-
Notifications
You must be signed in to change notification settings - Fork 3
65 lines (57 loc) · 1.82 KB
/
plan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: "Plan org changes and list them in a PR"
on:
pull_request:
branches:
- main
paths:
- 'terraform/production/*.tfvars'
concurrency:
group: terraform-actions
jobs:
format-terraform-code:
name: "Format Terraform code"
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: "${{ github.event.pull_request.head.ref }}"
- name: terraform fmt
uses: dflook/terraform-fmt@2ec321e746af7edf90e43513dda2086a92a07b4c
with:
path: "terraform"
- name: Commit changes
uses: devops-infra/action-commit-push@v0.9.2
with:
github_token: "${{ secrets.GITHUB_TOKEN }}"
commit_prefix: "[AUTO]"
commit_message: "Format code"
force: false
# target_branch: "${{ github.event.pull_request.head.ref }}"
plan-changes:
name: "Org changes plan"
runs-on: ubuntu-latest
needs: [ "format-terraform-code" ]
permissions:
pull-requests: write
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: terraform plan
# v1.44.0
# Use the commit hash for security hardening
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
uses: dflook/terraform-plan@b0877a1bf56160160ab482f4aff8a12fff35fe06
env:
TERRAFORM_ACTIONS_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
add_github_comment: true
path: "terraform"
variables: |
github_token = "${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}"
var_file: |
terraform/production/org.tfvars
terraform/production/repositories.tfvars