DevSecOpsSamples
diff --git a/‎README.md‎
Lines changed: 26 additions & 4 deletions b/‎README.md‎
Lines changed: 26 additions & 4 deletions
diff --git a/‎python-unittest.yml‎
Lines changed: 36 additions & 0 deletions b/‎python-unittest.yml‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎screenshots/terraform-plan.png‎
346 KB b/‎screenshots/terraform-plan.png‎
346 KB
diff --git a/‎screenshots/test-failed-details.png‎
286 KB b/‎screenshots/test-failed-details.png‎
286 KB
diff --git a/‎screenshots/test-failed.png‎
230 KB b/‎screenshots/test-failed.png‎
230 KB
diff --git a/‎setup.cfg‎
Lines changed: 17 additions & 0 deletions b/‎setup.cfg‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎terraform.yml‎
Lines changed: 82 additions & 0 deletions b/‎terraform.yml‎
Lines changed: 82 additions & 0 deletions
@@ -9,10 +9,10 @@ Provides GitHub Workflow and Action samples.
 
 ## Sample Repositories
 
-| Repository                          | Workflow File | Actions |
-|---|--------------------------------|------|
-| gke-workload-identity | [build.yml](https://github.com/DevSecOpsSamples/gke-workload-identity/blob/master/.github/workflows/build.yml)     | [actions](https://github.com/DevSecOpsSamples/gke-workload-identity/actions/workflows/build.yml) | GCP, gcloud, Docker, Terraform, Python, pytest, Sonarqube |
-| jenkins-fargate-cdk   | [build.yml](https://github.com/DevSecOpsSamples/jenkins-fargate-cdk/blob/master/.github/workflows/build.yml)     | [actions](https://github.com/DevSecOpsSamples/jenkins-fargate-cdk/actions/workflows/build.yml) | Docker, CDK, Sonarqube |
+| Repository                          | Workflow File | Actions | Description | Plugins |
+|---|--------------------------------|------|--------------------------------|---------------|
+| gke-workload-identity | [build.yml](https://github.com/DevSecOpsSamples/gke-workload-identity/blob/master/.github/workflows/build.yml)     | [actions](https://github.com/DevSecOpsSamples/gke-workload-identity/actions/workflows/build.yml) | GCP, gcloud, Docker, Terraform <br/> Python, pytest, publish unittest result, Sonarqube  | hashicorp/[email protected] <br/>jacobtomlinson/gha-find-replace@v2 <br/> actions/github-script@v6 <br/>actions/setup-java@v1 <br/>actions/setup-python@v4 <br/> google-github-actions/auth@v1 <br/> EnricoMi/publish-unit-test-result-action/composite@v2 <br/> actions/cache@v3 <br/> |
+| jenkins-fargate-cdk   | [build.yml](https://github.com/DevSecOpsSamples/jenkins-fargate-cdk/blob/master/.github/workflows/build.yml)     | [actions](https://github.com/DevSecOpsSamples/jenkins-fargate-cdk/actions/workflows/build.yml) | Docker, CDK, Sonarqube | |
 
 ## Docker
 
@@ -30,6 +30,28 @@ Provides GitHub Workflow and Action samples.
 
 - [gke-workload-identity](https://github.com/DevSecOpsSamples/gke-workload-identity/blob/master/.github/workflows/build.yml)
 
+## Terraform
+
+- [terraform.yml](terraform.yml)
+
+    <details><summary>Terraform Plan</summary>
+
+    ![terraform-plan.png](./screenshots/terraform-plan.png?raw=true)
+
+    </details>
+
+## Python Unittest
+
+- [python-unittest.yml](python-unittest.yml) [setup.cfg](setup.cfg)
+
+    <details><summary>Unittest Results</summary>
+    
+    ![test-failed.png](./screenshots/test-failed.png?raw=true)
+
+    ![test-failed-details.png](./screenshots/test-failed-details.png?raw=true)
+
+    </details>
+
 ## Reference
 
 - [GitHub Actions /Using workflows / Cache dependencies / Caching dependencies to speed up workflows](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#managing-caches)
 
@@ -0,0 +1,36 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Python 3.9
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.9
+          cache: 'pip'
+      - run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install --upgrade google-cloud-storage google-cloud-pubsub
+      - name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v1'
+        with:
+          credentials_json: '${{ secrets.SA }}'
+      - run: pytest
+      - name: Publish Test Results
+        uses: EnricoMi/publish-unit-test-result-action/composite@v2
+        if: always()
+        with:
+          junit_files: "build/test-result.xml"
+          
@@ -0,0 +1,17 @@
+[flake8]
+max-line-length = 200
+ignore = F123, E456
+exclude = .terraform
+
+[tool:pytest]
+log_cli=True
+log_cli_level=DEBUG
+; --html=report.html = pip install pytest-html
+addopts=--failed-first --cov=src/bucket-api --cov=src/pubsub-api --junit-xml=build/test-result.xml --html=build/test-report.html --cov-report=xml:build/test-coverage.xml 
+junit_family=legacy
+; --cov-branch 
+; norecursedirs=.pyenv-python
+env =
+    D:GOOGLE_APPLICATION_CREDENTIALS=.sa
+    D:GCS_BUCKET_NAME={PROJECT_ID}-bucket-api
+    D:GOOGLE_CLOUD_PROJECT={PROJECT_ID}
@@ -0,0 +1,82 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+  terraform:
+    strategy:
+      matrix:
+        path: [src/terraform/cluster, src/terraform/workload-identity]
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: HashiCorp - Setup Terraform
+      uses: hashicorp/[email protected]
+    - run: terraform fmt -check
+      id: fmt
+      working-directory: ${{ matrix.path }}
+    - run: terraform init
+      working-directory: ${{ matrix.path }}
+      id: init
+    - run: terraform validate -no-color
+      working-directory: ${{ matrix.path }}
+      id: validate
+    - name: 'Authenticate to Google Cloud'
+      uses: 'google-github-actions/auth@v1'
+      with:
+        credentials_json: '${{ secrets.SA }}'
+    - name: Replace project-id
+      uses: jacobtomlinson/gha-find-replace@v2
+      with:
+        find: "<dev-stage-project-id>"
+        replace: ${{ secrets.PROJECT_ID }}
+        include: "src/terraform/**"
+        regex: false
+    - name: Terraform Plan
+      id: plan
+      if: matrix.path == 'src/terraform/cluster'
+      run: terraform plan -var-file=vars/dev.tfvars -no-color
+      working-directory: ${{ matrix.path }}
+    - uses: actions/github-script@v6
+      if: github.event_name == 'pull_request'
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          const output = `#### Working Directory: ${{ matrix.path }}
+
+          #### Terraform Format and Style \`${{ steps.fmt.outcome }}\`
+          
+          #### Terraform Initialization \`${{ steps.init.outcome }}\`
+          
+          #### Terraform Validation \`${{ steps.validate.outcome }}\`
+
+          <details><summary>Validation Output</summary>
+
+          \`\`\`\n
+          ${{ steps.validate.outputs.stdout }}
+          \`\`\`
+
+          </details>
+
+          #### Terraform Plan \`${{ steps.plan.outcome }}\`
+
+          <details><summary>Show Plan</summary>
+
+          \`\`\`\n
+          ${{ steps.plan.outputs.stdout }}
+          \`\`\`
+
+          </details>`;
+
+          github.rest.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: output
+          });
+
+