Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Skip checkout #59

Merged
merged 6 commits into from
Dec 3, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 101 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,21 @@ raw list of affected stacks as an output as well as a matrix that can be used fu

### Config

> [!IMPORTANT]
> **Please note!** This GitHub Action only works with `atmos >= 1.99.0`.
> If you are using `atmos >= 1.80.0, < 1.99.0` please use `v5` version of this action.
> If you are using `atmos >= 1.63.0, < 1.80.0` please use `v3` or `v4` version of this action.
> If you are using `atmos < 1.63.0` please use `v2` version of this action.


The action expects the atmos configuration file `atmos.yaml` to be present in the repository.

The action supports AWS and Azure to store Terraform plan files.
You can read more about plan storage in the [cloudposse/github-action-terraform-plan-storage](https://github.com/cloudposse/github-action-terraform-plan-storage?tab=readme-ov-file#aws-default) documentation.
Depends of cloud provider the following fields should be set in the `atmos.yaml`:

#### AWS

The config should have the following structure:

```yaml
Expand All @@ -63,16 +77,63 @@ integrations:
role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha
role:
plan: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops
# Set `apply` empty if you don't want to assume IAM role before terraform apply
apply: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops
matrix:
sort-by: .stack_slug
group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")
```


#### Azure

The config should have the following structure:

```yaml
integrations:
github:
gitops:
opentofu-version: 1.7.3
terraform-version: 1.5.2
infracost-enabled: false
artifact-storage:
plan-repository-type: azureblob
blob-account-name: tfplans
blob-container-name: plans
metadata-repository-type: cosmos
cosmos-container-name: terraform-plan-storage
cosmos-database-name: terraform-plan-storage
cosmos-endpoint: "https://my-cosmo-account.documents.azure.com:443/"
# We remove the `role` section as it is AWS specific
matrix:
sort-by: .stack_slug
group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")
```

### Stack level configuration

> [!IMPORTANT]
> **Please note!** This GitHub Action only works with `atmos >= 1.80.0`.
> If you are using `atmos >= 1.63.0, < 1.80.0` please use `v3` version of this action.
> If you are using `atmos < 1.63.0` please use `v2` version of this action.
> Wherever it is possible to specify `integration.github.gitops` on stack level
> it is required to define default values in `atmos.yaml`

It is possible to override integration settings on a stack level by defining `settings.integrations`.

```yaml
components:
terraform:
foobar:
settings:
integrations:
github:
gitops:
artifact-storage:
bucket: cptest-plat-ue2-auto-gitops
table: cptest-plat-ue2-auto-gitops-plan-storage
role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-plat-ue2-auto-gitops-gha
role:
# Set `plan` empty if you don't want to assume IAM role before terraform plan
plan: arn:aws:iam::yyyyyyyyyyyy:role/cptest-plat-gbl-identity-gitops
apply: arn:aws:iam::yyyyyyyyyyyy:role/cptest-plat-gbl-identity-gitops
```

### Support OpenTofu

Expand Down Expand Up @@ -101,8 +162,8 @@ integrations:
gitops:
opentofu-version: 1.7.3
...
```

```
### Workflow example

```yaml
Expand All @@ -117,10 +178,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- id: affected
uses: cloudposse/github-action-atmos-affected-stacks@v3
uses: cloudposse/github-action-atmos-affected-stacks@v6
with:
atmos-config-path: ./rootfs/usr/local/etc/atmos/
atmos-version: 1.63.0
atmos-version: 1.99.0
nested-matrices-count: 1

outputs:
Expand All @@ -143,13 +204,41 @@ jobs:
cancel-in-progress: false
steps:
- name: Plan Atmos Component
uses: cloudposse/github-action-atmos-terraform-plan@v2
uses: cloudposse/github-action-atmos-terraform-plan@v4
with:
component: ${{ matrix.component }}
stack: ${{ matrix.stack }}
atmos-config-path: ./rootfs/usr/local/etc/atmos/
atmos-version: 1.63.0
atmos-version: 1.99.0
```

### Migrating from `v5` to `v6`

The notable changes in `v6` are:

- `v6` works only with `atmos >= 1.99.0`
- `v6` allow to skip internal checkout with `skip-checkout` input


The only required migration step is updating atmos version to `>= 1.80.0`


### Migrating from `v4` to `v5`

The notable changes in `v5` are:

- `v5` works only with `atmos >= 1.80.0`
- `v5` supports atmos templating

The only required migration step is updating atmos version to `>= 1.80.0`

### Migrating from `v3` to `v4`

The notable changes in `v4` are:

- `v4` perform aws authentication assuming `integrations.github.gitops.role.plan` IAM role

No special migration steps required

### Migrating from `v2` to `v3`

Expand Down Expand Up @@ -312,7 +401,7 @@ Which would produce the same behavior as in `v1`, doing this:
| atmos-pro-token | The API token to allow Atmos Pro to upload affected stacks | | false |
| atmos-pro-upload | Whether to upload affected stacks directly to Atmos Pro | false | false |
| atmos-stack | The stack to operate on | | false |
| atmos-version | The version of atmos to install | >= 1.96.0 | false |
| atmos-version | The version of atmos to install | >= 1.99.0 | false |
| base-ref | The base ref to checkout. If not provided, the head default branch is used. | N/A | false |
| default-branch | The default branch to use for the base ref. | ${{ github.event.repository.default\_branch }} | false |
| head-ref | The head ref to checkout. If not provided, the head default branch is used. | ${{ github.sha }} | false |
Expand All @@ -321,6 +410,7 @@ Which would produce the same behavior as in `v1`, doing this:
| jq-force | Whether to force the installation of jq | true | false |
| jq-version | The version of jq to install if install-jq is true | 1.7 | false |
| nested-matrices-count | Number of nested matrices that should be returned as the output (from 1 to 3) | 2 | false |
| skip-checkout | Disable actions/checkout for head-ref. Useful for when the checkout happens in a previous step and file are modified outside of git through other actions | false | false |


## Outputs
Expand Down
109 changes: 99 additions & 10 deletions README.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,21 @@ usage: |-

### Config

> [!IMPORTANT]
> **Please note!** This GitHub Action only works with `atmos >= 1.99.0`.
> If you are using `atmos >= 1.80.0, < 1.99.0` please use `v5` version of this action.
> If you are using `atmos >= 1.63.0, < 1.80.0` please use `v3` or `v4` version of this action.
> If you are using `atmos < 1.63.0` please use `v2` version of this action.


The action expects the atmos configuration file `atmos.yaml` to be present in the repository.

The action supports AWS and Azure to store Terraform plan files.
You can read more about plan storage in the [cloudposse/github-action-terraform-plan-storage](https://github.com/cloudposse/github-action-terraform-plan-storage?tab=readme-ov-file#aws-default) documentation.
Depends of cloud provider the following fields should be set in the `atmos.yaml`:

#### AWS

The config should have the following structure:

```yaml
Expand All @@ -63,16 +77,63 @@ usage: |-
role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha
role:
plan: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops
# Set `apply` empty if you don't want to assume IAM role before terraform apply
apply: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops
matrix:
sort-by: .stack_slug
group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")
```


#### Azure

The config should have the following structure:

```yaml
integrations:
github:
gitops:
opentofu-version: 1.7.3
terraform-version: 1.5.2
infracost-enabled: false
artifact-storage:
plan-repository-type: azureblob
blob-account-name: tfplans
blob-container-name: plans
metadata-repository-type: cosmos
cosmos-container-name: terraform-plan-storage
cosmos-database-name: terraform-plan-storage
cosmos-endpoint: "https://my-cosmo-account.documents.azure.com:443/"
# We remove the `role` section as it is AWS specific
matrix:
sort-by: .stack_slug
group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")
```

### Stack level configuration

> [!IMPORTANT]
> **Please note!** This GitHub Action only works with `atmos >= 1.80.0`.
> If you are using `atmos >= 1.63.0, < 1.80.0` please use `v3` version of this action.
> If you are using `atmos < 1.63.0` please use `v2` version of this action.
> Wherever it is possible to specify `integration.github.gitops` on stack level
> it is required to define default values in `atmos.yaml`

It is possible to override integration settings on a stack level by defining `settings.integrations`.

```yaml
components:
terraform:
foobar:
settings:
integrations:
github:
gitops:
artifact-storage:
bucket: cptest-plat-ue2-auto-gitops
table: cptest-plat-ue2-auto-gitops-plan-storage
role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-plat-ue2-auto-gitops-gha
role:
# Set `plan` empty if you don't want to assume IAM role before terraform plan
plan: arn:aws:iam::yyyyyyyyyyyy:role/cptest-plat-gbl-identity-gitops
apply: arn:aws:iam::yyyyyyyyyyyy:role/cptest-plat-gbl-identity-gitops
```

### Support OpenTofu

Expand Down Expand Up @@ -101,8 +162,8 @@ usage: |-
gitops:
opentofu-version: 1.7.3
...
```

```
### Workflow example

```yaml
Expand All @@ -117,10 +178,10 @@ usage: |-
runs-on: ubuntu-latest
steps:
- id: affected
uses: cloudposse/github-action-atmos-affected-stacks@v3
uses: cloudposse/github-action-atmos-affected-stacks@v6
with:
atmos-config-path: ./rootfs/usr/local/etc/atmos/
atmos-version: 1.63.0
atmos-version: 1.99.0
nested-matrices-count: 1

outputs:
Expand All @@ -143,13 +204,41 @@ usage: |-
cancel-in-progress: false
steps:
- name: Plan Atmos Component
uses: cloudposse/github-action-atmos-terraform-plan@v2
uses: cloudposse/github-action-atmos-terraform-plan@v4
with:
component: ${{ matrix.component }}
stack: ${{ matrix.stack }}
atmos-config-path: ./rootfs/usr/local/etc/atmos/
atmos-version: 1.63.0
atmos-version: 1.99.0
```

### Migrating from `v5` to `v6`

The notable changes in `v6` are:

- `v6` works only with `atmos >= 1.99.0`
- `v6` allow to skip internal checkout with `skip-checkout` input


The only required migration step is updating atmos version to `>= 1.80.0`


### Migrating from `v4` to `v5`

The notable changes in `v5` are:

- `v5` works only with `atmos >= 1.80.0`
- `v5` supports atmos templating

The only required migration step is updating atmos version to `>= 1.80.0`

### Migrating from `v3` to `v4`

The notable changes in `v4` are:

- `v4` perform aws authentication assuming `integrations.github.gitops.role.plan` IAM role

No special migration steps required

### Migrating from `v2` to `v3`

Expand Down
9 changes: 7 additions & 2 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ inputs:
description: The head ref to checkout. If not provided, the head default branch is used.
required: false
default: ${{ github.sha }}
skip-checkout:
description: "Disable actions/checkout for head-ref. Useful for when the checkout happens in a previous step and file are modified outside of git through other actions"
required: false
default: 'false'
default-branch:
description: The default branch to use for the base ref.
required: false
Expand All @@ -23,7 +27,7 @@ inputs:
atmos-version:
description: The version of atmos to install
required: false
default: ">= 1.96.0"
default: ">= 1.99.0"
atmos-config-path:
description: The path to the atmos.yaml file
required: true
Expand Down Expand Up @@ -93,6 +97,7 @@ runs:
node-version: 20

- uses: actions/checkout@v4
if: ${{ inputs.skip-checkout != 'true' }}
with:
ref: ${{ inputs.head-ref }}

Expand Down Expand Up @@ -160,7 +165,7 @@ runs:
steps.config.outputs.aws-region != 'null' &&
steps.config.outputs.terraform-plan-role != '' &&
steps.config.outputs.terraform-plan-role != 'null' }}
uses: aws-actions/configure-aws-credentials@v4.0.2
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ steps.config.outputs.aws-region }}
role-to-assume: ${{ steps.config.outputs.terraform-plan-role }}
Expand Down
10 changes: 8 additions & 2 deletions docs/github-action.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,22 @@
|------|-------------|---------|----------|
| atmos-config-path | The path to the atmos.yaml file | N/A | true |
| atmos-include-dependents | Whether to include dependents of affected stacks in the output | false | false |
| atmos-include-settings | Include the `settings` section for each affected component | false | false |
| atmos-include-spacelift-admin-stacks | Whether to include the Spacelift admin stacks of affected stacks in the output | false | false |
| atmos-version | The version of atmos to install | >= 1.63.0 | false |
| atmos-pro-base-url | The base URL of Atmos Pro | https://app.cloudposse.com | false |
| atmos-pro-token | The API token to allow Atmos Pro to upload affected stacks | | false |
| atmos-pro-upload | Whether to upload affected stacks directly to Atmos Pro | false | false |
| atmos-stack | The stack to operate on | | false |
| atmos-version | The version of atmos to install | >= 1.99.0 | false |
| base-ref | The base ref to checkout. If not provided, the head default branch is used. | N/A | false |
| default-branch | The default branch to use for the base ref. | ${{ github.event.repository.default\_branch }} | false |
| head-ref | The head ref to checkout. If not provided, the head default branch is used. | ${{ github.sha }} | false |
| install-atmos | Whether to install atmos | true | false |
| install-jq | Whether to install jq | false | false |
| jq-force | Whether to force the installation of jq | true | false |
| jq-version | The version of jq to install if install-jq is true | 1.6 | false |
| jq-version | The version of jq to install if install-jq is true | 1.7 | false |
| nested-matrices-count | Number of nested matrices that should be returned as the output (from 1 to 3) | 2 | false |
| skip-checkout | Disable actions/checkout for head-ref. Useful for when the checkout happens in a previous step and file are modified outside of git through other actions | false | false |


## Outputs
Expand Down
Loading