-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
61 lines (61 loc) · 2.38 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
name: Terraform auto-merge
description: 'Auto-approve or Auto-merge terrafrom changes that do not have state changes'
inputs:
github-token:
description: 'Github token of the bot used for the auto-approving'
required: true
terraform-directories:
description: 'Comma seperated list of terraform code directories e.g. terraform/prod, terraform/staging'
required: false
default: 'terraform/'
merge:
description: 'Enable auto-merging'
required: false
default: true
force-merge:
description: 'Enable auto-merging using admin access'
required: false
default: false
runs:
using: 'composite'
steps:
- if: github.event_name != 'pull_request'
run: exit 1
shell: bash
# get changed files inside pr (limited to 100 per request, but dependabot PRs are small so who cares)
- run: |
PR_NUMBER=$(echo "$GITHUB_REF" | cut -d '/' -f3)
REGEX=$(echo "$TERRAFORM_DIRS" | sed -E 's@(\./|/$)@@g' | sed -E 's@/,@,@g' | sed 's@,@|@g')
echo "$REGEX"
gh pr -R "${GITHUB_REPOSITORY}" view "${PR_NUMBER}" --json files --jq '.files.[].path' \
| grep -Eqv "^(${REGEX})/" || echo "skip=false" >> $GITHUB_OUTPUT
shell: bash
id: check
env:
GITHUB_TOKEN: ${{ inputs.github-token }}
TERRAFORM_DIRS: ${{ inputs.terraform-directories }}
# download artifact created by pararius/action-terraform
- uses: actions/download-artifact@v3
if: steps.check.outputs.skip == 'false'
with:
name: terraform
path: summary
# output true if any state in inputs.terraform-directory changed
- id: summary
if: steps.check.outputs.skip == 'false'
shell: bash
run: (cat summary/terraform.*.summary || echo "No summary files found!" && exit 1) | grep 'true' || echo "has_changes=false" >> $GITHUB_OUTPUT
# approve based on summary step ouptput
- uses: hmarr/auto-approve-action@v3
if: steps.summary.outputs.has_changes == 'false'
with:
github-token: ${{ inputs.github-token }}
# merge based on summary step output
- if: (inputs.merge || inputs.force-merge) && steps.summary.outputs.has_changes == 'false'
run: |
PR_NUMBER=$(echo "$GITHUB_REF" | cut -d '/' -f3)
gh pr -R "${GITHUB_REPOSITORY}" merge "${PR_NUMBER}" -s `[[ "$USE_ADMIN" == "true" ]] && echo '--admin' || echo '--auto'`
shell: bash
env:
USE_ADMIN: ${{ inputs.force-merge }}
GITHUB_TOKEN: ${{ inputs.github-token }}