151 lines
4.6 KiB
YAML
151 lines
4.6 KiB
YAML
# Copyright 2022 Google LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
name: "FAST ${stage_name} stage"
|
|
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
types:
|
|
- closed
|
|
- opened
|
|
- synchronize
|
|
|
|
env:
|
|
FAST_OUTPUTS_BUCKET: ${outputs_bucket}
|
|
FAST_SERVICE_ACCOUNT: ${service_account}
|
|
FAST_WIF_PROVIDER: ${identity_provider}
|
|
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
|
|
TF_PROVIDERS_FILE: ${tf_providers_file}
|
|
TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)}
|
|
TF_VERSION: 1.3.2
|
|
|
|
jobs:
|
|
fast-pr:
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
issues: write
|
|
pull-requests: write
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- id: checkout
|
|
name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
|
|
# set up SSH key authentication to the modules repository
|
|
- id: ssh-config
|
|
name: Configure SSH authentication
|
|
run: |
|
|
ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null
|
|
ssh-add - <<< "$${{ secrets.CICD_MODULES_KEY }}"
|
|
|
|
# set up authentication via Workload identity Federation
|
|
- id: gcp-auth
|
|
name: Authenticate to Google Cloud
|
|
uses: google-github-actions/auth@v0
|
|
with:
|
|
workload_identity_provider: $${{ env.FAST_WIF_PROVIDER }}
|
|
service_account: $${{ env.FAST_SERVICE_ACCOUNT }}
|
|
access_token_lifetime: 3600s
|
|
|
|
- id: gcp-sdk
|
|
name: Set up Cloud SDK
|
|
uses: google-github-actions/setup-gcloud@v0
|
|
with:
|
|
install_components: alpha
|
|
|
|
# copy provider and tfvars files
|
|
- id: tf-config
|
|
name: Copy Terraform output files
|
|
run: |
|
|
gcloud alpha storage cp -r \
|
|
"gs://$${{env.FAST_OUTPUTS_BUCKET}}/providers/$${{env.TF_PROVIDERS_FILE}}" ./
|
|
gcloud alpha storage cp -r \
|
|
"gs://$${{env.FAST_OUTPUTS_BUCKET}}/tfvars" ./
|
|
for f in $${{env.TF_VAR_FILES}}; do
|
|
ln -s "tfvars/$f" ./
|
|
done
|
|
|
|
- id: tf-setup
|
|
name: Set up Terraform
|
|
uses: hashicorp/setup-terraform@v1
|
|
with:
|
|
terraform_version: $${{ env.TF_VERSION }}
|
|
|
|
# run Terraform init/validate/plan
|
|
- id: tf-init
|
|
name: Terraform init
|
|
run: |
|
|
terraform init -no-color
|
|
|
|
- id: tf-validate
|
|
name: Terraform validate
|
|
run: terraform validate -no-color
|
|
|
|
- id: tf-plan
|
|
name: Terraform plan
|
|
continue-on-error: true
|
|
run: |
|
|
terraform plan -input=false -out ../plan.out -no-color
|
|
|
|
- id: tf-apply
|
|
if: github.event.pull_request.merged == true
|
|
name: Terraform apply
|
|
continue-on-error: true
|
|
run: |
|
|
terraform apply -input=false -auto-approve -no-color ../plan.out
|
|
|
|
- id: pr-comment
|
|
name: Post comment to Pull Request
|
|
uses: actions/github-script@v6
|
|
if: github.event_name == 'pull_request'
|
|
env:
|
|
PLAN: terraform\n$${{ steps.tf-plan.outputs.stdout }}
|
|
with:
|
|
script: |
|
|
const output = `#### Terraform Initialization ⚙️\`$${{ steps.tf-init.outcome }}\`
|
|
#### Terraform Validation 🤖\`$${{ steps.tf-validate.outcome }}\`
|
|
<details><summary>Validation Output</summary>
|
|
|
|
\`\`\`\n
|
|
$${{ steps.tf-validate.outputs.stdout }}
|
|
\`\`\`
|
|
|
|
</details>
|
|
|
|
#### Terraform Plan 📖\`$${{ steps.tf-plan.outcome }}\`
|
|
|
|
<details><summary>Show Plan</summary>
|
|
|
|
\`\`\`\n
|
|
$${process.env.PLAN}
|
|
\`\`\`
|
|
|
|
</details>
|
|
|
|
#### Terraform Apply 📖\`$${{ steps.tf-apply.outcome }}\`
|
|
|
|
*Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`;
|
|
|
|
github.rest.issues.createComment({
|
|
issue_number: context.issue.number,
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
body: output
|
|
})
|
|
|
|
# jq -j -r '.resource_changes[] | (.change.actions | join(",")), " ", .address, "\n" ' foo.json
|