From a3e56bf6896ec3ea3332526012b7ba97cf23c460 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Wed, 3 Nov 2021 14:53:04 -0700 Subject: [PATCH 1/5] trying out a omcbined workflow for plan and apply --- .github/workflows/apply-on-merge.yml | 134 --------------------------- .github/workflows/plan-on-pr.yml | 36 +++++-- 2 files changed, 30 insertions(+), 140 deletions(-) delete mode 100644 .github/workflows/apply-on-merge.yml diff --git a/.github/workflows/apply-on-merge.yml b/.github/workflows/apply-on-merge.yml deleted file mode 100644 index a713905..0000000 --- a/.github/workflows/apply-on-merge.yml +++ /dev/null @@ -1,134 +0,0 @@ -name: Plan / Apply On Merge - -on: - push: - branches: - - main - paths: - - 'terraform/**' - -jobs: - lint: - name: Lint - runs-on: ubuntu-20.04 - steps: - - name: Check out code - uses: actions/checkout@v2 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: 1.0.9 - - - name: Run terraform fmt check - run: terraform fmt -check -diff -recursive ./terraform - - inform_about_apply: - name: Inform About Apply - runs-on: ubuntu-20.04 - - steps: - - name: Inform on PR that Apply is Running - uses: mshick/add-pr-comment@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - repo-token-user-login: 'github-actions[bot]' - message: | - ***Running terraform apply*** - Results will display here momentarily... - - plan_and_apply: - name: Plan and Apply - env: - TF_VAR_allowed_account_id: ${{ secrets.ALLOWED_ACCOUNT_ID }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - path: - - dev - - stage - - prod - - steps: - - name: Check out code - uses: actions/checkout@v2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: us-east-1 - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: 1.0.9 - - - name: Initialize Terraform - run: | - cd terraform/${{ matrix.path }} - terraform init -input=false - - - name: Plan Terraform - id: plan - continue-on-error: true - run: | - cd terraform/${{ matrix.path }} - terraform plan -no-color -out=plan.tfplan \ - && terraform show -no-color plan.tfplan - - - name: Apply Terraform - if: steps.plan.outcome == 'success' - id: apply - continue-on-error: true - run: | - cd terraform/${{ matrix.path }} - terraform apply \ - -input=false \ - -no-color \ - plan.tfplan - - - name: Post Plan Failure - if: steps.plan.outcome == 'failure' - uses: mshick/add-pr-comment@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - repo-token-user-login: 'github-actions[bot]' - message: | - Plan failed for **${{ matrix.path }}**: - - ``` - ${{ steps.plan.outputs.stderr }} - ``` - - - name: Post Apply Failure - if: steps.apply.outcome == 'failure' - uses: mshick/add-pr-comment@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - repo-token-user-login: 'github-actions[bot]' - message: | - Apply failed for **${{ matrix.path }}**: - - ``` - ${{ steps.apply.outputs.stderr }} - ``` - - - name: Post Plan and Apply to GitHub PR - if: steps.plan.outcome == 'success' && steps.apply.outcome == 'success' - uses: mshick/add-pr-comment@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - repo-token-user-login: 'github-actions[bot]' - message: | - Applying **${{ matrix.path }}**: - - ``` - ${{ steps.plan.outputs.stdout }} - ``` - - ``` - ${{ steps.apply.outputs.stdout }} - ``` diff --git a/.github/workflows/plan-on-pr.yml b/.github/workflows/plan-on-pr.yml index 6a4d9af..9051d92 100644 --- a/.github/workflows/plan-on-pr.yml +++ b/.github/workflows/plan-on-pr.yml @@ -1,4 +1,4 @@ -name: Plan / Test On PR +name: Plan or Apply on: pull_request: @@ -6,6 +6,11 @@ on: - main # paths: # - 'terraform/**' + push: + branches: + - main + paths: + - 'terraform/**' jobs: lint: @@ -23,7 +28,7 @@ jobs: - name: Run terraform fmt check run: terraform fmt -check -diff -recursive ./terraform - plan: + plan_or_apply: name: Plan env: TF_VAR_allowed_account_id: ${{ secrets.ALLOWED_ACCOUNT_ID }} @@ -62,16 +67,35 @@ jobs: continue-on-error: true run: | cd terraform/${{ matrix.path }} - terraform plan -no-color + terraform plan -no-color -out plan.tfplan + + - name: Apply Terraform + id: apply + continue-on-error: true + if: | + steps.plan.outcome == 'success' + && github.ref == 'refs/heads/main' + && github.event_name == 'push' + run: | + cd terraform/${{ matrix.path }} + terraform apply \ + -input=false \ + -no-color \ + plan.tfplan - - name: Post Plan to GitHub PR + - name: Post Plan/Apply to GitHub PR uses: mshick/add-pr-comment@v1 with: allow-repeats: true repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token-user-login: 'github-actions[bot]' message: | - ## ${{ matrix.path }} plan + ## ${{ matrix.path }} plan${{ github.ref == 'refs/heads/main' && github.event_name == 'push' && '/apply' }} ``` - ${{ steps.plan.outputs.stdout }} + ${{ join([ + steps.plan.outputs.stdout, + steps.plan.outputs.stderr, + steps.apply.outputs.stdout, + steps.apply.outputs.stderr + ]) }} ``` From 0c0fdeaffe2bf00b8abb46c8881d642f4d880a2d Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Wed, 3 Nov 2021 15:06:08 -0700 Subject: [PATCH 2/5] =?UTF-8?q?=F0=9F=98=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/plan-on-pr.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/plan-on-pr.yml b/.github/workflows/plan-on-pr.yml index 9051d92..86f0b3a 100644 --- a/.github/workflows/plan-on-pr.yml +++ b/.github/workflows/plan-on-pr.yml @@ -92,10 +92,5 @@ jobs: message: | ## ${{ matrix.path }} plan${{ github.ref == 'refs/heads/main' && github.event_name == 'push' && '/apply' }} ``` - ${{ join([ - steps.plan.outputs.stdout, - steps.plan.outputs.stderr, - steps.apply.outputs.stdout, - steps.apply.outputs.stderr - ]) }} + ${{ join(steps.plan.outputs.*, "\n") }}${{ join(steps.apply.outputs.*, "\n") ``` From eedbb301cc5bc4a72f35cdb48676e19bbfaada7c Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Wed, 3 Nov 2021 15:07:55 -0700 Subject: [PATCH 3/5] =?UTF-8?q?=F0=9F=99=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/plan-on-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plan-on-pr.yml b/.github/workflows/plan-on-pr.yml index 86f0b3a..a9b4068 100644 --- a/.github/workflows/plan-on-pr.yml +++ b/.github/workflows/plan-on-pr.yml @@ -92,5 +92,5 @@ jobs: message: | ## ${{ matrix.path }} plan${{ github.ref == 'refs/heads/main' && github.event_name == 'push' && '/apply' }} ``` - ${{ join(steps.plan.outputs.*, "\n") }}${{ join(steps.apply.outputs.*, "\n") + ${{ join(steps.plan.outputs.*, '\n') }}${{ join(steps.apply.outputs.*, '\n') ``` From ca42a1110c7d3eda7cbae2dcb935a9690771b734 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Wed, 3 Nov 2021 15:08:43 -0700 Subject: [PATCH 4/5] oops --- .github/workflows/plan-on-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plan-on-pr.yml b/.github/workflows/plan-on-pr.yml index a9b4068..11a42fd 100644 --- a/.github/workflows/plan-on-pr.yml +++ b/.github/workflows/plan-on-pr.yml @@ -92,5 +92,5 @@ jobs: message: | ## ${{ matrix.path }} plan${{ github.ref == 'refs/heads/main' && github.event_name == 'push' && '/apply' }} ``` - ${{ join(steps.plan.outputs.*, '\n') }}${{ join(steps.apply.outputs.*, '\n') + ${{ join(steps.plan.outputs.*, '\n') }}${{ join(steps.apply.outputs.*, '\n') }} ``` From c595633b0b6a570baee30bc9c5ce487cf0b2a46c Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Wed, 3 Nov 2021 15:12:31 -0700 Subject: [PATCH 5/5] yup --- .github/workflows/plan-on-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plan-on-pr.yml b/.github/workflows/plan-on-pr.yml index 11a42fd..08fd03b 100644 --- a/.github/workflows/plan-on-pr.yml +++ b/.github/workflows/plan-on-pr.yml @@ -92,5 +92,5 @@ jobs: message: | ## ${{ matrix.path }} plan${{ github.ref == 'refs/heads/main' && github.event_name == 'push' && '/apply' }} ``` - ${{ join(steps.plan.outputs.*, '\n') }}${{ join(steps.apply.outputs.*, '\n') }} + ${{ join(steps.plan.outputs.*) }}${{ join(steps.apply.outputs.*) }} ```