Created
February 12, 2024 05:52
-
-
Save jonesy1234/3007453a79383d36f9f3a6439b5e0540 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Terraform Plan | |
| # yamllint disable-line rule:truthy | |
| on: | |
| pull_request: | |
| branches: [master, main] | |
| workflow_dispatch: | |
| jobs: | |
| Validation: | |
| name: Terraform Plan Workflow | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| container: | |
| image: hashicorp/terraform:latest | |
| env: | |
| GITHUB_APP_ID: ${{ secrets.TF_APP_ID }} | |
| GITHUB_APP_INSTALLATION_ID: ${{ secrets.TF_APP_INSTALLATION_ID }} | |
| GITHUB_APP_PEM_FILE: ${{ secrets.TF_APP_PEM_FILE }} | |
| GITHUB_ORGANIZATION: 'github-organisation' | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: https://github.com/github-organisation | |
| aws-region: ap-southeast-2 | |
| role-to-assume: arn:aws:iam::123456789123:role/app-github-organisation-123456789123 | |
| role-session-name: github-organisation | |
| - uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ secrets.TERRAFORM_MODULES_APP_ID }} | |
| private-key: ${{ secrets.TERRAFORM_MODULES_APP_PRIVATE_KEY }} | |
| owner: another-github-organisation | |
| - name: Terraform Initialization | |
| run: | | |
| git config --global url."https://oauth2:${{ steps.app-token.outputs.token }}@github.com".insteadOf https://github.com | |
| terraform init -backend-config="terraform_state.tfvars" -upgrade | |
| id: terraform_init | |
| - name: Terraform Validation | |
| run: terraform validate | |
| id: terraform_validate | |
| - name: Terraform Format and Style | |
| run: terraform fmt -check -diff -recursive | |
| id: terraform_fmt | |
| - name: Terraform Plan | |
| id: terraform_plan | |
| # if: github.event_name == 'pull_request' | |
| run: terraform plan -no-color --out tfplan.binary | |
| continue-on-error: true | |
| - name: Terraform JSON output | |
| id: terraform_json | |
| if: steps.terraform_plan.outcome == 'success' | |
| run: terraform show -json tfplan.binary > tfplan.json | |
| continue-on-error: true | |
| - name: Update Pull Request | |
| uses: actions/github-script@v6 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| script: | | |
| const output = `${ "${{ steps.terraform_fmt.outcome }}" == "success" ? "✔️" : "❌" } Terraform Format and Style 🖌 | |
| ${ "${{ steps.terraform_init.outcome }}" == "success" ? "✔️" : "❌" } Terraform Initialization ⚙️ | |
| ${ "${{ steps.terraform_plan.outcome }}" == "success" ? "✔️" : "❌" } Terraform Plan 📖 | |
| ${ "${{ steps.terraform_validate.outcome }}" == "success" ? "✔️" : "❌" } Terraform Validation 🤖 | |
| *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }); | |
| - name: Terraform Plan Status | |
| if: steps.terraform_plan.outcome == 'failure' | |
| run: exit 1 | |
| docs: | |
| name: Terraform Docs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Render terraform docs inside the README.md and push changes back to PR branch | |
| uses: terraform-docs/gh-actions@main | |
| with: | |
| working-dir: . | |
| output-file: README.md | |
| output-method: inject | |
| git-push: "true" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment