ffddorf · mraerino · Sep 2, 2024 · Sep 2, 2024 · Sep 2, 2024 · Sep 2, 2024
diff --git a/.github/workflows/preview.yaml → .github/workflows/tf-preview.yaml b/.github/workflows/preview.yaml → .github/workflows/tf-preview.yaml
@@ -1,31 +1,32 @@
-name: Speculative Run
-
+name: Terraform
 on:
   workflow_dispatch:
     inputs:
       workspace_transfer_url:
         description: "URL from which to download the workspace"
         required: true
         type: string
-
 jobs:
   plan:
-    name: Plan
+    name: Speculative Plan
     runs-on: ubuntu-22.04
     env:
+      # renovate: datasource=github-releases depName=hashicorp/terraform
+      TERRAFORM_VERSION: "1.9.3"
+
       TF_HTTP_PASSWORD: ${{ github.token }}
       TF_IN_AUTOMATION: "true"
-      TF_CLI_ARGS: "-input=false"
-      TF_LOG: "debug"
+      TF_CLI_ARGS: -input=false
+
       NETBOX_API_TOKEN: ${{ secrets.NETBOX_API_TOKEN }}
       PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
       PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
     steps:
       - name: Download Workspace
         run: |
-          curl ${{ inputs.workspace_transfer_url }} --fail --silent | tar -xzf -
+          curl ${{ inputs.workspace_transfer_url }} --user github_pat:${TF_HTTP_PASSWORD} --fail --silent | tar -xzf -
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: "1.6.6"
+          terraform_version: ${TERRAFORM_VERSION}
       - run: terraform init
       - run: terraform plan
diff --git a/.github/workflows/terraform.yaml → .github/workflows/tf-run.yaml b/.github/workflows/terraform.yaml → .github/workflows/tf-run.yaml
@@ -1,10 +1,8 @@
 name: Terraform
-
 on:
   push:
     branches: [main]
   pull_request:
-
 jobs:
   run:
     name: Run
@@ -20,10 +18,17 @@ jobs:
       pull-requests: write
       checks: write
     env:
-      TF_HTTP_USERNAME: ffddorf/supernodes-v2@${{ matrix.domain }}
+      # renovate: datasource=github-releases depName=hashicorp/terraform
+      TERRAFORM_VERSION: "1.9.3"
+
+      TF_HTTP_ADDRESS: https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/${{ matrix.domain }}
+      TF_HTTP_LOCK_ADDRESS: https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/${{ matrix.domain }}
+      TF_HTTP_UNLOCK_ADDRESS: https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/${{ matrix.domain }}
       TF_HTTP_PASSWORD: ${{ github.token }}
+
       TF_IN_AUTOMATION: "true"
       TF_CLI_ARGS: "-input=false -var-file=domains/${{ matrix.domain }}.tfvars"
+
       NETBOX_API_TOKEN: ${{ secrets.NETBOX_API_TOKEN }}
       PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
       PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
@@ -33,21 +38,16 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: "1.6.6"
-
+          terraform_version: ${TERRAFORM_VERSION}
       - run: terraform init
-
       - run: terraform plan -out=tfplan
       - name: terraform apply
-        env:
-          TF_LOG: "debug"
+        if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
         run: |
           set -o pipefail
           terraform apply tfplan | tee apply.log
-        if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
       - name: Backup state
         if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
         env:
@@ -68,14 +68,12 @@ jobs:
             jq -r '.Contents | map(.Key) | sort | reverse | .[5:] | .[]' \
           )
           for file in ${DELETE_FILES}; do aws s3 rm s3://${S3_BUCKET}/$file; done
-
       - run: terraform show -json tfplan > tfplan.json
         env:
           TF_CLI_ARGS: ""
       - run: terraform show -no-color tfplan > summary.txt
         env:
           TF_CLI_ARGS: ""
-
       - name: Create status check with details
         uses: actions/github-script@v7
         with:
@@ -103,6 +101,7 @@ jobs:
                 ? `${createCount} added, ${updateCount} changed, ${deleteCount} destroyed`
                 : `${createCount} to add, ${updateCount} to change, ${deleteCount} to destroy`
               )
+            await fs.writeFile("terraform/title.txt", title)
 
             const codefence = "```"
             const summary = `
@@ -127,13 +126,30 @@ jobs:
               head_sha: sha,
               status: 'completed',
               conclusion: noChanges ? 'neutral' : 'success',
-              name: context.eventName === 'push' ? "Apply" : "Plan",
+              name: `${context.eventName === 'push' ? "Apply" : "Plan"} (${{ matrix.domain }})`,
               output: {
                 title,
                 summary,
               },
             });
+      - name: Upload summary
+        uses: actions/upload-artifact@v4
+        with:
+          name: tf-summary-${{ matrix.domain }}
+          path: |
+            terraform/summary.txt
+            terraform/title.txt
 
+  summary:
+    name: Summary
+    runs-on: ubuntu-22.04
+    needs: run
+    steps:
+      - name: Download outputs from workspaces
+        uses: actions/download-artifact@v4
+        with:
+          path: outputs
+          pattern: tf-summary-*
       - name: Show plan on PR
         uses: actions/github-script@v7
         if: ${{ github.event_name == 'pull_request' }}
@@ -181,14 +197,28 @@ jobs:
             }
 
             const fs = require('fs').promises
-            const plan = await fs.readFile('terraform/summary.txt', 'utf-8')
 
-            const codefence = "```"
-            const body = `
-            🏗️ Terraform Plan
-            ${codefence}
-            ${plan.trim("\n")}
-            ${codefence}`
+            const summaries = await fs.readdir('outputs');
+            let body = "#### :building_construction: Terraform Plan";
+
+            for (const dir of summaries) {
+              const plan = await fs.readFile(`outputs/${dir}/summary.txt`, 'utf-8')
+              const title = await fs.readFile(`outputs/${dir}/title.txt`, 'utf-8')
+
+              const domain = dir.slice("tf-summary-".length)
+
+              const codefence = "```"
+              body += `
+              <details>
+
+              <summary>${domain} - ${title}</summary>
+
+              ${codefence}
+              ${plan.trim("\n")}
+              ${codefence}
+
+              </details>`
+            }
 
             github.rest.issues.createComment({
               issue_number: context.issue.number,

diff --git a/renovate.json b/renovate.json
@@ -1,6 +1,7 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:recommended"
+    "config:recommended",
+    "regexManagers:githubActionsVersions"
   ]
-}
+}
diff --git a/terraform/backend.tf b/terraform/backend.tf
@@ -1,11 +1,8 @@
 terraform {
   backend "http" {
-    # see https://tfstate.dev/ for instructions
-    address        = "https://api.tfstate.dev/github/v1"
-    lock_address   = "https://api.tfstate.dev/github/v1/lock"
-    unlock_address = "https://api.tfstate.dev/github/v1/lock"
-    lock_method    = "PUT"
-    unlock_method  = "DELETE"
-    username       = "ffddorf/supernodes-v2@dev"
+    address        = "https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/dev"
+    lock_address   = "https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/dev"
+    unlock_address = "https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/dev"
+    username       = "github_pat"
   }
 }
diff --git a/terraform/modules/supernode/provider.tf b/terraform/modules/supernode/provider.tf
@@ -5,7 +5,7 @@ terraform {
     }
     proxmox = {
       source  = "Telmate/proxmox"
-      version = "~> 3.0.1"
+      version = "~> 3.0.0"
     }
     iphelpers = {
       source  = "ffddorf/iphelpers"