diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 46b61f1..7ec8ebe 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,95 +1,82 @@ -name: Terraform CI +# This is a basic workflow to help you get started with Actions +name: 'Terraform Cloud' + +# Controls when the action will run. on: + # Triggers the workflow on push or pull request events but only for the main branch push: - branches: - - master - tags: - - v* + branches: [ main ] pull_request: - branches: - - master - workflow_dispatch: - -env: - TF_CLOUD_ORGANIZATION: "Evilness-ACE" - TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" - TF_WORKSPACE: "K3S-OCI" - CONFIG_DIRECTORY: "./" -permissions: read-all +# A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: + # This workflow contains a single job called "terraform" terraform: - name: Terraform Plan + name: 'Terraform' + # The type of runner that the job will run on runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write + + # Steps represent a sequence of tasks that will be executed as part of the job steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout - uses: actions/checkout@v4 - -# - name: Run a Terraform fmt -# uses: docker://hashicorp/terraform:light -# with: -# entrypoint: terraform -# args: fmt --recursive -check=true --diff ../ + uses: actions/checkout@v2 - - name: Upload Configuration - uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.0 - id: plan-upload + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 with: - workspace: ${{ env.TF_WORKSPACE }} - directory: ${{ env.CONFIG_DIRECTORY }} - speculative: true + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - - name: Create Plan Run - uses: hashicorp/tfc-workflows-github/actions/create-run@v1.0.0 - id: plan-run - with: - workspace: ${{ env.TF_WORKSPACE }} - configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} - plan_only: true + # Check for proper terraform formatting + - name: Terraform Format + id: fmt + run: terraform fmt -check - - name: Get Plan Output - uses: hashicorp/tfc-workflows-github/actions/plan-output@v1.0.0 - id: plan-output - with: - plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} + # Initialize Terraform + - name: Terraform Init + id: init + run: terraform init + + # Terraform plan on pull requests only + - name: Terraform Plan + id: plan + if: github.event_name == 'pull_request' + run: terraform plan -no-color + continue-on-error: true - - name: Update PR - uses: actions/github-script@v6 - id: plan-comment + # Add terraform plan output back into the pull request + - name: Update Pull Request + uses: actions/github-script@0.9.0 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | - // Retrieve existing bot comments for the PR - const { data: comments } = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - }); - const botComment = comments.find(comment => { - return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output') - }); - const output = `#### Terraform Cloud Plan Output - \`\`\` - Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. - \`\`\` - [Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }}) - `; - // Delete previous comment so PR timeline makes sense - if (botComment) { - github.rest.issues.deleteComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: botComment.id, - }); - } - // Create a new comment with the Terraform plan output - github.rest.issues.createComment({ + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` +
Show Plan + \`\`\` + ${process.env.PLAN} + \`\`\` +
+ *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + + github.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: output - }); + }) + + # Exit on Plan failure + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + # Terraform apply on push to main branch + - name: Terraform Apply + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -auto-approve