Infra deploy #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Infra deploy | |
on: | |
workflow_dispatch: | |
inputs: | |
destroy: | |
type: boolean | |
description: Destroy environment? | |
required: true | |
default: false | |
pull_request: | |
paths: | |
- infra/** | |
env: | |
tf_actions_working_dir: infra | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
plan: | |
name: Terraform plan | |
runs-on: ubuntu-latest | |
environment: tfplan | |
defaults: | |
run: | |
working-directory: ${{ env.tf_actions_working_dir }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Log in to Azure using OIDC | |
uses: Azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: Setup TFLint | |
uses: terraform-linters/setup-tflint@v4 | |
- name: Terraform fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: true | |
- name: Terraform Init | |
id: init | |
run: terraform init | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
ARM_USE_OIDC: true | |
- name: Terraform Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Init TFLint | |
run: tflint --init | |
- name: Run TFLint | |
run: tflint -f compact | |
- name: Calculate destroy arg | |
id: destroy_arg | |
run: | | |
if [ $DESTROY == "true" ]; then | |
echo "::set-output name=val::-destroy" | |
else | |
echo "::set-output name=val:: " | |
fi | |
env: | |
DESTROY: ${{ github.event.inputs.destroy }} | |
- name: Terraform Plan | |
id: plan | |
run: terraform plan $DESTROY -no-color --out=out.tfplan | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
ARM_USE_OIDC: true | |
DESTROY: ${{ steps.destroy_arg.outputs.val }} | |
- name: Create the plan summary | |
uses: actions/github-script@v7 | |
if: always() | |
id: summary | |
env: | |
PLAN: '${{ steps.plan.outputs.stdout }}' | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
// 1. Prep the output | |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | |
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | |
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` | |
<details><summary>Validation Output</summary> | |
\`\`\`\n | |
${{ steps.validate.outputs.stdout }} | |
\`\`\` | |
</details> | |
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
<details><summary>Show Plan</summary> | |
\`\`\`\n | |
${process.env.PLAN} | |
\`\`\` | |
</details> | |
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; | |
// 2. Set the output variable | |
const fs = require('fs'); | |
fs.writeFileSync('${{ env.tf_actions_working_dir }}/summary.md', output); | |
core.setOutput('summary', output); | |
- name: Write the step summary | |
if: always() | |
run: cat summary.md >> $GITHUB_STEP_SUMMARY | |
- name: Upload the plan | |
uses: actions/upload-artifact@v4 | |
with: | |
name: tf-plan | |
path: ${{ env.tf_actions_working_dir }}/out.tfplan | |
- name: Publish plan as a status | |
if: github.event_name == 'pull_request' | |
uses: guibranco/github-status-action-v2@v1 | |
with: | |
authToken: ${{ secrets.GITHUB_TOKEN }} | |
state: ${{ steps.summary.outputs.summary }} | |
context: Terraform Plan | |
description: Terraform Plan Summary | |
sha: ${{ github.event.pull_request.head.sha }} | |
apply: | |
name: Terraform apply | |
needs: [ plan ] | |
runs-on: ubuntu-latest | |
environment: dev | |
defaults: | |
run: | |
working-directory: ${{ env.tf_actions_working_dir }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Log in to Azure using OIDC | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: Terraform Init | |
id: init | |
run: terraform init | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
ARM_USE_OIDC: true | |
- name: Download the plan | |
uses: actions/download-artifact@v4 | |
with: | |
name: tf-plan | |
path: ${{ env.tf_actions_working_dir }} | |
- name: Apply the plan | |
id: apply | |
run: terraform apply -no-color -auto-approve out.tfplan | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
ARM_USE_OIDC: true | |
- name: Create the plan summary | |
uses: actions/github-script@v7 | |
if: always() | |
id: summary | |
env: | |
APPLY: '${{ steps.apply.outputs.stdout }}' | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
// 1. Prep the output | |
const output = `#### Terraform Apply 🚗\`${{ steps.apply.outcome }}\` | |
<details><summary>Show details</summary> | |
\`\`\`\n | |
${process.env.APPLY} | |
\`\`\` | |
</details> | |
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; | |
// 2. Set the output variable | |
const fs = require('fs'); | |
fs.writeFileSync('${{ env.tf_actions_working_dir }}/summary.md', output); | |
core.setOutput('summary', output); | |
- name: Write the step summary | |
if: always() | |
run: cat summary.md >> $GITHUB_STEP_SUMMARY | |
- name: Publish apply as a status | |
if: github.event_name == 'pull_request' | |
uses: guibranco/github-status-action-v2@v1 | |
with: | |
authToken: ${{ secrets.GITHUB_TOKEN }} | |
state: ${{ steps.summary.outputs.summary }} | |
context: Terraform Plan | |
description: Terraform Plan Summary | |
sha: ${{ github.event.pull_request.head.sha }} |