Skip to content

Commit

Permalink
feat: Use aws_iam_role_name field for GitHub Actions fogg apply job (#84
Browse files Browse the repository at this point in the history
)

* feat: Use github_actions_ci aws_iam_role_name field

aws_iam_role_name was unused for fogg apply GitHub action, add support for it in template (also add aws_region).

* chore: Run make update-golden-files
  • Loading branch information
vincenthsh authored Mar 15, 2023
1 parent 47611cc commit eccc952
Show file tree
Hide file tree
Showing 34 changed files with 787 additions and 4 deletions.
1 change: 1 addition & 0 deletions apply/golden_file_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ func TestIntegration(t *testing.T) {
{"v2_minimal_valid_yaml"},
{"v2_no_aws_provider_yaml"},
{"github_actions"},
{"github_actions_with_iam_role"},
{"circleci"},
{"tfe_provider_yaml"},
{"remote_backend_yaml"},
Expand Down
1 change: 1 addition & 0 deletions config/v2/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,7 @@ type TravisCI struct {
type CommonCI struct {
Enabled *bool `yaml:"enabled,omitempty"`
AWSIAMRoleName *string `yaml:"aws_iam_role_name,omitempty"`
AWSRegion *string `yaml:"aws_region,omitempty"`
TestBuckets *int `yaml:"test_buckets,omitempty"`
Command *string `yaml:"command,omitempty"`
Buildevents *bool `yaml:"buildevents,omitempty"`
Expand Down
9 changes: 9 additions & 0 deletions config/v2/resolvers.go
Original file line number Diff line number Diff line change
Expand Up @@ -597,11 +597,13 @@ func ResolveGitHubActionsCI(commons ...Common) *GitHubActionsCI {
}

roleName := lastNonNil(GitHubActionsRoleNameGetter, commons...)
region := lastNonNil(GitHubActionsRegionGetter, commons...)
return &GitHubActionsCI{
CommonCI: CommonCI{
Enabled: &enabled,
Buildevents: &buildevents,
AWSIAMRoleName: roleName,
AWSRegion: region,
Command: &testCommand,
},
}
Expand Down Expand Up @@ -909,6 +911,13 @@ func GitHubActionsRoleNameGetter(comm Common) *string {
return comm.Tools.GitHubActionsCI.AWSIAMRoleName
}

func GitHubActionsRegionGetter(comm Common) *string {
if comm.Tools == nil || comm.Tools.GitHubActionsCI == nil {
return nil
}
return comm.Tools.GitHubActionsCI.AWSRegion
}

func CircleCIRoleNameGetter(comm Common) *string {
if comm.Tools == nil || comm.Tools.CircleCI == nil {
return nil
Expand Down
6 changes: 4 additions & 2 deletions config/v2/validation.go
Original file line number Diff line number Diff line change
Expand Up @@ -294,8 +294,10 @@ func (c *Config) ValidateGithubActionsCI() error {
return // nothing to do
}

if t.AWSIAMRoleName == nil || *t.AWSIAMRoleName == "" {
errs = multierror.Append(errs, fmt.Errorf("if github_actions_ci is enabled, aws_role_name must be set"))
if t.AWSIAMRoleName != nil && *t.AWSIAMRoleName != "" {
if t.AWSRegion == nil || *t.AWSRegion == "" {
errs = multierror.Append(errs, fmt.Errorf("if github_actions_ci.aws_role_name is set, aws_region must be set"))
}
}

if t.Command != nil {
Expand Down
9 changes: 9 additions & 0 deletions plan/ci.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ type CIConfig struct {
Env map[string]string
projects []CIProject

DefaultAWSIAMRoleName string
DefaultAWSRegion string

TestBuckets [][]CIProject
AWSProfiles ciAwsProfiles
Buildevents bool
Expand Down Expand Up @@ -277,6 +280,12 @@ func (p *Plan) buildGitHubActionsConfig(c *v2.Config, foggVersion string) GitHub
Env: env,
}

if c.Defaults.Tools != nil && c.Defaults.Tools.GitHubActionsCI != nil &&
c.Defaults.Tools.GitHubActionsCI.AWSIAMRoleName != nil && c.Defaults.Tools.GitHubActionsCI.AWSRegion != nil {
ciConfig.DefaultAWSIAMRoleName = *c.Defaults.Tools.GitHubActionsCI.AWSIAMRoleName
ciConfig.DefaultAWSRegion = *c.Defaults.Tools.GitHubActionsCI.AWSRegion
}

var awsProvider v2.CIProviderConfig

if c.Defaults.Tools != nil && c.Defaults.Tools.GitHubActionsCI != nil {
Expand Down
6 changes: 5 additions & 1 deletion plan/plan.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ type CIComponent struct {

AWSProfileName string
AWSRoleName string
AWSRegion string
AWSAccountID string
Command string
}
Expand Down Expand Up @@ -967,7 +968,10 @@ func resolveComponentCommon(commons ...v2.Common) ComponentCommon {
},
}
if githubActionsPlan.Enabled {
githubActionsPlan.AWSRoleName = *githubActionsConfig.AWSIAMRoleName
if githubActionsConfig.AWSIAMRoleName != nil {
githubActionsPlan.AWSRoleName = *githubActionsConfig.AWSIAMRoleName
githubActionsPlan.AWSRegion = *githubActionsConfig.AWSRegion
}
githubActionsPlan.Command = *githubActionsConfig.Command
}

Expand Down
6 changes: 6 additions & 0 deletions templates/templates/.github/workflows/fogg_ci.yml.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ jobs:
path: ~/.fogg/cache
key: fogg-cache-{{`${{ hashFiles('**/.fogg-version') }}`}}
- run: make setup
{{- if not (eq (len $githubActionsCI.DefaultAWSIAMRoleName) 0) }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: {{ $githubActionsCI.DefaultAWSIAMRoleName }}
aws-region: {{ $githubActionsCI.DefaultAWSRegion }}{{ end }}
- run: .fogg/bin/fogg apply
env:
FOGG_GITHUBTOKEN: {{`${{ secrets.GITHUB_TOKEN }}`}}
Expand Down
1 change: 0 additions & 1 deletion testdata/github_actions/fogg.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ defaults:
terraform_version: 1.1.1
tools:
github_actions_ci:
aws_iam_role_name: infraci
command: lint
enabled: true
test_buckets: 7
Expand Down
1 change: 1 addition & 0 deletions testdata/github_actions_with_iam_role/.fogg-version
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
undefined-pre+undefined.dirty
8 changes: 8 additions & 0 deletions testdata/github_actions_with_iam_role/.gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
fogg.tf linguist-generated
remote-states.tf linguist-generated
Makefile linguist-generated
atlantis.yaml linguist-generated
.travis.yml linguist-generated
.circleci/config.yml linguist-generated
.terraformignore linguist-generated
.github/workflows/fogg_ci.yml linguist-generated
126 changes: 126 additions & 0 deletions testdata/github_actions_with_iam_role/.github/workflows/fogg_ci.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

39 changes: 39 additions & 0 deletions testdata/github_actions_with_iam_role/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# Auto-generated by fogg. Do not edit
# Make improvements in fogg, so that everyone can benefit.

# Compiled files
*.tfstate
*.tfstate.*.backup
*.tfstate.backup
*tfvars
.terraform.lock.hcl

# Module directory
.terraform/

# Pycharm folder
.idea

# Editor Swap Files
*.swp
*.swo
*.swn
*.swm
*.swl
*.swk

.fogg
/terraform.d/plugins
/terraform.d/modules

.DS_Store
.vscode
.envrc

# Scala language server
.metals

buildevents.plan
check-plan.output

venv
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Auto-generated by fogg. Do not edit
# Make improvements in fogg, so that everyone can benefit.

*
!.gitignore
10 changes: 10 additions & 0 deletions testdata/github_actions_with_iam_role/.terraformignore

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 16 additions & 0 deletions testdata/github_actions_with_iam_role/.tflint.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
config {
# only report problems
force = true
format = "compact"
}

plugin "terraform" {
enabled = true
preset = "recommended"
}

plugin "aws" {
enabled = true
version = "0.19.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
Loading

0 comments on commit eccc952

Please sign in to comment.