Last active
February 13, 2024 15:50
-
-
Save wparad/ea473f573a420134cb12dbac0e2184a9 to your computer and use it in GitHub Desktop.
Terraform GithubAction Workflow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
permissions: | |
contents: write | |
pull-requests: read | |
id-token: write | |
jobs: | |
terraform: | |
strategy: | |
fail-fast: true | |
max-parallel: 1 | |
matrix: | |
environment: ['development'] | |
runs-on: | |
- self-hosted | |
- ${{ matrix.environment }} | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 0.13.0 | |
- name: Configure AWS Credentials | |
if: github.repository_owner == 'Authress' && github.ref != 'refs/heads/main' && github.ref != 'refs/heads/master' | |
uses: aws-actions/configure-aws-credentials@036a4a1ddf2c0e7a782dca6e083c6c53e5d90321 | |
with: | |
aws-region: eu-west-1 | |
role-duration-seconds: 3600 | |
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubRunnerAssumedRole | |
role-session-name: GitHubRunner-${{ github.repository_owner }}-DocumentLibrary-${{ github.run_number }} | |
- name: Terraform fmt | |
id: fmt | |
run: terraform fmt | |
continue-on-error: true | |
- name: Terraform Clean | |
id: clean | |
run: rm -rf .terraform | |
- name: Terraform Init | |
id: init | |
run: terraform init -backend-config="bucket=terraform-backend-bucket-${{ matrix.environment }}" -reconfigure | |
- name: Terraform Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Ensure this is the only pipeline running | |
uses: softprops/turnstyle@v1 | |
if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Terraform Plan | |
id: plan | |
run: terraform plan -no-color -var-file="environments/${{ matrix.environment }}.tfvars" -var="environment=${{ matrix.environment }}" -input=false | |
# https://github.com/actions/github-script | |
- uses: actions/github-script@0.9.0 | |
if: github.event_name == 'pull_request' | |
env: | |
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const environmentString = `Environment: ${{ matrix.environment }}`; | |
const output = `#### ${environmentString} | |
* Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | |
* Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | |
* Terraform Validation 🤖${{ steps.validate.outputs.stdout }} | |
* Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
<details><summary>Show Plan</summary> | |
\`\`\`${process.env.PLAN}\`\`\` | |
</details> | |
*Pusher: Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`; | |
const comments = await github.issues.listComments({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
per_page: 100 | |
}); | |
const planComment = comments.data.find(c => c.body.includes(environmentString)); | |
if (planComment) { | |
await github.issues.updateComment({ | |
issue_number: context.issue.number, | |
comment_id: planComment.id, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: output | |
}); | |
} else { | |
await github.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: output | |
}); | |
} | |
- name: Terraform Apply | |
if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
run: terraform apply -auto-approve -var-file="environments/${{ matrix.environment }}.tfvars" -var="environment=${{ matrix.environment }}" -input=false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment