Skip to content

workflows: bump reviewdog/action-tflint from 1.23.2 to 1.24.0 #368

workflows: bump reviewdog/action-tflint from 1.23.2 to 1.24.0

workflows: bump reviewdog/action-tflint from 1.23.2 to 1.24.0 #368

Workflow file for this run

name: Test or update Fluent Bit infra
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
jobs:
run-terraform:
name: update fluentbit infra with terraform
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: ./.github/actions/terraform-setup
with:
gcp_sa_key: ${{ secrets.GCP_SA_KEY }}
terraform_cloud_api_token: ${{ secrets.TF_API_TOKEN }}
cloudflare_token: ${{ secrets.CLOUDFLARE_TOKEN }}
metal_token: ${{ secrets.PACKET_NET_TOKEN }}
github_personal_access_token: ${{ secrets.GH_PA_TOKEN }}
aws_s3_access_id_staging: ${{ secrets.AWS_S3_ACCESS_ID_STAGING }}
aws_s3_secret_access_key_staging: ${{ secrets.AWS_S3_SECRET_ACCESS_KEY_STAGING }}
gpg_private_key_staging: ${{ secrets.GPG_PRIVATE_KEY_STAGING }}
gpg_private_key_passphrase_staging: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE_STAGING }}
aws_s3_access_id_releases: ${{ secrets.AWS_S3_ACCESS_ID_RELEASES }}
aws_s3_secret_access_key_releases: ${{ secrets.AWS_S3_SECRET_ACCESS_KEY_RELEASES }}
gpg_private_key_releases: ${{ secrets.GPG_PRIVATE_KEY_RELEASES }}
gpg_private_key_passphrase_releases: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE_RELEASES }}
release_server_username: ${{ secrets.RELEASE_SERVER_USERNAME }}
release_server_ssh_key: ${{ secrets.RELEASE_SERVER_SSHKEY }}
release_dockerhub_username: ${{ secrets.RELEASE_DOCKERHUB_USERNAME }}
release_dockerhub_token: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
release_dockerhub_org: ${{ secrets.RELEASE_DOCKERHUB_ORGANIZATION }}
release-cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
appveyor-account: ${{ secrets.APPVEYOR_ACCOUNT }}
appveyor-token: ${{ secrets.APPVEYOR_TOKEN }}
unstable-release-token: ${{ secrets.UNSTABLE_RELEASE_TOKEN }}
fluent-bit-ci-opensearch-aws-access-id: ${{ secrets.FLUENT_BIT_CI_OPENSEARCH_AWS_ACCESS_ID }}
fluent-bit-ci-opensearch-aws-secret-key: ${{ secrets.FLUENT_BIT_CI_OPENSEARCH_AWS_SECRET_KEY }}
fluent-bit-ci-opensearch-admin-password: ${{ secrets.FLUENT_BIT_CI_OPENSEARCH_ADMIN_PASSWORD }}
fluent-bit-ci-azure-client-id: ${{ secrets.FLUENT_BIT_CI_AZURE_CLIENT_ID }}
fluent-bit-ci-azure-client-secret: ${{ secrets.FLUENT_BIT_CI_AZURE_CLIENT_SECRET }}
fluent-bit-ci-azure-subscription-id: ${{ secrets.FLUENT_BIT_CI_AZURE_SUBSCRIPTION_ID }}
fluent-bit-ci-azure-tenant-id: ${{ secrets.FLUENT_BIT_CI_AZURE_TENANT_ID }}
grafana-cloud-prometheus-username: ${{ secrets.GRAFANA_CLOUD_PROM_USERNAME }}
grafana-cloud-prometheus-apikey: ${{ secrets.GRAFANA_CLOUD_PROM_APIKEY }}
public-readonly-dockerhub-username: ${{ secrets.READONLY_DOCKERHUB_USERNAME }}
public-readonly-dockerhub-token: ${{ secrets.READONLY_DOCKERHUB_TOKEN }}
- name: Terraform fmt
id: fmt
run: |
find . -name "*.tf" -exec terraform fmt -check {} \;
working-directory: terraform
- name: Terraform Init
id: init
run: terraform init
working-directory: terraform
- name: Terraform Validate
id: validate
run: terraform validate -no-color
working-directory: terraform
- name: Terraform Plan
if: github.event_name == 'pull_request'
id: plan
run: terraform plan -no-color
working-directory: terraform
continue-on-error: true
- uses: actions/github-script@v7
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
# Only apply on push (or workflow_dispatch), not pull request
- name: Terraform Apply
if: github.event_name != 'pull_request'
id: apply
run: terraform apply -input=false -auto-approve
working-directory: terraform
- name: Terraform Debug
if: failure()
run: cat terraform/default.auto.tfvars
shell: bash