GHA test2 #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check | |
| on: | |
| # push: | |
| # branches: | |
| # - 'main' | |
| # Only run when Push or make PR | |
| pull_request: | |
| branches: main | |
| # Cancel if workflow is running in the same group. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write | |
| env: | |
| WORKING_DIRECTORY: "${{ github.workspace }}/terraform/aws/environments/mng/oidc" | |
| jobs: | |
| check: | |
| runs-on: ubuntu-latest | |
| # Use environment variables registered in Environments Secrets on GitHub | |
| environment: mng | |
| steps: | |
| ################################################## | |
| # setup | |
| ################################################## | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check Repository | |
| run: | | |
| echo "This repository" | |
| git branch | |
| echo "Current branch: ${GITHUB_HEAD_REF:-$GITHUB_REF}" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.OIDC_ROLE_ARN }} | |
| aws-region: ap-northeast-1 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: 1.9.0 | |
| - name: Init Terraform | |
| run: terraform init | |
| working-directory: ${{ env.WORKING_DIRECTORY }} | |
| ################################################## | |
| # TFLint | |
| ################################################## | |
| # - name: Setup TFLint | |
| # uses: terraform-linters/setup-tflint@v4 | |
| # with: | |
| # tflint_version: v0.52.0 | |
| # - name: Show TFLint version | |
| # run: tflint --version | |
| # - name: Init TFLint | |
| # run: tflint --init --config ${{ github.workspace }}/terraform/.tflint.hcl | |
| # - name: Run TFLint | |
| # id: TFLINT | |
| # run: tflint --recursive --format compact --config ${{ github.workspace }}/terraform/.tflint.hcl | |
| # continue-on-error: true # Don't stop when an error occurs | |
| # - name: Comment tflint | |
| # uses: actions/github-script@v7 | |
| # env: | |
| # TFLINT: ${{ steps.tflint.outputs.stdout }} | |
| # with: | |
| # github-token: ${{ secrets.GITHUB_TOKEN }} # Use tokens automatically generated by Github | |
| # script: | | |
| # const output = ` | |
| # #### Terraform tflint 📖\`${{ steps.tflint.outcome }}\` | |
| # <details> | |
| # <summary>Show tflint</summary> | |
| # \n\`\`\`${process.env.TFLINT}\`\`\` | |
| # </details>`; | |
| # github.rest.issues.createComment({ | |
| # issue_number: context.issue.number, | |
| # owner: context.repo.owner, | |
| # repo: context.repo.repo, | |
| # body: output | |
| # }); | |
| # - name: Comment TFLint | |
| # uses: reviewdog/action-tflint@master | |
| # with: | |
| # github_token: ${{ secrets.github_token }} | |
| # working_directory: "/terraform/aws" | |
| # reporter: github-pr-review | |
| # tflint_init: true | |
| # tflint_version: "v0.52.0" | |
| # tflint_config: ${{ github.workspace }}/terraform/.tflint.hcl | |
| # flags: "--recursive --format=checkstyle" | |
| # fail_on_error: false # Don't stop when an error occurs | |
| - name: TFlint | |
| working-directory: "${{ github.workspace }}/terraform/aws" | |
| env: | |
| REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.github_token }} | |
| run: | | |
| tflint --init --config ${{ github.workspace }}/terraform/.tflint.hcl | |
| tflint --config ${{ github.workspace }}/terraform/.tflint.hcl --format=checkstyle | \ | |
| reviewdog -f=checkstyle \ | |
| -name="tflint" \ | |
| -reporter=github-pr-review \ | |
| -filter-mode=nofilter \ | |
| -fail-on-error | |
| ################################################## | |
| # tfsec | |
| ################################################## | |
| - name: Run tfsec | |
| uses: tfsec/tfsec-pr-commenter-action@main | |
| with: | |
| working_directory: ${{env.WORKING_DIRECTORY}} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| ################################################## | |
| # fmt | |
| ################################################## | |
| - name: Format Terraform | |
| id: fmt | |
| run: terraform fmt -check -recursive # Output a list of filenames whose files are not properly formatted. | |
| continue-on-error: true # Don't stop when an error occurs | |
| - name: Comment fmt | |
| uses: actions/github-script@v7 | |
| env: | |
| FMT: ${{ steps.fmt.outputs.stdout }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} # Use tokens automatically generated by Github | |
| script: | | |
| const output = ` | |
| #### Terraform fmt 🖌\`${{ steps.fmt.outcome }}\` | |
| <details> | |
| <summary>Show fmt</summary> | |
| \n\`\`\`\n${process.env.FMT}\`\`\` | |
| </details>`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }); | |
| ################################################## | |
| # plan | |
| ################################################## | |
| - name: Plan Terraform | |
| id: plan | |
| run: terraform plan -no-color | |
| working-directory: ${{ env.WORKING_DIRECTORY }} | |
| continue-on-error: true # Don't stop when an error occurs. | |
| - name: Comment plan | |
| uses: actions/github-script@v7 | |
| env: | |
| PLAN: ${{ steps.plan.outputs.stdout }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} # Use tokens automatically generated by Github | |
| script: | | |
| const output = ` | |
| #### Terraform plan 📖\`${{ steps.plan.outcome }}\` | |
| <details> | |
| <summary>Show plan</summary> | |
| \n\`\`\`${process.env.PLAN}\`\`\` | |
| </details>`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }); |