build(deps): update terraform hashicorp/terraform to v1.10.5 #585
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| schedule: | |
| # At 00:00 on Monday | |
| - cron: '0 0 * * 1' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.number || github.ref }} | |
| cancel-in-progress: ${{ ! (github.ref == 'refs/heads/main' && github.event_name == 'push') }} | |
| env: | |
| # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp extractVersion=^v(?<version>.+)$ | |
| TERRAFORM_VERSION: 1.9.8 | |
| jobs: | |
| pre-job: | |
| name: Pre Job | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| outputs: | |
| should_skip: ${{ steps.skip-check.outputs.should_skip }} | |
| workspaces: ${{ steps.workspaces.outputs.workspaces }} | |
| permissions: | |
| actions: write | |
| contents: read | |
| steps: | |
| - name: Check if should skip | |
| uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 | |
| id: skip-check | |
| continue-on-error: true | |
| with: | |
| do_not_skip: '["schedule", "workflow_dispatch"]' | |
| paths_filter: |- | |
| terraform: | |
| paths: [ | |
| '**.tf', | |
| '**/files/**', | |
| ] | |
| workflow: | |
| paths: | |
| - .github/workflows/terraform.yml | |
| - .tflint.hcl | |
| skip_after_successful_duplicate: false | |
| - name: Checkout | |
| if: steps.skip-check.outputs.should_skip != 'true' | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Create workspaces list | |
| if: steps.skip-check.outputs.should_skip != 'true' | |
| id: workspaces | |
| run: | | |
| DIRS=( */ ) | |
| DIRS="$(printf '%s\n' "${DIRS[@]%/}" | jq -csrR 'split("\n")[:-1]')" | |
| if [[ "${REASON}" == 'paths' ]]; then | |
| jq -r --arg dirs "${DIRS}" ' | |
| if .workflow.should_skip|not then | |
| $dirs|fromjson | |
| elif .terraform.should_skip|not then | |
| [.terraform.matched_files[]|split("/")[0]]|unique | |
| else | |
| [] | |
| end | |
| | "workspaces=\(.)" | |
| ' >"${GITHUB_OUTPUT}" <<<"${PATH_RESULT}" | |
| else | |
| printf 'workspaces=%s' "${DIRS}" >"${GITHUB_OUTPUT}" | |
| fi | |
| env: | |
| REASON: ${{ steps.skip-check.outputs.reason }} | |
| PATH_RESULT: ${{ steps.skip-check.outputs.paths_result }} | |
| run: | |
| name: Run | |
| needs: pre-job | |
| runs-on: ubuntu-latest | |
| if: ${{ needs.pre-job.outputs.should_skip != 'true' && needs.pre-job.outputs.workspaces != '[]' }} | |
| timeout-minutes: 180 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| TF_CLI_ARGS: -no-color | |
| TF_IN_AUTOMATION: 'true' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| workspace: ${{ fromJSON(needs.pre-job.outputs.workspaces) }} | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ${{ matrix.workspace }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
| with: | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| cli_config_credentials_token: ${{ secrets.TF_CLOUD_API_TOKEN }} | |
| - name: Terraform Format | |
| id: fmt | |
| run: terraform fmt -check -diff | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -backend="${BACKEND}" | |
| env: | |
| BACKEND: ${{ !github.event.pull_request.head.repo.fork }} | |
| - name: Terraform Validate | |
| id: validate | |
| run: terraform validate | |
| - name: Terraform Lint | |
| id: lint | |
| uses: docker://ghcr.io/terraform-linters/tflint:v0.53.0@sha256:cc6e2f412674c49add3489e8cef128aa385236063d411d15a1be6788c6fa7d88 | |
| with: | |
| args: --chdir=${{ matrix.workspace }} | |
| - name: Terraform Plan | |
| if: '!github.event.pull_request.head.repo.fork' | |
| id: plan | |
| run: terraform plan -detailed-exitcode | |
| continue-on-error: true | |
| - name: Comment on pull request | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| if: github.event_name == 'pull_request' | |
| env: | |
| WORKSPACE: ${{ matrix.workspace }} | |
| FMT_OUTCOME: ${{ steps.fmt.outcome }} | |
| INIT_OUTCOME: ${{ steps.init.outcome }} | |
| VALIDATE_OUTCOME: ${{ steps.validate.outcome }} | |
| VALIDATE_OUTPUT: ${{ steps.validate.stdout }} | |
| LINT_OUTCOME: ${{ steps.lint.outcome }} | |
| LINT_OUTPUT: ${{ steps.lint.stdout }} | |
| PLAN_OUTCOME: ${{ steps.plan.outcome }} | |
| PLAN_OUTPUT: ${{ steps.plan.outputs.stdout }} | |
| ACTOR: ${{ github.actor }} | |
| EVENT: ${{ github.event_name }} | |
| WORKFLOW: ${{ github.workflow }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| // 1. Retrieve existing bot comments for the PR | |
| const { data: comments } = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }) | |
| const botComment = comments.find(comment => { | |
| return ( | |
| comment.user.type === 'Bot' && | |
| comment.body.includes('Terraform Format and Style') && | |
| comment.body.includes( | |
| `Working Directory: \`${process.env.WORKSPACE}\`` | |
| ) | |
| ) | |
| }) | |
| function getOutcomeEmoji(outcome) { | |
| switch(outcome) { | |
| case 'success': | |
| return '✅' | |
| case 'failure': | |
| return '❌' | |
| case 'cancelled': | |
| return '⛔️' | |
| case 'skipped': | |
| return '⏭️' | |
| default: | |
| return '❔' | |
| } | |
| } | |
| // 2. Prepare format of the comment | |
| const output = `#### 🖌 Terraform Format and Style ${getOutcomeEmoji(process.env.FMT_OUTCOME)} | |
| #### ⚙️ Terraform Initialization ${getOutcomeEmoji(process.env.INIT_OUTCOME)} | |
| #### 🤖 Terraform Validation ${getOutcomeEmoji(process.env.VALIDATE_OUTCOME)} | |
| <details><summary>Validation Output</summary> | |
| \`\`\` | |
| ${process.env.VALIDATE_OUTPUT}\`\`\` | |
| </details> | |
| #### 🦙 Terraform Lint ${getOutcomeEmoji(process.env.LINT_OUTCOME)} | |
| <details><summary>Lint Output</summary> | |
| \`\`\` | |
| ${process.env.LINT_OUTPUT}\`\`\` | |
| </details> | |
| #### 📖 Terraform Plan ${getOutcomeEmoji(process.env.PLAN_OUTCOME)} | |
| <details><summary>Show Plan</summary> | |
| \`\`\`diff | |
| ${process.env.PLAN_OUTPUT}\`\`\` | |
| </details> | |
| *Pusher: @${process.env.ACTOR}, Action: \`${process.env.EVENT}\`, Working Directory: \`${process.env.WORKSPACE}\`, Workflow: \`${process.env.WORKFLOW}\`*`; | |
| // 3. If we have a comment, update it, otherwise create a new one | |
| if (botComment) { | |
| github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: botComment.id, | |
| body: output | |
| }) | |
| } else { | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) | |
| } | |
| - name: Terraform Plan Status | |
| if: steps.plan.outcome == 'failure' | |
| run: exit 1 | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| run: terraform apply -auto-approve |