-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
234 lines (217 loc) · 9 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
name: "OpenTofu - Continuous Delivery"
author: "@GlueOps"
description: "Abstracts multiple OpenTofu actions from @dflook and provides a streamlined workflow with some basic customization"
# https://actions-cool.github.io/github-action-branding/
branding:
icon: 'upload-cloud'
color: 'yellow'
inputs:
path:
description: Path to the tofu configuration
required: false
default: .
workspace:
description: Name of the tofu workspace
required: false
default: default
backend_config:
description: List of backend config values to set, one per line
required: false
default: ""
backend_config_file:
description: Path to a backend config file
required: false
default: ""
variables:
description: Variable definitions
required: false
var_file:
description: List of var file paths, one per line
required: false
default: ""
parallelism:
description: Limit the number of concurrent operations
required: false
default: "0"
label:
description: A friendly name for this plan
required: false
default: ""
target:
description: List of resources to target for the apply, one per line
required: false
default: ""
replace:
description: List of resources to replace if an update is required, one per line
required: false
default: ""
destroy:
description: Create and apply a plan to destroy all resources
required: false
default: "false"
backend_type:
description: The backend plugin name
required: true
add_github_comment:
description: Add the plan to a GitHub PR
required: false
default: "true"
enable_slack_notification_for_approval:
description: Enable or Disable slack notifications
required: false
default: "true"
outputs:
tofu:
description: The tofu version used by the configuration
changes:
description: If the generated plan would update any resources or outputs this is set to `true`, otherwise it's set to `false`.
to_add:
description: The number of resources that would be added by this plan
to_change:
description: The number of resources that would be changed by this plan
to_destroy:
description: The number of resources that would be destroyed by this plan
plan_path:
description: Path to a file in the workspace containing the generated plan in an opaque binary format.
text_plan_path:
description: Path to a file in the workspace containing the generated plan in human readable format. This won't be set if the backend type is `remote` and `auto_approve` is `true`
json_plan_path:
description: Path to a file in the workspace containing the generated plan in JSON format. This won't be set if the backend type is `remote`.
run_id:
description: If the root module uses the `remote` or `cloud` backend in remote execution mode, this output will be set to the remote run id.
failure-reason:
description: The reason for the build failure. May be `apply-failed` or `plan-changed`.
runs:
using: "composite"
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: tofu fmt
uses: dflook/tofu-fmt-check@ba2b30a799cba872b77f687b596ce398569990e3 # v1.44.0
id: fmt-check
with:
path: ${{ inputs.path }}
workspace: ${{ inputs.workspace }}
backend_config: ${{ inputs.backend_config }}
backend_config_file: ${{ inputs.backend_config_file }}
- name: Wrong formatting found
if: ${{ failure() && steps.fmt-check.outputs.failure-reason == 'check-failed' }}
shell: bash
run: echo "Please format your tofu correctly. Use 'tofu fmt' or 'tofu fmt'"
- name: tofu validate
uses: dflook/tofu-validate@5e7b3d60f51188f0735563239d18861fe2266b37 # v1.44.0
id: Validation
with:
path: ${{ inputs.path }}
workspace: ${{ inputs.workspace }}
backend_config: ${{ inputs.backend_config }}
backend_config_file: ${{ inputs.backend_config_file }}
- name: Test tofu-version
uses: dflook/tofu-version@019721fdb85aea4e7ce62860cf8ed7e1b0c4f45b # v1.44.0
id: Versions
with:
path: ${{ inputs.path }}
workspace: ${{ inputs.workspace }}
backend_config: ${{ inputs.backend_config }}
backend_config_file: ${{ inputs.backend_config_file }}
- name: tofu plan
id: plan
uses: dflook/tofu-plan@830e0eb359a91f551ae9c06217ea855c0e87665b # v1.44.0
with:
path: ${{ inputs.path }}
workspace: ${{ inputs.workspace }}
backend_config: ${{ inputs.backend_config }}
backend_config_file: ${{ inputs.backend_config_file }}
variables: ${{ inputs.variables }}
var_file: ${{ inputs.var_file }}
parallelism: ${{ inputs.parallelism }}
label: ${{ inputs.label }}
target: ${{ inputs.target }}
replace: ${{ inputs.replace }}
destroy: ${{ inputs.destroy }}
add_github_comment: ${{ inputs.add_github_comment }}
- name: Notify in Slack about Approving/Denying to continue workflow
if: github.ref_name == 'main' && steps.plan.outputs.changes == 'true' && inputs.enable_slack_notification_for_approval == 'true' && github.event_name != 'pull_request'
uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
with:
payload: |
{
"attachments": [
{
"color": "#FFA500",
"author_name": ":link: OpenTofu - ${{ github.event.repository.name }} - Job Details",
"author_link": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"title": "https://github.com/${{ github.repository }}",
"title_link": "https://github.com/${{ github.repository }}",
"text": ":raising_hand: Approval Required: https://github.com/${{ github.repository }}/issues"
}
]
}
env:
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
## IMPORTANT
## DO NOT REMOVE THIS MANUAL APPROVAL STEP UNLESS YOU WANT AUTO APPLY WITHOUT ANY APPROVALS.
- name: Approve or Deny tofu apply
if: github.ref_name == 'main' && steps.plan.outputs.changes == 'true'
uses: trstringer/manual-approval@v1
with:
secret: ${{ github.TOKEN }}
approvers: ${{ github.actor }}
minimum-approvals: 1
issue-title: "Approve or Deny tofu apply"
issue-body: "Approve or Deny tofu apply"
exclude-workflow-initiator-as-approver: false
- name: tofu apply
if: github.ref_name == 'main' && steps.plan.outputs.changes == 'true'
uses: dflook/tofu-apply@af009c1e6d9f60c424b495dd120f3673606b82d2 # v1.44.0
with:
path: ${{ inputs.path }}
workspace: ${{ inputs.workspace }}
backend_config: ${{ inputs.backend_config }}
backend_config_file: ${{ inputs.backend_config_file }}
variables: ${{ inputs.variables }}
var_file: ${{ inputs.var_file }}
parallelism: ${{ inputs.parallelism }}
label: ${{ inputs.label }}
auto_approve: "true" # SET TO FALSE TO DISABLE AUTO APPLY.
target: ${{ inputs.target }}
replace: ${{ inputs.replace }}
destroy: ${{ inputs.destroy }}
- name: Notify on Success
if: always() && success()
uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
with:
payload: |
{
"attachments": [
{
"color": "#36a64f",
"author_name": ":link: OpenTofu - ${{ github.event.repository.name }} - Job Details",
"author_link": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"title": "https://github.com/${{ github.repository }}",
"title_link": "https://github.com/${{ github.repository }}",
"text": ":large_green_circle: SUCCESS :large_green_circle:"
}
]
}
env:
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
- name: Notify on Failure
if: always() && failure()
uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
with:
payload: |
{
"attachments": [
{
"color": "#FF0000",
"author_name": ":link: OpenTofu - ${{ github.event.repository.name }} - Job Details",
"author_link": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"title": "https://github.com/${{ github.repository }}",
"title_link": "https://github.com/${{ github.repository }}",
"text": ":rotating_light: FAILURE :rotating_light:"
}
]
}
env:
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK