From 3dbb6d4217e8cc22a7996c710783b3ce93637423 Mon Sep 17 00:00:00 2001 From: zied-elouaer Date: Mon, 31 Jul 2023 18:12:03 +0200 Subject: [PATCH 1/2] feat: init --- .github/workflows/apply.yml | 55 +++++++++++++++++++++++ .github/workflows/plan.yml | 89 +++++++++++++++++++++++++++++++++++++ .gitignore | 17 +++++++ .tool-versions | 2 + README.md | 24 +++++++++- 5 files changed, 185 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/apply.yml create mode 100644 .github/workflows/plan.yml create mode 100644 .gitignore create mode 100644 .tool-versions diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml new file mode 100644 index 0000000..f369d41 --- /dev/null +++ b/.github/workflows/apply.yml @@ -0,0 +1,55 @@ +name: Run Terraform Apply + +on: + push: + branches: + - main + +jobs: + preview: + name: Apply + runs-on: ubuntu-latest + + permissions: + id-token: write + contents: write + pull-requests: write + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ github.head_ref }} + fetch-depth: 0 + + - name: Install tools using asdf + uses: asdf-vm/actions/install@v2.2.0 + + - name: List changed stacks + id: list + run: | + echo "stdout<>$GITHUB_OUTPUT + terramate list --changed >>$GITHUB_OUTPUT + EXIT_CODE=$? + echo "STDOUT" >>$GITHUB_OUTPUT + exit ${EXIT_CODE} + + - name: Configure AWS Credentials + if: steps.list.outputs.stdout + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-central-1 + + - name: Run Terraform init on changed stacks + if: steps.list.outputs.stdout + id: init + run: | + terramate run --changed -- terraform init + + - name: Create Terraform apply on changed stacks + if: steps.list.outputs.stdout + id: apply + run: | + terramate run --changed -- terraform apply -input=false -auto-approve diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml new file mode 100644 index 0000000..cc4b509 --- /dev/null +++ b/.github/workflows/plan.yml @@ -0,0 +1,89 @@ +name: Preview Terraform Plan + +on: + pull_request: + +jobs: + preview: + name: Plan + runs-on: ubuntu-latest + + permissions: + id-token: write + contents: write + pull-requests: write + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ github.head_ref }} + fetch-depth: 0 + + - name: Install tools using asdf + uses: asdf-vm/actions/install@v2.2.0 + + - name: List changed stacks + id: list + run: | + echo "stdout<>$GITHUB_OUTPUT + terramate list --changed >>$GITHUB_OUTPUT + EXIT_CODE=$? + echo "STDOUT" >>$GITHUB_OUTPUT + exit ${EXIT_CODE} + + - name: Configure AWS Credentials + if: steps.list.outputs.stdout + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-central-1 + + - name: Run Terraform init on changed stacks + if: steps.list.outputs.stdout + id: init + run: | + terramate run --changed -- terraform init + + - name: Run Terraform validate on changed stacks + if: steps.list.outputs.stdout + id: validate + run: | + terramate run --changed -- terraform validate + + - name: Create Terraform plan on changed stacks + if: steps.list.outputs.stdout + id: plan + run: | + terramate run --changed -- terraform plan -out out.tfplan + + - name: Generate Preview Comment + if: steps.list.outputs.stdout + id: comment + run: | + echo >>pr-comment.txt "### List of Changed Stacks" + echo >>pr-comment.txt + echo >>pr-comment.txt '```bash' + echo >>pr-comment.txt "${{ steps.list.outputs.stdout }}" + echo >>pr-comment.txt '```' + echo >>pr-comment.txt + echo >>pr-comment.txt "#### Terraform Plan" + echo >>pr-comment.txt + echo >>pr-comment.txt '```terraform' + terramate run --changed -- terraform show -no-color out.tfplan 2>&1 | dd bs=1024 count=248 >>pr-comment.txt + echo >>pr-comment.txt '```' + cat pr-comment.txt >>$GITHUB_STEP_SUMMARY + + - name: Inform about no Changed Stacks + if: (!steps.list.outputs.stdout) + run: | + echo >>pr-comment.txt '### No changed stacks.' + cat pr-comment.txt >>$GITHUB_STEP_SUMMARY + + - name: Publish Plans for Changed Stacks + uses: marocchino/sticky-pull-request-comment@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + header: terraform-plan + path: pr-comment.txt diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e7e1725 --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +# Intellij +.idea + +# MacOS +.DS_STORE + +# VSCode configuration +.vscode + +# Ignore Terraform init files +terraform.tfstate* +.terraform +.terraform.lock.hcl + +# Ignore all files generated during CI/CD workflows +*.tfplan +pr-comment.txt diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 0000000..a090922 --- /dev/null +++ b/.tool-versions @@ -0,0 +1,2 @@ +terraform 1.5.3 +terramate 0.4.0 diff --git a/README.md b/README.md index f498228..9e667e0 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,22 @@ -# terramate-github-actions-example -terramate-github-actions-example +

+ + + Terramate + +

Terramate

+

+ ✨ https://terramate.io ✨ +
+ Terramate helps implement and maintain highly scalable Terraform projects by adding powerful capabilities + such as code generation, stacks, orchestration, change detection, data sharing and more. +

+

+
+ +

+ 📖 Terramate Documentation | 💻 Playground | 💬 Discord Community | 🚀 We are hiring! +

+ +## Examples + +This repository demonstrates a simple example of how Terramate helps run simple and efficient workflows using GitHub Actions. From 5c33265864823c9136551b931fc3a63084bc71f2 Mon Sep 17 00:00:00 2001 From: Soren Martius Date: Tue, 8 Aug 2023 11:49:16 +0200 Subject: [PATCH 2/2] refactor: combine init, validate and plan in a single step --- .github/workflows/plan.yml | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml index cc4b509..83cab7f 100644 --- a/.github/workflows/plan.yml +++ b/.github/workflows/plan.yml @@ -40,22 +40,11 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: eu-central-1 - - name: Run Terraform init on changed stacks + - name: Create Terraform plan on changed stacks if: steps.list.outputs.stdout - id: init run: | terramate run --changed -- terraform init - - - name: Run Terraform validate on changed stacks - if: steps.list.outputs.stdout - id: validate - run: | terramate run --changed -- terraform validate - - - name: Create Terraform plan on changed stacks - if: steps.list.outputs.stdout - id: plan - run: | terramate run --changed -- terraform plan -out out.tfplan - name: Generate Preview Comment