Skip to content

Commit 4bc5733

Browse files
akananthakananth
authored
Update aws-nap-apply.yml
1 parent f9cc034 commit 4bc5733

File tree

1 file changed

+106
-76
lines changed

1 file changed

+106
-76
lines changed

.github/workflows/aws-nap-apply.yml

Lines changed: 106 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
name: "F5XC + NAP Apply"
2+
23
on:
34
push:
45
branches:
@@ -19,22 +20,11 @@ jobs:
1920
- name: Checkout
2021
uses: actions/checkout@v3
2122

22-
- name: Setup Terraform
23+
- name: Setup Terraform
2324
uses: hashicorp/setup-terraform@v2
2425
with:
2526
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
2627

27-
- name: Cache Terraform Plugins
28-
uses: actions/cache@v3
29-
with:
30-
path: ~/.terraform.d/plugin-cache
31-
key: terraform-plugins-${{ runner.os }}-${{ hashFiles('**/.terraform.lock.hcl') }}
32-
restore-keys: |
33-
terraform-plugins-${{ runner.os }}-
34-
35-
- name: Show Terraform Version
36-
run: terraform version
37-
3828
- name: Setup Terraform Backend
3929
run: |
4030
cat > backend.tf << EOF
@@ -47,52 +37,32 @@ jobs:
4737
}
4838
}
4939
EOF
50-
40+
5141
- name: Terraform Init
5242
run: terraform init
5343

5444
- name: Terraform Validate
5545
run: terraform validate -no-color
5646

5747
- name: Terraform Plan
58-
id: plan
5948
if: github.event_name == 'pull_request'
60-
run: terraform plan -no-color -input=false | tee plan.txt
49+
run: |
50+
export TF_LOG=DEBUG
51+
terraform plan -no-color -input=false | tee plan.txt
52+
cat plan.txt
6153
continue-on-error: true
6254

63-
- name: Capture Terraform Plan Output
64-
if: github.event_name == 'pull_request'
65-
run: echo "PLAN=$(cat plan.txt)" >> $GITHUB_ENV
66-
67-
- uses: actions/github-script@v6
68-
if: github.event_name == 'pull_request'
69-
env:
70-
PLAN: ${{ env.PLAN }}
71-
with:
72-
github-token: ${{ secrets.GITHUB_TOKEN }}
73-
script: |
74-
const output = `#### Terraform Initialization ⚙️\n\`${{ steps.init.outcome }}\`
75-
#### Terraform Validation 🤖\n\`${{ steps.validate.outcome }}\`
76-
#### Terraform Plan 📖\n\`${{ steps.plan.outcome }}\`
77-
<details><summary>Show Plan</summary>
78-
\`\`\`
79-
${process.env.PLAN}
80-
\`\`\`
81-
</details>
82-
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
83-
github.rest.issues.createComment({
84-
issue_number: context.issue.number,
85-
owner: context.repo.owner,
86-
repo: context.repo.repo,
87-
body: output
88-
});
89-
9055
- name: Terraform Plan Status
91-
if: steps.plan.outcome != 'success'
92-
run: exit 1
56+
run: |
57+
if grep -q "Error" plan.txt; then
58+
echo "❌ Terraform plan contains errors!"
59+
exit 1
60+
else
61+
echo "✅ Terraform plan is clean!"
62+
fi
9363
9464
- name: Terraform Apply
95-
if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
65+
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
9666
run: terraform apply -auto-approve -input=false
9767

9868
terraform_eks:
@@ -111,44 +81,44 @@ jobs:
11181
with:
11282
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
11383

84+
- name: Setup Terraform Backend
85+
run: |
86+
cat > backend.tf << EOF
87+
terraform {
88+
cloud {
89+
organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}"
90+
workspaces {
91+
name = "${{ secrets.TF_CLOUD_WORKSPACE_EKS }}"
92+
}
93+
}
94+
}
95+
EOF
96+
11497
- name: Terraform Init
11598
run: terraform init
11699

117100
- name: Terraform Validate
118101
run: terraform validate -no-color
119102

120103
- name: Terraform Plan
121-
id: plan
122104
if: github.event_name == 'pull_request'
123-
run: terraform plan -no-color -input=false | tee plan.txt
105+
run: |
106+
export TF_LOG=DEBUG
107+
terraform plan -no-color -input=false | tee plan.txt
108+
cat plan.txt
124109
continue-on-error: true
125110

126-
- name: Capture Terraform Plan Output
127-
if: github.event_name == 'pull_request'
128-
run: echo "PLAN=$(cat plan.txt)" >> $GITHUB_ENV
129-
130-
- uses: actions/github-script@v6
131-
if: github.event_name == 'pull_request'
132-
env:
133-
PLAN: ${{ env.PLAN }}
134-
with:
135-
github-token: ${{ secrets.GITHUB_TOKEN }}
136-
script: |
137-
const output = `#### Terraform Plan 📖\n\`${{ steps.plan.outcome }}\`
138-
<details><summary>Show Plan</summary>
139-
\`\`\`
140-
${process.env.PLAN}
141-
\`\`\`
142-
</details>`;
143-
github.rest.issues.createComment({
144-
issue_number: context.issue.number,
145-
owner: context.repo.owner,
146-
repo: context.repo.repo,
147-
body: output
148-
});
111+
- name: Terraform Plan Status
112+
run: |
113+
if grep -q "Error" plan.txt; then
114+
echo "❌ Terraform plan contains errors!"
115+
exit 1
116+
else
117+
echo "✅ Terraform plan is clean!"
118+
fi
149119
150120
- name: Terraform Apply
151-
if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
121+
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
152122
run: terraform apply -auto-approve -input=false
153123

154124
terraform_nap:
@@ -167,20 +137,50 @@ jobs:
167137
with:
168138
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
169139

140+
- name: Setup Terraform Backend
141+
run: |
142+
cat > backend.tf << EOF
143+
terraform {
144+
cloud {
145+
organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}"
146+
workspaces {
147+
name = "${{ secrets.TF_CLOUD_WORKSPACE_NAP }}"
148+
}
149+
}
150+
}
151+
EOF
152+
170153
- name: Terraform Init
171154
run: terraform init
172-
155+
173156
- name: Terraform Validate
174157
run: terraform validate -no-color
175158

159+
- name: Terraform Plan
160+
if: github.event_name == 'pull_request'
161+
run: |
162+
export TF_LOG=DEBUG
163+
terraform plan -no-color -input=false | tee plan.txt
164+
cat plan.txt
165+
continue-on-error: true
166+
167+
- name: Terraform Plan Status
168+
run: |
169+
if grep -q "Error" plan.txt; then
170+
echo "❌ Terraform plan contains errors!"
171+
exit 1
172+
else
173+
echo "✅ Terraform plan is clean!"
174+
fi
175+
176176
- name: Terraform Apply
177-
if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
177+
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
178178
run: terraform apply -auto-approve -input=false
179179

180180
terraform_arcadia:
181181
name: "Arcadia WebApp"
182182
runs-on: ubuntu-latest
183-
needs: [terraform_nap, terraform_eks]
183+
needs: terraform_nap
184184
defaults:
185185
run:
186186
working-directory: ./arcadia
@@ -193,13 +193,43 @@ jobs:
193193
with:
194194
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
195195

196+
- name: Setup Terraform Backend
197+
run: |
198+
cat > backend.tf << EOF
199+
terraform {
200+
cloud {
201+
organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}"
202+
workspaces {
203+
name = "${{ secrets.TF_CLOUD_WORKSPACE_ARCADIA }}"
204+
}
205+
}
206+
}
207+
EOF
208+
196209
- name: Terraform Init
197210
run: terraform init
198-
211+
199212
- name: Terraform Validate
200213
run: terraform validate -no-color
201214

215+
- name: Terraform Plan
216+
if: github.event_name == 'pull_request'
217+
run: |
218+
export TF_LOG=DEBUG
219+
terraform plan -no-color -input=false | tee plan.txt
220+
cat plan.txt
221+
continue-on-error: true
222+
223+
- name: Terraform Plan Status
224+
run: |
225+
if grep -q "Error" plan.txt; then
226+
echo "❌ Terraform plan contains errors!"
227+
exit 1
228+
else
229+
echo "✅ Terraform plan is clean!"
230+
fi
231+
202232
- name: Terraform Apply
203-
if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
233+
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
204234
run: terraform apply -auto-approve -input=false
205235

0 commit comments

Comments
 (0)