test(infrastructure): Go/Terratest contract and integration tests — tracking issue

[katriendg]

Summary

Adopt Go/Terratest for contract validation and integration testing of the root Terraform deployment. Contract tests validate output declarations at zero cost using terraform-docs json; deployment tests run full infrastructure lifecycle validation on a schedule.

Context

This complements native terraform test (Tier 1, module-level) with integration-level validation. The microsoft/edge-ai repository uses this exact two-tier pattern. Contract tests validate that the root module's output declarations match a strongly-typed Go struct, catching output contract breakage at PR time with zero Azure credentials and sub-second execution.

Goals

ID	Statement	Priority
G-001	Add Go toolchain to DevContainer	P0
G-002	Create Go module with shared test utilities	P0
G-003	Implement contract tests validating output declarations	P0
G-004	Integrate contract tests into CI workflow	P1
G-005	Create deployment test framework for nightly validation	P2

Test Directory Structure

infrastructure/terraform/e2e/
├── go.mod, go.sum
├── testutil/
│   ├── contract.go              # terraform-docs JSON parsing + output validation
│   └── deployment.go            # DeployTerraform(), DestroyTerraform() wrappers
├── outputs.go                   # InfraOutputs struct with `output` tags
├── contract_test.go             # TestTerraformOutputsContract (zero cost, <1s)
├── deploy_test.go               # TestTerraformInfrastructureDeploy (nightly only)
├── run-contract-tests.sh        # Developer helper script
└── run-deployment-tests.sh      # Developer helper script

Sub-Issues

Foundation

• Add Go devcontainer feature (ghcr.io/devcontainers/features/go:1, version 1.22+)
• Create infrastructure/terraform/tests/ Go module with testutil/ package
• Implement testutil/contract.go for terraform-docs json output parsing

Contract Tests

• Define InfraOutputs struct matching root module output declarations
• Implement contract_test.go using reflection-based output key validation
• Create run-contract-tests.sh developer helper script

CI Integration

• Add contract test step to CI workflow (zero auth, sub-second)
• Update copilot-instructions.md validation table with Go contract test command

Integration Tests (deferred — requires Azure credentials in CI)

• Create deployment test framework with test_structure stages and SKIP_* support
• Configure GitHub OIDC federation for test Azure subscription
• Create scheduled nightly workflow for deployment tests

Technology Stack

Component	Version	Purpose
Go	1.22+	Test language
Terratest	v0.54.0	Infrastructure testing library
testify	v1.11.1	Test assertions
terraform-docs	(already installed)	Output contract extraction

Contract Test Pattern

type InfraOutputs struct {
    PlatformOutputs map[string]any `output:"platform"`
    SilOutputs      map[string]any `output:"sil"`
}

func TestTerraformOutputsContract(t *testing.T) {
    var infra InfraOutputs
    keys := testutil.ExtractOutputKeys(infra)
    testutil.ValidateTerraformContract(t, "..", keys)
}

Inner Dev Loop

# Contract tests (zero auth, <1 second)
cd infrastructure/terraform/tests
./run-contract-tests.sh

# Deployment tests (iterative — deploy once, re-validate many times)
SKIP_destroy=true go test -v -run TestMainDeployment -timeout 45m
SKIP_init=true SKIP_apply=true SKIP_destroy=true go test -v -timeout 5m

Testing Pyramid Position

Layer	Tool	Auth	Cost	This Issue
L0-L3	fmt, lint, validate, test	No	$0	—
L4: Contract	Go contract test	No	$0	This issue
L5: Plan	terraform plan	Yes	$0	Future
L6: E2E	Terratest (apply)	Yes	$$$	This issue (deferred)

Dependencies

• terraform-docs (feat(terraform): implement terraform-docs automation #185) — already installed in DevContainer; contract tests use terraform-docs json independently
• Go devcontainer feature — prerequisite for all Go tests

References

• microsoft/edge-ai two-tier testing architecture (components + blueprints)
• Terratest documentation (gruntwork-io/terratest, 7.9k stars)
• HashiCorp terraform test documentation