-
-
Notifications
You must be signed in to change notification settings - Fork 24
148 lines (126 loc) · 4.88 KB
/
terraform--ops-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Terraform -- Linode-OPS-Test
on:
pull_request:
branches:
- main
workflow_dispatch:
defaults:
run:
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
terraform-format:
if:
github.event_name == 'pull_request' || github.event_name ==
'workflow_dispatch'
runs-on: ubuntu-latest
name: Terraform Format
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
# This is only for the GitHub Actions runner, not Terraform Cloud
- name: Setup Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
- name: Terraform Format
run: terraform fmt -check
working-directory: terraform/ops-test
terraform-upgrade-test:
if:
github.event_name == 'pull_request' || github.event_name ==
'workflow_dispatch'
runs-on: ubuntu-latest
name: Terraform Upgrade Test
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
# This is only for the GitHub Actions runner, not Terraform Cloud
- name: Setup Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terraform Upgrade Test
run: terraform init -upgrade && terraform plan
working-directory: terraform/ops-test
terraform-cloud-speculative-run:
if:
github.event_name == 'pull_request' || github.event_name ==
'workflow_dispatch'
runs-on: ubuntu-latest
name: Terraform Cloud Speculative Run
permissions:
contents: read
pull-requests: write
env:
TF_CLOUD_ORGANIZATION: freecodecamp
TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }}
TF_WORKSPACE: tfws-ops-test
TF_LOG: ERROR
CONFIG_DIRECTORY: terraform/ops-test
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Terraform Cloud Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/upload-configuration@8e08d1ba957673f5fbf971a22b3219639dc45661 # v1.3.2
id: upload
with:
workspace: ${{ env.TF_WORKSPACE }}
directory: ${{ env.CONFIG_DIRECTORY }}
speculative: true
- name: Terraform Cloud Create Speculative Run
uses: hashicorp/tfc-workflows-github/actions/create-run@8e08d1ba957673f5fbf971a22b3219639dc45661 # v1.3.2
id: run
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version:
${{ steps.upload.outputs.configuration_version_id }}
plan_only: true
message: 'Triggered From GitHub Actions CI ${{ github.sha }}'
- name: Terraform Cloud Plan Output
uses: hashicorp/tfc-workflows-github/actions/plan-output@8e08d1ba957673f5fbf971a22b3219639dc45661 # v1.3.2
id: plan-output
with:
plan: ${{ steps.run.outputs.plan_id }}
- name: Find Comment
if: github.event_name == 'pull_request'
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: Run Details - ${{ env.TF_WORKSPACE }}
- name: Create or update comment
if: github.event_name == 'pull_request'
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
edit-mode: replace
body: |
Run Details - ${{ env.TF_WORKSPACE }}
**Terraform Cloud Plan Output**
```
Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy.
```
**Details : <${{ steps.run.outputs.run_link }}>**
<table>
<tr>
<td>
Warning
</td>
<td>
<p>
Please note that the plan output provided may not accurately reflect the impact on the Terraform project you are currently working on in this Pull Request. The CI checks are merely a sanity test to verify that the versions in the lock file are valid and functional.
</p>
<p>
Confirm the actual Terraform plan by running the corresponding project on your machine or on TFC.
</p>
</td>
</tr>
</table>