feat: Add CI for tfcmt (plan & apply) #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tfcmt | |
| on: | |
| push: | |
| branches: [main] | |
| paths: ["**.tf", "**.tfvars", "**/.terraform.lock.hcl"] | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| paths: ["**.tf", "**.tfvars", "**/.terraform.lock.hcl"] | |
| jobs: | |
| opentofu-plan: | |
| name: Plan | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'pull_request' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| module: ["github"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/create-github-app-token@v1 | |
| id: create-github-app-token | |
| with: | |
| app-id: ${{ secrets.ACTIONS_PYTHON_CI_APP_ID }} | |
| private-key: ${{ secrets.ACTIONS_PYTHON_CI_APP_PEM_FILE }} | |
| - uses: kislerdm/setup-opentofu@main | |
| with: | |
| cli_config_credentials_token: ${{ secrets.APP_TERRAFORM_IO_TOKEN }} | |
| tofu_version: 1.6.0-alpha1 | |
| - uses: shmokmt/actions-setup-tfcmt@v2 | |
| with: | |
| version: v4.7.1 | |
| - name: Init | |
| run: tofu init | |
| working-directory: ${{ matrix.module }} | |
| - name: Plan | |
| run: | | |
| tfcmt \ | |
| -owner ${{ github.event.repository.owner.login }} \ | |
| -repo ${{ github.event.repository.name }} \ | |
| -pr ${{ github.event.pull_request.number }} \ | |
| -var "target:${{ matrix.module }}" \ | |
| plan -patch -- tofu plan -lock=false -no-color \ | |
| -var "app_terraform_io_token=${{ secrets.APP_TERRAFORM_IO_TOKEN }}" \ | |
| -var "github_provider_app_id=${{ secrets.ACTIONS_PYTHON_CI_APP_ID }}" \ | |
| -var "github_provider_app_installation_id=${{ secrets.ACTIONS_PYTHON_CI_APP_INSTALLATION_ID }}" \ | |
| -var "github_provider_app_pem_file=${{ secrets.ACTIONS_PYTHON_CI_APP_PEM_FILE }}" | |
| env: | |
| GITHUB_TOKEN: ${{ steps.create-github-app-token.outputs.token }} | |
| working-directory: ${{ matrix.module }} | |
| opentofu-apply: | |
| name: Apply | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'push' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| module: ["github"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/create-github-app-token@v1 | |
| id: create-github-app-token | |
| with: | |
| app-id: ${{ secrets.ACTIONS_PYTHON_CI_APP_ID }} | |
| private-key: ${{ secrets.ACTIONS_PYTHON_CI_APP_PEM_FILE }} | |
| - uses: kislerdm/setup-opentofu@main | |
| with: | |
| cli_config_credentials_token: ${{ secrets.APP_TERRAFORM_IO_TOKEN }} | |
| tofu_version: 1.6.0-alpha1 | |
| - uses: shmokmt/actions-setup-tfcmt@v2 | |
| with: | |
| version: v4.7.1 | |
| - name: Init | |
| run: tofu init | |
| working-directory: ${{ matrix.module }} | |
| - name: Apply | |
| run: | | |
| tfcmt \ | |
| -owner ${{ github.event.repository.owner.login }} \ | |
| -repo ${{ github.event.repository.name }} \ | |
| -sha ${{ github.sha }} \ | |
| -var "target:${{ matrix.module }}" \ | |
| apply -- tofu apply -auto-approve \ | |
| -var "app_terraform_io_token=${{ secrets.APP_TERRAFORM_IO_TOKEN }}" \ | |
| -var "github_provider_app_id=${{ secrets.ACTIONS_PYTHON_CI_APP_ID }}" \ | |
| -var "github_provider_app_installation_id=${{ secrets.ACTIONS_PYTHON_CI_APP_INSTALLATION_ID }}" \ | |
| -var "github_provider_app_pem_file=${{ secrets.ACTIONS_PYTHON_CI_APP_PEM_FILE }}" | |
| env: | |
| GITHUB_TOKEN: ${{ steps.create-github-app-token.outputs.token }} | |
| working-directory: ${{ matrix.module }} |