forked from kyma-project/test-infra
-
Notifications
You must be signed in to change notification settings - Fork 0
82 lines (71 loc) · 3.16 KB
/
pull-plan-prod-terraform.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
name: Pull Plan Prod Terraform
run-name: pull-plan-prod-terraform
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
on: # runs on main
pull_request_target:
types: [opened, edited, synchronize, reopened, ready_for_review]
branches:
- main
paths:
- "**.tf"
- "**.tfvars"
- "**.yaml"
- "**.yml"
jobs:
pull-plan-prod-terraform:
permissions:
contents: "read" # needed for gcp_auth
id-token: "write" # needed for gcp_auth to create id token
issues: "write" # needed for tfcmt to post comments
pull-requests: "write" # needed for tfcmt to post comments
runs-on: ubuntu-latest
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v4
with:
ref: "refs/pull/${{ github.event.number }}/merge"
fetch-depth: 50
# Important security check: https://github.com/actions/checkout/issues/518
- name: Sanity check
id: sanity-check
run: |
[[ "$(git rev-parse 'HEAD^1')" == "${{ github.event.pull_request.head.sha }}" || "$(git rev-parse 'HEAD^2')" == "${{ github.event.pull_request.head.sha }}" ]]
- name: Wait for other terraform executions
id: wait_for_terraform
uses: ahmadnassri/[email protected]
- name: Authenticate to GCP
id: gcp_auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }} #workload_identity_provider: "projects/351981214969/locations/global/workloadIdentityPools/github-com-kyma-project/providers/github-com-kyma-project"
service_account: ${{ vars.GCP_TERRAFORM_EXECUTOR_SERVICE_ACCOUNT_EMAIL }} #service_account: "[email protected]"
- name: Setup Terraform
id: setup_terraform
uses: hashicorp/[email protected]
- name: Setup GitHub comments
id: setup-github-comment
uses: shmokmt/[email protected]
with:
version: v6.0.1
if: ${{ !cancelled() }}
- name: setup tfcmt
id: setup-tfcmt
uses: shmokmt/[email protected]
with:
version: v4.4.3
- name: Terraform Init
id: terraform_init
run: terraform -chdir=./configs/terraform/environments/prod init -input=false
- name: Terraform Plan
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
id: terraform_plan
run: tfcmt -owner $GITHUB_REPOSITORY_OWNER -repo ${{ github.event.repository.name }} -pr ${{ github.event.pull_request.number }} -sha ${{ github.event.pull_request.head.sha }} plan -- terraform -chdir=./configs/terraform/environments/prod plan -input=false -no-color -lock-timeout=300s
- name: Hide GitHub comment
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
id: hide-github-comment
run: github-comment hide --org $GITHUB_REPOSITORY_OWNER --repo ${{ github.event.repository.name }} -pr ${{ github.event.pull_request.number }} -sha1 ${{ github.event.pull_request.head.sha }}
if: ${{ !cancelled() }}