diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index be3fb5c..590f7e4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,64 +17,72 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4 + +- name: Upload Configuration + uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.0 + id: plan-upload + with: + workspace: ${{ env.TF_WORKSPACE }} + directory: ${{ env.CONFIG_DIRECTORY }} + speculative: true - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} +- name: Create Plan Run + uses: hashicorp/tfc-workflows-github/actions/create-run@v1.0.0 + id: plan-run + with: + workspace: ${{ env.TF_WORKSPACE }} + configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} + plan_only: true + +- name: Get Plan Output + uses: hashicorp/tfc-workflows-github/actions/plan-output@v1.0.0 + id: plan-output + with: + plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} - # Check for proper terraform formatting - #- name: Terraform Format - # id: fmt - # run: terraform fmt -check - - # Initialize Terraform - - name: Terraform Init - id: init - run: terraform init - - # Terraform plan on pull requests only - - name: Terraform Plan - id: plan - if: github.event_name == 'pull_request' - run: terraform plan -no-color - continue-on-error: true - - # Add terraform plan output back into the pull request - - name: Update Pull Request - uses: actions/github-script@0.9.0 - if: github.event_name == 'pull_request' - env: - PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` - #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` - #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` -
Show Plan - \`\`\` - ${process.env.PLAN} - \`\`\` -
- *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; - - github.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) +- name: Update PR + uses: actions/github-script@v6 + id: plan-comment + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + // 1. Retrieve existing bot comments for the PR + const { data: comments } = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + }); + const botComment = comments.find(comment => { + return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output') + }); + const output = `#### Terraform Cloud Plan Output + \`\`\` + Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. + \`\`\` + [Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }}) + `; + // 3. Delete previous comment so PR timeline makes sense + if (botComment) { + github.rest.issues.deleteComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: botComment.id, + }); + } + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }); # Exit on Plan failure - - name: Terraform Plan Status +- name: Terraform Plan Status if: steps.plan.outcome == 'failure' - run: exit 1 - + run: exit 1 # Terraform apply on push to main branch - - name: Terraform Apply - if: github.ref == 'refs/heads/main' && github.event_name == 'push' - run: terraform apply -auto-approve +- name: Terraform Apply + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -auto-approve