|
|
|
@ -8,32 +8,95 @@ on: |
|
|
|
|
types: [apb] |
|
|
|
|
|
|
|
|
|
env: |
|
|
|
|
CURL_CACHE_DIR: ~/.cache/curl |
|
|
|
|
PIP_CACHE_DIR: ~/.cache/pip |
|
|
|
|
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit |
|
|
|
|
RUN_TMATE: ${{ secrets.RUN_TMATE }} |
|
|
|
|
|
|
|
|
|
jobs: |
|
|
|
|
lint: |
|
|
|
|
runs-on: ubuntu-latest |
|
|
|
|
steps: |
|
|
|
|
- uses: cisagov/setup-env-github-action@develop |
|
|
|
|
- uses: actions/checkout@v2 |
|
|
|
|
- id: setup-python |
|
|
|
|
uses: actions/setup-python@v2 |
|
|
|
|
with: |
|
|
|
|
python-version: 3.9 |
|
|
|
|
# GO_VERSION and GOCACHE are used by the cache task, so the Go |
|
|
|
|
# installation must happen before that. |
|
|
|
|
- uses: actions/setup-go@v2 |
|
|
|
|
with: |
|
|
|
|
go-version: '1.16' |
|
|
|
|
- name: Store installed Go version |
|
|
|
|
run: | |
|
|
|
|
echo "GO_VERSION="\ |
|
|
|
|
"$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')" \ |
|
|
|
|
>> $GITHUB_ENV |
|
|
|
|
- name: Lookup Go cache directory |
|
|
|
|
id: go-cache |
|
|
|
|
run: | |
|
|
|
|
echo "::set-output name=dir::$(go env GOCACHE)" |
|
|
|
|
- uses: actions/cache@v2 |
|
|
|
|
env: |
|
|
|
|
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ |
|
|
|
|
py${{ steps.setup-python.outputs.python-version }}-" |
|
|
|
|
py${{ steps.setup-python.outputs.python-version }}-\ |
|
|
|
|
go${{ env.GO_VERSION }}-\ |
|
|
|
|
packer${{ env.PACKER_VERSION }}-\ |
|
|
|
|
tf${{ env.TERRAFORM_VERSION }}-" |
|
|
|
|
with: |
|
|
|
|
# Note that the .terraform directory IS NOT included in the |
|
|
|
|
# cache because if we were caching, then we would need to use |
|
|
|
|
# the `-upgrade=true` option. This option blindly pulls down the |
|
|
|
|
# latest modules and providers instead of checking to see if an |
|
|
|
|
# update is required. That behavior defeats the benefits of caching. |
|
|
|
|
# so there is no point in doing it for the .terraform directory. |
|
|
|
|
path: | |
|
|
|
|
${{ env.PIP_CACHE_DIR }} |
|
|
|
|
${{ env.PRE_COMMIT_CACHE_DIR }} |
|
|
|
|
${{ env.CURL_CACHE_DIR }} |
|
|
|
|
${{ steps.go-cache.outputs.dir }} |
|
|
|
|
key: "${{ env.BASE_CACHE_KEY }}\ |
|
|
|
|
${{ hashFiles('**/requirements-test.txt') }}-\ |
|
|
|
|
${{ hashFiles('**/requirements.txt') }}-\ |
|
|
|
|
${{ hashFiles('**/.pre-commit-config.yaml') }}" |
|
|
|
|
restore-keys: | |
|
|
|
|
${{ env.BASE_CACHE_KEY }} |
|
|
|
|
- name: Setup curl cache |
|
|
|
|
run: mkdir -p ${{ env.CURL_CACHE_DIR }} |
|
|
|
|
- name: Install Packer |
|
|
|
|
run: | |
|
|
|
|
PACKER_ZIP="packer_${PACKER_VERSION}_linux_amd64.zip" |
|
|
|
|
curl --output ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \ |
|
|
|
|
--time-cond ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \ |
|
|
|
|
--location \ |
|
|
|
|
"https://releases.hashicorp.com/packer/${PACKER_VERSION}/${PACKER_ZIP}" |
|
|
|
|
sudo unzip -d /opt/packer \ |
|
|
|
|
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" |
|
|
|
|
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default |
|
|
|
|
sudo ln -s /opt/packer/packer /usr/local/bin/packer |
|
|
|
|
- name: Install Terraform |
|
|
|
|
run: | |
|
|
|
|
TERRAFORM_ZIP="terraform_${TERRAFORM_VERSION}_linux_amd64.zip" |
|
|
|
|
curl --output ${{ env.CURL_CACHE_DIR }}/"${TERRAFORM_ZIP}" \ |
|
|
|
|
--time-cond ${{ env.CURL_CACHE_DIR }}/"${TERRAFORM_ZIP}" \ |
|
|
|
|
--location \ |
|
|
|
|
"https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/${TERRAFORM_ZIP}" |
|
|
|
|
sudo unzip -d /opt/terraform \ |
|
|
|
|
${{ env.CURL_CACHE_DIR }}/"${TERRAFORM_ZIP}" |
|
|
|
|
sudo mv /usr/local/bin/terraform /usr/local/bin/terraform-default |
|
|
|
|
sudo ln -s /opt/terraform/terraform /usr/local/bin/terraform |
|
|
|
|
- name: Install Terraform-docs |
|
|
|
|
run: | |
|
|
|
|
go install \ |
|
|
|
|
github.com/terraform-docs/terraform-docs@${TERRAFORM_DOCS_VERSION} |
|
|
|
|
- name: Find and initialize Terraform directories |
|
|
|
|
run: | |
|
|
|
|
for path in $(find . -not \( -type d -name ".terraform" -prune \) \ |
|
|
|
|
-type f -iname "*.tf" -exec dirname "{}" \; | sort -u); do \ |
|
|
|
|
echo "Initializing '$path'..."; \ |
|
|
|
|
terraform init -input=false -backend=false "$path"; \ |
|
|
|
|
done |
|
|
|
|
- name: Install dependencies |
|
|
|
|
run: | |
|
|
|
|
python -m pip install --upgrade pip |
|
|
|
@ -42,3 +105,6 @@ jobs: |
|
|
|
|
run: pre-commit install-hooks |
|
|
|
|
- name: Run pre-commit on all files |
|
|
|
|
run: pre-commit run --all-files |
|
|
|
|
- name: Setup tmate debug session |
|
|
|
|
uses: mxschmitt/action-tmate@v3 |
|
|
|
|
if: env.RUN_TMATE |
|
|
|
|