feat: init (#1)

Moved adding any stacks to a subsequent PR. This initial PR includes
adding the workflows only but no actual Terramate stacks.

Author: soerenmartius

.github/workflows/apply.yml

@@ -0,0 +1,55 @@
+name: Run Terraform Apply
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  preview:
+    name: Apply
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.head_ref }}
+          fetch-depth: 0
+
+      - name: Install tools using asdf
+        uses: asdf-vm/actions/[email protected]
+
+      - name: List changed stacks
+        id: list
+        run: |
+          echo "stdout<<STDOUT" >>$GITHUB_OUTPUT
+          terramate list --changed >>$GITHUB_OUTPUT
+          EXIT_CODE=$?
+          echo "STDOUT" >>$GITHUB_OUTPUT
+          exit ${EXIT_CODE}
+
+      - name: Configure AWS Credentials
+        if: steps.list.outputs.stdout
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-central-1
+
+      - name: Run Terraform init on changed stacks
+        if: steps.list.outputs.stdout
+        id: init
+        run: |
+          terramate run --changed -- terraform init
+
+      - name: Create Terraform apply on changed stacks
+        if: steps.list.outputs.stdout
+        id: apply
+        run: |
+          terramate run --changed -- terraform apply -input=false -auto-approve

.github/workflows/plan.yml

@@ -0,0 +1,78 @@
+name: Preview Terraform Plan
+
+on:
+  pull_request:
+
+jobs:
+  preview:
+    name: Plan
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.head_ref }}
+          fetch-depth: 0
+
+      - name: Install tools using asdf
+        uses: asdf-vm/actions/[email protected]
+
+      - name: List changed stacks
+        id: list
+        run: |
+          echo "stdout<<STDOUT" >>$GITHUB_OUTPUT
+          terramate list --changed >>$GITHUB_OUTPUT
+          EXIT_CODE=$?
+          echo "STDOUT" >>$GITHUB_OUTPUT
+          exit ${EXIT_CODE}
+
+      - name: Configure AWS Credentials
+        if: steps.list.outputs.stdout
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-central-1
+
+      - name: Create Terraform plan on changed stacks
+        if: steps.list.outputs.stdout
+        run: |
+          terramate run --changed -- terraform init
+          terramate run --changed -- terraform validate
+          terramate run --changed -- terraform plan -out out.tfplan
+
+      - name: Generate Preview Comment
+        if: steps.list.outputs.stdout
+        id: comment
+        run: |
+          echo >>pr-comment.txt "### List of Changed Stacks"
+          echo >>pr-comment.txt
+          echo >>pr-comment.txt '```bash'
+          echo >>pr-comment.txt "${{ steps.list.outputs.stdout }}"
+          echo >>pr-comment.txt '```'
+          echo >>pr-comment.txt
+          echo >>pr-comment.txt "#### Terraform Plan"
+          echo >>pr-comment.txt
+          echo >>pr-comment.txt '```terraform'
+          terramate run --changed -- terraform show -no-color out.tfplan 2>&1 | dd bs=1024 count=248 >>pr-comment.txt
+          echo >>pr-comment.txt '```'
+          cat pr-comment.txt >>$GITHUB_STEP_SUMMARY
+
+      - name: Inform about no Changed Stacks
+        if: (!steps.list.outputs.stdout)
+        run: |
+          echo >>pr-comment.txt '### No changed stacks.'
+          cat pr-comment.txt >>$GITHUB_STEP_SUMMARY
+
+      - name: Publish Plans for Changed Stacks
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          header: terraform-plan
+          path: pr-comment.txt

.gitignore

@@ -0,0 +1,17 @@
+# Intellij
+.idea
+
+# MacOS
+.DS_STORE
+
+# VSCode configuration
+.vscode
+
+# Ignore Terraform init files
+terraform.tfstate*
+.terraform
+.terraform.lock.hcl
+
+# Ignore all files generated during CI/CD workflows
+*.tfplan
+pr-comment.txt

.tool-versions

@@ -0,0 +1,2 @@
+terraform 1.5.3
+terramate 0.4.0

README.md

@@ -1,2 +1,22 @@
-# terramate-github-actions-example
-terramate-github-actions-example
+<p align="center">
+  <picture width="160px" align="center">
+      <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/terramate-io/brand/5a799813d429116741243b9b06a9f034a3991bf3/darkmode/stamp.svg">
+      <img alt="Terramate" src="https://raw.githubusercontent.com/terramate-io/brand/5a799813d429116741243b9b06a9f034a3991bf3/whitemode/stamp.svg" width="160px" align="center">
+    </picture>
+  <h1 align="center">Terramate</h1>
+  <p align="center">
+    ✨ <a href="https://terramate.io/docs/cli">https://terramate.io</a> ✨
+    <br/>
+      Terramate helps implement and maintain <strong>highly scalable</strong> Terraform projects by adding powerful capabilities
+      such as code generation, stacks, orchestration, change detection, data sharing and more.
+  </p>
+</p>
+<br/>
+
+<p align="center">
+  <a href="https://terramate.io/docs/cli">📖 Terramate Documentation</a> | <a href="https://play.terramate.io">💻 Playground</a> | <a href="https://terramate.io/discord" title="Join our Discord Community">💬 Discord Community</a> | <a href="https://jobs.ashbyhq.com/terramate" title="Terrmate Job Board">🚀 We are hiring!</a>
+</p>
+
+## Examples
+
+This repository demonstrates a simple example of how Terramate helps run simple and efficient workflows using GitHub Actions.