feat(gateway): onboard new resource/data-source #829
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| --- | |
| # Terraform Provider testing workflow. | |
| name: π§ͺ Test | |
| # This GitHub action runs your tests for each pull request. | |
| # Optionally, you can turn it on using a schedule for regular testing. | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| types: | |
| - opened | |
| - synchronize | |
| schedule: | |
| - cron: "0 2 * * *" | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ format('{0}-{1}-{2}-{3}-{4}', github.workflow, github.event_name, github.ref, github.base_ref || null, github.head_ref || null) }} | |
| cancel-in-progress: true | |
| env: | |
| FABRIC_TESTACC_SKIP_NO_SPN: true | |
| FABRIC_TESTACC_WELLKNOWN: ${{ vars.FABRIC_TESTACC_WELLKNOWN }} | |
| FABRIC_TIMEOUT: 20m | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| changes: | |
| name: π Check Changes | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| src: ${{ steps.filter.outputs.src }} | |
| steps: | |
| - name: β€΅οΈ Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: π Check for changes | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: filter | |
| with: | |
| filters: | | |
| src: | |
| - '**.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - '.github/workflows/test.yml' | |
| test-auth-spn: | |
| name: π Test Auth (SPN ${{ matrix.method }}) | |
| needs: changes | |
| if: needs.changes.outputs.src == 'true' | |
| environment: | |
| name: development | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| method: [oidc, certificate, secret] | |
| steps: | |
| - name: β€΅οΈ Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: π§ Setup Go | |
| uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: π§ Setup Task | |
| uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
| with: | |
| repo-token: ${{ github.token }} | |
| - name: βοΈ Configure TF dev overrides | |
| run: .devcontainer/features/tfprovider-local-dev/install.sh | |
| env: | |
| PROVIDERNAME: microsoft/fabric | |
| - name: π§ Setup Terraform | |
| uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
| with: | |
| terraform_wrapper: false | |
| - name: π¨ Setup Test tools | |
| run: task test:tools | |
| - name: π§ͺ Run acceptance tests (OIDC) | |
| if: matrix.method == 'oidc' | |
| run: task testacc -- WorkspaceResource_CRUD ./internal/services/workspace | |
| env: | |
| FABRIC_USE_OIDC: true | |
| FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
| FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_OIDC_CLIENT_ID }} | |
| - name: π§ͺ Run acceptance tests (Certificate) | |
| if: matrix.method == 'certificate' | |
| run: task testacc -- WorkspaceResource_CRUD ./internal/services/workspace | |
| env: | |
| FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
| FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_CERT_CLIENT_ID }} | |
| FABRIC_CLIENT_CERTIFICATE: ${{ secrets.TESTACC_SPN_CERT_CLIENT_CERTIFICATE }} | |
| FABRIC_CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.TESTACC_SPN_CERT_CLIENT_CERTIFICATE_PASSWORD }} | |
| - name: π§ͺ Run acceptance tests (Secret) | |
| if: matrix.method == 'secret' | |
| run: task testacc -- WorkspaceResource_CRUD ./internal/services/workspace | |
| env: | |
| FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
| FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_SECRET_CLIENT_ID }} | |
| FABRIC_CLIENT_SECRET: ${{ secrets.TESTACC_SPN_SECRET_CLIENT_SECRET }} | |
| # test-auth-msi: | |
| # name: π Test Auth (MSI ${{ matrix.method }}) | |
| # needs: changes | |
| # if: needs.changes.outputs.src == 'true' | |
| # environment: | |
| # name: development | |
| # runs-on: [self-hosted, containerjob] | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # method: [system, user] | |
| # steps: | |
| # - name: β€΅οΈ Checkout | |
| # uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # - name: βοΈ Check for changes | |
| # uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| # id: changes_check | |
| # with: | |
| # filters: | | |
| # src: | |
| # - '**.go' | |
| # - 'go.mod' | |
| # - 'go.sum' | |
| # - name: π§ Setup Go | |
| # uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| # with: | |
| # go-version-file: go.mod | |
| # cache: true | |
| # - name: π§ Setup Task | |
| # uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
| # with: | |
| # repo-token: ${{ github.token }} | |
| # - name: βοΈ Configure TF dev overrides | |
| # run: .devcontainer/features/tfprovider-local-dev/install.sh | |
| # env: | |
| # PROVIDERNAME: microsoft/fabric | |
| # - name: π§ Setup Terraform | |
| # uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
| # with: | |
| # terraform_wrapper: false | |
| # - name: π¨ Setup Test tools | |
| # run: task test:tools | |
| # - name: π§ͺ Run acceptance tests (User Assigned) | |
| # if: matrix.method == 'user' | |
| # run: task testacc -- WorkspaceResource_CRUD | |
| # env: | |
| # FABRIC_USE_MSI: true | |
| # FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
| # FABRIC_CLIENT_ID: ${{ secrets.TESTACC_MSI_CLIENT_ID }} | |
| # - name: π§ͺ Run acceptance tests (System Assigned) | |
| # if: matrix.method == 'system' | |
| # run: task testacc -- WorkspaceResource_CRUD | |
| # env: | |
| # FABRIC_USE_MSI: true | |
| # FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
| checkbuild: | |
| name: ποΈ Check Build | |
| needs: changes | |
| if: needs.changes.outputs.src == 'true' | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| steps: | |
| - name: β€΅οΈ Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: π§ Setup Go | |
| uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: π§ Setup Task | |
| uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
| with: | |
| repo-token: ${{ github.token }} | |
| - name: π Get dependencies | |
| run: task deps | |
| - name: π Check for differences | |
| run: | | |
| git diff --exit-code -- go.mod go.sum || \ | |
| (echo; echo "Unexpected difference in go.mod/go.sum files. Run 'task deps' command or revert any go.mod/go.sum changes and commit."; git diff --exit-code) | |
| - name: βοΈ Run GoVulnCheck | |
| run: | | |
| task install:govulncheck | |
| task govulncheck || (echo "::warning::govulncheck found issues" && exit 0) | |
| - name: βοΈ Run Go linters | |
| uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0 | |
| with: | |
| version: latest | |
| only-new-issues: true | |
| skip-cache: true | |
| skip-save-cache: true | |
| args: --out-format=github-actions | |
| - name: π§ Setup Terraform | |
| uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
| with: | |
| terraform_wrapper: false | |
| # temporarily disabled due to incompatibliity with Go 1.24 | |
| # - name: βοΈ Run tfproviderlintx | |
| # run: | | |
| # task install:tfproviderlintx | |
| # task tfproviderlintx | |
| - name: βοΈ Run Terraform linters | |
| run: | | |
| task lint:tf-tools | |
| task lint:tf | |
| - name: π Check for differences | |
| run: | | |
| git diff --compact-summary --exit-code || \ | |
| (echo; echo "Unexpected difference in code. Run 'task lint' command and commit."; git diff --exit-code) | |
| - name: βοΈ Validate GoReleaser config | |
| uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 | |
| with: | |
| version: "~> v2" | |
| args: check --verbose | |
| - name: ποΈ Build snapshot binaries | |
| uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 | |
| with: | |
| version: "~> v2" | |
| args: build --snapshot --clean --verbose | |
| checkdocs: | |
| name: π Check Docs | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: β€΅οΈ Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: π§ Setup Go | |
| uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: π§ Setup Task | |
| uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
| with: | |
| repo-token: ${{ github.token }} | |
| - name: π¨ Setup tools | |
| run: | | |
| task install:tfplugindocs | |
| task install:markdownlint | |
| task install:copywrite | |
| - name: βοΈ Run Files linters | |
| run: task lint:files | |
| - name: π Check for differences | |
| run: | | |
| git diff --compact-summary --exit-code || \ | |
| (echo; echo "Unexpected difference. Run 'task lint:files' command and commit."; git diff --exit-code) | |
| - name: π Generate docs | |
| run: task docs | |
| - name: π Check for differences | |
| run: | | |
| git diff --compact-summary --exit-code || \ | |
| (echo; echo "Unexpected difference in directories after code generation. Run 'task docs' command and commit."; git diff --exit-code) | |
| # Run tests in a matrix with Terraform CLI versions | |
| test: | |
| name: π§ͺ Run Tests (${{ matrix.cli }} ${{ matrix.version }}) | |
| needs: changes | |
| if: needs.changes.outputs.src == 'true' | |
| environment: | |
| name: development | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: read | |
| actions: read | |
| checks: write | |
| pull-requests: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| cli: [terraform, tofu] | |
| version: ["1.7", "1.8", "1.9", "1.10", "1.11"] | |
| exclude: | |
| - cli: terraform | |
| version: "1.7" | |
| - cli: terraform | |
| version: "1.9" | |
| - cli: terraform | |
| version: "1.10" | |
| - cli: tofu | |
| version: "1.8" | |
| - cli: tofu | |
| version: "1.10" | |
| - cli: tofu | |
| version: "1.11" | |
| steps: | |
| - name: β€΅οΈ Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: π§ Setup Go | |
| uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: π§ Setup Terraform | |
| if: matrix.cli == 'terraform' | |
| uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
| with: | |
| terraform_version: ${{ matrix.version }} | |
| terraform_wrapper: false | |
| - name: βοΈ Configure Terraform | |
| if: matrix.cli == 'terraform' | |
| run: | | |
| terraform -version | |
| - name: π§ Setup OpenTofu | |
| uses: opentofu/setup-opentofu@592200bd4b9bbf4772ace78f887668b1aee8f716 # v1.0.5 | |
| if: matrix.cli == 'tofu' | |
| with: | |
| tofu_version: ${{ matrix.version }} | |
| tofu_wrapper: false | |
| - name: βοΈ Configure OpenTofu | |
| if: matrix.cli == 'tofu' | |
| run: | | |
| echo "TERRAFORM_CLI=$(which tofu)" >> $GITHUB_ENV | |
| echo "REGISTRY_HOST=registry.opentofu.org" >> $GITHUB_ENV | |
| echo "TF_ACC_TERRAFORM_PATH=$(which tofu)" >> $GITHUB_ENV | |
| echo "TF_ACC_PROVIDER_HOST=registry.opentofu.org" >> $GITHUB_ENV | |
| tofu -version | |
| - name: βοΈ Set CLI version | |
| run: | | |
| version=$(echo "${{ matrix.version }}" | sed 's/\./_/g') | |
| echo "CLI_VERSION=$version" >> $GITHUB_ENV | |
| - name: π§ Setup Task | |
| uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
| with: | |
| repo-token: ${{ github.token }} | |
| - name: π Download Go dependencies | |
| run: task deps:download | |
| - name: π¨ Setup Test tools | |
| run: task test:tools | |
| - name: π§ͺ Run tests | |
| if: matrix.cli == 'terraform' | |
| run: task test | |
| timeout-minutes: 30 | |
| env: | |
| # TF_LOG: DEBUG | |
| FABRIC_USE_OIDC: true | |
| FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
| FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_TF_CLIENT_ID }} | |
| - name: π§ͺ Run tests | |
| if: matrix.cli == 'tofu' | |
| run: task test | |
| timeout-minutes: 30 | |
| env: | |
| FABRIC_USE_OIDC: true | |
| FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
| FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_OT_CLIENT_ID }} | |
| - name: π€ Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 | |
| with: | |
| name: ${{ format('{0}-{1}-test-results', matrix.cli, env.CLI_VERSION) }} | |
| path: testresults.xml | |
| if-no-files-found: warn | |
| overwrite: true | |
| - name: π€ Upload coverage results | |
| if: always() | |
| uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 | |
| with: | |
| name: ${{ format('{0}-{1}-test-coverage-results', matrix.cli, env.CLI_VERSION) }} | |
| path: | | |
| coverage.html | |
| coverage.json | |
| coverage.out | |
| coverage.txt | |
| coverage.xml | |
| if-no-files-found: warn | |
| overwrite: true | |
| - name: π’ Publish test results | |
| if: always() | |
| uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1 | |
| with: | |
| name: π Test results (${{ matrix.cli }} ${{ matrix.version }}) | |
| reporter: jest-junit | |
| path: testresults.xml | |
| - name: βοΈ Get Coverage summary | |
| if: always() | |
| uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # v1.3.0 | |
| with: | |
| filename: coverage.xml | |
| badge: true | |
| fail_below_min: true | |
| format: markdown | |
| hide_branch_rate: false | |
| hide_complexity: false | |
| indicators: true | |
| output: both | |
| thresholds: "40 60" | |
| - name: π€ Upload Coverage summary | |
| if: always() | |
| uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 | |
| with: | |
| name: ${{ format('{0}-{1}-test-coverage-summary', matrix.cli, env.CLI_VERSION) }} | |
| path: | | |
| code-coverage-results.md | |
| if-no-files-found: warn | |
| overwrite: true | |
| coverage-summary: | |
| name: π Coverage Summary | |
| needs: | |
| - test | |
| - changes | |
| if: always() && needs.changes.outputs.src == 'true' | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| id-token: write | |
| steps: | |
| - name: π₯ Download | |
| uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 | |
| with: | |
| pattern: terraform-1_11-test-coverage* | |
| merge-multiple: true | |
| - name: π Publish | |
| run: cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY | |
| - name: π€ Upload results to Codecov | |
| uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 | |
| with: | |
| use_oidc: true | |
| files: ./coverage.out | |
| - name: π Find comment | |
| if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' | |
| uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 | |
| id: fc | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| comment-author: github-actions[bot] | |
| body-includes: Minimum allowed line rate is | |
| - name: π Create comment | |
| if: steps.fc.outputs.comment-id == '' && (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') | |
| uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| body-path: code-coverage-results.md | |
| - name: π Update comment | |
| if: steps.fc.outputs.comment-id != '' && (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') | |
| uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 | |
| with: | |
| comment-id: ${{ steps.fc.outputs.comment-id }} | |
| body-path: code-coverage-results.md | |
| edit-mode: replace | |
| # Returns success if all matrix jobs in test are successful - otherwise, it returns a failure. | |
| # Use this as a PR status check for GitHub Policy Service instead of individual matrix entry checks. | |
| check-test-matrix: | |
| if: always() | |
| name: π§ͺ Check Tests | |
| needs: test | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: β OK | |
| if: ${{ !(contains(needs.*.result, 'failure')) }} | |
| run: exit 0 | |
| - name: π Failure | |
| if: ${{ contains(needs.*.result, 'failure') }} | |
| run: exit 1 |