Skip to content

Use pipelines binary for delegated repo setup #151

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Oct 6, 2025
Merged

Use pipelines binary for delegated repo setup #151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
d30728e
Use pipelines binary for delegated repo setup
oredavids Sep 15, 2025
e93b370
Fix job arg to provision-repo action
oredavids Sep 16, 2025
8df4cf6
Use updated actions
oredavids Sep 17, 2025
b5a04cb
Update actions
oredavids Sep 17, 2025
729a17e
Add test PR number
oredavids Sep 17, 2025
c9752ab
Use updated actions
oredavids Oct 5, 2025
8823bf3
Remove gruntwork_context input from provision-account action
oredavids Oct 5, 2025
4ebc0d0
Update check for delegated setup job
oredavids Oct 5, 2025
835d63d
Update version reference
oredavids Oct 6, 2025
2898874
Update pipelines binary versions
oredavids Oct 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/pipelines-drift-detection.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ on:
description: "Override where we fetch pipelines from, used for internal testing"
pipelines_cli_version:
type: string
default: "v0.40.0-rc17"
default: "v0.40.0-rc25"
description: "For Gruntwork internal testing - the version of the pipelines CLI to use"
pipelines_actions_ref:
type: string
Expand Down
32 changes: 14 additions & 18 deletions .github/workflows/pipelines-root.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ on:
description: "Override where we fetch pipelines from, used for internal testing"
pipelines_cli_version:
type: string
default: "v0.40.0-rc17"
default: "v0.40.0-rc25"
description: "For Gruntwork internal testing - the version of the pipelines CLI to use"
pipelines_actions_ref:
type: string
Expand Down Expand Up @@ -320,7 +320,6 @@ jobs:
PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-propose-infra-change-token.outputs.PIPELINES_TOKEN }}
job: ${{ toJson(matrix.jobs) }}
workflow_job_name: ${{ env.JOB_NAME }}
gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}

- name: "[ProvisionAccount]: Post Provision New Account Custom Action"
uses: ./pipelines-actions/.github/custom-actions/post-provision-new-account
Expand Down Expand Up @@ -559,7 +558,7 @@ jobs:
needs: [pipelines_orchestrate, pipelines_apply_baselines, pipelines_execute]
runs-on: ${{ fromJSON(inputs.runner) }}
# GHA can't check for length, so we just check if there is an item in the 0 index
if: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts[0] != null && needs.pipelines_execute.outputs.delegate_management == 'true' && needs.pipelines_execute.outputs.terragrunt_command == 'run-all apply' }}
if: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts[0] != null && needs.pipelines_execute.outputs.delegate_management == 'true' && contains(needs.pipelines_execute.outputs.terragrunt_command, 'apply') }}
steps:
- name: Record workflow env vars
env:
Expand Down Expand Up @@ -639,21 +638,22 @@ jobs:
# the delegated_repo_name (which is the same in all the new request files)
new_account_name: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts[0].Name }}

- name: "Create Access Control PR"
id: access_control_pr
- name: "Provision access control account(s) and create PR"
id: access_control_account
uses: ./pipelines-actions/.github/actions/pipelines-provision-access-control-action
with:
gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}
job: ${{ toJson(fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0]) }}
PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }}
PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
ORG_REPO_ADMIN_TOKEN: ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }}

- name: "Create and bootstrap delegated Repo"
- name: "Create delegated repo and bootstrap"
id: provision_delegated_repo
uses: ./pipelines-actions/.github/actions/pipelines-provision-repo-action
with:
gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}
access_control_pull_request_url: ${{ steps.access_control_pr.outputs.pull_request_url }}
job: ${{ toJson(fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0]) }}
access_control_pull_request_url: ${{ steps.access_control_account.outputs.pull_request_url }}
new_account_name: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts[0].Name }}
PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }}
PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
ORG_REPO_ADMIN_TOKEN: ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }}
Expand All @@ -663,22 +663,18 @@ jobs:
uses: ./pipelines-actions/.github/custom-actions/post-create-delegated-repo
with:
gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}
access_control_pull_request_url: ${{ steps.access_control_pr.outputs.pull_request_url }}
access_control_pull_request_url: ${{ steps.access_control_account.outputs.pull_request_url }}
PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }}
PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
ORG_REPO_ADMIN_TOKEN: ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }}

- name: "Create Delegated Repo PR"
- name: "Create delegated repo pull request"
uses: ./pipelines-actions/.github/actions/pipelines-new-pr-action
with:
gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}
job: ${{ toJson(fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0]) }}
delegated_repo_path: ${{ steps.provision_delegated_repo.outputs.delegated_repo_path }}
access_control_pr_url: ${{ steps.access_control_account.outputs.pull_request_url }}
GH_TOKEN: ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }}
path: ${{ steps.provision_delegated_repo.outputs.path }}
new_branch_name: ${{ steps.provision_delegated_repo.outputs.new_branch_name }}
commit_message: ${{ steps.provision_delegated_repo.outputs.commit_message }}
pr_body: ${{ steps.provision_delegated_repo.outputs.pr_body }}
requesting_pr_number: ${{ steps.provision_delegated_repo.outputs.requesting_pr_number }}
step_summary_content: ${{ steps.provision_delegated_repo.outputs.step_summary_content }}

pipelines_status_check:
name: "Pipelines Status Check"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pipelines-unlock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ on:
default: '"ubuntu-latest"'
pipelines_cli_version:
type: string
default: "v0.40.0-rc17"
default: "v0.40.0-rc25"
description: "For Gruntwork internal testing - the version of the pipelines CLI to use"
pipelines_actions_ref:
type: string
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pipelines.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ on:
description: "Override where we fetch pipelines from, used for internal testing"
pipelines_cli_version:
type: string
default: "v0.40.0-rc17"
default: "v0.40.0-rc25"
description: "For Gruntwork internal testing - the version of the pipelines CLI to use"
pipelines_actions_ref:
type: string
Expand Down