Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updating logic for plan action and adding module validation #73

Merged
merged 14 commits into from
May 30, 2024
117 changes: 72 additions & 45 deletions .github/workflows/terraform-plan.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
name: PR Terraform Plan

on: [pull_request]
on:
pull_request:
paths:
- 'terraform-incubator/**'
- 'terraform-modules/**'

permissions:
contents: read
Expand All @@ -11,14 +15,17 @@ jobs:
name: Get changed terraform directories
runs-on: ubuntu-latest
outputs:
module-change: ${{ steps.changed-files.outputs.module-change }}
project-change: ${{ steps.changed-files.outputs.project-change }}
environment-change: ${{ steps.changed-files.outputs.environment-change }}
module-directory: ${{ steps.module-directory.outputs.directory }}
project-directory: ${{ steps.project-directory.outputs.directory }}
environment-directory: ${{ steps.environment-directory.outputs.directory }}
has-environment-changes: ${{ steps.check-changes.outputs.has-environment-changes }}
has-project-changes: ${{ steps.check-changes.outputs.has-project-changes }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Get changed files
id: changed-files
uses: dorny/paths-filter@v2
Expand All @@ -31,59 +38,79 @@ jobs:
environment-change:
- 'terraform-incubator/*/!(project)/*.tf'
list-files: json

- name: List all changed files
run: echo '${{ steps.changed-files.outputs.module-change_files }}'; echo '${{ steps.changed-files.outputs.project-change_files }}'; echo '${{ steps.changed-files.outputs.environment-change_files }}'
plan-all:
run: |
echo 'module-change: ${{ steps.changed-files.outputs.module-change_files }}'
echo 'project-change: ${{ steps.changed-files.outputs.project-change_files }}'
echo 'environment-change: ${{ steps.changed-files.outputs.environment-change_files }}'

- name: Extract module directory
id: module-directory
if: ${{ steps.changed-files.outputs['module-change'] == 'true' }}
run: |
directory=$(dirname "${{ fromJson(steps.changed-files.outputs.module-change_files)[0] }}")
echo "Extracted Directory: $directory"
echo "::set-output name=directory::$directory"

- name: Extract project directory
id: project-directory
if: ${{ steps.changed-files.outputs['project-change'] == 'true' }}
run: |
directory=$(dirname "${{ fromJson(steps.changed-files.outputs.project-change_files)[0] }}")
echo "Extracted Directory: $directory"
echo "::set-output name=directory::$directory"

- name: Extract environment directory
id: environment-directory
if: ${{ steps.changed-files.outputs['environment-change'] == 'true' }}
run: |
directory=$(dirname "${{ fromJson(steps.changed-files.outputs.environment-change_files)[0] }}")
echo "Extracted Directory: $directory"
echo "::set-output name=directory::$directory"

- name: Check for conflicting changes
id: check-changes
run: |
echo "::set-output name=has-environment-changes::${{ steps.changed-files.outputs.environment-change_files != '[]' }}"
echo "::set-output name=has-project-changes::${{ steps.changed-files.outputs.project-change_files != '[]' }}"

plan:
runs-on: ubuntu-latest
name: Terraform plan - all directories
name: Terraform Plan
needs: [changed-files]
if: ${{ needs.changed-files.outputs.module-change == 'true' }}
strategy:
matrix:
directory: ${{ needs.changed-files.outputs.environment-change }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_ACCESS_KEY_ID: ${{secrets.INCUBATOR_AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.INCUBATOR_AWS_SECRET_ACCESS_KEY}}
AWS_ACCESS_KEY_ID: ${{ secrets.INCUBATOR_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.INCUBATOR_AWS_SECRET_ACCESS_KEY }}
steps:
- name: Checkout
uses: actions/checkout@v3

- name: terraform plan
uses: dflook/terraform-plan@v1
- name: Fail on multiple plans
if: ${{ needs.changed-files.outputs.has-environment-changes == 'true' && needs.changed-files.outputs.has-project-changes == 'true' }}
run: |
echo "Multiple plans detected: Please make changes to environments and projects in separate pull requests."
exit 1

- name: Terraform validate - Modules
if: ${{ needs.changed-files.outputs.module-directory != '' && needs.changed-files.outputs.environment-directory == '' && needs.changed-files.outputs.project-directory == '' }}
uses: dflook/terraform-validate@v1
with:
path: ${{ matrix.directory }}
plan-project:
runs-on: ubuntu-latest
name: Terraform plan - Project changes
needs: [changed-files]
if: ${{ needs.changed-files.outputs.project-change == 'true' && needs.changed-files.outputs.module-change == 'false'}}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_ACCESS_KEY_ID: ${{secrets.INCUBATOR_AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.INCUBATOR_AWS_SECRET_ACCESS_KEY}}
steps:
- name: Checkout
uses: actions/checkout@v3
path: ${{ needs.changed-files.outputs.module-directory }}

- name: terraform plan
- name: Module validation failed
if: ${{ failure() && steps.validate.outputs.failure-reason == 'validate-failed' }}
run: echo "Module validation failed"

- name: Terraform plan - Environment
if: ${{ needs.changed-files.outputs.environment-directory != '' && (needs.changed-files.outputs.project-directory == '' || needs.changed-files.outputs.has-environment-changes == 'true') }}
uses: dflook/terraform-plan@v1
with:
path: terraform-incubator/people-depot/dev
plan-environment:
runs-on: ubuntu-latest
name: Terraform plan - Env changes
needs: [changed-files]
if: ${{ needs.changed-files.outputs.environment-change == 'true' && needs.changed-files.outputs.module-change == 'false' && needs.changed-files.outputs.project-change == 'false' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_ACCESS_KEY_ID: ${{secrets.INCUBATOR_AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.INCUBATOR_AWS_SECRET_ACCESS_KEY}}
steps:
- name: Checkout
uses: actions/checkout@v3

- name: terraform plan
path: ${{ needs.changed-files.outputs.environment-directory }}

- name: Terraform plan - Project
if: ${{ needs.changed-files.outputs.project-directory != '' && needs.changed-files.outputs.has-environment-changes != 'true' }}
uses: dflook/terraform-plan@v1
with:
path: terraform-incubator/people-depot/dev
path: ${{ needs.changed-files.outputs.project-directory }}
19 changes: 19 additions & 0 deletions terraform-modules/cognito/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
resource "aws_cognito_user_pool" "main" {
name = var.user_pool_name

// Add additional configurations here according to project needs
}

resource "aws_cognito_user_pool_client" "main" {
name = var.client_name
user_pool_id = aws_cognito_user_pool.main.id

// Configure client here
// For example:
generate_secret = false
allowed_oauth_flows = ["code", "implicit"]
allowed_oauth_scopes = ["email", "openid"]
allowed_oauth_flows_user_pool_client = true

// Other configurations like callback URLs, logout URLs, etc.
}
9 changes: 9 additions & 0 deletions terraform-modules/cognito/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
output "user_pool_id" {
description = "The ID of the Cognito User Pool"
value = aws_cognito_user_pool.main.id
}

output "user_pool_client_id" {
description = "The ID of the Cognito User Pool Client"
value = aws_cognito_user_pool_client.main.id
}
17 changes: 17 additions & 0 deletions terraform-modules/cognito/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
variable "region" {
description = "AWS region"
type = string
default = "us-west-2"
}

variable "user_pool_name" {
description = "Name of the Cognito User Pool"
type = string
default = ""
}

variable "client_name" {
description = "Name of the Cognito User Pool Client"
type = string
default = ""
}
Loading