chore: add arm option and bump instance defaults #72
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: AWS EC2 Golden Files | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| paths: | |
| - .github/workflows/aws_ec2_golden.yml | |
| - .tool-versions | |
| - aws/ec2/terraform/** | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - aws/ec2/terraform/** | |
| # limit to a single execution per actor of this workflow | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| AWS_PROFILE: infex | |
| AWS_REGION: eu-west-2 | |
| TF_PATH: ${{ github.workspace }}/aws/ec2/terraform | |
| GOLDEN_PATH: ${{ github.workspace }}/aws/ec2/test/golden | |
| jobs: | |
| compare: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| ################## Checkout ################## | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| ############# Tool Installations ############# | |
| - name: Install tooling using asdf | |
| uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3 | |
| ################## Secrets ################### | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/vault-action@v3 | |
| with: | |
| url: ${{ secrets.VAULT_ADDR }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| exportEnv: false | |
| secrets: | | |
| secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY; | |
| secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY; | |
| ################ AWS Config ################## | |
| # Official action does not support profiles | |
| - name: Add profile credentials to ~/.aws/credentials | |
| shell: bash | |
| run: | | |
| aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} | |
| - name: Copy provider override | |
| run: | | |
| cp "${{ github.workspace }}/aws/ec2/test/fixtures/provider_override.tf" "${TF_PATH}/provider_override.tf" | |
| - name: Run Terraform plan | |
| working-directory: aws/ec2/terraform | |
| run: | | |
| terraform init | |
| # We are hardcoding the AMI as it's a moving target | |
| # Same for the SSH Key as we don't have one on the device and would otherwise omit values from the plan | |
| terraform plan -var aws_ami="ami" -var generate_ssh_key_pair="true" -out=tfplan || true | |
| - name: Convert Terraform plan to JSON | |
| working-directory: aws/ec2/terraform | |
| run: | | |
| # Use jq to "pretty print" the JSON output to allow comparison | |
| terraform show -json tfplan | jq > tfplan.json | |
| - name: Extract planned values from Terraform plan | |
| run: | | |
| # extracting the planned values and their actual infra instead of diffing the whole document | |
| # since we always plan against nothing, it includes all planned objects | |
| # it does not contain sensetive data | |
| jq --sort-keys '.planned_values.root_module' "${TF_PATH}/tfplan.json" > "${TF_PATH}/tfplan_extracted.json" | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 | |
| with: | |
| name: plan-artifact-json | |
| path: ${{ env.TF_PATH }}/tfplan_extracted.json | |
| retention-days: 1 | |
| - name: Compare Terraform plan with golden file | |
| working-directory: aws/ec2/terraform | |
| run: | | |
| delta "${GOLDEN_PATH}/tfplan.json" "${TF_PATH}/tfplan_extracted.json" | |
| exit $? | |
| - name: Post diff on PR | |
| if: always() && github.event_name == 'pull_request' | |
| uses: int128/diff-action@b1b67adf9e7a0a4faa46e38f9fc1936f789ecdab # v1 | |
| with: | |
| base: ${{ env.GOLDEN_PATH }}//tfplan.json | |
| head: ${{ env.TF_PATH }}/tfplan_extracted.json | |
| comment-header: | | |
| ## Terraform golden plan diff | |
| comment-footer: | | |
| Check the delta diff in the [workflow run](${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}) for a detailed comparison. | |
| If the changes are expected, you can use the uploaded artifact on the workflow to update the golden file on your branch. | |
| Alternatively run `just regenerate-aws-ec2-golden-file` locally to update the golden file. |