows/test-matrix-3-levels.yml b/.github/workflows/test-matrix-3-levels.yml index da7c7ed..a56e42b 100644 --- a/.github/workflows/test-matrix-3-levels.yml +++ b/.github/workflows/test-matrix-3-levels.yml @@ -33,11 +33,16 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml - sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./tests/fixtures/atmos - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH + - uses: cloudposse-github-actions/install-gh-releases@v1 + with: + cache: true + config: |- + mikefarah/yq:v4.44.3 + - uses: ./ id: current with: diff --git a/.github/workflows/test-no-changes.yml b/.github/workflows/test-no-changes.yml index 9c12688..ab42027 100644 --- a/.github/workflows/test-no-changes.yml +++ b/.github/workflows/test-no-changes.yml @@ -33,7 +33,12 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml - sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./tests/fixtures/atmos + + - uses: cloudposse-github-actions/install-gh-releases@v1 + with: + cache: true + config: |- + mikefarah/yq:v4.44.3 - uses: ./ id: current diff --git a/.github/workflows/test-positive.yml b/.github/workflows/test-positive.yml index f2a77ba..53b090c 100644 --- a/.github/workflows/test-positive.yml +++ b/.github/workflows/test-positive.yml @@ -33,11 +33,16 @@ jobs: mkdir -p ${{ runner.temp }} cp ./tests/atmos.yaml ${{ runner.temp }}/atmos.yaml sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ${{ runner.temp }}/atmos.yaml - sed -i -e 's#__PLAN_ROLE__#${{ secrets.TERRAFORM_PLAN_ROLE }}#g' ./tests/fixtures/atmos - name: add mock atmos to the path run: echo "./tests/fixtures" >> $GITHUB_PATH + - uses: cloudposse-github-actions/install-gh-releases@v1 + with: + cache: true + config: |- + mikefarah/yq:v4.44.3 + - uses: ./ id: current with: diff --git a/tests/fixtures/atmos b/tests/fixtures/atmos index c1ab184..eaabf50 100755 --- a/tests/fixtures/atmos +++ b/tests/fixtures/atmos @@ -1,35 +1,4 @@ #!/bin/bash cat "${GITHUB_ACTION_PATH}/tests/fixtures/mock-atmos-describe-affected.json" > affected-stacks.json - -cat << EOF -{ - "integrations": { - "atlantis": { - - }, - "github": { - "gitops": { - "infracost-enabled": false, - "matrix": { - "group-by": ".stack_slug | split(\"-\") | [.[0], .[2]] | join(\"-\")", - "sort-by": ".stack_slug" - }, - "role": { - "apply": "arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops", - "plan": "arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops" - }, - "artifact-storage": { - "bucket": "cptest-core-ue2-auto-gitops", - "region": "us-east-2", - "role": "__PLAN_ROLE__", - "table": "cptest-core-ue2-auto-gitops-plan-storage" - }, - "terraform-version": "1.5.2" - } - } - } -} - - -EOF +cat ${ATMOS_CLI_CONFIG_PATH}/atmos.yaml | yq e --tojson '.' - From 5b38cac0790bc151b34f05f825c5642690fb4de8 Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:01:50 -0400 Subject: [PATCH 8/9] Fix config for release install. --- .github/workflows/test-matrix-2-levels.yml | 2 +- .github/workflows/test-matrix-3-levels.yml | 2 +- .github/workflows/test-no-changes.yml | 2 +- .github/workflows/test-positive.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-matrix-2-levels.yml b/.github/workflows/test-matrix-2-levels.yml index 3dcce34..5f6dd03 100644 --- a/.github/workflows/test-matrix-2-levels.yml +++ b/.github/workflows/test-matrix-2-levels.yml @@ -41,7 +41,7 @@ jobs: with: cache: true config: |- - mikefarah/yq:v4.44.3 + mikefarah/yq: v4.44.3 - uses: ./ id: current diff --git a/.github/workflows/test-matrix-3-levels.yml b/.github/workflows/test-matrix-3-levels.yml index a56e42b..56376aa 100644 --- a/.github/workflows/test-matrix-3-levels.yml +++ b/.github/workflows/test-matrix-3-levels.yml @@ -41,7 +41,7 @@ jobs: with: cache: true config: |- - mikefarah/yq:v4.44.3 + mikefarah/yq: v4.44.3 - uses: ./ id: current diff --git a/.github/workflows/test-no-changes.yml b/.github/workflows/test-no-changes.yml index ab42027..aefb95c 100644 --- a/.github/workflows/test-no-changes.yml +++ b/.github/workflows/test-no-changes.yml @@ -38,7 +38,7 @@ jobs: with: cache: true config: |- - mikefarah/yq:v4.44.3 + mikefarah/yq: v4.44.3 - uses: ./ id: current diff --git a/.github/workflows/test-positive.yml b/.github/workflows/test-positive.yml index 53b090c..b47b7fa 100644 --- a/.github/workflows/test-positive.yml +++ b/.github/workflows/test-positive.yml @@ -41,7 +41,7 @@ jobs: with: cache: true config: |- - mikefarah/yq:v4.44.3 + mikefarah/yq: v4.44.3 - uses: ./ id: current From 80c91f58406aaca1554384f39b73656f854d21e2 Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:52:15 -0400 Subject: [PATCH 9/9] empty commit