action.yml

name: 'Resourcely Change Management'
description: 'Scan the PR against all related guardrails'
inputs:
  gh_access_token:
    description: 'Access token for Github'
    required: false
  tf_api_token:
    description: 'Terraform Cloud API token; if not specified, will not attempt to fetch the plan from Terraform Cloud'
    required: false
  resourcely_api_token:
    description: 'Resourcely API token'
    required: true
  resourcely_api_host:
    description: 'Resourcely API URL'
    required: false
    default: "https://api.resourcely.io"
  docker_tag:
    description: 'Tag of the Docker image to use for both wait-for-terraform and resourcely-cli (deprecated in favor of using docker_tag_wait_for_terraform and docker_tag_resourcely_cli)'
    required: false
    default: 'latest'
  docker_tag_wait_for_terraform:
    description: 'Tag of the wait-for-terraform Docker image to use'
    required: false
    default: ''
  docker_tag_resourcely_cli:
    description: 'Tag of the resourcely-cli Docker image to use'
    required: false
    default: ''
  tf_plan_directory:
    description: 'Directory to store the Terraform plan files'
    required: false
    default: 'tf-plan-files'
  tf_plan_pattern:
    description: 'Pattern for Terraform plan files (e.g., plan*)'
    required: false
    default: 'plan*'
  manifest:
    description: 'JSON manifest describing plans to expect'
    required: false
  modules_file:
    description: 'JSON file produced by terraform describing the modules in the current configuration'
    required: false
runs:
  using: "composite"
  steps:
    - name: Create directory for plan files if not present
      shell: bash
      run: |
        if [[ -d "${{ inputs.tf_plan_directory }}" ]]; then
          echo "Directory already exist"
        else
          mkdir ${{ inputs.tf_plan_directory }}
        fi

    - name: Wait for checks to complete
      shell: bash
      if:  ${{ inputs.tf_api_token != '' }}
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
      run: |
        docker pull ghcr.io/resourcely-inc/wait-for-terraform-plan:${{ inputs.docker_tag_wait_for_terraform != '' && inputs.docker_tag_wait_for_terraform || inputs.docker_tag }}
        ENCODED_GITHUB_CONTEXT=$(echo -n "$GITHUB_CONTEXT" | base64)
        docker run \
          -e GITHUB_TOKEN="${{ inputs.gh_access_token }}" \
          -e GITHUB_CONTEXT="${ENCODED_GITHUB_CONTEXT}" \
          -e TF_API_TOKEN="${{ inputs.tf_api_token }}" \
          -e RESOURCELY_API_HOST="${{ inputs.resourcely_api_host }}" \
          -e RESOURCELY_API_TOKEN="${{ inputs.resourcely_api_token }}" \
          -v "$(pwd)/${{ inputs.tf_plan_directory }}:/app/tf-plan-files" \
          ghcr.io/resourcely-inc/wait-for-terraform-plan:${{ inputs.docker_tag_wait_for_terraform != '' && inputs.docker_tag_wait_for_terraform || inputs.docker_tag }}

    - name: Save Manifest to file
      if: ${{ inputs.tf_api_token == '' && inputs.manifest != '' }}
      uses: fishcharlie/CmdToFile@v1.0.0
      with:
        data: ${{inputs.manifest}}
        output: ${{inputs.tf_plan_directory}}/manifest.json

    - name: Evaluate Code With Resourcely Guardrails
      shell: bash
      if: success()
      run: |
        docker pull ghcr.io/resourcely-inc/resourcely-cli:${{ inputs.docker_tag_resourcely_cli != '' && inputs.docker_tag_resourcely_cli || inputs.docker_tag }}

        PLANS_ARGS=""
        if [[ -f "${{ inputs.tf_plan_directory }}/manifest.json" ]]; then
          PLANS_ARGS="--plan_manifest /data/tf-plan-files/manifest.json"
        else
          PLANS_ARGS=$(ls -1 ${{ inputs.tf_plan_directory }}/${{ inputs.tf_plan_pattern }} | xargs -I tok basename tok | sed "s|^|--plan /data/tf-plan-files/|" | tr '\n' ' ')
        fi

        MODULES_FILE_PATH="$(pwd)/${{ inputs.modules_file }}"
        MODULES_FILE_ARG=""
        MODULES_FILE_MOUNT=""
        if [[ -n "${{ inputs.modules_file }}" ]]; then
          if [[ ! -f "$MODULES_FILE_PATH" ]]; then
            echo -e "\033[31mModules file not found at $MODULES_FILE_PATH\033[0m"
          else
            MODULES_FILE_ARG="--modules_file=/data/modules.json"
            MODULES_FILE_MOUNT="-v $MODULES_FILE_PATH:/data/modules.json"
          fi
        fi

        docker run --rm \
          -v "$(pwd)/${{ inputs.tf_plan_directory }}:/data/tf-plan-files" $MODULES_FILE_MOUNT \
          -e RESOURCELY_API_TOKEN="${{ inputs.resourcely_api_token }}" \
          ghcr.io/resourcely-inc/resourcely-cli:${{ inputs.docker_tag_resourcely_cli != '' && inputs.docker_tag_resourcely_cli || inputs.docker_tag }} evaluate \
            --api_host "${{ inputs.resourcely_api_host }}" \
            --change_request_url "${{ github.event.pull_request.html_url }}" \
            --change_request_sha "${{ github.event.pull_request.head.sha }}" \
            --log ${{ runner.debug == '1' && 'debug' || 'info' }} \
            $PLANS_ARGS \
            $MODULES_FILE_ARG