test syntax #12

Workflow file for this run

.github/workflows/pipelines-root.yml at b1e9be0

	name: Pipelines
	run-name: Run Gruntwork Pipelines
	on:
	workflow_call:
	inputs:
	# This field can be overriden to customize the runner used for pipelines
	# workflows.
	#
	# IMPORTANT: To use self-hosted runners this workflow must be hosted in
	# the same GitHub organization as your infra-live repository.
	# See https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-self-hosted-runners
	#
	# The value must be an escaped JSON string that will be decoded to the
	# jobs.runs-on field
	# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on
	#
	# For example:
	# - A simple github runner: "\"ubuntu-22.04\""
	# - A list of labels: "[\"self-hosted\", \"linux\"]"
	# - A map: "{group: \"ubuntu-runners\", labels: \"ubuntu-20.04-16core\"}"
	runner:
	type: string
	default: "\"ubuntu-latest\""
	secrets:
	PIPELINES_READ_TOKEN:
	required: true
	INFRA_ROOT_WRITE_TOKEN:
	required: true
	ORG_REPO_ADMIN_TOKEN:
	required: false

	env:
	PIPELINES_CLI_VERSION: v0.21.0
	PIPELINES_ACTIONS_VERSION: 2024-07-19_get-job-id
	BOILERPLATE_VERSION: v0.5.16
	GRUNTWORK_INSTALLER_VERSION: v0.0.40

	jobs:
	pipelines_orchestrate:
	name: Detect Infrastructure Changes
	runs-on: ${{ fromJSON(inputs.runner) }}
	steps:
	- name: Checkout Pipelines Actions
	uses: actions/checkout@v4
	with:
	path: pipelines-actions
	repository: gruntwork-io/pipelines-actions
	ref: ${{ env.PIPELINES_ACTIONS_VERSION }}
	token: ${{ secrets.PIPELINES_READ_TOKEN }}

	- name: Check out repo code
	uses: actions/checkout@v4
	with:
	path: infra-live-repo
	fetch-depth: 0

	- name: Preflight Checks
	uses: ./pipelines-actions/.github/actions/pipelines-preflight-action
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}

	- name: Pipelines Orchestrate
	id: orchestrate
	uses: ./pipelines-actions/.github/actions/pipelines-orchestrate
	with:
	token: ${{ secrets.PIPELINES_READ_TOKEN }}

	outputs:
	pipelines_jobs: ${{ steps.orchestrate.outputs.jobs }}

	pipelines_execute:
	env:
	JOB_NAME: ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' \|\| 'Apply' }} - ${{ matrix.jobs.ChangeType }} - ${{ matrix.jobs.WorkingDirectory }}
	name: ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' \|\| 'Apply' }} - ${{ matrix.jobs.ChangeType }} - ${{ matrix.jobs.WorkingDirectory }}
	needs: [pipelines_orchestrate]
	runs-on: ${{ fromJSON(inputs.runner) }}
	# GHA can't check for length, so we just check if there is an item in the 0 index
	if: fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0] != null
	strategy:
	fail-fast: false
	matrix:
	jobs: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs) }}
	steps:
	- name: Checkout Pipelines Actions
	uses: actions/checkout@v4
	with:
	path: pipelines-actions
	repository: gruntwork-io/pipelines-actions
	ref: ${{ env.PIPELINES_ACTIONS_VERSION }}
	token: ${{ secrets.PIPELINES_READ_TOKEN }}

	- name: Check out repo code
	uses: actions/checkout@v4
	with:
	path: infra-live-repo
	fetch-depth: 0

	- name: Bootstrap Workflow
	id: gruntwork_context
	uses: ./pipelines-actions/.github/actions/pipelines-bootstrap
	with:
	token: ${{ secrets.PIPELINES_READ_TOKEN }}
	change_type: ${{ matrix.jobs.ChangeType }}
	branch: ${{ matrix.jobs.Ref }}
	working_directory: ${{ matrix.jobs.WorkingDirectory }}
	account_id: ${{ matrix.jobs.AccountId }}
	terragrunt_command: ${{ matrix.jobs.Action.Command }} ${{ matrix.jobs.Action.Args }}
	additional_data: ${{ toJson(matrix.jobs.AdditionalData) }}
	child_account_id: ${{ matrix.jobs.AdditionalData.ChildAccountId }}
	account_names: ${{ matrix.jobs.AdditionalData.AccountNames }}
	# TODO: This should be "first_new_account_name".
	new_account_name: ${{ matrix.jobs.NewAccounts[0].Name }}

	# To learn more about customizing Pipelines see our documentation at https://docs.gruntwork.io/pipelines/maintain/extending/
	- name: "[Baseline]: Pre Provision New Account Custom Action"
	uses: ./pipelines-actions/.github/custom-actions/pre-provision-new-account
	if: ${{ steps.gruntwork_context.outputs.action == 'PROVISION_ACCOUNT' }}
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	INFRA_ROOT_WRITE_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }}
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}

	- name: "[ProvisionAccount]: Provision New Account"
	id: provision_new_account
	if: ${{ steps.gruntwork_context.outputs.action == 'PROVISION_ACCOUNT' }}
	uses: ./pipelines-actions/.github/actions/pipelines-provision-account-action
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	INFRA_ROOT_WRITE_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }}
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}

	- name: "[Baseline]: Post Provision New Account Custom Action"
	uses: ./pipelines-actions/.github/custom-actions/post-provision-new-account
	if: ${{ steps.gruntwork_context.outputs.action == 'PROVISION_ACCOUNT' }}
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	INFRA_ROOT_WRITE_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }}
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}
	baseline_pull_request_url: ${{ steps.provision_new_account.outputs.pull_request_url }}

	- name: "[Baseline]: Pre Baseline Core Account Action"
	uses: ./pipelines-actions/.github/custom-actions/pre-baseline-core-accounts
	if: steps.gruntwork_context.outputs.action == 'BASELINE_ACCOUNT'
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}

	# Run the core accounts baselines(shared, logs, security, etc. to ensure the account is setup correctly)
	- name: "Run core accounts baselines"
	id: core_accounts_baselines
	if: steps.gruntwork_context.outputs.action == 'BASELINE_ACCOUNT'
	# TODO: Rename this as pipelines-apply-core-baselines or something similar
	uses: ./pipelines-actions/.github/actions/pipelines-baseline-account-action
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}

	- name: "[Baseline]: Post Baseline Core Account Action"
	uses: ./pipelines-actions/.github/custom-actions/post-baseline-core-accounts
	if: steps.gruntwork_context.outputs.action == 'BASELINE_ACCOUNT'
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}

	- name: "[TerragruntExecute]: Authenticate with AWS and then Invoke Terragrunt"
	id: terragrunt
	if: ${{ steps.gruntwork_context.outputs.action == 'TERRAGRUNT_EXECUTE' }}
	uses: ./pipelines-actions/.github/actions/pipelines-execute
	env:
	TERRAGRUNT_AUTH_PROVIDER_CMD: 'pipelines auth terragrunt-credentials --ci github-actions --cloud aws --wd .'
	with:
	token: ${{ secrets.PIPELINES_READ_TOKEN }}
	tf_binary: ${{ steps.gruntwork_context.outputs.tf_binary }}
	working_directory: ${{ steps.gruntwork_context.outputs.working_directory }}
	terragrunt_command: ${{ steps.gruntwork_context.outputs.terragrunt_command }}
	infra_live_repo_branch: ${{ steps.gruntwork_context.outputs.branch }}
	gruntwork_config_file: ${{ steps.gruntwork_context.outputs.gruntwork_config_file }}
	infra_live_repo: "."
	infra_live_directory: "."
	deploy_branch_name: ${{ steps.gruntwork_context.outputs.deploy_branch_name }}

	- name: Get Logs URL
	id: get_logs_url
	uses: ./pipelines-actions/.github/actions/pipelines-get-job-logs-url
	if: always()
	with:
	job_name: ${{ env.JOB_NAME }}
	step_name_prefix: ${{ steps.gruntwork_context.outputs.action == 'TERRAGRUNT_EXECUTE' && '[TerragruntExecute]: Authenticate with AWS and then Invoke Terragrunt' \|\| 'blah' }}
Check failure on line 188 in .github/workflows/pipelines-root.yml View workflow run for this annotation GitHub Actions / .github/workflows/pipelines-root.yml Invalid workflow file `You have an error in your yaml syntax on line 188`

	- name: Update comment
	uses: ./pipelines-actions/.github/actions/pipelines-status-update
	if: always()
	with:
	step_name: ${{ matrix.jobs.ChangeType }}
	step_working_directory: ${{ matrix.jobs.WorkingDirectory }}
	step_status: ${{ (steps.provision_new_account.conclusion == 'success' \|\| steps.terragrunt.conclusion == 'success' \|\| steps.core_accounts_baselines.conclusion == 'success') && 'success' \|\| 'failed' }}
	step_details: ${{ steps.terragrunt.outputs.formatted_plan_output }}
	step_details_extended_log: ${{ steps.terragrunt.outputs.execute_stdout_log }}
	pull_request_number: ${{ steps.gruntwork_context.outputs.pr_number }}
	step_logs_url: ${{ steps.get_logs_url.outputs.step_logs_url }}

	outputs:
	account_id: ${{ matrix.jobs.AccountId }}
	branch: ${{ steps.gruntwork_context.outputs.branch }}
	action: ${{ steps.gruntwork_context.outputs.action }}
	working_directory: ${{ steps.gruntwork_context.outputs.working_directory }}
	terragrunt_command: ${{ steps.gruntwork_context.outputs.terragrunt_command }}
	additional_data: ${{ steps.gruntwork_context.outputs.additional_data }}
	child_account_id: ${{ steps.gruntwork_context.outputs.child_account_id }}
	pr_number: ${{ steps.gruntwork_context.outputs.pr_number }}
	delegate_management: ${{ steps.gruntwork_context.outputs.delegate_management }}

	pipelines_apply_baselines:
	name: Baseline Child Account ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' \|\| 'Apply' }} - ${{ matrix.jobs.Name }} (${{ matrix.jobs.ID }})
	needs: [pipelines_orchestrate, pipelines_execute]
	runs-on: ${{ fromJSON(inputs.runner) }}
	# GHA can't check for length, so we just check if there is an item in the 0 index
	if: fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts[0] != null
	strategy:
	fail-fast: false
	matrix:
	jobs: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts }}
	steps:
	- name: Checkout Pipelines Actions
	uses: actions/checkout@v4
	with:
	path: pipelines-actions
	repository: gruntwork-io/pipelines-actions
	ref: ${{ env.PIPELINES_ACTIONS_VERSION }}
	token: ${{ secrets.PIPELINES_READ_TOKEN }}

	- name: Check out repo code
	uses: actions/checkout@v4
	with:
	path: infra-live-repo
	fetch-depth: 0

	- name: Update comment
	uses: ./pipelines-actions/.github/actions/pipelines-status-update
	with:
	step_name: Baseline Child Account ${{ matrix.jobs.Name }}
	step_status: "in_progress"
	pull_request_number: ${{ needs.pipelines_execute.outputs.pr_number }}

	- name: Bootstrap Workflow
	id: gruntwork_context
	uses: ./pipelines-actions/.github/actions/pipelines-bootstrap
	with:
	token: ${{ secrets.PIPELINES_READ_TOKEN }}
	change_type: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].ChangeType }}
	branch: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].Ref }}
	working_directory: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].WorkingDirectory }}
	account_id: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].AccountId }}
	terragrunt_command: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].Action.Command }} ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].Action.Args }}
	additional_data: ${{ toJson(fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].AdditionalData) }}
	account_names: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].AdditionalData.AccountNames }}
	child_account_id: ${{ matrix.jobs.ID }}
	new_account_name: ${{ matrix.jobs.Name }}

	# To learn more about customizing Pipelines see our documentation at https://docs.gruntwork.io/pipelines/maintain/extending/
	- name: "[Baseline]: Pre Baseline Child Account Action"
	uses: ./pipelines-actions/.github/custom-actions/pre-baseline-child-account
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	account_id: ${{ matrix.jobs.ID }}
	account_name: ${{ matrix.jobs.Name }}
	job: ${{ toJson(fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0]) }}
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}

	- name: "[Baseline]: Baseline the Child Account"
	id: baseline_child_account
	uses: ./pipelines-actions/.github/actions/pipelines-baseline-child-account-action
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	account_id: ${{ matrix.jobs.ID }}
	account_name: ${{ matrix.jobs.Name }}
	job: ${{ toJson(fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0]) }}
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}

	- name: "[Baseline]: Post Baseline Child Account Action"
	uses: ./pipelines-actions/.github/custom-actions/post-baseline-child-account
	with:
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	account_id: ${{ matrix.jobs.ID }}
	account_name: ${{ matrix.jobs.Name }}
	job: ${{ toJson(fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0]) }}
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}

	- name: Update comment
	uses: ./pipelines-actions/.github/actions/pipelines-status-update
	if: always()
	with:
	step_name: Baseline Child Account ${{ matrix.jobs.Name }}
	step_status: ${{ steps.baseline_child_account.conclusion == 'success' && 'success' \|\| 'failed' }}
	step_details: ${{ steps.baseline_child_account.outputs.formatted_plan_output \|\| 'Check the logs for more details.' }}
	step_details_extended_log: ${{ steps.baseline_child_account.outputs.execute_stdout_log }}
	pull_request_number: ${{ needs.pipelines_execute.outputs.pr_number }}

	pipelines_setup_delegated_repo:
	name: "Setup Delegated Repo"
	needs: [pipelines_orchestrate, pipelines_apply_baselines, pipelines_execute]
	runs-on: ${{ fromJSON(inputs.runner) }}
	# GHA can't check for length, so we just check if there is an item in the 0 index
	if: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts[0] != null && needs.pipelines_execute.outputs.delegate_management == 'true' && needs.pipelines_execute.outputs.terragrunt_command == 'run-all apply' }}
	steps:
	- name: Checkout Pipelines Actions
	uses: actions/checkout@v4
	with:
	path: pipelines-actions
	repository: gruntwork-io/pipelines-actions
	ref: ${{ env.PIPELINES_ACTIONS_VERSION }}
	token: ${{ secrets.PIPELINES_READ_TOKEN }}

	- name: Check out repo code
	uses: actions/checkout@v4
	with:
	path: infra-live-repo
	fetch-depth: 0

	- name: Bootstrap Workflow
	id: gruntwork_context
	uses: ./pipelines-actions/.github/actions/pipelines-bootstrap
	with:
	token: ${{ secrets.PIPELINES_READ_TOKEN }}
	change_type: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].ChangeType }}
	branch: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].Ref }}
	working_directory: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].WorkingDirectory }}
	account_id: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].AccountId }}
	terragrunt_command: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].Action.Command }} ${{ needs.pipelines_orchestrate.outputs.pipelines_jobs[0].Action.Args }}
	additional_data: ${{ toJson(fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].AdditionalData) }}
	child_account_id: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].AdditionalData.ChildAccountId }}
	account_names: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].AdditionalData.AccountNames }}
	# This is just to help bootstrap find one of the (possibly several) new account request files
	# Inside those files is some shared config that we need to setup access control such as
	# the delegated_repo_name (which is the same in all the new request files)
	new_account_name: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts[0].Name }}

	- name: "Create Access Control PR"
	id: access_control_pr
	uses: ./pipelines-actions/.github/actions/pipelines-provision-access-control-action
	with:
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	ORG_REPO_ADMIN_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }}

	- name: "Create and bootstrap delegated Repo"
	id: provision_delegated_repo
	uses: ./pipelines-actions/.github/actions/pipelines-provision-repo-action
	with:
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}
	access_control_pull_request_url: ${{ steps.access_control_pr.outputs.pull_request_url }}
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	ORG_REPO_ADMIN_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }}

	# To learn more about customizing Pipelines see our documentation at https://docs.gruntwork.io/pipelines/maintain/extending/
	- name: "Post create delegated repo custom actions"
	uses: ./pipelines-actions/.github/custom-actions/post-create-delegated-repo
	with:
	gruntwork_context: ${{ toJson(steps.gruntwork_context.outputs) }}
	access_control_pull_request_url: ${{ steps.access_control_pr.outputs.pull_request_url }}
	PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
	ORG_REPO_ADMIN_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }}
	delegated_repo_pull_request_url: ${{ steps.provision_delegated_repo.outputs.pull_request_url }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test syntax #12

Workflow file

test syntax #12

Jobs

Run details

Workflow file for this run

GitHub Actions / .github/workflows/pipelines-root.yml