Skip to content

Terraform Dev

Terraform Dev #470

Workflow file for this run

name: Terraform Dev
on:
workflow_run:
workflows: ["Docker Image"]
types:
- completed
jobs:
terraform_dev:
name: Checks & Plan
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions:
contents: read
issues: write
pull-requests: write
defaults:
run:
working-directory: ./infra
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.4.6
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
id: init
run: terraform init -backend-config backend-config-dev.tfvars
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
id: fmt
run: terraform fmt -check -diff -recursive
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}
# Validates the TF configuration files, referring only to the configuration and not accessing any remote services such as remote state.
# Runs checks that verify whether a configuration is syntactically valid and internally consistent, regardless of any provided variables or existing state.
- name: Terraform Validate
id: validate
run: terraform validate -no-color
# Select the relevant Terraform workspace.
- name: Terraform Select Workspace
id: select
run: terraform workspace select dev
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}
# Generates an execution plan for Terraform
- name: Terraform Plan
id: plan
run: |
terraform plan -input=false -no-color -lock-timeout=1h -var-file terraform-dev.tfvars \
-var "credentials=$GOOGLE_CREDENTIALS" \
-var docker_image=us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:${{ github.sha }}
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}
- uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
})
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
})
// 2. Prepare format of the comment
const output = `### Terraform Dev Environment
#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
<details><summary>Format Check Output</summary>
\`\`\`\n
${{ steps.fmt.outputs.stdout }}
\`\`\`
</details>
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Validation Output</summary>
\`\`\`\n
${{ steps.validate.outputs.stdout }}
\`\`\`
</details>
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
// 3. If we have a comment, update it, otherwise create a new one
if (botComment) {
github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: output
})
} else {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
}
# On push to "develop", build or change infrastructure according to Terraform configuration files
- name: Terraform Apply
if: github.ref == 'refs/heads/develop' && github.event_name == 'push'
run: |
terraform apply -auto-approve -input=false -lock-timeout=1h -var-file terraform-dev.tfvars \
-var "credentials=$GOOGLE_CREDENTIALS" \
-var docker_image=us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:${{ github.sha }}
env:
GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }}