commit #73

Workflow file for this run

.github/workflows/terrraform.yaml at 0b03f92

	name: Terraform

	on:
	push:
	branches:
	- "**"
	pull_request:
	branches:
	- "**"

	permissions:
	contents: read

	env:
	TERRAFORM_VERSION: 1.4.6

	AWS_REGION: ${{ vars.AWS_REGION }}
	AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }}

	DEFAULT_BRANCH_CONFIG: \|
	{
	"TERRAFORM_DIR": ".",
	"BRANCHES": [
	{
	"WORKSPACE": "default",
	"VARFILES": [
	"terraform.tfvars"
	],
	"SHOULD_PLAN": true,
	"SHOULD_APPLY": true
	}
	]
	}

	jobs:
	setup:
	runs-on: ubuntu-latest
	outputs:
	workspace: ${{ steps.parse-config.outputs.workspace }}
	varfile: ${{ steps.parse-config.outputs.varfile }}
	should_plan: ${{ steps.parse-config.outputs.should_plan }}
	should_apply: ${{ steps.parse-config.outputs.should_apply }}
	terraform_dir: ${{ steps.parse-config.outputs.terraform_dir }}
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	with:
	fetch-depth: 1

	- name: Parse Configuration
	id: parse-config
	run: \|
	export BRANCH_NAME="${{ github.head_ref \|\| github.ref_name }}"
	if [[ $BRANCH_NAME == "/" ]]; then
	export BRANCH_PREFIX="${BRANCH_NAME%/*}/"
	else
	export BRANCH_PREFIX=$BRANCH_NAME
	fi

	function fetch_config() {
	local FILE=$1
	TERRAFORM_DIR=$(cat $FILE \| yq eval '.TERRAFORM_DIR')
	BRANCH_CONFIG=$(cat $FILE \| yq eval -o=json \| jq '.BRANCHES[] \| select(.BRANCH \| startswith("'"$BRANCH_PREFIX"'"))')
	}

	if [ -f "tf-cfg.yaml" ]; then
	fetch_config "tf-cfg.yaml"
	elif [ -f "tf-cfg.json" ]; then
	fetch_config "tf-cfg.json"
	else
	TERRAFORM_DIR=$(echo "${{ env.DEFAULT_BRANCH_CONFIG }}" \| yq eval '.TERRAFORM_DIR')
	BRANCH_CONFIG=$(echo "${{ env.DEFAULT_BRANCH_CONFIG }}" \| yq eval '.BRANCHES[0]')
	fi

	WORKSPACE=$(echo "$BRANCH_CONFIG" \| yq eval '.WORKSPACE' -)
	VARFILE=$(echo "$BRANCH_CONFIG" \| yq eval '.VARFILES' -)
	SHOULD_PLAN=$(echo "$BRANCH_CONFIG" \| yq eval '.SHOULD_PLAN' -)
	SHOULD_APPLY=$(echo "$BRANCH_CONFIG" \| yq eval '.SHOULD_APPLY' -)

	echo "workspace=$WORKSPACE" >> $GITHUB_OUTPUT
	echo "varfile=$VARFILE" >> $GITHUB_OUTPUT
	echo "should_plan=$SHOULD_PLAN" >> $GITHUB_OUTPUT
	echo "should_apply=$SHOULD_APPLY" >> $GITHUB_OUTPUT
	echo "terraform_dir=$TERRAFORM_DIR" >> $GITHUB_OUTPUT

	cat $GITHUB_OUTPUT

	terraform-format-checks:
	name: Terraform Format Checks
	runs-on: ubuntu-latest
	permissions:
	contents: read
	outputs:
	fmt_outcome: ${{ steps.fmt.outcome }}
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	with:
	fetch-depth: 1

	- name: Terraform Format
	id: fmt
	run: terraform fmt -list=true -check=true -recursive

	terraform-plan:
	if: needs.setup.outputs.should_plan == 'true'
	needs: [terraform-format-checks, setup]
	name: Terraform Plan
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: write
	id-token: write
	env:
	#BRANCH_NAME: ${{ github.head_ref \|\| github.ref_name }}
	WORKSPACE: "${{ needs.setup.outputs.workspace }}"
	VARFILES: "${{ needs.setup.outputs.varfile }}"
	TERRAFORM_DIR: "${{ needs.setup.outputs.varfile }}"
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	with:
	fetch-depth: 1

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
	aws-region: ${{ env.AWS_REGION }}

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: ${{ env.TERRAFORM_VERSION }}
	terraform_wrapper: false

	- name: Terraform Init
	id: init
	working-directory: ${{ env.TERRAFORM_DIR }}
	run: terraform init

	- name: Set Terraform Workspace
	id: set-workspace
	working-directory: ${{ env.TERRAFORM_DIR }}
	run: \|
	echo "Workspace: $WORKSPACE"

	terraform workspace new $WORKSPACE \|\| terraform workspace select $WORKSPACE

	- name: Terraform Validate
	id: validate
	working-directory: ${{ env.TERRAFORM_DIR }}
	run: \|
	OUTPUT=$(terraform validate -no-color)

	echo $OUTPUT
	echo "output=$OUTPUT" >> $GITHUB_OUTPUT

	- name: Terraform Plan
	id: plan
	working-directory: ${{ env.TERRAFORM_DIR }}
	run: \|
	VARFILES_CMD=$(echo "$VARFILES" \| jq -r '.[] \| "-var-file=\"" + . + "\"" ' \| tr '\n' ' ')

	terraform plan -no-color -input=false $VARFILES_CMD -out=plan.tfplan

	OUTPUT=$(terraform show plan.tfplan)
	OUTPUT="$(echo "${OUTPUT}" \| grep -v "Refreshing state")"
	OUTPUT="$(echo -n "$OUTPUT" \| tail -c 59000)"
	OUTPUT=$(echo "$OUTPUT" \| jq -R -s -c .)

	echo "output=$OUTPUT" >> $GITHUB_OUTPUT

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

commit #73

Workflow file

commit #73

Jobs

Run details

Workflow file for this run