-
Notifications
You must be signed in to change notification settings - Fork 16
142 lines (120 loc) · 5.13 KB
/
terraform-dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Terraform Dev
on:
workflow_run:
workflows: ["Docker Image"]
types:
- completed
jobs:
terraform_dev:
name: Checks & Plan
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions:
contents: read
issues: write
pull-requests: write
defaults:
run:
working-directory: ./infra
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.4.6
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
id: init
run: terraform init -backend-config backend-config-dev.tfvars
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
id: fmt
run: terraform fmt -check -diff -recursive
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}
# Validates the TF configuration files, referring only to the configuration and not accessing any remote services such as remote state.
# Runs checks that verify whether a configuration is syntactically valid and internally consistent, regardless of any provided variables or existing state.
- name: Terraform Validate
id: validate
run: terraform validate -no-color
# Select the relevant Terraform workspace.
- name: Terraform Select Workspace
id: select
run: terraform workspace select dev
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}
# Generates an execution plan for Terraform
- name: Terraform Plan
id: plan
run: |
terraform plan -input=false -no-color -lock-timeout=1h -var-file terraform-dev.tfvars \
-var "credentials=$GOOGLE_CREDENTIALS" \
-var docker_image=us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:${{ github.sha }}
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}
- uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
})
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
})
// 2. Prepare format of the comment
const output = `### Terraform Dev Environment
#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
<details><summary>Format Check Output</summary>
\`\`\`\n
${{ steps.fmt.outputs.stdout }}
\`\`\`
</details>
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Validation Output</summary>
\`\`\`\n
${{ steps.validate.outputs.stdout }}
\`\`\`
</details>
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
// 3. If we have a comment, update it, otherwise create a new one
if (botComment) {
github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: output
})
} else {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
}
# On push to "develop", build or change infrastructure according to Terraform configuration files
- name: Terraform Apply
if: github.ref == 'refs/heads/develop' && github.event_name == 'push'
run: |
terraform apply -auto-approve -input=false -lock-timeout=1h -var-file terraform-dev.tfvars \
-var "credentials=$GOOGLE_CREDENTIALS" \
-var docker_image=us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:${{ github.sha }}
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}