-
Notifications
You must be signed in to change notification settings - Fork 0
121 lines (111 loc) · 3.95 KB
/
terraform-plan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: "Terraform Plan"
on:
pull_request:
env:
TF_CLOUD_ORGANIZATION: "nitheeshp"
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}"
TF_WORKSPACE: "control-tower"
CONFIG_DIRECTORY: "./"
jobs:
Terraform-Test:
runs-on: ubuntu-latest
steps:
- name: Check Environment Variables
env:
TF_CLOUD_ORGANIZATION: ${{ env.TF_CLOUD_ORGANIZATION }}
TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }}
TF_WORKSPACE: ${{ env.TF_WORKSPACE }}
CONFIG_DIRECTORY: ${{ env.CONFIG_DIRECTORY }}
run: |
if [ -z "${TF_CLOUD_ORGANIZATION}" ]; then
echo "TF_CLOUD_ORGANIZATION is not set."
exit 1
fi
if [ -z "${TF_API_TOKEN}" ]; then
echo "TF_API_TOKEN is not set."
exit 1
fi
if [ -z "${TF_WORKSPACE}" ]; then
echo "TF_WORKSPACE is not set."
exit 1
fi
if [ -z "${CONFIG_DIRECTORY}" ]; then
echo "CONFIG_DIRECTORY is not set."
exit 1
fi
echo "All required environment variables are set."
- name: Checkout Code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Verify Checkout
run: |
if [ ! -d ".git" ]; then
echo "Checkout failed."
exit 1
fi
echo "Checkout succeeded."
terraform:
if: github.repository != 'hashicorp-education/learn-terraform-github-actions'
name: "Terraform Plan"
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-upload
with:
workspace: ${{ env.TF_WORKSPACE }}
directory: ${{ env.CONFIG_DIRECTORY }}
speculative: true
- name: Create Plan Run
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-run
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }}
plan_only: true
- name: Get Plan Output
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-output
with:
plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }}
- name: Update PR
uses: actions/github-script@v6
id: plan-comment
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output')
});
const output = `#### Terraform Cloud Plan Output
\`\`\`
Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy.
\`\`\`
[Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }})
`;
// 3. Delete previous comment so PR timeline makes sense
if (botComment) {
github.rest.issues.deleteComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
});
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
});