feat(contentful): Create webhooks programatically #936
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform PR Check | |
| on: | |
| pull_request: | |
| paths: | |
| - "terraform/**" | |
| - ".github/workflows/terraform-pr-check.yml" | |
| push: | |
| branches: ["main"] | |
| paths: | |
| - "terraform/**" | |
| concurrency: | |
| group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}" | |
| cancel-in-progress: true | |
| env: | |
| DOTNET_VERSION: ${{ vars.DOTNET_VERSION }} | |
| ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.AZ_CLIENT_SECRET }} | |
| AZ_KEYVAULT_NAME: ${{ secrets.AZ_ACA_RESOURCE_GROUP }}-kv | |
| TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }} | |
| TF_BACKEND_CONTAINER_NAME: ${{ secrets.TF_BACKEND_CONTAINER_NAME }} | |
| TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }} | |
| TF_BACKEND_RESOURCE_GROUP: ${{ secrets.TF_BACKEND_RESOURCE_GROUP }} | |
| TF_VAR_project_name: ${{ secrets.DFE_PROJECT_NAME }} | |
| TF_VAR_environment: ${{ secrets.AZ_ENVIRONMENT }} | |
| TF_VAR_azure_location: ${{ vars.AZ_LOCATION }} | |
| TF_VAR_az_app_kestrel_endpoint: ${{ vars.KESTRELENDPOINT }} | |
| TF_VAR_az_tag_environment: ${{ vars.AZ_TAG_ENVIRONMENT }} | |
| TF_VAR_az_tag_product: ${{ vars.AZ_TAG_PRODUCT }} | |
| TF_VAR_az_sql_admin_userid_postfix: ${{secrets.AZ_SQL_ADMIN_USERID_POSTFIX}} | |
| TF_VAR_az_sql_azuread_admin_username: ${{ secrets.AZ_SERVICE_PRINCIPAL }} | |
| TF_VAR_az_sql_admin_password: ${{secrets.AZ_SQL_ADMIN_PASSWORD}} | |
| TF_VAR_az_sql_azuread_admin_objectid: ${{ secrets.AZ_CLIENT_ID }} | |
| TF_VAR_registry_server: "ghcr.io/dfe-digital" | |
| TF_VAR_image_tag: "latest" | |
| TF_VAR_registry_username: ${{ github.repository_owner }} | |
| TF_VAR_registry_password: ${{ secrets.GITHUB_TOKEN }} | |
| TF_VAR_container_environment: "Dev" | |
| TF_WORKING_DIRECTORY: terraform/container-app | |
| jobs: | |
| validate-terraform: | |
| name: Validate Terraform | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: ${{env.TF_WORKING_DIRECTORY}} | |
| steps: | |
| - name: Clone repo | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.9.7 | |
| - name: Get GitHub Runner IP | |
| id: whats-my-ip | |
| uses: ./.github/actions/whats-my-ip-address | |
| - name: Set GitHub Runner IP to TF Var | |
| shell: bash | |
| run: | | |
| echo "TF_VAR_github_ip=${{ steps.whats-my-ip.outputs.ip}}" >> $GITHUB_ENV | |
| - name: Login with AZ | |
| uses: ./.github/actions/azure-login | |
| with: | |
| az_tenant_id: ${{ secrets.AZ_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| az_client_id: ${{ secrets.AZ_CLIENT_ID }} | |
| az_client_secret: ${{ secrets.AZ_CLIENT_SECRET }} | |
| - name: Add Runner to KV whitelist | |
| uses: azure/CLI@v1 | |
| with: | |
| azcliversion: 2.45.0 | |
| inlineScript: | | |
| az keyvault network-rule add --name ${{ env.AZ_KEYVAULT_NAME }} --ip-address ${{ steps.whats-my-ip.outputs.ip }} &> /dev/null | |
| - name: Terraform init | |
| id: init | |
| run: | | |
| terraform init \ | |
| -backend-config="resource_group_name=${{ env.TF_BACKEND_RESOURCE_GROUP }}" \ | |
| -backend-config="storage_account_name=${{ env.TF_BACKEND_STORAGE_ACCOUNT_NAME }}" \ | |
| -backend-config="container_name=${{ env.TF_BACKEND_CONTAINER_NAME }}" \ | |
| -backend-config="key=${{ env.TF_BACKEND_KEY }}" | |
| - name: Terraform Validate | |
| id: validate | |
| run: terraform validate -no-color -compact-warnings | |
| - name: Terraform plan | |
| id: plan | |
| run: terraform plan -no-color | |
| - name: Terraform fmt | |
| id: fmt | |
| run: terraform fmt -check -diff | |
| - name: Validate Terraform docs | |
| uses: terraform-docs/gh-actions@v1.0.0 | |
| with: | |
| working-dir: ${{ env.TF_WORKING_DIRECTORY }} | |
| config-file: .terraform-docs.yml | |
| output-file: terraform-configuration.md | |
| output-method: inject | |
| git-push: "true" | |
| - name: Update PR with Terraform results | |
| uses: ./.github/actions/post-terraform-results | |
| if: github.event_name == 'pull_request' | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| plan_stdout: ${{ steps.plan.outputs.stdout }} | |
| plan_outcome: ${{ steps.plan.outcome }} | |
| fmt_outcome: ${{ steps.fmt.outcome }} | |
| init_outcome: ${{ steps.init.outcome }} | |
| validate_outcome: ${{ steps.validate.outcome }} | |
| validate_stdout: ${{ steps.validate.outputs.stdout }} | |
| github_actor: ${{ github.actor }} | |
| github_event_name: ${{ github.event_name }} | |
| tf_working_directory: ${{ env.TF_WORKING_DIRECTORY }} | |
| github_workflow: ${{ github.workflow }} | |
| - name: Remove Runner to KV whitelist | |
| uses: azure/CLI@v1 | |
| if: always() | |
| with: | |
| azcliversion: 2.45.0 | |
| inlineScript: | | |
| az keyvault network-rule remove --name ${{ env.AZ_KEYVAULT_NAME }} --ip-address ${{ steps.whats-my-ip.outputs.ip }} &> /dev/null | |
| terraform-lint: | |
| name: Terraform Lint | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: ${{ env.TF_WORKING_DIRECTORY }} | |
| steps: | |
| - name: Clone repo | |
| uses: actions/checkout@v4 | |
| - name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@v4 | |
| with: | |
| tflint_version: v0.44.1 | |
| - name: Run TFLint | |
| run: tflint -f compact | |
| tfsec-pr-commenter: | |
| name: tfsec Check | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Clone repo | |
| uses: actions/checkout@v4 | |
| - name: tfsec | |
| uses: aquasecurity/tfsec-pr-commenter-action@v1.2.0 | |
| with: | |
| github_token: ${{ github.token }} |