-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (111 loc) · 3.43 KB
/
terraform-pr-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Terraform PR check
on:
workflow_dispatch:
pull_request:
types: [synchronize, opened, ready_for_review]
branches:
- main
env:
TERRAGRUNT_TFPATH: terraform
TENV_QUIET: t
TENV_AUTO_INSTALL: true
permissions:
contents: write
pull-requests: write
jobs:
check-code:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- name: Create GitHub App token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
token: ${{ steps.app-token.outputs.token }}
- name: Download terraform assets
uses: ./.github/actions/download-terraform-assets
with:
token: ${{ steps.app-token.outputs.token }}
- name: Setup
uses: ./.github/actions/setup
- name: Test scripts
run: |
shellspec
- name: Init
uses: nick-fields/retry@v3
with:
timeout_minutes: 10
max_attempts: 3
command: |
cd accounts
terragrunt run-all init -upgrade
- name: Setup terraform version settings
run: |
chmod +x scripts/*
./scripts/setup_terraform_version_settings.sh \
./accounts \
./files/terraform/version.tf
- name: Run pre-commit
uses: pre-commit/[email protected]
with:
extra_args: --all-files
- name: Auto commit
id: auto-commit
if: always()
uses: EndBug/add-and-commit@v9
with:
author_name: "github-actions[bot]"
author_email: "github-actions[bot]@users.noreply.github.com"
committer_name: "github-actions[bot]"
committer_email: "github-actions[bot]@users.noreply.github.com"
message: "chore: ${{ github.workflow }} (${{ github.job }})"
- name: Cancel workflow
run: |
if [ "${{ steps.auto-commit.outputs.committed }}" == "true" ]; then
exit 1
fi
plan:
needs: [check-code]
runs-on: ubuntu-latest
steps:
- name: Create GitHub App token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
token: ${{ steps.app-token.outputs.token }}
- name: Download terraform assets
uses: ./.github/actions/download-terraform-assets
with:
token: ${{ steps.app-token.outputs.token }}
- name: Setup
uses: ./.github/actions/setup
- name: Init
uses: nick-fields/retry@v3
with:
timeout_minutes: 10
max_attempts: 3
command: |
cd accounts
terragrunt run-all init
- name: Plan and comment
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cd accounts
$(git rev-parse --show-toplevel)/scripts/output_plan_results.sh
github-comment exec -k default -- cat plan_results.md
github-comment hide