diff --git a/yc-terraform-ci-v2/action.yml b/yc-terraform-ci-v2/action.yml deleted file mode 100644 index 04e94ee3..00000000 --- a/yc-terraform-ci-v2/action.yml +++ /dev/null @@ -1,231 +0,0 @@ -name: 'Composite Terraform' -description: 'Composite Terraform GitHub Actions' -inputs: - terraformVersion: - description: '' - required: true - githubToken: - description: '' - required: true - mindboxOrgGithubToken: - description: 'Used to download organization wide resources, like terraform-modules repo' - required: false - default: '' - workingDir: - description: '' - required: true - serviceAccountKey: - description: '' - required: false - default: '' - serviceAccountKeyFile: - description: '' - required: false - default: "deployment_key.json" - tfBackendAccessKey: - description: '' - required: true - tfBackendSecretKey: - description: '' - required: true - planAdditionalVars: - description: '' - required: false - default: '' - legacyReplaceSecretKey: - description: 'Legacy ci step for Replace secrets in IAM key file' - required: false - default: '' - isLegacyProject: - description: 'Legacy ci step for Replace secrets in IAM key file' - required: false - default: '0' # 0 == false, 1 == true -outputs: {} -runs: - using: "composite" - steps: - - name: "Setup Terraform" - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: ${{ inputs.terraformVersion }} - terraform_wrapper: false - - - name: "Terraform Format" - id: fmt - run: terraform fmt - # continue-on-error: true - working-directory: ${{ inputs.workingDir }} - shell: bash - - - name: "Setup github token for module repo" - run: | - if [[ ${{ inputs.isLegacyProject }} -ne "1" ]] && [[ ${{ inputs.isLegacyProject }} -ne "3" ]] ; then - echo "--- RUN STEP: Setup github token for module repo" - - git config --local --remove-section http."https://github.com/" - git config --global url."https://octopus-mindbox:${OCTOPUS_MINDBOX_GITHUB_TOKEN}@github.com/mindbox-cloud".insteadOf "https://github.com/mindbox-cloud" - fi - env: - OCTOPUS_MINDBOX_GITHUB_TOKEN: ${{ inputs.mindboxOrgGithubToken }} - working-directory: ${{ inputs.workingDir }} - shell: bash - - - name: "Terraform Init" - id: init - run: terraform init - -backend-config="access_key=${{ inputs.tfBackendAccessKey }}" - -backend-config="secret_key=${{ inputs.tfBackendSecretKey }}" - working-directory: ${{ inputs.workingDir }} - shell: bash - - - name: "Terraform Validate" - id: validate - run: terraform validate - working-directory: ${{ inputs.workingDir }} - shell: bash - - - name: "Replace secrets in IAM key file" - run: | - if [[ ${{ inputs.isLegacyProject }} -eq "1" || ${{ inputs.isLegacyProject }} -eq "2" ]]; then - echo "--- RUN OLD STEP: Replace secrets in IAM key file" - private_key=$(echo '${{ inputs.legacyReplaceSecretKey }}' | sed 's:[\/&]:\\&:g;$!s/$/\\/') - sed -i 's:#{PRIVATE_KEY}:'"$private_key"':' ${{ inputs.serviceAccountKeyFile }} - fi - working-directory: ${{ inputs.workingDir }} - shell: bash - - - name: "Replace secrets in IAM key file" - run: | - if [[ ${{ inputs.isLegacyProject }} -eq "0" ]]; then - echo "--- RUN NEW STEP: Replace secrets in IAM key file" - echo '${{ inputs.serviceAccountKey }}' > ${{ inputs.serviceAccountKeyFile }} - fi - working-directory: ${{ inputs.workingDir }} - shell: bash - - # - name: "---REMOVE THIS JOB---" - # run: | - # for line in ${{ inputs.planAdditionalVars }} - # do - # echo "for line is: $line" - # done - # # echo ${{ inputs.planAdditionalVars }} - # working-directory: ${{ inputs.workingDir }} - # shell: bash - - # FIXME: - # https://github.com/actions/runner/issues/646 - - name: "Terraform Plan" - id: plan - run: | - set +e - PLAN="terraform plan ${{ inputs.planAdditionalVars }} -out=plan.tfplan -detailed-exitcode" - $PLAN - echo "planExitCode=$?" >> $GITHUB_OUTPUT - exit 0 - working-directory: ${{ inputs.workingDir }} - shell: bash - - - name: "Fail if plan failed" - id: failIfPlanFailed - run: | - set -x - if [[ ${{ steps.plan.outputs.planExitCode }} -eq 1 ]]; then - echo "debug plan failed" - exit 1 - fi - working-directory: ${{ inputs.workingDir }} - shell: bash - - - name: "Setup Terraform" - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: ${{ inputs.terraformVersion }} - - - name: "Terraform Show" - id: show - run: | - if [[ ${{ steps.plan.outputs.planExitCode }} -ne 0 ]]; then - terraform show plan.tfplan - fi - working-directory: ${{ inputs.workingDir }} - shell: bash - - - name: "Kafka check" - id: kafkaCheck - run: | - if [[ ${{ steps.plan.outputs.planExitCode }} -ne 0 ]]; then - if test "$(terraform show plan.tfplan | grep -oP '# module\.kafka.*[broker|zookeeper]\[\K(".*")(?=\]\..*updated in\-place)' | sort -u | wc -l)" -gt 1; then - RED='\033[0;31m' - echo -e "${RED} You must update kafka brokers and zookeepers one by one only!" - exit 1 - fi - fi - working-directory: ${{ inputs.workingDir }} - shell: bash - - - name: "Truncate plan" - id: truncate-plan - working-directory: ${{ inputs.workingDir }} - shell: bash - run: | - plan="$(terraform show plan.tfplan)" - original_length=${#plan} - if (($original_length > 65536)); then truncated=true; else truncated=false; fi - echo "truncated=${truncated}" >> $GITHUB_OUTPUT - echo "${plan:0:65536}" - - # for escape github debug stdout - - name: "Create truncated plan file" - id: create-truncated-plan-file - working-directory: ${{ inputs.workingDir }} - shell: bash - run: | - plan_file_name='plan.stdout' - cat << EOF > $plan_file_name - ${{ steps.truncate-plan.outputs.stdout }} - EOF - echo "plan_file_name=${plan_file_name}" >> $GITHUB_OUTPUT - - - name: "Install fs module" - run: npm install fs - shell: bash - - - uses: actions/github-script@v6 - name: "Comment plan" - env: - SHOW_PLAN: "${{ steps.truncate-plan.outputs.truncated != 'true' }}" - CONDITION: "${{ steps.plan.outputs.planExitCode }}" - with: - github-token: ${{ inputs.githubToken }} - script: | - if (process.env.CONDITION == "2") { - let planMessage; - if (process.env.SHOW_PLAN == "true") { - const { readFile } = require("fs/promises") - const plan = await readFile('${{ inputs.workingDir }}/${{ steps.create-truncated-plan-file.outputs.plan_file_name }}') - planMessage = `\`\`\`terraform\n ${plan} \n\`\`\`` - } - else { - planMessage = "Please, refer to [Github Action logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})" - } - - const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` - #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` - #### Terraform Validation 🤖${{ steps.validate.outputs.stdout }} - #### Terraform Plan 📖\`Success with non-empty diff\` - -
Show Plan - - ${planMessage} - -
- - *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ inputs.workingDir }}\`, Workflow: \`${{ github.workflow }}\`*`; - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) - } diff --git a/yc-terraform-ci/action.yml b/yc-terraform-ci/action.yml index 6a7fda49..dfa2bace 100644 --- a/yc-terraform-ci/action.yml +++ b/yc-terraform-ci/action.yml @@ -124,7 +124,7 @@ runs: - name: "Terraform Validate" id: validate - run: terraform validate -no-color + run: terraform validate working-directory: ${{ inputs.workingDir }} shell: bash @@ -163,7 +163,7 @@ runs: id: plan run: | set +e - PLAN="terraform plan ${{ inputs.planAdditionalVars }} -no-color -out=plan.tfplan -detailed-exitcode" + PLAN="terraform plan ${{ inputs.planAdditionalVars }} -out=plan.tfplan -detailed-exitcode" $PLAN echo "planExitCode=$?" >> $GITHUB_OUTPUT exit 0 @@ -185,7 +185,7 @@ runs: id: show run: | if [[ ${{ steps.plan.outputs.planExitCode }} -ne 0 ]]; then - terraform show -no-color plan.tfplan + terraform show plan.tfplan fi working-directory: ${{ inputs.workingDir }} shell: bash @@ -194,7 +194,7 @@ runs: id: kafkaCheck run: | if [[ ${{ steps.plan.outputs.planExitCode }} -ne 0 ]]; then - if test "$(terraform show -no-color plan.tfplan | grep -oP '# module\.kafka.*[broker|zookeeper]\[\K(".*")(?=\]\..*updated in\-place)' | sort -u | wc -l)" -gt 1; then + if test "$(terraform show plan.tfplan | grep -oP '# module\.kafka.*[broker|zookeeper]\[\K(".*")(?=\]\..*updated in\-place)' | sort -u | wc -l)" -gt 1; then RED='\033[0;31m' echo -e "${RED} You must update kafka brokers and zookeepers one by one only!" exit 1 @@ -208,7 +208,7 @@ runs: working-directory: ${{ inputs.workingDir }} shell: bash run: | - plan="$(terraform show -no-color plan.tfplan)" + plan="$(terraform show plan.tfplan)" plan=$(echo "$plan" | sed -r 's/^([[:blank:]]*)([-+~])/\2\1/g') plan=$(echo "$plan" | sed -r 's/^~/!/g') original_length=${#plan}