-
Notifications
You must be signed in to change notification settings - Fork 0
101 lines (84 loc) · 2.97 KB
/
automatic.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Terraform Pull Request
on:
pull_request:
types: [opened, synchronize, reopened, closed]
jobs:
fmt:
runs-on: ubuntu-latest
if: github.event.action != 'closed'
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v2
- name: Terraform fmt
id: fmt
run: terraform fmt -check -diff
execute:
runs-on: ubuntu-latest
permissions:
contents: read # required for checkout
id-token: write # mint AWS credentials through OIDC
pull-requests: write # create/update a comment
actions: read # access artifacts
concurrency:
group: tfstate
steps:
- uses: actions/checkout@v4
- name: Terraform Init
uses: ./.github/actions/terraform_init/
with:
terraform_deploy_role: ${{ vars.TERRAFORM_DEPLOY_ROLE }}
- name: Terraform Validate
if: github.event.action != 'closed'
id: validate
run: terraform validate -no-color
- name: Terraform Plan
if: github.event.action != 'closed'
id: plan
run: |
set -o pipefail -ex
terraform plan -compact-warnings -no-color -input=false -lock-timeout=5m -out tfplan 2>&1 \
| tee terraform_log
terraform show -json tfplan > tfplan.json
- name: upload tfplan
if: github.event.action != 'closed'
uses: actions/upload-artifact@v3
with:
name: tfplan
path: tfplan
- uses: overmindtech/actions/install-cli@main
with:
version: latest
github-token: ${{ secrets.GITHUB_TOKEN }}
- uses: overmindtech/actions/submit-plan@main
if: github.event.action != 'closed'
id: submit-plan
with:
ovm-api-key: ${{ secrets.OVM_API_KEY }}
plan-json: ./tfplan.json
- name: Install prerequisites
if: github.event.pull_request.merged == true
shell: bash
run: |
sudo apt install -y netcat-traditional
- uses: overmindtech/actions/start-change@main
if: github.event.pull_request.merged == true
with:
ovm-api-key: ${{ secrets.OVM_API_KEY }}
- name: "Deploy marker: Record start_time"
if: github.event.pull_request.merged == true
run: echo "DEPLOY_START_TIME=$(date +%s)" >> $GITHUB_ENV
- name: download tfplan
if: github.event.pull_request.merged == true
uses: dawidd6/action-download-artifact@v2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
name: tfplan
pr: ${{ github.event.pull_request.number }}
- name: Terraform Apply
if: github.event.pull_request.merged == true
id: apply
run: terraform apply -auto-approve -no-color -input=false -lock-timeout=5m tfplan
- uses: overmindtech/actions/end-change@main
if: (success() || failure() || cancelled()) && github.event.pull_request.merged == true
with:
ovm-api-key: ${{ secrets.OVM_API_KEY }}