Skip to content

Commit

Permalink
chore(CI): tf plan truncated on PR comments and plan_validate_all err…
Browse files Browse the repository at this point in the history 
…or logs in github actions (#1129)

Co-authored-by: Daniel Andrade <[email protected]>
  • Loading branch information
@nbugden @daniel-cit
nbugden and daniel-cit authored May 20, 2024
1 parent 27a75e0 commit aee08a4
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 53 deletions.
93 changes: 50 additions & 43 deletions build/github-tf-pull-request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: 'tf-pull-request'
name: "tf-pull-request"
on:
pull_request:
branches:
- 'development'
- 'production'
- 'nonproduction'
- "development"
- "production"
- "nonproduction"

env:
PROJECT_ID: ${{ secrets.PROJECT_ID }}
Expand All @@ -28,30 +28,30 @@ env:

jobs:
run:
runs-on: 'ubuntu-latest'
runs-on: "ubuntu-latest"
permissions:
contents: 'read'
id-token: 'write'
issues: 'write'
pull-requests: 'write'
contents: "read"
id-token: "write"
issues: "write"
pull-requests: "write"

steps:
- uses: 'actions/checkout@v3'
- uses: "actions/checkout@v3"

- id: 'auth'
uses: 'google-github-actions/auth@v1'
- id: "auth"
uses: "google-github-actions/auth@v1"
with:
token_format: 'access_token'
token_format: "access_token"
workload_identity_provider: ${{ secrets.WIF_PROVIDER_NAME }}
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}

- uses: 'google-github-actions/setup-gcloud@v1'
- uses: "google-github-actions/setup-gcloud@v1"
with:
install_components: "beta,terraform-tools"

- uses: 'hashicorp/setup-terraform@v2'
- uses: "hashicorp/setup-terraform@v2"
with:
terraform_version: '1.3'
terraform_version: "1.3"

- id: setup
shell: bash
Expand All @@ -65,7 +65,7 @@ jobs:
- id: plan-validate-all
run: |
${GITHUB_WORKSPACE}/tf-wrapper.sh plan_validate_all "${GITHUB_REF_NAME}" "${GITHUB_WORKSPACE}/policy-library" "${PROJECT_ID}" "FILESYSTEM" "GITHUB" > ${GITHUB_WORKSPACE}/plan.out
${GITHUB_WORKSPACE}/tf-wrapper.sh plan_validate_all "${GITHUB_REF_NAME}" "${GITHUB_WORKSPACE}/policy-library" "${PROJECT_ID}" "FILESYSTEM" "GITHUB"
- uses: actions/github-script@v6
if: github.event_name == 'pull_request'
Expand All @@ -84,34 +84,41 @@ jobs:
const run_url = process.env.GITHUB_SERVER_URL + '/' + process.env.GITHUB_REPOSITORY + '/actions/runs/' + process.env.GITHUB_RUN_ID
const run_link = '<a href="' + run_url + '">Actions</a>.'
const fs = require('fs')
const plan_file = fs.readFileSync('plan.out', 'utf8')
const plan = plan_file.length > 65000 ? plan_file.toString().substring(0, 65000) + " ..." : plan_file
const truncated_message = plan_file.length > 65000 ? "Output is too long and was truncated. You can read full Plan in " + run_link + "<br /><br />" : ""
const output = `
#### Terraform Plan Validate All 📖\`${{ steps.plan-validate-all.outcome }}\`
const plan_dir = 'tmp_plan'
const plan_dir_files = fs.readdirSync('tmp_plan')
const plan_files = plan_dir_files.filter(file => file.match(new RegExp(`.*\.(.txt)$`, 'ig')))
for (const file in plan_files) {
const plan_file_path = plan_dir.concat('/', plan_files[file])
const plan_file = fs.readFileSync(plan_file_path, 'utf8')
const plan = plan_file.length > 65000 ? plan_file.toString().substring(0, 65000) + " ..." : plan_file
const truncated_message = plan_file.length > 65000 ? "Output is too long and was truncated. You can read full Plan in " + run_link + "<br /><br />" : ""
const output = `
#### Terraform Plan Validate All 📖: \`${{ steps.plan-validate-all.outcome }}\`
Plan File: \`${plan_file_path.replace('.txt', '.plan')}\`
<details><summary>Show Plan</summary>
<details><summary>Show Plan</summary>
\`\`\`\n
${plan}
\`\`\`
\`\`\`\n
${plan}
\`\`\`
</details>
${truncated_message}
`;
</details>
${truncated_message}
`;
if (botComment) {
github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: output
})
} else {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
if (botComment) {
github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: output
})
} else {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
}
}
22 changes: 12 additions & 10 deletions build/tf-wrapper.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ convert_path() {
## Terraform apply for single environment.
tf_apply() {
local path=$1
local tf_env="${path#$base_dir/}"
local tf_env="${path#"$base_dir"/}"
local tf_file
tf_file="$(convert_path "$tf_env")"
echo "*************** TERRAFORM APPLY *******************"
Expand All @@ -157,7 +157,7 @@ tf_apply() {
## terraform init for single environment.
tf_init() {
local path=$1
local tf_env="${path#$base_dir/}"
local tf_env="${path#"$base_dir"/}"
echo "*************** TERRAFORM INIT *******************"
echo " At environment: ${tf_env} "
echo "**************************************************"
Expand All @@ -173,7 +173,7 @@ tf_init() {
## terraform plan for single environment.
tf_plan() {
local path=$1
local tf_env="${path#$base_dir/}"
local tf_env="${path#"$base_dir"/}"
local tf_file
tf_file="$(convert_path "$tf_env")"
echo "*************** TERRAFORM PLAN *******************"
Expand Down Expand Up @@ -206,7 +206,7 @@ tf_plan_validate_all() {
tf_plan "$env_path"
tf_validate "$env_path" "$policy_source"
else
echo "${env_path#$base_dir/} doesn't match $leaf_regex_plan; skipping"
echo "${env_path#"$base_dir"/} doesn't match $leaf_regex_plan; skipping"
fi
done
done
Expand All @@ -215,7 +215,7 @@ tf_plan_validate_all() {
## terraform show for single environment.
tf_show() {
local path=$1
local tf_env="${path#$base_dir/}"
local tf_env="${path#"$base_dir"/}"
local tf_file
tf_file="$(convert_path "$tf_env")"
echo "*************** TERRAFORM SHOW *******************"
Expand All @@ -234,9 +234,9 @@ tf_show() {
tf_validate() {
local path=$1
local policy_file_path=$2
local tf_env="${path#$base_dir/}"
local tf_env="${path#"$base_dir"/}"
local tf_file
tf_file="$(convert_path "$tf_env")"
tf_file="${tmp_plan}/$(convert_path "$tf_env")"
echo "*************** TERRAFORM VALIDATE ******************"
echo " At environment: ${tf_env} "
echo " Using policy from: ${policy_file_path} "
Expand All @@ -251,9 +251,11 @@ tf_validate() {
# that prints the command 'terraform show' itself in the redirection to the json file, making
# the json file to have an invalid format. 'terraform-bin' is the actual terraform binary.
if [[ "$runner_env" == "GITHUB" ]]; then
terraform-bin show -no-color -json "${tmp_plan}/${tf_file}.tfplan" > "${tf_file}.json" || exit 32
terraform-bin show -no-color -json "${tf_file}.tfplan" > "${tf_file}.json" || exit 32
terraform-bin show -no-color "${tf_file}.tfplan" > "${tf_file}.txt" || exit 36
else
terraform show -no-color -json "${tmp_plan}/${tf_file}.tfplan" > "${tf_file}.json" || exit 32
terraform show -no-color -json "${tf_file}.tfplan" > "${tf_file}.json" || exit 32
terraform show -no-color "${tf_file}.tfplan" > "${tf_file}.txt" || exit 36
fi
if [[ "$policy_type" == "CLOUDSOURCE" ]]; then
# Check if $policy_file_path is empty so we clone the policies repo only once
Expand Down Expand Up @@ -319,7 +321,7 @@ single_action_runner() {
;;
esac
else
echo "${env_path#$base_dir/} doesn't match ${branch}; skipping"
echo "${env_path#"$base_dir"/} doesn't match ${branch}; skipping"
fi
done
done
Expand Down

0 comments on commit aee08a4

Please sign in to comment.