blob: 226199a6afc4bc77bb9e44dcca196b4b48755ab9 [file] [log] [blame] [edit]
name: Terraform Equivalence Tests
on:
workflow_dispatch:
inputs:
terraform-version:
type: string
required: true
description: "terraform-version: The Terraform version to test (eg. v1.3.1, 1.3.2)."
build-run-id:
type: string
required: true
description: "build-run-id: The `Build Terraform CLI Packages` run to retrieve built Terraform binaries from."
workflow_run:
workflows: [Build Terraform CLI Packages]
types:
- completed
permissions:
actions: read
contents: write
env:
terraform-equivalence-testing-version: v0.2.0
target-os: linux
target-arch: amd64
jobs:
get-metadata:
name: "Determine Terraform version and other metadata"
runs-on: ubuntu-latest
outputs:
run-equivalence-tests: ${{ steps.metadata.outputs.run-equivalence-tests }}
terraform-version: ${{ steps.metadata.outputs.terraform-version }}
build-run-id: ${{ steps.metadata.outputs.build-run-id }}
target-branch: ${{ steps.metadata.outputs.target-branch }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.workflow_run.head_branch }}
- id: metadata
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
# Then we map all our outputs from the user supplied inputs.
RUN_EQUIVALENCE_TESTS=true
TERRAFORM_VERSION=${{ inputs.terraform-version }}
BUILD_RUN_ID=${{ inputs.build-run-id }}
else
# Quick sanity check, if the workflow_run that triggered this action
# failed then we shouldn't carry on.
if [[ "${{ github.event.workflow_run.conclusion }}" != "success" ]]; then
echo "::set-output name=run-equivalence-tests::false"
exit 0
fi
# Otherwise, we have to pull our outputs from the workflow_run event
# information.
TERRAFORM_VERSION=${{ github.event.workflow_run.head_branch }}
if git show-ref -q --verify refs/tags/$TERRAFORM_VERSION; then
# Then our trigger was from a new tag being pushed, so we want to
# run the equivalence tests and we need to work some things out.
RUN_EQUIVALENCE_TESTS=true
BUILD_RUN_ID=${{ github.event.workflow_run.id }}
else
# Then our trigger wasn't from a new tag being pushed, this is
# easy as we just skip running the equivalence tests.
RUN_EQUIVALENCE_TESTS=false
fi
fi
# One last thing to do is to work out which branch we want to operate
# against. This could be `main` for an alpha build, or a release
# branch (eg. v1.1, v1.2, v1.3) for any other kind of build.
# Trim the "v" prefix, if any.
VERSION="${TERRAFORM_VERSION#v}"
# Split off the build metadata part, if any
# (we won't actually include it in our final version, and handle it only for
# compleness against semver syntax.)
IFS='+' read -ra VERSION BUILD_META <<< "$VERSION"
# Separate out the prerelease part, if any
IFS='-' read -r BASE_VERSION PRERELEASE <<< "$VERSION"
# Separate out major, minor and patch versions.
IFS='.' read -r MAJOR_VERSION MINOR_VERSION PATCH_VERSION <<< "$BASE_VERSION"
if [[ "$PRERELEASE" == *"alpha"* ]]; then
TARGET_BRANCH=main
else
TARGET_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
fi
echo "::set-output name=target-branch::${TARGET_BRANCH}"
echo "::set-output name=terraform-version::${TERRAFORM_VERSION}"
echo "::set-output name=build-run-id::${BUILD_RUN_ID}"
echo "::set-output name=run-equivalence-tests::${RUN_EQUIVALENCE_TESTS}"
prepare-equivalence-tests:
name: "Prepare equivalence testing binary"
if: ${{ needs.get-metadata.outputs.run-equivalence-tests == 'true' }}
runs-on: ubuntu-latest
needs:
- get-metadata
steps:
- name: "Download terraform-equivalence-testing binary"
run: |
curl \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/hashicorp/terraform-equivalence-testing/releases" > releases.json
VERSION="${{ env.terraform-equivalence-testing-version }}"
ASSET="terraform-equivalence-testing_${VERSION}_${{ env.target-os }}_${{ env.target-arch }}.zip"
ASSET_ID=$(jq -r --arg VERSION "$VERSION" --arg ASSET "$ASSET" '.[] | select(.name == $VERSION) | .assets[] | select(.name == $ASSET) | .id' releases.json)
curl -L \
-H "Accept: application/octet-stream" \
"https://api.github.com/repos/hashicorp/terraform-equivalence-testing/releases/assets/$ASSET_ID" > "$ASSET"
- name: "Unzip terraform-equivalence-testing binary"
run: |
ASSET="terraform-equivalence-testing_${{ env.terraform-equivalence-testing-version }}_${{ env.target-os }}_${{ env.target-arch }}.zip"
unzip -p "$ASSET" terraform-equivalence-testing > terraform-equivalence-testing
- name: "Upload terraform-equivalence-testing binary"
uses: actions/upload-artifact@v2
with:
name: terraform-equivalence-testing
path: terraform-equivalence-testing
prepare-terraform:
name: "Prepare Terraform binary"
if: ${{ needs.get-metadata.outputs.run-equivalence-tests == 'true' }}
runs-on: ubuntu-latest
needs:
- get-metadata
env:
terraform-version: ${{ needs.get-metadata.outputs.terraform-version }}
build-run-id: ${{ needs.get-metadata.outputs.build-run-id }}
steps:
- name: "Download terraform binary"
run: |
curl \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/hashicorp/terraform/actions/runs/${{ env.build-run-id }}/artifacts" > artifacts.json
VERSION="${{ env.terraform-version }}" # The Terraform artifacts don't have the `v` prefix.
ARTIFACT="terraform_${VERSION#v}_${{ env.target-os }}_${{ env.target-arch }}.zip"
ARTIFACT_ID=$(jq -r --arg ARTIFACT "$ARTIFACT" '.artifacts | .[] | select(.name == $ARTIFACT) | .id' artifacts.json)
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/hashicorp/terraform/actions/artifacts/$ARTIFACT_ID/zip" > "$ARTIFACT.zip"
- name: "Unzip terraform binary"
run: |
VERSION="${{ env.terraform-version }}" # The Terraform artifacts don't have the `v` prefix.
ARTIFACT="terraform_${VERSION#v}_${{ env.target-os }}_${{ env.target-arch }}.zip"
# We actually have nested zip files, as the Github API downloads the
# artifacts in a zip file and the Terraform build action embeds the
# terraform binary in a zip file also.
unzip $ARTIFACT.zip
unzip $ARTIFACT
- name: "Upload terraform binary"
uses: actions/upload-artifact@v2
with:
name: terraform
path: terraform
run-equivalence-tests:
name: "Run equivalence tests"
if: ${{ needs.get-metadata.outputs.run-equivalence-tests == 'true' }}
runs-on: ubuntu-latest
needs:
- get-metadata
- prepare-terraform
- prepare-equivalence-tests
env:
target-branch: ${{ needs.get-metadata.outputs.target-branch }}
terraform-version: ${{ needs.get-metadata.outputs.terraform-version }}
steps:
- name: "Checkout repository at target branch ${{ env.target-branch }}"
uses: actions/checkout@v3
with:
ref: ${{ env.target-branch }}
- name: "Download Terraform binary"
uses: actions/download-artifact@v2
with:
name: terraform
path: .
- name: "Download terraform-equivalence-testing binary"
uses: actions/download-artifact@v2
with:
name: terraform-equivalence-testing
path: .
- name: "Run and update equivalence tests"
run: |
chmod u+x ./terraform-equivalence-testing
chmod u+x ./terraform
./terraform-equivalence-testing update \
--tests=testing/equivalence-tests/tests \
--goldens=testing/equivalence-tests/outputs \
--binary=$(pwd)/terraform
changed=$(git diff --quiet -- testing/equivalence-tests/outputs || echo true)
if [[ $changed == "true" ]]; then
echo "found changes, and pushing new golden files into branch ${{ env.target-branch }}."
git config user.email "52939924+teamterraform@users.noreply.github.com"
git config user.name "The Terraform Team"
git add ./testing/equivalence-tests/outputs
git commit -m"Automated equivalence test golden file update for release ${{ env.terraform-version }}."
git push
else
echo "found no changes, so not pushing any updates."
fi