name: DEPLOY | Terraform
TODO: Add module docs generation after apply
BUG: If applying two environments at once, the plan and apply outputs are mixed together in the PR comment.
TODO: Stop triggering if no TF files are changed.
on: workflow_dispatch: pull_request: branches:
- main types:
- closed
env: GOOGLE_PROJECT: ${{ vars.GOOGLE_PROJECT }} GOOGLE_REGION: ${{ vars.GOOGLE_REGION }} GOOGLE_ZONE: ${{ vars.GOOGLE_ZONE }} GITHUB_TOKEN: ${{ secrets.TF_VAR_GITHUB_TOKEN }} GITHUB_OWNER: ${{ secrets.TF_VAR_GITHUB_OWNER }}
jobs: ######################################################################
INFORM: Inform on PR that plan/apply is Running.
###################################################################### inform_about_apply: name: Inform About Apply runs-on: self-hosted
steps:
- name: Inform on PR that Apply is Running
uses: mshick/add-pr-comment@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: "github-actions[bot]"
message: |
***Running terraform apply***
Results will display here in a few minutes...######################################################################
DEPLOY: Perform plan and apply and inform in PR.
###################################################################### deploy: name: Build environment: ${{ matrix.path }} env: TF_VAR_debug_mode: false
runs-on: self-hosted
strategy:
fail-fast: false
matrix:
path:
- dev-01
- dev-01-k8s
- iam
- mgmt-01
- prod-01
- prod-01-k8s
steps:
- name: Setup | Repository
uses: actions/checkout@v3
- name: Setup | Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.2
- name: Setup | Secrets
uses: oNaiPs/secrets-to-env-action@v1
with:
secrets: ${{ toJSON(secrets) }}
include: GOOGLE_CREDENTIALS, TF_VAR_INFRACOST_API_KEY, TF_VAR_GITHUB_OWNER, TF_VAR_GITHUB_RUNNER_TOKEN, TF_VAR_GITHUB_TOKEN, TF_VAR_GITHUB_FLUX_TOKEN
- name: Setup | Helpers
id: helpers
run: |
echo "DATE_NOW=$(date -u +'%T | %m.%d.%Y UTC')" >> "$GITHUB_OUTPUT"
- name: Initialize Terraform
run: |
cd environments/${{ matrix.path }}
terraform init -input=false
- name: Terraform | Plan
id: plan
continue-on-error: true
run: |
cd environments/${{ matrix.path }}
terraform plan -input=false -no-color -out=tfplan \
&& terraform show -no-color tfplan
- name: Reformat | Plan
if: steps.plan.outcome == 'success'
run: |
echo '${{ steps.plan.outputs.stdout || steps.plan.outputs.stderr }}' \
| sed -E 's/^([[:space:]]+)([-+])/\2\1/g' > plan.txt
- name: Terraform | Plan to ENV
if: steps.plan.outcome == 'success'
run: |
PLAN=$(cat plan.txt)
echo "PLAN<<EOF" >> $GITHUB_ENV
echo "$PLAN" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Terraform | Apply
if: steps.plan.outcome == 'success'
id: apply
continue-on-error: true
run: |
cd environments/${{ matrix.path }}
terraform apply \
-input=false \
-no-color \
tfplan
- name: Terraform | Comment Plan/Apply
if: steps.plan.outcome == 'success' && steps.apply.outcome == 'success'
uses: mshick/add-pr-comment@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
message-id: pr-comment-${{ matrix.path }}
message: |
## Terraform Apply ✅: **${{ matrix.path }}**
Generated at: ${{ steps.helpers.outputs.DATE_NOW }}
```diff
${{ env.PLAN }}
```
```
${{ steps.apply.outputs.stdout }}
```
- name: Terraform | Comment Plan Failure
if: steps.plan.outcome == 'failure'
uses: mshick/add-pr-comment@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
message-id: pr-comment-${{ matrix.path }}
message: |
## Terraform Plan Failed ❌: **${{ matrix.path }}**
Generated at: ${{ steps.helpers.outputs.DATE_NOW }}
```
${{ steps.plan.outputs.stderr }}
```
- name: Terraform | Comment Apply Failure
if: steps.apply.outcome == 'failure'
uses: mshick/add-pr-comment@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
message-id: pr-comment-${{ matrix.path }}
message: |
## Terraform Apply Failed ❌: **${{ matrix.path }}**
Generated at: ${{ steps.helpers.outputs.DATE_NOW }}
```
${{ steps.apply.outputs.stderr }}
```Последни пейстове