Terraform Dev #469
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Dev | |
| on: | |
| workflow_run: | |
| workflows: ["Docker Image"] | |
| types: | |
| - completed | |
| jobs: | |
| terraform_dev: | |
| name: Checks & Plan | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| defaults: | |
| run: | |
| working-directory: ./infra | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v1 | |
| with: | |
| terraform_version: 1.4.6 | |
| # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -backend-config backend-config-dev.tfvars | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }} | |
| # Checks that all Terraform configuration files adhere to a canonical format | |
| - name: Terraform Format | |
| id: fmt | |
| run: terraform fmt -check -diff -recursive | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }} | |
| # Validates the TF configuration files, referring only to the configuration and not accessing any remote services such as remote state. | |
| # Runs checks that verify whether a configuration is syntactically valid and internally consistent, regardless of any provided variables or existing state. | |
| - name: Terraform Validate | |
| id: validate | |
| run: terraform validate -no-color | |
| # Select the relevant Terraform workspace. | |
| - name: Terraform Select Workspace | |
| id: select | |
| run: terraform workspace select dev | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }} | |
| # Generates an execution plan for Terraform | |
| - name: Terraform Plan | |
| id: plan | |
| run: | | |
| terraform plan -input=false -no-color -lock-timeout=1h -var-file terraform-dev.tfvars \ | |
| -var "credentials=$GOOGLE_CREDENTIALS" \ | |
| -var docker_image=us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:${{ github.sha }} | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }} | |
| - uses: actions/github-script@v6 | |
| if: github.event_name == 'pull_request' | |
| env: | |
| PLAN: "${{ steps.plan.outputs.stdout }}" | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| // 1. Retrieve existing bot comments for the PR | |
| const { data: comments } = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }) | |
| const botComment = comments.find(comment => { | |
| return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style') | |
| }) | |
| // 2. Prepare format of the comment | |
| const output = `### Terraform Dev Environment | |
| #### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | |
| <details><summary>Format Check Output</summary> | |
| \`\`\`\n | |
| ${{ steps.fmt.outputs.stdout }} | |
| \`\`\` | |
| </details> | |
| #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | |
| #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` | |
| <details><summary>Validation Output</summary> | |
| \`\`\`\n | |
| ${{ steps.validate.outputs.stdout }} | |
| \`\`\` | |
| </details> | |
| #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
| <details><summary>Show Plan</summary> | |
| \`\`\`\n | |
| ${process.env.PLAN} | |
| \`\`\` | |
| </details> | |
| *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; | |
| // 3. If we have a comment, update it, otherwise create a new one | |
| if (botComment) { | |
| github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: botComment.id, | |
| body: output | |
| }) | |
| } else { | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) | |
| } | |
| # On push to "develop", build or change infrastructure according to Terraform configuration files | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/develop' && github.event_name == 'push' | |
| run: | | |
| terraform apply -auto-approve -input=false -lock-timeout=1h -var-file terraform-dev.tfvars \ | |
| -var "credentials=$GOOGLE_CREDENTIALS" \ | |
| -var docker_image=us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:${{ github.sha }} | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }} |