WIP

koenighotze · May 10, 2024 · a47be8a · a47be8a
1 parent 0453ff4
commit a47be8a
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 2 deletions.
diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml
@@ -60,4 +60,12 @@ jobs:
       - name: Init
         run: terraform init -backend-config="bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}"
       - name: Apply
-        run: terraform apply --auto-approve
+        run: terraform apply -auto-approve
+      - name: Show Terraform Output as Summary
+        run: |
+          {
+            echo "### Terraform Output";
+            echo "\`\`\`";
+            terraform output;
+            echo "\`\`\`";
+          }  > "${GITHUB_STEP_SUMMARY}"
diff --git a/.github/workflows/bootstrap.yml b/.github/workflows/bootstrap.yml
@@ -2,6 +2,11 @@ name: Bootstrap setup
 
 on:
   workflow_dispatch:
+    inputs:
+      apply_plan:
+        description: "Apply plan?"
+        required: false
+        default: "no"
   push:
     paths:
       - bootstrap/**
@@ -78,6 +83,11 @@ jobs:
         run: terraform validate -no-color
 
   plan:
+    needs:
+      - compliance-scan
+      - lint
+      - qa
+
     runs-on: ubuntu-20.04
 
     steps:
@@ -105,3 +115,33 @@ jobs:
             terraform show -no-color tfplan;
             echo "\`\`\`";
           }  > "${GITHUB_STEP_SUMMARY}"
+
+  apply:
+    if: ${{ github.event.inputs.apply_plan == 'yes' }}
+    needs: plan
+
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Authenticating
+        uses: google-github-actions/[email protected]
+        with:
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.SEED_SA_EMAIL_ADDRESS }}
+      - name: Setting up GCP environment
+        uses: google-github-actions/[email protected]
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Init
+        run: terraform init -backend-config="bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}"
+      - name: Apply
+        run: terraform apply -auto-approve
+      - name: Show Terraform Output as Summary
+        run: |
+          {
+            echo "### Terraform Output";
+            echo "\`\`\`";
+            terraform output;
+            echo "\`\`\`";
+          }  > "${GITHUB_STEP_SUMMARY}"
diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
@@ -104,4 +104,12 @@ jobs:
       - name: Init
         run: terraform init -backend-config="bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}"
       - name: Plan
-        run: terraform plan -no-color
+        run: terraform plan -no-color -out=tfplan
+      - name: Show Terraform Plan as Summary
+        run: |
+          {
+            echo "### Terraform Plan Output";
+            echo "\`\`\`";
+            terraform show -no-color tfplan;
+            echo "\`\`\`";
+          }  > "${GITHUB_STEP_SUMMARY}"