feat: Github Action tests migration

[denis256]

Description

• Migrated integration tests GH Action
• Migrated provider cache tests
• Migrated docs tests
• Migrated deprecated tests
• Migrated race tests
• Migrated parse tests
• Removed duplicated circleci jobs
• Added cleanup step for GH action step
• Improved tests printing before forwarding to go-junit-report processing

Note: AWS docs tests are still failing, looks like there is some kind of limit on the account, or tests don't clean resources properly

TODOs

Read the Gruntwork contribution guidelines.

• Update the docs.
• Run the relevant tests successfully, including pre-commit checks.
• Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
• Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

Added / Removed / Updated [X].

Migration Guide

Summary by CodeRabbit

• Chores
  • Removed integration test jobs and related setup from CircleCI configuration.
  • Added scripts for generating mocks and setting provider cache environment variables.
  • Improved disk space cleanup in GitHub Actions workflows.
  • Enforced presence and export of AWS credentials and role in secret generation script.
• Tests
  • Expanded and clarified integration test matrix in GitHub Actions, enabling previously skipped tests and adding new test jobs.
  • Skipped AWS assume role test if required environment variable is missing.
  • Reduced parallel initializations in TFLint test for efficiency and added cleanup of temporary directories.
• Bug Fixes
  • Updated test output handling in GitHub Actions to display logs while generating JUnit reports.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
terragrunt-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 15, 2025 10:28am

[coderabbitai]

📝 Walkthrough

"""

Walkthrough

Integration test jobs and related reusable commands were removed from the CircleCI configuration. Two new shell scripts were added for mock generation and provider cache setup. The GitHub Actions workflows for base and integration tests were updated: test output is now visible in logs, the integration test matrix was expanded and renamed, and additional resource cleanup steps were introduced. Minor test improvements were made for AWS and Tflint integration tests.

Changes

File(s)	Change Summary
.circleci/config.yml	Removed all integration test jobs, related commands for Terraform/OpenTofu/TFlint installation, test environment setup, and their references from workflows. Only build, test_signing, and deploy jobs remain unchanged.
.github/scripts/setup/generate-mocks.sh .github/scripts/setup/provider-cache.sh	Added shell scripts for generating mocks and setting up the provider cache environment variable, with strict error handling and automation of relevant setup steps.
.github/workflows/base-test.yml	Modified test execution to pipe go test output through tee before go-junit-report, ensuring test output is visible in logs and saved as a JUnit XML report.
.github/workflows/integration-test.yml	Expanded and renamed the integration test matrix, enabled previously skipped tests, added new test jobs (Provider Cache, Deprecated, Mock, Race, Parse), introduced additional setup and cleanup steps, and included a new TEST_ARGS environment variable.
test/integration_aws_test.go	Added a check to skip the TestAwsAssumeRoleDuration test if AWS_TEST_S3_ASSUME_ROLE environment variable is not set.
test/integration_tflint_test.go	Introduced the tflintInitSamples constant to reduce loop count in a race test and added a cleanup function to remove temporary directories after tests.

Sequence Diagram(s)

sequenceDiagram
  participant GitHubActions
  participant TestRunner
  participant SetupScript

  GitHubActions->>SetupScript: Run provider-cache.sh (if required)
  GitHubActions->>SetupScript: Run generate-mocks.sh (if required)
  GitHubActions->>TestRunner: Run go test | tee | go-junit-report
  TestRunner->>GitHubActions: Output test results (visible in logs and as JUnit XML)

Loading

Possibly related PRs

• gruntwork-io/terragrunt#4275: Also removes CircleCI integration test jobs, focusing on Terraform and adding GitHub Actions support.
• gruntwork-io/terragrunt#4198: Removes some CircleCI integration test jobs and adds new GitHub Actions workflows, related to integration test job management.
• gruntwork-io/terragrunt#4257: Removes GCP integration test jobs from CircleCI, similar to the main PR’s removal of GCP tests.

Suggested reviewers

• levkohimins
  """

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/scripts/setup/generate-secrets.sh (1)

48-53: Remove duplicate AWS export branches
AWS secrets are exported twice: once at lines 31–34 and again at 48–53. This duplication increases maintenance overhead and risks drift. Consolidate the AWS export logic into a single branch (for example, extend the first AWS block to also handle AWS_TEST_S3_ASSUME_ROLE) and remove the redundant lines below.

Proposed diff to remove the duplicate block:

-    elif [[ "$SECRET" == "AWS_ACCESS_KEY_ID" && -n "${AWS_ACCESS_KEY_ID}" ]]; then
-        printf "export AWS_ACCESS_KEY_ID='%s'\n" "${AWS_ACCESS_KEY_ID}" >> "$ENV_FILE"
-    elif [[ "$SECRET" == "AWS_SECRET_ACCESS_KEY" && -n "${AWS_SECRET_ACCESS_KEY}" ]]; then
-        printf "export AWS_SECRET_ACCESS_KEY='%s'\n" "${AWS_SECRET_ACCESS_KEY}" >> "$ENV_FILE"
-    elif [[ "$SECRET" == "AWS_TEST_S3_ASSUME_ROLE" && -n "${AWS_TEST_S3_ASSUME_ROLE}" ]]; then
-        printf "export AWS_TEST_S3_ASSUME_ROLE='%s'\n" "${AWS_TEST_S3_ASSUME_ROLE}" >> "$ENV_FILE"

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bbecbe5 and feab9e3.

📒 Files selected for processing (1)

• .github/scripts/setup/generate-secrets.sh (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (22)

• GitHub Check: Test (Tflint)
• GitHub Check: Test (SSH)
• GitHub Check: Test (Windows)
• GitHub Check: Test (AWS Tofu)
• GitHub Check: Test (Provider Cache Tofu)
• GitHub Check: Test (AWS Terraform 1.5)
• GitHub Check: Test (SOPS)
• GitHub Check: Test (Fixtures OpenTofu 1.9)
• GitHub Check: Test (Fixtures Terraform 1.11)
• GitHub Check: Test (Fixtures Terraform 1.5)
• GitHub Check: Test (macos)
• GitHub Check: Build (windows/amd64)
• GitHub Check: Build (windows/386)
• GitHub Check: Build (darwin/arm64)
• GitHub Check: Build (linux/arm64)
• GitHub Check: Build (linux/amd64)
• GitHub Check: Test (ubuntu)
• GitHub Check: Build (linux/386)
• GitHub Check: Build (darwin/amd64)
• GitHub Check: lint
• GitHub Check: build-and-test
• GitHub Check: Pull Request has non-contributor approval

🔇 Additional comments (1)

.github/scripts/setup/generate-secrets.sh (1)

11-13: Ensure AWS variables should be globally mandatory
The script now unconditionally enforces AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_TEST_S3_ASSUME_ROLE even when those secrets may not be needed for non-AWS integration runs. This change will cause failures in GCP-only or other workflows that do not set these variables. Consider guarding these : "${VAR:?…}" checks behind the SECRETS list or the specific integration context so that AWS credentials are only required when actually exporting AWS-related secrets.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (6)

.github/workflows/integration-test.yml (6)

64-71: Reduce duplication in AWS Tofu job definitions
The AWS Tofu job duplicates the same tags, run, secrets, and setup_scripts patterns repeated for other AWS variants. Consider extracting common AWS test parameters (e.g., via a matrix variable like tf_version) or using YAML anchors & aliases to DRY up these blocks.

---

72-79: DRY up Terraform 1.5 AWS job
This block is nearly identical to the AWS Tofu definition except for the setup_scripts. To improve maintainability, consider parameterizing the Terraform version within the matrix (e.g., tf_version: ["tofu","1.5","1.11"]) and referencing a single AWS job configuration.

---

80-87: Parameterize AWS Terraform 1.11 in integration matrix
Same pattern repeated here; extracting the Terraform version into a matrix variable would reduce copy-paste and ease future version bumps.

---

110-115: Combine provider cache jobs with version matrix
The “Provider Cache Terraform 1.11” job could be merged with the Tofu variant using a version matrix similar to the AWS jobs, consolidating repeated setup_scripts for provider cache.

---

116-121: Consolidate Provider Cache Tofu configuration
This block mirrors the Terraform 1.11 provider cache job. Consider creating a matrix entry for runtime: ["terraform-1-11","tofu"] and looping over both in one job.

---

244-244: Add missing newline at end of file
YAML files should end with a newline to satisfy linting and improve compatibility.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 244-244: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between feab9e3 and 748a594.

📒 Files selected for processing (2)

• .github/workflows/base-test.yml (1 hunks)
• .github/workflows/integration-test.yml (6 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/base-test.yml

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/integration-test.yml

[error] 244-244: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: Test (Windows)
• GitHub Check: lint
• GitHub Check: Test (ubuntu)
• GitHub Check: Test (macos)
• GitHub Check: Pull Request has non-contributor approval
• GitHub Check: build-and-test

🔇 Additional comments (7)

.github/workflows/integration-test.yml (7)

20-23: Integration matrix expansion looks good
Adding “Fixtures OpenTofu 1.9” to the matrix ensures coverage of the new OpenTofu runtime.

---

122-126: Deprecated tests re-enabled
The “Deprecated” matrix entry cleanly reinstates the tests. Looks good—no further action needed.

---

127-133: Mock tests execution defined correctly
Mock generation and execution steps are properly configured and reference the new generate-mocks.sh script.

---

134-139: Race and Parse tests integrated
The test_args parameter for the Race job is now consumed in the go test command, and the Parse job is correctly defined. This ensures the race detector flag is passed.

---

148-154: Disk cleanup step looks safe
Removing unused tool directories and pruning Docker artifacts is a good strategy for freeing up space on non-Windows runners.

---

229-229: Injecting TEST_ARGS into environment
The TEST_ARGS environment variable is now set from the matrix and picked up by the test invocation. Great for flexible flagging.

---

237-243: JUnit report display configured correctly
The addition of detailed_summary, include_time_in_summary, and group_suite flags provides a comprehensive test overview.

[coderabbitai]

⚠️ Potential issue

Typo: extra parenthesis in Upload Report name
There's an extra ) in the step name which may cause YAML parsing issues:

-      - name: Upload Report (${{ matrix.integration.name }}))
+      - name: Upload Report (${{ matrix.integration.name }})

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Upload Report (${{ matrix.integration.name }}))
	uses: actions/upload-artifact@v4
	with:
	name: test-report-${{ matrix.integration.name }}
	path: result.xml
	- name: Upload Report (${{ matrix.integration.name }})
	uses: actions/upload-artifact@v4
	with:
	name: test-report-${{ matrix.integration.name }}
	path: result.xml

🤖 Prompt for AI Agents

In .github/workflows/integration-test.yml around lines 231 to 236, remove the
extra closing parenthesis in the step name "Upload Report (${{
matrix.integration.name }}))" so it reads "Upload Report (${{
matrix.integration.name }})" to fix the YAML syntax error.

[coderabbitai]

🛠️ Refactor suggestion

Improve failure handling and output verbosity
Using set -x aids debugging, but consider enabling pipefail to ensure the workflow fails if any part of the pipeline (including go-junit-report) errors out. E.g., add:

- set -x
+ set -eo pipefail && set -x

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# print command arguments
	set -x
	go test -v -timeout 45m ${TAGS:+-tags "$TAGS"} ${RUN:+-run "$RUN"} ${TEST_ARGS} "${TARGET}" | tee >(go-junit-report -set-exit-code > result.xml)
	# print command arguments
	- set -x
	+ set -eo pipefail && set -x
	go test -v -timeout 45m ${TAGS:+-tags "$TAGS"} ${RUN:+-run "$RUN"} ${TEST_ARGS} "${TARGET}" | tee >(go-junit-report -set-exit-code > result.xml)

🤖 Prompt for AI Agents

In .github/workflows/integration-test.yml around lines 214 to 216, the script
uses set -x for debugging but lacks pipefail, which means failures in the
pipeline may not cause the workflow to fail. Add set -o pipefail before the go
test command to ensure the entire pipeline fails if any command errors,
improving failure detection and output reliability.