Check

Add apply action #211

Workflow file for this run

	name: Check
	on:
	pull_request:
	branches:
	- main
	- develop
	types:
	- opened
	- synchronize
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true
	permissions:
	contents: read
	id-token: write
	pull-requests: write
	jobs:
	setup:
	runs-on: ubuntu-latest
	outputs:
	envs_changed_dirs: ${{ steps.envs_filter.outputs.changes }}
	modules_changed_dirs: ${{ steps.modules_filter.outputs.changes }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Check branch
	run: \|
	echo "Current branch: ${{ GITHUB.HEAD_REF }}"
	echo "Merge Target Branch: ${{ GITHUB.BASE_REF }}"

	- name: Get changed envs files
	uses: dorny/paths-filter@v3
	id: envs_filter
	with:
	filters: .github/paths-filter/envs-path-filter.yml

	- name: Get changed modules files
	uses: dorny/paths-filter@v3
	id: modules_filter
	with:
	filters: .github/paths-filter/modules-path-filter.yml

	- name: Check changed directories
	run: \|
	echo "Changed envs directories: ${{ steps.envs_filter.outputs.changes }}"
	echo "Changed modules directories: ${{ steps.modules_filter.outputs.changes }}"

	- name: Upload workspace
	uses: actions/upload-artifact@v4
	with:
	name: workspace
	path: .
	include-hidden-files: true
	retention-days: 1

	envs-ci:
	needs: setup
	if: ${{ fromJSON(needs.setup.outputs.envs_changed_dirs)[0] != null }}
	runs-on: ubuntu-latest
	strategy:
	matrix:
	envs_changed_dir: ${{ fromJSON(needs.setup.outputs.envs_changed_dirs) }}
	steps:
	- name: Download workspace
	uses: actions/download-artifact@v4
	with:
	name: workspace

	- name: Setup aqua
	uses: aquaproj/aqua-installer@v3.0.1
	with:
	aqua_version: v2.28.0
	aqua_opts: ""
	env:
	AQUA_CONFIG: aqua.yaml
	AQUA_DISABLE_COSIGN: true
	AQUA_DISABLE_SLSA: true

	- name: TFlint
	working-directory: terraform/aws/environments/${{ matrix.envs_changed_dir }}
	env:
	REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	tflint --init --config ${{ github.workspace }}/terraform/.tflint.hcl
	tflint --recursive --config ${{ github.workspace }}/terraform/.tflint.hcl --format=checkstyle \| \
	reviewdog -f=checkstyle \
	-name="tflint" \
	-reporter=github-pr-review \
	-filter-mode=nofilter \
	-fail-on-error=false \
	-level=warning

	- name: tfsec
	uses: tfsec/tfsec-pr-commenter-action@main
	with:
	working_directory: terraform/aws/environments/${{ matrix.envs_changed_dir }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Terraform validate
	working-directory: terraform/aws/environments/${{ matrix.envs_changed_dir }}
	run: terraform validate -no-color

	- name: Terraform fmt
	id: fmt
	working-directory: terraform/aws/environments/${{ matrix.envs_changed_dir }}
	run: terraform fmt -check -recursive

	modules-ci:
	needs: setup
	if: ${{ fromJSON(needs.setup.outputs.modules_changed_dirs)[0] != null }}
	runs-on: ubuntu-latest
	strategy:
	matrix:
	modules_changed_dir: ${{ fromJSON(needs.setup.outputs.modules_changed_dirs) }}
	steps:
	- name: Download workspace
	uses: actions/download-artifact@v4
	with:
	name: workspace

	- name: Setup aqua
	uses: aquaproj/aqua-installer@v3.0.1
	with:
	aqua_version: v2.28.0
	aqua_opts: ""
	env:
	AQUA_CONFIG: aqua.yaml
	AQUA_DISABLE_COSIGN: true
	AQUA_DISABLE_SLSA: true

	- name: TFlint
	working-directory: terraform/aws/modules/${{ matrix.modules_changed_dir }}
	env:
	REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	tflint --init --config ${{ github.workspace }}/terraform/.tflint.hcl
	tflint --recursive --config ${{ github.workspace }}/terraform/.tflint.hcl --format=checkstyle \| \
	reviewdog -f=checkstyle \
	-name="tflint" \
	-reporter=github-pr-review \
	-filter-mode=nofilter \
	-fail-on-error=false \
	-level=warning

	- name: tfsec
	uses: tfsec/tfsec-pr-commenter-action@main
	with:
	working_directory: terraform/aws/modules/${{ matrix.modules_changed_dir }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Terraform validate
	working-directory: terraform/aws/modules/${{ matrix.modules_changed_dir }}
	run: terraform validate -no-color

	- name: Terraform fmt
	id: fmt
	working-directory: terraform/aws/modules/${{ matrix.modules_changed_dir }}
	run: terraform fmt -check -recursive

	# When install terraform using aqua, can't receive the standard output of fmt, so comment it out... Cause unknown.
	# - name: Comment fmt
	# if: ${{ steps.fmt.outputs.stdout }} != ''
	# uses: actions/github-script@v7
	# env:
	# FMT: ${{ steps.fmt.outputs.stdout }}
	# with:
	# github-token: ${{ secrets.GITHUB_TOKEN }}
	# script: \|
	# const output = `
	# #### Terraform fmt 🖌\`${{ steps.fmt.outcome }}\`
	# <details>
	# <summary>Show fmt</summary>
	# \n\`\`\`\nterraform/aws/environments/${{ matrix.target_dir }}/${process.env.FMT}\n\`\`\`
	# </details>`;
	# github.rest.issues.createComment({
	# issue_number: context.issue.number,
	# owner: context.repo.owner,
	# repo: context.repo.repo,
	# body: output
	# });

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add apply action #211

Workflow file

Add apply action #211

Jobs

Run details

Workflow file for this run