SEC-090: Automated trusted workflow pinning (2023-07-21) #166
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
env: | |
GOPROXY: https://proxy.golang.org/ | |
jobs: | |
copywrite: | |
runs-on: ubuntu-latest | |
timeout-minutes: 3 | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Install copywrite | |
uses: hashicorp/setup-copywrite@v1.1.2 | |
- name: Validate Header Compliance | |
run: copywrite headers --plan | |
# resolve-versions allows us to show resolved Go versions in job titles | |
# for added clarity and quick orientation in a long list of past jobs | |
resolve-versions: | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
steps: | |
- | |
name: Resolve old stable version | |
id: oldstable | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: oldstable | |
- | |
name: Resolve stable version | |
id: stable | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: stable | |
outputs: | |
oldstable: ${{ steps.oldstable.outputs.go-version }} | |
stable: ${{ steps.stable.outputs.go-version }} | |
static-checks: | |
name: static-checks (go ${{ matrix.go_version }}) | |
needs: resolve-versions | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
strategy: | |
fail-fast: false | |
matrix: | |
go_version: | |
- ${{ needs.resolve-versions.outputs.oldstable }} | |
- ${{ needs.resolve-versions.outputs.stable }} | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- | |
name: Set up Go | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: ${{ matrix.go_version }} | |
- | |
name: Go fmt | |
run: | |
# exit 1 if any files need go fmt | |
test -z $(gofmt -s -l .) | |
- | |
name: Go vet | |
run: go vet ./... | |
unit-tests: | |
name: unit-tests (${{ matrix.os }}, go ${{ matrix.go_version }}) | |
needs: | |
- resolve-versions | |
- static-checks | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 10 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
- windows-latest | |
- macos-latest | |
go_version: | |
- ${{ needs.resolve-versions.outputs.oldstable }} | |
- ${{ needs.resolve-versions.outputs.stable }} | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- | |
name: Set up Go | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: ${{ matrix.go_version }} | |
- | |
name: Go mod download | |
run: go mod download -x | |
- | |
name: Go mod verify | |
run: go mod verify | |
- | |
name: Run build | |
run: go build ./... | |
- | |
name: Run unit tests | |
run: go test -race $(go list ./... | grep -v /tfexec/internal/e2etest) | |
e2e-tests: | |
name: e2e-tests (${{ matrix.os }}, go ${{ matrix.go_version }}, terraform ${{ matrix.terraform_version }}) | |
needs: | |
- resolve-versions | |
- static-checks | |
- unit-tests | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 60 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
- windows-latest | |
- macos-latest | |
go_version: | |
- ${{ needs.resolve-versions.outputs.oldstable }} | |
- ${{ needs.resolve-versions.outputs.stable }} | |
terraform_version: | |
- "0.11.15" | |
- "0.12.31" | |
- "0.13.7" | |
- "0.14.11" | |
- "0.15.5" | |
- "1.0.11" | |
- "1.1.9" | |
- "1.2.9" | |
- "1.3.7" | |
- "refs/heads/main" | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- | |
name: Set up Go | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: ${{ matrix.go_version }} | |
- | |
name: Run E2E tests | |
env: | |
TFEXEC_E2ETEST_VERSIONS: ${{ matrix.terraform_version }} | |
run: go test -race -timeout=30m -v ./tfexec/internal/e2etest |