-
Notifications
You must be signed in to change notification settings - Fork 0
141 lines (124 loc) · 4.38 KB
/
terraform.yaml
File metadata and controls
141 lines (124 loc) · 4.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_call:
inputs:
aws_region:
type: string
required: true
aws_endpoint_url_s3:
type: string
required: true
gh_owner:
type: string
required: true
gh_app_id:
type: string
required: true
gh_app_installation_id:
type: string
required: true
path:
type: string
required: true
secrets:
aws_access_key_id:
required: true
aws_secret_access_key:
required: true
gh_app_pem_file:
required: true
env:
AWS_REGION: ${{ inputs.aws_region || vars.AWS_REGION }}
AWS_ENDPOINT_URL_S3: ${{ inputs.aws_endpoint_url_s3 || vars.AWS_ENDPOINT_URL_S3 }}
AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id || secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key || secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_OWNER: ${{ inputs.gh_owner || vars.GH_OWNER }}
GITHUB_APP_ID: ${{ inputs.gh_app_id || vars.GH_APP_ID }}
GITHUB_APP_INSTALLATION_ID: ${{ inputs.gh_app_installation_id || vars.GH_APP_INSTALLATION_ID }}
GITHUB_APP_PEM_FILE: ${{ secrets.gh_app_pem_file || secrets.GH_APP_PEM_FILE }}
TF_WORKSPACE: ${{ inputs.gh_owner || vars.GH_OWNER }}
TF_VAR_path: ../iac/${{ inputs.path || 'test.yaml' }}
jobs:
terraform:
name: "Terraform"
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: Checkout called repository
uses: actions/checkout@v4
with:
repository: 'xebis/github-organization-as-code'
- name: Checkout caller YAML configuration
uses: actions/checkout@v4
with:
path: iac
sparse-checkout: ${{ inputs.path || 'test.yaml' }}
sparse-checkout-cone-mode: false
- name: Setup Terraform with specified version
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.11.0
- name: Terraform init
id: init
run: terraform -chdir=terraform init
- name: Terraform plan
id: plan
if: github.event_name == 'pull_request'
run: terraform -chdir=terraform plan -no-color -input=false
continue-on-error: true
- name: Terraform plan as the PR comment
uses: actions/github-script@v7
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('<!-- GitHub Actions Terraform PR comment bot -->')
});
// 2. Put together bot new comment contents for the PR
const output = `<!-- GitHub Actions Terraform PR comment bot -->
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
// 3. Delete previous comment for the PR
if (botComment) {
github.rest.issues.deleteComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
});
}
// 4. Create a new comment
github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: output
});
- name: Terraform plan status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: terraform -chdir=terraform apply -auto-approve -input=false