wenqiglantz

name: "Infracost analysis"

on:
  # trigger only when PR is raised because infracost needs to compare two branches to get cost difference
  pull_request:
    branches: [ main ]
    paths: 'terraform/**'

permissions:  # added using https://github.com/step-security/secure-workflows
  contents: read

wenqiglantz

name: "Infracost Analysis for PRs"

on:
  workflow_call:
    inputs:
      # working-directory is added to specify "terraform" directory in project source code as that's where the terraform files live.
      working-directory:
        required: false
        type: string
        default: 'terraform'

wenqiglantz

# You can use this file to define resource usage estimates for Infracost to use when calculating
# the cost of usage-based resource, such as AWS S3 or Lambda.
# `infracost breakdown --usage-file infracost-usage.yml [other flags]`
# See https://infracost.io/usage-file/ for docs
version: 0.1
resource_type_default_usage:
  # The following usage values apply to each resource of the given type, which is useful when you want to define defaults.

  aws_lambda_function:
    monthly_requests: 100000 # Monthly requests to the Lambda function.

wenqiglantz

package infracost # your policy files must be under the "infracost" package

# This example shows you how you can create a policy that will fail if the infracost `diffTotalMonthlyCost`
# value is greater than 100 dollars.
deny[out] {
	# maxDiff defines the threshold that you require the cost estimate to be below.
	maxDiff = 100.0

	# msg defines the output that will be shown in PR comments under the Policy Checks/Failures section.
	msg := sprintf(

wenqiglantz

- name: Zip the code and deploy to S3
  run: |
    aws s3 sync ./${{ inputs.build-dir }} s3://${{ secrets.S3_BUCKET_NAME }}

- name: Invalidate cloudFront cache
  run: |
    aws cloudfront create-invalidation --distribution-id ${{ secrets.CF_DISTRIBUTION_ID }} --paths "/*"

wenqiglantz

#######################################
# aws_s3_bucket_versioning, version update is needed to trigger cloudfront cache invalidation
#######################################
resource "aws_s3_bucket_versioning" "static_site_versioning" {
  bucket = aws_s3_bucket.static_site.id
  versioning_configuration {
    status = "Enabled"
  }
}

wenqiglantz

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-failsafe-plugin</artifactId>
  <version>3.0.0-M7</version>
  <executions>
    <execution>
      <goals>
        <goal>integration-test</goal>
        <goal>verify</goal>
      </goals>

wenqiglantz

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@ExtendWith(MockitoExtension.class)
@ContextConfiguration(initializers = {WireMockInitializer.class})
class CustomerServiceClientIT {

    @Autowired
    private WebTestClient client;

    @Autowired
    private WireMockServer wireMockServer;

wenqiglantz

public class WireMockInitializer implements ApplicationContextInitializer<ConfigurableApplicationContext> {

    @Override
    public void initialize(ConfigurableApplicationContext applicationContext) {

        WireMockServer wireMockServer =
                new WireMockServer(new WireMockConfiguration().dynamicPort());

        wireMockServer.start();

wenqiglantz

<dependency>
  <groupId>com.github.tomakehurst</groupId>
  <artifactId>wiremock-jre8</artifactId>
  <version>${wiremock.version}</version>
  <scope>test</scope>
</dependency>