Skip to content

Commit

Permalink
Update Baselines GitHub Action (#858)
Browse files Browse the repository at this point in the history
  • Loading branch information
@vkumbha
vkumbha authored Sep 24, 2024
1 parent 8d83375 commit c1a591a
Showing 1 changed file with 56 additions and 35 deletions.
91 changes: 56 additions & 35 deletions .github/workflows/baselines.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@ on:
required: false
default: "false"
type: string
runType:
description: "Run type: 'all' to run for all baseline folders, 'changed' to run for only changed baseline folders"
required: false
default: "changed"
type: string
push:
branches:
- main # Trigger only on pushes to the main branch
Expand All @@ -28,8 +33,6 @@ jobs:

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
# with:
# terraform_version: 1.6.6

- name: "Configure AWS credentials for Remote State"
id: configure-aws-creds
Expand All @@ -38,7 +41,7 @@ jobs:
aws-region: ${{ secrets.BASELINES_AWS_REGION }}
role-to-assume: ${{ secrets.BASELINES_IAM_ROLE_TO_ASSUME }}
role-session-name: "baselines-role-for-ga"
role-duration-seconds: 1200 # 20min
role-duration-seconds: 900 # 15min

- name: Run Terraform
env:
Expand All @@ -49,31 +52,34 @@ jobs:
DYNAMODB_TABLE: ${{ secrets.BASELINES_DYNAMODB_TABLE }}
AWS_REGION: ${{ secrets.BASELINES_AWS_REGION }}
USER_PROFILE: ${{ secrets.BASELINES_USER_PROFILE }}

run: |
# Store the root directory
root_dir=$(pwd)
# # Detect changes between the current branch and the main branch
# if git rev-parse origin/main >/dev/null 2>&1; then
# # Compare the current branch with the main branch
# echo "Running git diff between the current branch and origin/main for baselines/*..."
# changed_folders=$(git diff --name-only origin/main HEAD -- 'baselines/*' | xargs -n1 dirname | sort -u)
# else
# # If origin/main doesn't exist, it's likely the first commit
# echo "Running git diff against empty tree for baselines/*..."
# changed_folders=$(git diff --name-only $(git hash-object -t tree /dev/null) HEAD -- 'baselines/*' | xargs -n1 dirname | sort -u)
# fi
# # Debug output: Show what was detected as changed folders
# echo "Detected changed folders: $changed_folders"
# For the initial run, bypass git diff and force processing all folders
echo "Processing all folders in baselines/* for the initial run..."
changed_folders=$(find baselines -type d | sort -u)
# Debug output: Show what was detected as changed folders
# Get the dryRun input (default is "false")
dry_run="${{ github.event.inputs.dryRun }}"
echo "Dry run mode: $dry_run"
# Get the run type input from workflow_dispatch or default to 'changed'
run_type="${{ github.event.inputs.runType }}"
echo "Run type: $run_type"
# Detect changed folders or run all folders based on runType
if [ "$run_type" = "all" ]; then
echo "Processing all folders in baselines/*..."
changed_folders=$(find baselines -type d | sort -u)
else
if git rev-parse origin/main >/dev/null 2>&1; then
echo "Running git diff between the current branch and origin/main for baselines/*..."
changed_folders=$(git diff --name-only origin/main HEAD -- 'baselines/*' | xargs -n1 dirname | sort -u)
else
echo "Running git diff against empty tree for baselines/*..."
changed_folders=$(git diff --name-only $(git hash-object -t tree /dev/null) HEAD -- 'baselines/*' | xargs -n1 dirname | sort -u)
fi
fi
# Debug output: Show what was detected as folders to process
echo "Detected folders: $changed_folders"
# Check if changed_folders is truly empty or contains valid paths
Expand Down Expand Up @@ -110,24 +116,39 @@ jobs:
EOF
terraform init
# Check if the folder name ends with _mods
if [[ "$folder_path" == *"_mods" ]]; then
parallelism_flag="-parallelism=1"
else
parallelism_flag=""
fi
# Check if var_value is provided
if [ -n "$var_value" ]; then
# If var_value ends with .tfvars, use --var-file, otherwise use -var
if [[ "$var_value" == *.tfvars ]]; then
terraform apply --var-file="$var_value" --auto-approve $parallelism_flag
# Run plan or apply based on dryRun
if [ "$dry_run" = "true" ]; then
echo "Running terraform plan in $folder_path (dry run)..."
if [ -n "$var_value" ]; then
# If var_value ends with .tfvars, use --var-file, otherwise use -var
if [[ "$var_value" == *.tfvars ]]; then
terraform plan --var-file="$var_value" $parallelism_flag
else
terraform plan -var "$var_flag=$var_value" $parallelism_flag
fi
else
terraform apply -var "$var_flag=$var_value" --auto-approve $parallelism_flag
terraform plan $parallelism_flag
fi
else
terraform apply --auto-approve $parallelism_flag
echo "Running terraform apply in $folder_path..."
if [ -n "$var_value" ]; then
# If var_value ends with .tfvars, use --var-file, otherwise use -var
if [[ "$var_value" == *.tfvars ]]; then
terraform apply --var-file="$var_value" --auto-approve $parallelism_flag
else
terraform apply -var "$var_flag=$var_value" --auto-approve $parallelism_flag
fi
else
terraform apply --auto-approve $parallelism_flag
fi
fi
# Return to the root directory
Expand All @@ -139,8 +160,8 @@ jobs:
process_folder "baselines/guardrails/folder_hierarchy" "base_folder_name" "SandBox"
process_folder "baselines/guardrails/turbot_profiles" "user_profile" "$USER_PROFILE"
# Process _mods folders if they had changes
echo "Processing changed _mods folders first..."
# Process _mods folders
echo "Processing _mods folders..."
for folder_path in $(echo "$changed_folders" | grep '_mods'); do
if ls "$folder_path"/*.tf >/dev/null 2>&1; then
if [ -f "$folder_path/default.tfvars" ]; then
Expand All @@ -152,7 +173,7 @@ jobs:
done
# Process remaining folders
echo "Processing remaining changed folders..."
echo "Processing remaining folders..."
for folder_path in $changed_folders; do
# Skip already processed _mods folders and specific guardrails folders
if [[ "$folder_path" == "baselines/guardrails/folder_hierarchy" || "$folder_path" == "baselines/guardrails/turbot_profiles" || "$folder_path" == *"_mods" ]]; then
Expand All @@ -167,4 +188,4 @@ jobs:
process_folder "$folder_path"
fi
fi
done
done

0 comments on commit c1a591a

Please sign in to comment.