Skip to content

Workflow file for this run

name: Sync Terraform Modules
run-name: sync
on:
workflow_dispatch:
inputs:
cloud-id:
description: "Which cloud to sync (aws, azure, gcp, all)"
required: true
default: "all"
type: choice
options:
- all
- aws
- azure
- gcp
repo_ref:
description: "Which tag/branch to select from the source repo"
default: "main"
type: string
jobs:
generate-matrix:
name: Generate Matrix
runs-on: ubuntu-latest
outputs: # this job outputs a matrix for the next job
clouds: ${{ steps.process_cloud_choice.outputs.clouds }}
steps: # this step looks at the cloud inputs and creates a relevant matrix for the next job
- name: Process choice of cloud(s) for matrix
id: process_cloud_choice
run: |
if [[ "${{ inputs.cloud-id }}" == "aws" ]]; then
echo "clouds={ \"selected_clouds\" : [ \"aws\" ] }" >> $GITHUB_OUTPUT
elif [[ "${{ inputs.cloud-id }}" == "azure" ]]; then
echo "clouds={ \"selected_clouds\" : [ \"azure\" ] }" >> $GITHUB_OUTPUT
elif [[ "${{ inputs.cloud-id }}" == "gcp" ]]; then
echo "clouds={ \"selected_clouds\" : [ \"gcp\" ] }" >> $GITHUB_OUTPUT
elif [[ "${{ inputs.cloud-id }}" == "all" ]]; then
echo "clouds={ \"selected_clouds\" : [ \"aws\", \"azure\", \"gcp\" ] }" >> $GITHUB_OUTPUT
fi
generate-docs:
name: Generate ${{ matrix.cloudid }} module docs
runs-on: ubuntu-latest
needs: generate-matrix
strategy:
fail-fast: false # treat each job as separate
matrix: # matrix comes from previous job
cloudid: ${{ fromJSON(needs.generate-matrix.outputs.clouds).selected_clouds }}
steps:
- name: Set cloud-specific repo env
run: |
if [[ "${{ matrix.cloudid }}" == "aws" ]]; then
echo "repo=terraform-aws-swfw-modules" >> $GITHUB_ENV
elif [[ "${{ matrix.cloudid }}" == "azure" ]]; then
echo "repo=terraform-azurerm-swfw-modules" >> $GITHUB_ENV
elif [[ "${{ matrix.cloudid }}" == "gcp" ]]; then
echo "repo=terraform-google-swfw-modules" >> $GITHUB_ENV
fi
- name: Checkout module repo for ${{ matrix.cloudid }}
uses: actions/checkout@v3
with:
repository: PaloAltoNetworks/${{ env.repo }}
path: ${{ env.repo }}
ref: "${{ inputs.repo_ref }}"
- name: Checkout local scripts
# if: steps.check_commit.outputs.changes != 'false'
uses: actions/checkout@v3
with:
path: "scripts"
- name: Setup Python
# if: steps.check_commit.outputs.changes != 'false'
uses: actions/setup-python@v4
with:
python-version: "3.10"
cache: "pip" # caching pip dependencies
- name: Install Python Dependencies
# if: steps.check_commit.outputs.changes != 'false'
run: |
python -m pip install --upgrade pip
pip install -r ./scripts/requirements.txt
- name: Generate module readmes for pan.dev
# if: steps.check_commit.outputs.changes != 'false'
run: |
tree .
python ./scripts/process_modules_readmes.py "./${{ env.repo }}/modules" "./output/vmseries/modules"
python ./scripts/process_modules_readmes.py --type refarch "./${{ env.repo }}/examples" "./output/vmseries/reference-architectures"
python ./scripts/process_modules_readmes.py --type example "./${{ env.repo }}/examples" "./output/vmseries/examples"
- name: Save module readmes
# if: steps.check_commit.outputs.changes != 'false'
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.cloudid }}
path: output
sync-to-pan-dev:
name: Sync to pan.dev
runs-on: ubuntu-latest
needs: generate-docs
env:
SWFW_DIR: pan.dev/products/terraform/docs/swfw
steps:
- name: Download module readmes
uses: actions/download-artifact@v3
with:
path: output
- name: Checkout pan.dev repo
uses: actions/checkout@v3
with:
repository: PaloAltoNetworks/pan.dev
path: pan.dev
- name: Print output
run: |
tree output
- name: Print pan.dev
run: |
tree "$SWFW_DIR"
- name: Add generated docs to pan.dev
run: |
if [ -d output/aws ]; then
rm -rf "$SWFW_DIR/aws/modules/*"
rm -rf "$SWFW_DIR/aws/reference-architectures/*"
rsync -av output/aws/ "$SWFW_DIR/aws/"
fi
if [ -d output/azure ]; then
rm -rf "$SWFW_DIR/azure/modules/*"
rm -rf "$SWFW_DIR/azure/reference-architectures/*"
rsync -av output/azure/ "$SWFW_DIR/azure/"
fi
if [ -d output/gcp ]; then
rm -rf "$SWFW_DIR/gcp/modules/*"
rm -rf "$SWFW_DIR/gcp/reference-architectures/*"
rsync -av output/gcp/ "$SWFW_DIR/gcp/"
fi
- name: Print pan.dev after
run: |
tree "$SWFW_DIR"
cd "$SWFW_DIR" && git status
- name: Generate GitHub token
id: generate-token
uses: tibdex/github-app-token@v1
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
installation_id: ${{ secrets.APP_INSTALL_ID }}
- name: Create pull request
uses: peter-evans/create-pull-request@v5
id: create-pull-request
with:
token: ${{ steps.generate-token.outputs.token }}
path: pan.dev
branch: sync-${{ inputs.cloud-id }}-terraform-module-docs
delete-branch: true
commit-message: "Sync ${{ inputs.cloud-id }} Terraform module documentation"
title: "Sync ${{ inputs.cloud-id }} Terraform module documentation to pan.dev"
body: "This PR was automatically generated by a workflow."
- name: Pull Request results
run: |
echo "${{ toJSON(steps.create-pull-request.outputs) }}"
- name: Print no pull request
if: steps.create-pull-request.outputs.pull-request-number == ''
run: |
echo "::notice ::No action taken, no changes to commit"
- name: Print pull request
if: steps.create-pull-request.outputs.pull-request-number
run: |
echo "::notice ::PR ${{ steps.create-pull-request.outputs.pull-request-operation }}: ${{ steps.create-pull-request.outputs.pull-request-url }}"