diff --git a/fast/stages/0-org-setup/output-files.tf b/fast/stages/0-org-setup/output-files.tf index dbfae4003..4cbad6afd 100644 --- a/fast/stages/0-org-setup/output-files.tf +++ b/fast/stages/0-org-setup/output-files.tf @@ -151,7 +151,7 @@ resource "google_storage_bucket_object" "version" { local.output_files.storage_bucket != null && fileexists("fast_version.txt") ? 1 : 0 ) - bucket = local.output_files.storage_bucket + bucket = local.of_outputs_bucket name = "versions/0-org-setup-version.txt" source = "fast_version.txt" source_md5hash = filemd5("fast_version.txt") diff --git a/tests/collectors.py b/tests/collectors.py index 08e32fb66..87f89b03b 100644 --- a/tests/collectors.py +++ b/tests/collectors.py @@ -107,22 +107,27 @@ class FabricTestItem(pytest.Item): self.extra_files, self.extra_dirs) except AssertionError: - def full_paths(paths): - return [str(self.parent.path.parent / x) for x in paths] + def full_paths(root_path, paths): + return [str(root_path / x) for x in paths] - extra_dirs = [f"--extra-dirs={x}" for x in full_paths(self.extra_dirs)] - extra_files = [ - f"--extra-files={x}" for x in full_paths( - f"../{f}" for f in self. - extra_files # FIXME: for some reason, extra files needs one extra ../ - ) + files_root = self.parent.path.parent + # extra_dirs and extra_files need additional .parent + extra_dirs = [ + f"--extra-dirs={x}" + for x in full_paths(files_root.parent, self.extra_dirs) ] - print(f'Error in inventory file: {" ".join(full_paths(self.inventory))}') + extra_files = [ + f"--extra-files={x}" + for x in full_paths(files_root.parent, self.extra_files) + ] + print( + f'Error in inventory file: {" ".join(full_paths(files_root, self.inventory))}' + ) print(f'To regenerate inventory run: python tools/plan_summary.py ' f'{" ".join(extra_dirs)} ' f'{" ".join(extra_files)} ' f'{self.module} ' - f'{" ".join(full_paths(self.tf_var_files))}') + f'{" ".join(full_paths(files_root, self.tf_var_files))}') raise def reportinfo(self): diff --git a/tests/fast/stages/s0_org_setup/simple.yaml b/tests/fast/stages/s0_org_setup/simple.yaml index 35d23b8b0..e4c7ba49b 100644 --- a/tests/fast/stages/s0_org_setup/simple.yaml +++ b/tests/fast/stages/s0_org_setup/simple.yaml @@ -239,6 +239,135 @@ values: source: null temporary_hold: null timeouts: null + google_storage_bucket_object.version[0]: + bucket: ft0-prod-iac-core-0-iac-outputs + cache_control: null + content_disposition: null + content_encoding: null + content_language: null + customer_encryption: [] + deletion_policy: null + detect_md5hash: null + event_based_hold: null + force_empty_content_type: null + metadata: null + name: versions/0-org-setup-version.txt + retention: [] + source: fast_version.txt + temporary_hold: null + timeouts: null + google_storage_bucket_object.workflows["org-setup"]: + bucket: ft0-prod-iac-core-0-iac-outputs + cache_control: null + content: "# Copyright 2025 Google LLC\n#\n# Licensed under the Apache License,\ + \ Version 2.0 (the \"License\");\n# you may not use this file except in compliance\ + \ with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n\ + #\n# Unless required by applicable law or agreed to in writing, software\n#\ + \ distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT\ + \ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the\ + \ License for the specific language governing permissions and\n# limitations\ + \ under the License.\n\nname: \"FAST org-setup stage\"\n\non:\n pull_request:\n\ + \ branches:\n - main\n types:\n - closed\n - opened\n \ + \ - synchronize\n\nenv:\n FAST_SERVICE_ACCOUNT: iac-org-cicd-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\n\ + \ FAST_SERVICE_ACCOUNT_PLAN: iac-org-cicd-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com\n\ + \ FAST_WIF_PROVIDER: projects/1234567890/locations/global/workloadIdentityPools/default\n\ + \ SSH_AUTH_SOCK: /tmp/ssh_agent.sock\n TF_PROVIDERS_FILE: 0-org-setup-providers.tf\n\ + \ TF_PROVIDERS_FILE_PLAN: 0-org-setup-providers-ro.tf\n TF_VERSION: 1.12.2\n\ + \njobs:\n fast-pr:\n # Skip PRs which are closed without being merged.\n\ + \ if: >-\n github.event.action == 'closed' &&\n github.event.pull_request.merged\ + \ == true ||\n github.event.action == 'opened' ||\n github.event.action\ + \ == 'synchronize'\n permissions:\n contents: read\n id-token:\ + \ write\n issues: write\n pull-requests: write\n runs-on: ubuntu-latest\n\ + \ steps:\n - id: checkout\n name: Checkout repository\n \ + \ uses: actions/checkout@v4\n\n # set up SSH key authentication to the\ + \ modules repository\n\n - id: ssh-config\n name: Configure SSH\ + \ authentication\n run: |\n ssh-agent -a \"$SSH_AUTH_SOCK\"\ + \ > /dev/null\n ssh-add - <<< \"${{ secrets.CICD_MODULES_KEY }}\"\n\ + \n # set up step variables for plan / apply\n\n - id: vars-plan\n\ + \ if: github.event.pull_request.merged != true && success()\n \ + \ name: Set up plan variables\n run: |\n echo \"plan_opts=-lock=false\"\ + \ >> \"$GITHUB_ENV\"\n echo \"provider_file=${{env.TF_PROVIDERS_FILE_PLAN}}\"\ + \ >> \"$GITHUB_ENV\"\n echo \"service_account=${{env.FAST_SERVICE_ACCOUNT_PLAN}}\"\ + \ >> \"$GITHUB_ENV\"\n\n - id: vars-apply\n if: github.event.pull_request.merged\ + \ == true && success()\n name: Set up apply variables\n run: |\n\ + \ echo \"provider_file=${{env.TF_PROVIDERS_FILE}}\" >> \"$GITHUB_ENV\"\ + \n echo \"service_account=${{env.FAST_SERVICE_ACCOUNT}}\" >> \"$GITHUB_ENV\"\ + \n\n # set up authentication via Workload identity Federation and gcloud\n\ + \n - id: gcp-auth\n name: Authenticate to Google Cloud\n \ + \ uses: google-github-actions/auth@v2\n with:\n workload_identity_provider:\ + \ ${{env.FAST_WIF_PROVIDER}}\n service_account: ${{env.service_account}}\n\ + \ access_token_lifetime: 900s\n\n - id: gcp-sdk\n name:\ + \ Set up Cloud SDK\n uses: google-github-actions/setup-gcloud@v2\n \ + \ with:\n install_components: alpha\n\n # copy provider file\n\ + \n - id: tf-config-provider\n name: Copy Terraform provider file\n\ + \ run: |\n gcloud storage cp -r \\\n \"gs://ft0-prod-iac-core-0-iac-outputs/providers/${{env.provider_file}}\"\ + \ ./\n gcloud storage cp -r \\\n \"gs://ft0-prod-iac-core-0-iac-outputs/tfvars/0-org-setup.auto.tfvars\"\ + \ ./\n\n - id: tf-setup\n name: Set up Terraform\n uses:\ + \ hashicorp/setup-terraform@v3\n with:\n terraform_version:\ + \ ${{env.TF_VERSION}}\n\n # run Terraform init/validate/plan\n\n -\ + \ id: tf-init\n name: Terraform init\n continue-on-error: true\n\ + \ run: |\n terraform init -no-color\n\n - id: tf-validate\n\ + \ continue-on-error: true\n name: Terraform validate\n \ + \ run: terraform validate -no-color\n\n - id: tf-plan\n name: Terraform\ + \ plan\n continue-on-error: true\n run: |\n terraform\ + \ plan -input=false -out ../plan.out -no-color ${{env.plan_opts}}\n\n -\ + \ id: tf-apply\n if: github.event.pull_request.merged == true && success()\n\ + \ name: Terraform apply\n continue-on-error: true\n run:\ + \ |\n terraform apply -input=false -auto-approve -no-color ../plan.out\n\ + \n # PR comment with Terraform result from previous steps\n # length\ + \ is checked and trimmed for length so as to stay within the limit\n\n \ + \ - id: pr-comment\n name: Post comment to Pull Request\n continue-on-error:\ + \ true\n uses: actions/github-script@v7\n if: github.event_name\ + \ == 'pull_request'\n env:\n PLAN: ${{steps.tf-plan.outputs.stdout}}\\\ + n${{steps.tf-plan.outputs.stderr}}\n with:\n script: |\n \ + \ const output = `### Terraform Initialization \\`${{steps.tf-init.outcome}}\\\ + `\n\n ### Terraform Validation \\`${{steps.tf-validate.outcome}}\\\ + `\n\n
Validation Output\n\n \ + \ \\`\\`\\`\\n\n ${{steps.tf-validate.outputs.stdout}}\n \ + \ \\`\\`\\`\n\n
\n\n ### Terraform Plan\ + \ \\`${{steps.tf-plan.outcome}}\\`\n\n
Show Plan\n\ + \n \\`\\`\\`\\n\n ${process.env.PLAN.split('\\n').filter(l\ + \ => l.match(/^([A-Z\\s].*|)$$/)).join('\\n')}\n \\`\\`\\`\n\n \ + \
\n\n ### Terraform Apply \\`${{steps.tf-apply.outcome}}\\\ + `\n\n *Pusher: @${{github.actor}}, Action: \\`${{github.event_name}}\\\ + `, Working Directory: \\`${{env.tf_actions_working_dir}}\\`, Workflow: \\`${{github.workflow}}\\\ + `*`;\n\n github.rest.issues.createComment({\n issue_number:\ + \ context.issue.number,\n owner: context.repo.owner,\n \ + \ repo: context.repo.repo,\n body: output\n })\n\ + \n - id: pr-short-comment\n name: Post comment to Pull Request (abbreviated)\n\ + \ uses: actions/github-script@v7\n if: github.event_name == 'pull_request'\ + \ && steps.pr-comment.outcome != 'success'\n with:\n script:\ + \ |\n const output = `### Terraform Initialization \\`${{steps.tf-init.outcome}}\\\ + `\n\n ### Terraform Validation \\`${{steps.tf-validate.outcome}}\\\ + `\n\n ### Terraform Plan \\`${{steps.tf-plan.outcome}}\\`\n\n \ + \ Plan output is in the action log.\n\n ### Terraform Apply\ + \ \\`${{steps.tf-apply.outcome}}\\`\n\n *Pusher: @${{github.actor}},\ + \ Action: \\`${{github.event_name}}\\`, Working Directory: \\`${{env.tf_actions_working_dir}}\\\ + `, Workflow: \\`${{github.workflow}}\\`*`;\n\n github.rest.issues.createComment({\n\ + \ issue_number: context.issue.number,\n owner: context.repo.owner,\n\ + \ repo: context.repo.repo,\n body: output\n \ + \ })\n\n # exit on error from previous steps\n\n - id: check-init\n\ + \ name: Check init failure\n if: steps.tf-init.outcome != 'success'\n\ + \ run: exit 1\n\n - id: check-validate\n name: Check validate\ + \ failure\n if: steps.tf-validate.outcome != 'success'\n run:\ + \ exit 1\n\n - id: check-plan\n name: Check plan failure\n \ + \ if: steps.tf-plan.outcome != 'success'\n run: exit 1\n\n - id:\ + \ check-apply\n name: Check apply failure\n if: github.event.pull_request.merged\ + \ == true && steps.tf-apply.outcome != 'success'\n run: exit 1\n" + content_disposition: null + content_encoding: null + content_language: null + customer_encryption: [] + deletion_policy: null + detect_md5hash: null + event_based_hold: null + force_empty_content_type: null + metadata: null + name: workflows/org-setup.yaml + retention: [] + source: null + temporary_hold: null + timeouts: null local_file.providers["0-org-setup"]: content: "/**\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache\ \ License, Version 2.0 (the \"License\");\n * you may not use this file except\