generated from dxw/terraform-template
-
Notifications
You must be signed in to change notification settings - Fork 0
129 lines (110 loc) · 4.33 KB
/
ci-terraform-module-deployment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: CI - Terraform Module Deplyment
on:
push:
branches: main
pull_request:
env:
MODULE_DEPLOYMENT_DIR: "module-deployment"
jobs:
set-outputs:
name: Set Output Vars
runs-on: ubuntu-22.04
outputs:
branch: ${{ steps.var.outputs.branch }}
steps:
- id: var
run: |
BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
BRANCH="$(echo "$BRANCH" | sed 's;/;%2F;g')"
echo "branch=$BRANCH" >> $GITHUB_OUTPUT
terraform-validate:
name: Terraform Validate
runs-on: ubuntu-latest
needs: set-outputs
permissions:
id-token: write
contents: read
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
- name: Get terraform version
id: get-terraform-version
run: |
DOTFILE_VERSION=$(cat ${{ env.MODULE_DEPLOYMENT_DIR }}/.terraform-version)
echo "version=$DOTFILE_VERSION" >> $GITHUB_OUTPUT
- name: Setup Terraform
uses: hashicorp/[email protected]
with:
terraform_version: ${{ steps.get-terraform-version.outputs.version }}
- name: Download tfvars and backend
run: |
aws s3 cp s3://${{ secrets.TFVARS_S3_BUCKET_NAME }}/${{ secrets.TFVARS_FILENAME }} ${{ env.MODULE_DEPLOYMENT_DIR }}/.
aws s3 cp s3://${{ secrets.TFVARS_S3_BUCKET_NAME }}/${{ secrets.TF_BACKEND_FILENAME }} ${{ env.MODULE_DEPLOYMENT_DIR }}/.
- name: Replace module version with branch name
if: ${{ github.event_name != 'release' }}
run: |
sed -i "s/ source = \"github.com\/chris-qa-org\/terraform-aws-tfl-notice-board.*/ source = \"github.com\/chris-qa-org\/terraform-aws-tfl-notice-board?ref=${{ needs.set-outputs.outputs.branch }}\"/g" ${{ env.MODULE_DEPLOYMENT_DIR }}/tfl-notice-board.tf
- name: Run a Terraform init
run: |
terraform -chdir=${{ env.MODULE_DEPLOYMENT_DIR }} \
init
- name: Run a Terraform validate
run: |
terraform -chdir=${{ env.MODULE_DEPLOYMENT_DIR }} \
validate
- name: Run a Terraform format check
run: |
terraform -chdir=${{ env.MODULE_DEPLOYMENT_DIR }} \
fmt -check=true -diff=true
- name: Run a Terraform plan
run: |
terraform -chdir=${{ env.MODULE_DEPLOYMENT_DIR }} \
plan
- name: Run a Terraform apply on Release
if: ${{ github.event_name == 'release' && github.event.action == 'published' }}
run: |
terraform -chdir=${{ env.MODULE_DEPLOYMENT_DIR }} \
apply
terraform-docs-validation:
name: Terraform Docs validation
needs: terraform-validate
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
token: ${{ secrets.TERRAFORM_DOCS_RENOVATE_WORKFLOW_GITHUB_TOKEN }}
- name: Get PR base branch
id: pr-base-branch-name
if: github.event_name == 'pull_request'
run: |
echo "GITHUB_PR_BRANCH=${{ github.head_ref }}" >> $GITHUB_ENV
- name: Get commit message
run: |
echo "GIT_COMMIT_MESSAGE=$(git show -s --format=%s)" >> $GITHUB_ENV
- name: Generate Terraform docs
uses: terraform-docs/[email protected]
if: "!startsWith(env.GITHUB_PR_BRANCH, 'renovate/')"
with:
working-dir: ${{ env.MODULE_DEPLOYMENT_DIR }}
config-file: ${{ env.MODULE_DEPLOYMENT_DIR }}/.terraform-docs.yml
output-file: README.md
output-method: inject
fail-on-diff: true
- name: Generate Terraform docs for Renovate
uses: terraform-docs/[email protected]
if: "startsWith(env.GITHUB_PR_BRANCH, 'renovate/')"
with:
working-dir: ${{ env.MODULE_DEPLOYMENT_DIR }}
config-file: ${{ env.MODULE_DEPLOYMENT_DIR }}/.terraform-docs.yml
output-file: README.md
output-method: inject
git-push: true
ref: ${{ github.event.pull_request.head.ref }}
git-commit-message: "${{ env.GIT_COMMIT_MESSAGE }} - Terraform Docs Module Deployment"