Update Baselines GitHub Action (#858)

vkumbha · web-flow · commit c1a591a47bf8 · 2024-09-24T12:30:41.000+05:30
diff --git a/.github/workflows/baselines.yml b/.github/workflows/baselines.yml
@@ -8,6 +8,11 @@ on:
         required: false
         default: "false"
         type: string
+      runType:
+        description: "Run type: 'all' to run for all baseline folders, 'changed' to run for only changed baseline folders"
+        required: false
+        default: "changed"
+        type: string
   push:
     branches:
       - main # Trigger only on pushes to the main branch
@@ -28,8 +33,6 @@ jobs:
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
-        # with:
-        # terraform_version: 1.6.6
 
       - name: "Configure AWS credentials for Remote State"
         id: configure-aws-creds
@@ -38,7 +41,7 @@ jobs:
           aws-region: ${{ secrets.BASELINES_AWS_REGION }}
           role-to-assume: ${{ secrets.BASELINES_IAM_ROLE_TO_ASSUME }}
           role-session-name: "baselines-role-for-ga"
-          role-duration-seconds: 1200 # 20min
+          role-duration-seconds: 900 # 15min
 
       - name: Run Terraform
         env:
@@ -49,31 +52,34 @@ jobs:
           DYNAMODB_TABLE: ${{ secrets.BASELINES_DYNAMODB_TABLE }}
           AWS_REGION: ${{ secrets.BASELINES_AWS_REGION }}
           USER_PROFILE: ${{ secrets.BASELINES_USER_PROFILE }}
-
         run: |
 
           # Store the root directory
           root_dir=$(pwd)
 
-          # # Detect changes between the current branch and the main branch
-          # if git rev-parse origin/main >/dev/null 2>&1; then
-          #   # Compare the current branch with the main branch
-          #   echo "Running git diff between the current branch and origin/main for baselines/*..."
-          #   changed_folders=$(git diff --name-only origin/main HEAD -- 'baselines/*' | xargs -n1 dirname | sort -u)
-          # else
-          #   # If origin/main doesn't exist, it's likely the first commit
-          #   echo "Running git diff against empty tree for baselines/*..."
-          #   changed_folders=$(git diff --name-only $(git hash-object -t tree /dev/null) HEAD -- 'baselines/*' | xargs -n1 dirname | sort -u)
-          # fi
-
-          # # Debug output: Show what was detected as changed folders
-          # echo "Detected changed folders: $changed_folders"
-
-          # For the initial run, bypass git diff and force processing all folders
-          echo "Processing all folders in baselines/* for the initial run..."
-          changed_folders=$(find baselines -type d | sort -u)
-
-          # Debug output: Show what was detected as changed folders
+          # Get the dryRun input (default is "false")
+          dry_run="${{ github.event.inputs.dryRun }}"
+          echo "Dry run mode: $dry_run"
+
+          # Get the run type input from workflow_dispatch or default to 'changed'
+          run_type="${{ github.event.inputs.runType }}"
+          echo "Run type: $run_type"
+
+          # Detect changed folders or run all folders based on runType
+          if [ "$run_type" = "all" ]; then
+            echo "Processing all folders in baselines/*..."
+            changed_folders=$(find baselines -type d | sort -u)
+          else
+            if git rev-parse origin/main >/dev/null 2>&1; then
+              echo "Running git diff between the current branch and origin/main for baselines/*..."
+              changed_folders=$(git diff --name-only origin/main HEAD -- 'baselines/*' | xargs -n1 dirname | sort -u)
+            else
+              echo "Running git diff against empty tree for baselines/*..."
+              changed_folders=$(git diff --name-only $(git hash-object -t tree /dev/null) HEAD -- 'baselines/*' | xargs -n1 dirname | sort -u)
+            fi
+          fi
+
+          # Debug output: Show what was detected as folders to process
           echo "Detected folders: $changed_folders"
 
           # Check if changed_folders is truly empty or contains valid paths
@@ -110,24 +116,39 @@ jobs:
           EOF
 
             terraform init
-            
+
             # Check if the folder name ends with _mods
             if [[ "$folder_path" == *"_mods" ]]; then
               parallelism_flag="-parallelism=1"
             else
               parallelism_flag=""
             fi
 
-            # Check if var_value is provided
-            if [ -n "$var_value" ]; then
-              # If var_value ends with .tfvars, use --var-file, otherwise use -var
-              if [[ "$var_value" == *.tfvars ]]; then
-                terraform apply --var-file="$var_value" --auto-approve $parallelism_flag
+            # Run plan or apply based on dryRun
+            if [ "$dry_run" = "true" ]; then
+              echo "Running terraform plan in $folder_path (dry run)..."
+              if [ -n "$var_value" ]; then
+                # If var_value ends with .tfvars, use --var-file, otherwise use -var
+                if [[ "$var_value" == *.tfvars ]]; then
+                  terraform plan --var-file="$var_value" $parallelism_flag
+                else
+                  terraform plan -var "$var_flag=$var_value" $parallelism_flag
+                fi
               else
-                terraform apply -var "$var_flag=$var_value" --auto-approve $parallelism_flag
+                terraform plan $parallelism_flag
               fi
             else
-              terraform apply --auto-approve $parallelism_flag
+              echo "Running terraform apply in $folder_path..."
+              if [ -n "$var_value" ]; then
+                # If var_value ends with .tfvars, use --var-file, otherwise use -var
+                if [[ "$var_value" == *.tfvars ]]; then
+                  terraform apply --var-file="$var_value" --auto-approve $parallelism_flag
+                else
+                  terraform apply -var "$var_flag=$var_value" --auto-approve $parallelism_flag
+                fi
+              else
+                terraform apply --auto-approve $parallelism_flag
+              fi
             fi
 
             # Return to the root directory
@@ -139,8 +160,8 @@ jobs:
           process_folder "baselines/guardrails/folder_hierarchy" "base_folder_name" "SandBox"
           process_folder "baselines/guardrails/turbot_profiles" "user_profile" "$USER_PROFILE"
 
-          # Process _mods folders if they had changes
-          echo "Processing changed _mods folders first..."
+          # Process _mods folders
+          echo "Processing _mods folders..."
           for folder_path in $(echo "$changed_folders" | grep '_mods'); do
             if ls "$folder_path"/*.tf >/dev/null 2>&1; then
               if [ -f "$folder_path/default.tfvars" ]; then
@@ -152,7 +173,7 @@ jobs:
           done
 
           # Process remaining folders
-          echo "Processing remaining changed folders..."
+          echo "Processing remaining folders..."
           for folder_path in $changed_folders; do
             # Skip already processed _mods folders and specific guardrails folders
             if [[ "$folder_path" == "baselines/guardrails/folder_hierarchy" || "$folder_path" == "baselines/guardrails/turbot_profiles" || "$folder_path" == *"_mods" ]]; then
@@ -167,4 +188,4 @@ jobs:
                 process_folder "$folder_path"
               fi
             fi
-          done
+          done
