wparad/terraform.yml

## terraform.yml
on:
  push:
    branches:
    - master
  pull_request:
    branches:
    - master

permissions:
  contents: write
  pull-requests: read
  id-token: write

jobs:
  terraform:
    strategy:
      fail-fast: true
      max-parallel: 1
      matrix:
        environment: ['development']

    runs-on:
    - self-hosted
    - ${{ matrix.environment }}

    steps:
    - uses: actions/checkout@v2
    - uses: hashicorp/setup-terraform@v1
      with:
        terraform_version: 0.13.0
    - name: Configure AWS Credentials
      if: github.repository_owner == 'Authress' && github.ref != 'refs/heads/main' && github.ref != 'refs/heads/master'
      uses: aws-actions/configure-aws-credentials@036a4a1ddf2c0e7a782dca6e083c6c53e5d90321
      with:
        aws-region: eu-west-1
        role-duration-seconds: 3600
        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubRunnerAssumedRole
        role-session-name: GitHubRunner-${{ github.repository_owner }}-DocumentLibrary-${{ github.run_number }}

    - name: Terraform fmt
      id: fmt
      run: terraform fmt
      continue-on-error: true

    - name: Terraform Clean
      id: clean
      run: rm -rf .terraform

    - name: Terraform Init
      id: init
      run: terraform init -backend-config="bucket=terraform-backend-bucket-${{ matrix.environment }}" -reconfigure

    - name: Terraform Validate
      id: validate
      run: terraform validate -no-color

    - name: Ensure this is the only pipeline running
      uses: softprops/turnstyle@v1
      if: github.ref == 'refs/heads/master' && github.event_name == 'push'
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: Terraform Plan
      id: plan
      run: terraform plan -no-color -var-file="environments/${{ matrix.environment }}.tfvars" -var="environment=${{ matrix.environment }}" -input=false

    # https://github.com/actions/github-script
    - uses: actions/github-script@0.9.0
      if: github.event_name == 'pull_request'
      env:
        PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
      with:
        github-token: ${{ secrets.GITHUB_TOKEN }}
        script: |
          const environmentString = `Environment: ${{ matrix.environment }}`;
          const output = `#### ${environmentString}
          * Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
          * Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
          * Terraform Validation 🤖${{ steps.validate.outputs.stdout }}
          * Terraform Plan 📖\`${{ steps.plan.outcome }}\`
          <details><summary>Show Plan</summary>
          \`\`\`${process.env.PLAN}\`\`\`
          </details>
          *Pusher: Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`;
          const comments = await github.issues.listComments({
            issue_number: context.issue.number,
            owner: context.repo.owner,
            repo: context.repo.repo,
            per_page: 100
          });
          const planComment = comments.data.find(c => c.body.includes(environmentString));
          if (planComment) {
            await github.issues.updateComment({
              issue_number: context.issue.number,
              comment_id: planComment.id,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: output
            });
          } else {
            await github.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: output
            });
          }
    - name: Terraform Apply
      if: github.ref == 'refs/heads/master' && github.event_name == 'push'
      run: terraform apply -auto-approve -var-file="environments/${{ matrix.environment }}.tfvars" -var="environment=${{ matrix.environment }}" -input=false
	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master

	permissions:
	contents: write
	pull-requests: read
	id-token: write

	jobs:
	terraform:
	strategy:
	fail-fast: true
	max-parallel: 1
	matrix:
	environment: ['development']

	runs-on:
	- self-hosted
	- ${{ matrix.environment }}

	steps:
	- uses: actions/checkout@v2
	- uses: hashicorp/setup-terraform@v1
	with:
	terraform_version: 0.13.0
	- name: Configure AWS Credentials
	if: github.repository_owner == 'Authress' && github.ref != 'refs/heads/main' && github.ref != 'refs/heads/master'
	uses: aws-actions/configure-aws-credentials@036a4a1ddf2c0e7a782dca6e083c6c53e5d90321
	with:
	aws-region: eu-west-1
	role-duration-seconds: 3600
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubRunnerAssumedRole
	role-session-name: GitHubRunner-${{ github.repository_owner }}-DocumentLibrary-${{ github.run_number }}

	- name: Terraform fmt
	id: fmt
	run: terraform fmt
	continue-on-error: true

	- name: Terraform Clean
	id: clean
	run: rm -rf .terraform

	- name: Terraform Init
	id: init
	run: terraform init -backend-config="bucket=terraform-backend-bucket-${{ matrix.environment }}" -reconfigure

	- name: Terraform Validate
	id: validate
	run: terraform validate -no-color

	- name: Ensure this is the only pipeline running
	uses: softprops/turnstyle@v1
	if: github.ref == 'refs/heads/master' && github.event_name == 'push'
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Terraform Plan
	id: plan
	run: terraform plan -no-color -var-file="environments/${{ matrix.environment }}.tfvars" -var="environment=${{ matrix.environment }}" -input=false

	# https://github.com/actions/github-script
	- uses: actions/github-script@0.9.0
	if: github.event_name == 'pull_request'
	env:
	PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const environmentString = `Environment: ${{ matrix.environment }}`;
	const output = `#### ${environmentString}
	* Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
	* Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
	* Terraform Validation 🤖${{ steps.validate.outputs.stdout }}
	* Terraform Plan 📖\`${{ steps.plan.outcome }}\`
	<details><summary>Show Plan</summary>
	\`\`\`${process.env.PLAN}\`\`\`
	</details>
	Pusher: Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\``;
	const comments = await github.issues.listComments({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	per_page: 100
	});
	const planComment = comments.data.find(c => c.body.includes(environmentString));
	if (planComment) {
	await github.issues.updateComment({
	issue_number: context.issue.number,
	comment_id: planComment.id,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: output
	});
	} else {
	await github.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: output
	});
	}
	- name: Terraform Apply
	if: github.ref == 'refs/heads/master' && github.event_name == 'push'
	run: terraform apply -auto-approve -var-file="environments/${{ matrix.environment }}.tfvars" -var="environment=${{ matrix.environment }}" -input=false