ci: add workflow to run terraform apply

ymgyt · Sep 16, 2024 · e1ec041 · e1ec041
1 parent f596bc1
commit e1ec041
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 9 deletions.
diff --git a/.github/workflows/terraform_apply.yaml b/.github/workflows/terraform_apply.yaml
@@ -0,0 +1,59 @@
+name: "Terraform Plan"
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - hosting/terraform/grafana/*.tf
+      - hosting/terraform/grafana/dashboards/*.json
+jobs:
+  plan:
+    if: ${{github.repository == 'ymgyt/syndicationd'}}
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@V28
+        with:
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: cachix/cachix-action@v15
+        with:
+          name: syndicationd
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - name: terraform init
+        run: nix develop .#ci --accept-flake-config --command just tf grafana init
+        env:
+          TF_TOKEN_app_terraform_io: "${{secrets.TF_TOKEN_APP_TERRAFORM_IO}}"
+      - name: terraform apply
+        id: apply
+        continue-on-error: true
+        run: nix develop .#ci --accept-flake-config --command just tf grafana apply -no-color
+        env:
+          TF_TOKEN_app_terraform_io: "${{secrets.TF_TOKEN_APP_TERRAFORM_IO}}"
+          TF_VAR_grafana_sa_token: "${{secrets.GRAFANA_SA_TOKEN}}"
+      - name: Post apply output to github PR
+        uses: actions/github-script@v7
+        env:
+          APPLY_RESULT: ${{steps.apply.outcome}}
+          APPLY_STDOUT: ${{steps.apply.outputs.stdout}}
+        with:
+          script: |
+            const { APPLY_RESULT, APPLY_STDOUT } = process.env
+
+            const body = `terraform apply: ${APPLY_RESULT}
+            <details>
+              <summary>apply output</summary>
+              \`\`\`
+              ${APPLY_STDOUT}
+              \`\`\`
+            </details>`
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body,
+            })
diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml
@@ -33,14 +33,26 @@ jobs:
         env:
           TF_TOKEN_app_terraform_io: "${{secrets.TF_TOKEN_APP_TERRAFORM_IO}}"
           TF_VAR_grafana_sa_token: "${{secrets.GRAFANA_SA_TOKEN}}"
-      - name: Post Plan to GitHub PR
-        uses: mshick/add-pr-comment@v2
+      - name: Post plan output to github PR
+        uses: actions/github-script@v7
+        env:
+          PLAN_RESULT: ${{steps.plan.outcome}}
+          PLAN_STDOUT: ${{steps.plan.outputs.stdout}}
         with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          repo-token-user-login: 'github-actions[bot]'
-          message: |
-            Applying:
+          script: |
+            const { PLAN_RESULT, PLAN_STDOUT } = process.env
+
+            const body = `terraform plan: ${PLAN_RESULT}
+            <details>
+              <summary>plan output</summary>
+              \`\`\`
+              ${PLAN_STDOUT}
+              \`\`\`
+            </details>`
 
-            ```
-            ${{ steps.plan.outputs.stdout }}
-            ```
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body,
+            })