test/gha codebuild runner #68
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GHACodebuildRunnerTest | |
| on: | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| test1: | |
| env: | |
| CLOUDWATCH_LOGGROUP_NAME: '/aws/codebuild/cfpb-regtech-gha-test-1' | |
| CLOUDWATCH_LOGSTREAM_NAME: ${{ github.repository }}-${{ github.workflow }}-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }} | |
| runs-on: | |
| - codebuild-cfpb-regtech-gha-test-1-${{ github.run_id }}-${{ github.run_attempt }} | |
| steps: | |
| - name: 'Checkout GitHub Action' | |
| uses: actions/checkout@v4 | |
| - name: echo | |
| run: | | |
| echo -e "running GHA workflow ${{ github.event.number }}\nbuild: ${{ github.run_id }}\nattempt: ${{ github.run_attempt }}" | |
| - name: create log stream | |
| run: | | |
| aws logs create-log-stream --log-group-name $CLOUDWATCH_LOGGROUP_NAME --log-stream-name $CLOUDWATCH_LOGSTREAM_NAME | |
| - name: list buckets | |
| run: | | |
| aws s3api list-buckets --region us-east-1 --output json | |
| - name: put events | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| export CURRENT_EVENT_TIME=$(date +%s%3N) | |
| cat > test_events << EOF | |
| [ | |
| { | |
| "timestamp": $CURRENT_EVENT_TIME, | |
| "message": "Example Event 1" | |
| }, | |
| { | |
| "timestamp": $CURRENT_EVENT_TIME, | |
| "message": "Example Event 2" | |
| }, | |
| { | |
| "timestamp": $CURRENT_EVENT_TIME, | |
| "message": "Example Event 3" | |
| } | |
| ] | |
| EOF | |
| aws logs put-log-events --log-group-name $CLOUDWATCH_LOGGROUP_NAME --log-stream-name $CLOUDWATCH_LOGSTREAM_NAME --log-events file://test_events | |
| - name: get secrets from aws | |
| id: get-aws-secret | |
| uses: aws-actions/aws-secretsmanager-get-secrets@v2 | |
| with: | |
| secret-ids: | | |
| TEST_SECRET_1, cfpb/team/regtech/gha-codebuild-runner/test-secret-1 | |
| TEST_SECRET_2, cfpb/team/regtech/gha-codebuild-runner/test-secret-2 | |
| TEST_SECRET_3,arn:aws:secretsmanager:us-east-1:099248080076:secret:cfpb/team/regtech/gha-codebuild-runner/test-secret-3-9lVad8 | |
| - name: Checkout To Path | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'cfpb/regtech-deployments' | |
| ref: 'test/gha-codebuild-runner' | |
| path: 'testing-action' | |
| - name: checkout output | |
| run: | | |
| echo -e "${{ steps.get-aws-secret.outputs.secret-ids }}" | |
| # wrap aws secrets | |
| - name: Secret Masking | |
| uses: ./testing-action/.github/actions/mask_secrets | |
| with: | |
| secrets: | | |
| ${{ env.TEST_SECRET_1 }} | |
| ${{ env.TEST_SECRET_1 }} | |
| - name: check aws secrets | |
| id: check-aws-secrets | |
| # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#example-masking-a-string | |
| run: | | |
| #echo -e "::add-mask::${{ env.TEST_SECRET_1 }} <- registering test-secret-1 with add mask" | |
| #echo -e "::add-mask::${{ env.TEST_SECRET_2 }} <- registering test-secret-2 with add mask" | |
| #echo -e "::add-mask::${{ env.TEST_SECRET_3 }} <- registering test-secret-3 with add mask" | |
| echo -e "show test-secret-1 ${{ env.TEST_SECRET_1 }}" | |
| echo -e "show test-secret-2 ${{ env.TEST_SECRET_2 }}" | |
| echo -e "show test-secret-3 ${{ env.TEST_SECRET_3 }}" | |
| #echo -e "::add-mask::${{ env.TEST_SECRET_2 }} show test-secret-2" | |
| #echo -e "show test-secret-3 ::add-mask::${{ env.TEST_SECRET_3 }}" | |
| - name: check env context | |
| id: check-env-context | |
| run: | | |
| echo "$GITHUB_CONTEXT" | |