-
Notifications
You must be signed in to change notification settings - Fork 1
145 lines (124 loc) · 4.55 KB
/
pr_opex.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: PR - Opex Dashboard
on:
workflow_dispatch:
pull_request:
types:
- opened
- edited
- synchronize
- reopened
branches:
- master
paths:
- "apps/io-wallet-user-func/.opex/**"
- "apps/io-wallet-user-func/openapi.yaml"
- ".github/workflows/pr_opex.yaml"
- ".github/workflows/release_opex.yaml"
concurrency:
group: wallet-opex
cancel-in-progress: false
env:
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_USE_OIDC: true
DOCKER_IMAGE_TAG: sha256:04d8ead53c772d23b094c2a395292dc159e6f2905e1b13b5f828f31eac6eb27f
TEMPLATE_DIR: azure-dashboard
APP_NAME: io-wallet-user-func
API_NAME: management
jobs:
tf_plan:
runs-on: ubuntu-22.04
name: Terraform Plan
environment: opex-prod-ci
permissions:
pull-requests: write
id-token: write
contents: read
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
name: Checkout
- name: Azure Login
uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2
with:
client-id: ${{ env.ARM_CLIENT_ID }}
tenant-id: ${{ env.ARM_TENANT_ID }}
subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }}
- name: Set Terraform Version
id: set-terraform-version
run: |
set -eu
terraform_version=$(cat .terraform-version)
printf "terraform_version=$terraform_version" >> "$GITHUB_OUTPUT"
- name: Create Terraform Environment for Opex
shell: bash
run: |
docker run \
--workdir /github/workspace --rm \
-v $(pwd):"/github/workspace" \
ghcr.io/pagopa/opex-dashboard-azure-action@${{ env.DOCKER_IMAGE_TAG }} ${{ env.TEMPLATE_DIR }} apps/${{ env.APP_NAME }}/.opex/${{ env.API_NAME }}/env/prod/config.yaml
- name: Copy Environments
shell: bash
id: opex_copy
run: |
cp -R apps/${{ env.APP_NAME }}/.opex/${{ env.API_NAME }}/env ./${{ env.TEMPLATE_DIR }}
- name: Setup Terraform
id: terraform_setup
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
with:
terraform_version: ${{ steps.set-terraform-version.outputs.terraform_version }}
- name: Terraform Plan
shell: bash
id: plan
working-directory: ${{ env.TEMPLATE_DIR }}
run: |
bash ./terraform.sh plan prod -no-color 2>&1 | grep -v "hidden-link:" | tee plan_output.txt
OUTPUT=$(grep -Ev "Refreshing state|state lock|Reading|Read" plan_output.txt | tail -c 60000)
printf "%s" "$OUTPUT" > plan_output_multiline.txt
if grep -q "::error::Terraform exited with code" plan_output.txt; then
echo "failed"
exit 1
fi
- name: Post Plan on PR
id: comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: always() && github.event_name == 'pull_request'
with:
script: |
const fs = require('fs');
const output = fs.readFileSync('${{ env.TEMPLATE_DIR }}/plan_output_multiline.txt', 'utf8');
const status = '${{ steps.plan.outcome }}'
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number
})
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes(`Terraform Plan ('Opex')`)
})
const commentBody = `#### 📖 Terraform Plan ('${{ env.TEMPLATE_DIR }}') - ${status}
<details>
<summary>Terraform Plan</summary>
\`\`\`hcl
${output}
\`\`\`
</details>
`;
if (botComment) {
await github.rest.issues.deleteComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id
})
}
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody,
issue_number: context.issue.number
})
- name: Check Terraform Plan Result
if: always() && steps.plan.outcome != 'success'
run: |
exit 1