-
Notifications
You must be signed in to change notification settings - Fork 0
117 lines (108 loc) · 3.88 KB
/
pull-request.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: "pull request"
on:
pull_request:
branches: [main]
paths-ignore:
- "README.md"
- "catalog.yaml"
env:
IMAGE_PATH: ${{ github.repository_owner }}/gratibot
tofu_version: '~1.9'
tg_version: '0.72.0'
permissions:
id-token: write
pull-requests: write
contents: read
packages: write
jobs:
setup:
name: Pipeline Setup
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Generate tag
id: tag
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
outputs:
docker-tag: ${{ steps.tag.outputs.sha_short }}
build:
name: Docker
needs: setup
uses: liatrio/github-workflows/.github/workflows/docker-build.yaml@main
with:
repository: ghcr.io/liatrio
image-name: gratibot
tag: ${{ needs.setup.outputs.docker-tag }}
fmt:
name: "Terraform fmt check"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Tofu
uses: opentofu/setup-opentofu@592200bd4b9bbf4772ace78f887668b1aee8f716 # v1.0.5
with:
tofu_version: ${{ env.tofu_version }}
- name: Terraform fmt check
run: tofu fmt -check -recursive
validate:
name: "Terraform validate check"
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Tofu
uses: opentofu/setup-opentofu@592200bd4b9bbf4772ace78f887668b1aee8f716 # v1.0.5
with:
tofu_version: ${{ env.tofu_version }}
- name: Setup Terragrunt
run: |
wget https://github.com/gruntwork-io/terragrunt/releases/download/v${{ env.tg_version }}/terragrunt_linux_amd64
sudo mv terragrunt_linux_amd64 /usr/local/bin/terragrunt
sudo chmod +x /usr/local/bin/terragrunt
- name: Terraform validate check
run: |
terragrunt init -backend=false
terragrunt validate --terragrunt-no-auto-init
working-directory: infra/terragrunt/nonprod/gratibot/
env:
TF_VAR_gratibot_image: "${{ env.IMAGE_PATH }}:${{ needs.build.outputs.docker_tag }}"
plan:
name: "Terraform Nonprod plan"
runs-on: ubuntu-latest
concurrency:
group: "tf-nonprod"
needs: build
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Tofu
uses: opentofu/setup-opentofu@592200bd4b9bbf4772ace78f887668b1aee8f716 # v1.0.5
with:
tofu_version: ${{ env.tofu_version }}
- name: Setup Terragrunt
run: |
wget https://github.com/gruntwork-io/terragrunt/releases/download/v${{ env.tg_version }}/terragrunt_linux_amd64
sudo mv terragrunt_linux_amd64 /usr/local/bin/terragrunt
sudo chmod +x /usr/local/bin/terragrunt
- name: Plan Gratibot staging deployment
id: plan_gratibot_staging_deployment
working-directory: infra/terragrunt/nonprod/gratibot/
run: |
terragrunt plan -out plan.out
terragrunt show -no-color -json plan.out > plan.json
continue-on-error: true
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: "1b4a4fed-fed8-4823-a8a0-3d5cea83d122"
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_NONPROD_SUBSCRIPTION_ID }}
ARM_USE_OIDC: true
TF_VAR_gratibot_image: "${{ env.IMAGE_PATH }}:${{ needs.build.outputs.docker_tag }}"
- uses: liatrio/terraform-change-pr-commenter@3ec253eeac8850d78939ea4914963931ec3d5dc2 # v1.7.1
with:
json-file: infra/terragrunt/nonprod/gratibot/plan.json
expand-comment: 'true'
- name: Status
if: contains(steps.*.outcome, 'failure')
run: exit 1