Newer
Older
Roy Harrington
committed
include:
- project: 'uis/devops/continuous-delivery/ci-templates'
file: '/terraform-module.yml'
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
ref: "v3.6.1"
- project: 'uis/devops/continuous-delivery/ci-templates'
file: '/pre-commit.yml'
ref: "v3.6.1"
variables:
LOGAN_IMAGE: registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/logan-terraform:1.6
# Disable the changelog check as it doesn't behave well with pre/beta releases. Also, the check is not required as
# we're using release-it for release automation which handles changelog auto-generation.
CHANGELOG_CHECK_DISABLED: 1
# This is a workaround to allow the "tests" job matrix below to be manually triggered. Without this job, and the
# associated "needs" dependency in the "tests" job, all tests would run on every push, which is undesirable given the
# number of resources that they create. Instead, developers should manually trigger this job from the pipeline UI when
# they require the test suite to run, for example as part of the MR review process.
run_tests:
stage: test
when: manual
allow_failure: false
script: echo "Triggering test jobs..."
.cleanup:
image: $LOGAN_IMAGE
script: ./tests/cleanup.sh
when: always
tags:
- $GKE_RUNNER_TAG
pre-cleanup:
extends: .cleanup
stage: test
needs:
- run_tests
tests:
stage: test
image: $LOGAN_IMAGE
variables:
GOOGLE_IMPERSONATE_SERVICE_ACCOUNT: "terraform-deploy@infra-testing-int-e2395220.iam.gserviceaccount.com"
script: |
# This unsets the GOOGLE_APPLICATION_CREDENTIALS as it is not required but the logan-terraform images sets it.
unset GOOGLE_APPLICATION_CREDENTIALS
./run_tests.sh -c -t "tests/$TEST_FILE"
needs:
- run_tests
- pre-cleanup
tags:
- $GKE_RUNNER_TAG
parallel:
# This matrix runs each of our test files in parallel targeting v4.x and v5.x of the Google Terraform provider
# separately as we support both. It also ensures that subnet CIDR ranges do not clash when testing the VPC
# Access/static egress IP configurations.
matrix:
- TEST_FILE:
- cloud_run_service.tftest.hcl
- cloudsql.tftest.hcl
- load_balancer.tftest.hcl
- pre_deploy_job.tftest.hcl
GOOGLE_PROVIDER_VERSION_CONSTRAINT:
- "> 4, < 5"
- "> 5, < 6"
- TEST_FILE:
- monitoring.tftest.hcl
GOOGLE_PROVIDER_VERSION_CONSTRAINT: "> 4, < 5"
TF_VAR_static_egress_ip_cidr_range: "10.0.0.0/28"
TF_VAR_test_ip_cidr_range: "10.0.0.16/28"
- TEST_FILE:
- monitoring.tftest.hcl
GOOGLE_PROVIDER_VERSION_CONSTRAINT: "> 5, < 6"
TF_VAR_static_egress_ip_cidr_range: "10.0.0.32/28"
TF_VAR_test_ip_cidr_range: "10.0.0.48/28"
- TEST_FILE:
- vpc_access.tftest.hcl
GOOGLE_PROVIDER_VERSION_CONSTRAINT: "> 4, < 5"
TF_VAR_static_egress_ip_cidr_range: "10.0.0.64/28"
TF_VAR_test_ip_cidr_range: "10.0.0.80/28"
- TEST_FILE:
- vpc_access.tftest.hcl
GOOGLE_PROVIDER_VERSION_CONSTRAINT: "> 5, < 6"
TF_VAR_static_egress_ip_cidr_range: "10.0.0.96/28"
TF_VAR_test_ip_cidr_range: "10.0.0.112/28"
post-cleanup:
extends: .cleanup
stage: review