mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-22 16:40:48 +00:00
Install terraform and packer for the linting job
We should be doing this because the Packer and Terraform pre-commit hooks leverage the corresponding executables; therefore, it makes sense to go ahead and install the particular versions of those executables that we support. Also add support for optionally debugging via tmate. See also cisagov/skeleton-generic#74.
This commit is contained in:
parent
b0e7f014e3
commit
106af21c04
1 changed files with 62 additions and 1 deletions
63
.github/workflows/build.yml
vendored
63
.github/workflows/build.yml
vendored
|
@ -8,13 +8,16 @@ on:
|
||||||
types: [apb]
|
types: [apb]
|
||||||
|
|
||||||
env:
|
env:
|
||||||
|
CURL_CACHE_DIR: ~/.cache/curl
|
||||||
PIP_CACHE_DIR: ~/.cache/pip
|
PIP_CACHE_DIR: ~/.cache/pip
|
||||||
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
|
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
|
||||||
|
RUN_TMATE: ${{ secrets.RUN_TMATE }}
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
lint:
|
lint:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
|
- uses: cisagov/setup-env-github-action@develop
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- id: setup-python
|
- id: setup-python
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v2
|
||||||
|
@ -23,17 +26,72 @@ jobs:
|
||||||
- uses: actions/cache@v2
|
- uses: actions/cache@v2
|
||||||
env:
|
env:
|
||||||
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
|
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
|
||||||
py${{ steps.setup-python.outputs.python-version }}-"
|
py${{ steps.setup-python.outputs.python-version }}-\
|
||||||
|
go${{ env.GO_VERSION }}-\
|
||||||
|
packer${{ env.PACKER_VERSION }}-\
|
||||||
|
tf${{ env.TERRAFORM_VERSION }}-"
|
||||||
with:
|
with:
|
||||||
|
# Note that the .terraform directory IS NOT included in the
|
||||||
|
# cache because if we were caching, then we would need to use
|
||||||
|
# the `-upgrade=true` option. This option blindly pulls down the
|
||||||
|
# latest modules and providers instead of checking to see if an
|
||||||
|
# update is required. That behavior defeats the benefits of caching.
|
||||||
|
# so there is no point in doing it for the .terraform directory.
|
||||||
path: |
|
path: |
|
||||||
${{ env.PIP_CACHE_DIR }}
|
${{ env.PIP_CACHE_DIR }}
|
||||||
${{ env.PRE_COMMIT_CACHE_DIR }}
|
${{ env.PRE_COMMIT_CACHE_DIR }}
|
||||||
|
${{ env.CURL_CACHE_DIR }}
|
||||||
|
${{ steps.go-cache.outputs.dir }}
|
||||||
key: "${{ env.BASE_CACHE_KEY }}\
|
key: "${{ env.BASE_CACHE_KEY }}\
|
||||||
${{ hashFiles('**/requirements-test.txt') }}-\
|
${{ hashFiles('**/requirements-test.txt') }}-\
|
||||||
${{ hashFiles('**/requirements.txt') }}-\
|
${{ hashFiles('**/requirements.txt') }}-\
|
||||||
${{ hashFiles('**/.pre-commit-config.yaml') }}"
|
${{ hashFiles('**/.pre-commit-config.yaml') }}"
|
||||||
restore-keys: |
|
restore-keys: |
|
||||||
${{ env.BASE_CACHE_KEY }}
|
${{ env.BASE_CACHE_KEY }}
|
||||||
|
- uses: actions/setup-go@v2
|
||||||
|
with:
|
||||||
|
go-version: '1.16'
|
||||||
|
- name: Store installed Go version
|
||||||
|
run: |
|
||||||
|
echo "GO_VERSION="\
|
||||||
|
"$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')" \
|
||||||
|
>> $GITHUB_ENV
|
||||||
|
- name: Lookup go cache directory
|
||||||
|
id: go-cache
|
||||||
|
run: |
|
||||||
|
echo "::set-output name=dir::$(go env GOCACHE)"
|
||||||
|
- name: Install Packer
|
||||||
|
run: |
|
||||||
|
mkdir -p ${{ env.CURL_CACHE_DIR }}
|
||||||
|
PACKER_ZIP="packer_${PACKER_VERSION}_linux_amd64.zip"
|
||||||
|
curl --output ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
|
||||||
|
--time-cond ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
|
||||||
|
--location \
|
||||||
|
"https://releases.hashicorp.com/packer/${PACKER_VERSION}/${PACKER_ZIP}"
|
||||||
|
sudo unzip -o -d /usr/local/bin \
|
||||||
|
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
|
||||||
|
- name: Install Terraform
|
||||||
|
run: |
|
||||||
|
mkdir -p ${{ env.CURL_CACHE_DIR }}
|
||||||
|
TERRAFORM_ZIP="terraform_${TERRAFORM_VERSION}_linux_amd64.zip"
|
||||||
|
curl --output ${{ env.CURL_CACHE_DIR }}/"${TERRAFORM_ZIP}" \
|
||||||
|
--time-cond ${{ env.CURL_CACHE_DIR }}/"${TERRAFORM_ZIP}" \
|
||||||
|
--location \
|
||||||
|
"https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/${TERRAFORM_ZIP}"
|
||||||
|
sudo unzip -d /opt/terraform \
|
||||||
|
${{ env.CURL_CACHE_DIR }}/"${TERRAFORM_ZIP}"
|
||||||
|
sudo ln -s /opt/terraform/terraform /usr/bin/terraform
|
||||||
|
sudo mv /usr/local/bin/terraform /usr/local/bin/terraform-default
|
||||||
|
sudo ln -s /opt/terraform/terraform /usr/local/bin/terraform
|
||||||
|
- name: Install Terraform-docs
|
||||||
|
run: GO111MODULE=on go get github.com/terraform-docs/terraform-docs
|
||||||
|
- name: Find and initialize Terraform directories
|
||||||
|
run: |
|
||||||
|
for path in $(find . -not \( -type d -name ".terraform" -prune \) \
|
||||||
|
-type f -iname "*.tf" -exec dirname "{}" \; | sort -u); do \
|
||||||
|
echo "Initializing '$path'..."; \
|
||||||
|
terraform init -input=false -backend=false "$path"; \
|
||||||
|
done
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: |
|
run: |
|
||||||
python -m pip install --upgrade pip
|
python -m pip install --upgrade pip
|
||||||
|
@ -42,3 +100,6 @@ jobs:
|
||||||
run: pre-commit install-hooks
|
run: pre-commit install-hooks
|
||||||
- name: Run pre-commit on all files
|
- name: Run pre-commit on all files
|
||||||
run: pre-commit run --all-files
|
run: pre-commit run --all-files
|
||||||
|
- name: Setup tmate debug session
|
||||||
|
uses: mxschmitt/action-tmate@v3
|
||||||
|
if: env.RUN_TMATE
|
||||||
|
|
Loading…
Reference in a new issue