feat: Lab v1 #102
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI - Pull Request | |
on: | |
pull_request: | |
jobs: | |
validate: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
env: | |
TF_WORKSPACE: prod | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install pre-requisites | |
run: | | |
yarn | |
sudo wget -O /usr/bin/sops https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64 | |
sudo chmod a+x /usr/bin/sops | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3.0.0 | |
with: | |
cli_config_credentials_token: ${{ secrets.TERRAFORM_CLOUD_TOKEN }} | |
- name: Terraform Init | |
run: yarn run init | |
- name: Verify Terraform formatting | |
run: yarn run format:check | |
- name: Validate Terraform | |
run: yarn run validate | |
env: | |
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_PRIVATE_KEY }} | |
plan_prod: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: read | |
pull-requests: write # To allow posting the comment | |
needs: | |
- validate | |
env: | |
TF_WORKSPACE: "prod" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install pre-requisites | |
run: | | |
yarn | |
sudo wget -O /usr/bin/sops https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64 | |
sudo chmod a+x /usr/bin/sops | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3.0.0 | |
with: | |
cli_config_credentials_token: ${{ secrets.TERRAFORM_CLOUD_TOKEN }} | |
- name: Terraform Init | |
id: init | |
run: yarn run init | |
- name: Terraform Plan | |
id: plan | |
run: yarn run prod:plan -var 'aad_credentials=${{ secrets.AZUREAD_CREDENTIALS_PROD }}' | |
continue-on-error: true | |
env: | |
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_PRIVATE_KEY }} | |
TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
TF_VAR_pagerduty_api_token: '${{ secrets.PAGERDUTY_API_TOKEN_PROD }}' | |
- name: Update Pull Request | |
uses: actions/github-script@v7.0.1 | |
env: | |
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const output = `#### Terraform Initialization \`${{ steps.init.outcome }}\` | |
#### Terraform Plan \`${{ steps.plan.outcome }}\` | |
<details><summary>Show Plan</summary> | |
\`\`\`\n | |
${process.env.PLAN} | |
\`\`\` | |
</details> | |
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: output | |
}) | |
- name: Terraform Report Plan Status | |
if: steps.plan.outcome == 'failure' | |
run: exit 1 |