|
| 1 | +name: run-upstream-tests |
| 2 | + |
| 3 | +description: | |
| 4 | + Run upstream tests against the patched version of the upstream (terraform-provider-aws) provider. |
| 5 | +
|
| 6 | + This job will run acceptance tests that do provision actual AWS resources. See also: |
| 7 | +
|
| 8 | + ./upstream/docs/running-and-writing-acceptance-tests.md |
| 9 | +
|
| 10 | + One notable problem is that tag-related tests do not currently pass for the patched provider, since the Pulumi bridged |
| 11 | + provider handles tagging at a higher level. These tests are currently skipped. |
| 12 | +
|
| 13 | + The job matrix is organized by service, corresponding to `ls ./upstream/internal/service` folders. |
| 14 | +
|
| 15 | + Note that adding new services needs to be done with care because test failures may leave unsupervised resources in the |
| 16 | + test account causing an increase in burn rate, so that account cleaners need to be extended for each new service. |
| 17 | +
|
| 18 | + The primary goal for additional coverage is testing services that have Pulumi patches that may accidentally regress |
| 19 | + desired upstream behavior. |
| 20 | +
|
| 21 | +on: |
| 22 | + pull_request: |
| 23 | + paths-ignore: |
| 24 | + - CHANGELOG.md |
| 25 | + |
| 26 | +env: |
| 27 | + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} |
| 28 | + AWS_REGION: us-west-2 |
| 29 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 30 | + TF_APPEND_USER_AGENT: pulumi |
| 31 | + |
| 32 | +# This should cancel any previous runs of the same workflow on the same branch which are still running. This exacerbates |
| 33 | +# the problem of leaked resources but results in better utilization of limited CI runner time in the case of rapid-fire |
| 34 | +# pushes, and currently is the preferred trade-off. |
| 35 | +concurrency: |
| 36 | + group: ${{ github.workflow }}-${{ github.ref }} |
| 37 | + cancel-in-progress: true |
| 38 | + |
| 39 | +jobs: |
| 40 | + upstream_tests: |
| 41 | + name: upstream_tests |
| 42 | + runs-on: ubuntu-latest |
| 43 | + strategy: |
| 44 | + fail-fast: false |
| 45 | + matrix: |
| 46 | + service: |
| 47 | + - sqs |
| 48 | + - waf |
| 49 | + steps: |
| 50 | + - name: Checkout Repo |
| 51 | + uses: actions/checkout@v4 |
| 52 | + with: |
| 53 | + ref: ${{ env.PR_COMMIT_SHA }} |
| 54 | + submodules: true |
| 55 | + - name: make upstream |
| 56 | + run: make upstream |
| 57 | + - name: Install Go |
| 58 | + uses: actions/setup-go@v5 |
| 59 | + with: |
| 60 | + go-version: 1.22.x |
| 61 | + cache-dependency-path: | |
| 62 | + upstream/go.sum |
| 63 | + - name: Configure AWS Credentials |
| 64 | + uses: aws-actions/configure-aws-credentials@v4 |
| 65 | + with: |
| 66 | + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} |
| 67 | + aws-region: ${{ env.AWS_REGION }} |
| 68 | + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
| 69 | + role-duration-seconds: 3600 |
| 70 | + role-session-name: aws@githubActions |
| 71 | + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} |
| 72 | + - name: Test ${{ matrix.service }} |
| 73 | + run: | |
| 74 | + cd upstream |
| 75 | + TF_ACC=1 make testacc GO_VER=go PKG=${{ matrix.service }} ACCTEST_PARALLELISM=6 TESTARGS="-skip 'tags|.*/.*/Tags'" |
0 commit comments