name: DEPLOY | Terraform # TODO: Add module docs generation after apply # BUG: If applying two environments at once, the plan and apply outputs are mixed together in the PR comment. # TODO: Stop triggering if no TF files are changed. on: workflow_dispatch: pull_request: branches: - main types: - closed env: GOOGLE_PROJECT: ${{ vars.GOOGLE_PROJECT }} GOOGLE_REGION: ${{ vars.GOOGLE_REGION }} GOOGLE_ZONE: ${{ vars.GOOGLE_ZONE }} GITHUB_TOKEN: ${{ secrets.TF_VAR_GITHUB_TOKEN }} GITHUB_OWNER: ${{ secrets.TF_VAR_GITHUB_OWNER }} jobs: ###################################################################### # INFORM: Inform on PR that plan/apply is Running. ###################################################################### inform_about_apply: name: Inform About Apply runs-on: self-hosted steps: - name: Inform on PR that Apply is Running uses: mshick/add-pr-comment@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token-user-login: "github-actions[bot]" message: | ***Running terraform apply*** Results will display here in a few minutes... ###################################################################### # DEPLOY: Perform plan and apply and inform in PR. ###################################################################### deploy: name: Build environment: ${{ matrix.path }} env: TF_VAR_debug_mode: false runs-on: self-hosted strategy: fail-fast: false matrix: path: - dev-01 - dev-01-k8s - iam - mgmt-01 - prod-01 - prod-01-k8s steps: - name: Setup | Repository uses: actions/checkout@v3 - name: Setup | Terraform uses: hashicorp/setup-terraform@v2 with: terraform_version: 1.6.2 - name: Setup | Secrets uses: oNaiPs/secrets-to-env-action@v1 with: secrets: ${{ toJSON(secrets) }} include: GOOGLE_CREDENTIALS, TF_VAR_INFRACOST_API_KEY, TF_VAR_GITHUB_OWNER, TF_VAR_GITHUB_RUNNER_TOKEN, TF_VAR_GITHUB_TOKEN, TF_VAR_GITHUB_FLUX_TOKEN - name: Setup | Helpers id: helpers run: | echo "DATE_NOW=$(date -u +'%T | %m.%d.%Y UTC')" >> "$GITHUB_OUTPUT" - name: Initialize Terraform run: | cd environments/${{ matrix.path }} terraform init -input=false - name: Terraform | Plan id: plan continue-on-error: true run: | cd environments/${{ matrix.path }} terraform plan -input=false -no-color -out=tfplan \ && terraform show -no-color tfplan - name: Reformat | Plan if: steps.plan.outcome == 'success' run: | echo '${{ steps.plan.outputs.stdout || steps.plan.outputs.stderr }}' \ | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' > plan.txt - name: Terraform | Plan to ENV if: steps.plan.outcome == 'success' run: | PLAN=$(cat plan.txt) echo "PLAN<> $GITHUB_ENV echo "$PLAN" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Terraform | Apply if: steps.plan.outcome == 'success' id: apply continue-on-error: true run: | cd environments/${{ matrix.path }} terraform apply \ -input=false \ -no-color \ tfplan - name: Terraform | Comment Plan/Apply if: steps.plan.outcome == 'success' && steps.apply.outcome == 'success' uses: mshick/add-pr-comment@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} message-id: pr-comment-${{ matrix.path }} message: | ## Terraform Apply ✅: **${{ matrix.path }}** Generated at: ${{ steps.helpers.outputs.DATE_NOW }} ```diff ${{ env.PLAN }} ``` ``` ${{ steps.apply.outputs.stdout }} ``` - name: Terraform | Comment Plan Failure if: steps.plan.outcome == 'failure' uses: mshick/add-pr-comment@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} message-id: pr-comment-${{ matrix.path }} message: | ## Terraform Plan Failed ❌: **${{ matrix.path }}** Generated at: ${{ steps.helpers.outputs.DATE_NOW }} ``` ${{ steps.plan.outputs.stderr }} ``` - name: Terraform | Comment Apply Failure if: steps.apply.outcome == 'failure' uses: mshick/add-pr-comment@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} message-id: pr-comment-${{ matrix.path }} message: | ## Terraform Apply Failed ❌: **${{ matrix.path }}** Generated at: ${{ steps.helpers.outputs.DATE_NOW }} ``` ${{ steps.apply.outputs.stderr }} ```