Skip to content
Terraform Workflow with OIDC and Artifact Upload

Update main.tf #19

Sign in to view logs

Update main.tf

Update main.tf #19

Workflow file for this run

.github/workflows/testdemo.yaml at 6a88998
name: Terraform Workflow with OIDC and Artifact Upload
on:
push:
branches:
- main
jobs:
terraform:
runs-on: ubuntu-latest
permissions:
id-token: write # Required for OIDC
contents: read # Required to access repository contents
steps:
# Step 1: Checkout the repository
- name: Checkout Code
uses: actions/checkout@v3
# Step 2: Setup Terraform
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.6
# Step 3: Configure AWS Credentials using OIDC
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.ROLE_NAME }}
aws-region: ${{ secrets.AWS_REGION }}
# Step 4: Initialize Terraform (INFO logging)
- name: Terraform Init
env:
TF_LOG: INFO # Set Terraform logging to INFO for general info messages
run: terraform init
# Step 5: Terraform Validate (DEBUG logging)
- name: Terraform Validate
env:
TF_LOG: DEBUG # Set Terraform logging to DEBUG for detailed logs
TF_LOG_PATH: terraform_validate.log
FAILURE_FLAG: false
run: |
terraform validate || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
true # Always continue execution
# Step 6: Terraform Plan (INFO logging)
- name: Terraform Plan
env:
TF_LOG: INFO # Set Terraform logging to INFO for plan-related logs
TF_LOG_PATH: terraform_plan.log
FAILURE_FLAG: false
run: |
terraform plan -out=tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
true # Always continue execution
# Step 7: Terraform Apply (TRACE logging)
- name: Terraform Apply
env:
TF_LOG: TRACE # Set Terraform logging to TRACE for detailed logs
TF_LOG_PATH: terraform_apply.log
FAILURE_FLAG: false
run: |
terraform apply -auto-approve tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
true # Always continue execution
# Step 8: Ensure Logs Directory Exists (DEBUG logging)
- name: Ensure Logs Directory Exists
env:
TF_LOG: DEBUG # Set Terraform logging to DEBUG for detailed process steps
run: mkdir -p $GITHUB_WORKSPACE/logs
# Step 9: Copy Logs to Logs Directory (WARN logging)
- name: Copy Logs to Logs Directory
env:
TF_LOG: WARN # Set Terraform logging to WARN to capture potential issues
run: |
cp terraform_validate.log $GITHUB_WORKSPACE/logs/ || true
cp terraform_plan.log $GITHUB_WORKSPACE/logs/ || true
cp terraform_apply.log $GITHUB_WORKSPACE/logs/ || true
echo "Files in logs directory:"
ls -alh $GITHUB_WORKSPACE/logs/
# Step 10: Print Logs on Failure (ERROR logging)
- name: Print Logs on Failure
if: failure() # Only print logs if failure occurs
env:
TF_LOG: ERROR # Set Terraform logging to ERROR to capture critical failure messages
run: |
echo "Terraform failed. Logs are as follows:"
cat $GITHUB_WORKSPACE/logs/terraform_validate.log || true
cat $GITHUB_WORKSPACE/logs/terraform_plan.log || true
cat $GITHUB_WORKSPACE/logs/terraform_apply.log || true
# Step 11: Upload Terraform Logs as Artifacts (Always, even on failure)
- name: Upload Terraform Logs as Artifacts
if: always() # Ensure this runs even if the workflow fails
uses: actions/upload-artifact@v3
with:
name: terraform-logs
path: logs/
# Step 12: Force Workflow Failure if Any Step Failed
- name: Fail Workflow if Any Step Failed
if: ${{ env.FAILURE_FLAG == 'true' }}
run: |
echo "One or more Terraform steps failed. Marking workflow as failed."
exit 1 # Exit with failure status