Skip to content

Sonar POC Terraform Cloud #79

Sonar POC Terraform Cloud

Sonar POC Terraform Cloud #79

name: 'Sonar POC Terraform Cloud'
on:
workflow_dispatch: {}
schedule:
- cron: '0 1 * * *'
pull_request:
types:
- 'opened'
- 'reopened'
branches:
- 'master'
env:
TF_CLI_ARGS: "-no-color"
TF_INPUT: 0
permissions:
contents: read
jobs:
terraform:
strategy:
fail-fast: false
matrix:
include:
- workspace: dsfkit-ci-cd
- workspace: dsfkit-ci-cd-hadr
name: 'Terraform ${{ matrix.workspace }}'
runs-on: ubuntu-latest
env:
TF_WORKSPACE: ${{ matrix.workspace }}
environment: test
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3
- name: Change the modules source to local
run: |
find ./examples/ -type f -exec sed -i -f sed.expr {} \;
- name: Sets env vars for environment
run: |
echo "TF_VAR_tarball_s3_bucket=0ed58e18-0c0c-11ed-861d-0242ac120003" >> $GITHUB_ENV
if: github.ref != 'refs/heads/"master"'
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
run: terraform init
- name: Terraform Validate
run: terraform validate
- name: Cleaning environment
run: terraform destroy -auto-approve
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
run: terraform fmt -check
continue-on-error: true
# Generates an execution plan for Terraform
- name: Terraform Plan
run: terraform plan
# On push to "main", build or change infrastructure according to Terraform configuration files
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
- name: Terraform Apply
# if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' || github.event_name == 'workflow_dispatch'
run: terraform apply -auto-approve
- name: Terraform Output
if: always()
run: terraform output -json
- name: Save The Keys
if: always()
run: terraform output dsf_private_ssh_key > key.txt
- name: Collect Artifacts
if: always()
uses: actions/upload-artifact@v2
with:
name: collected-keys
path: |
key.txt
- name: Terraform Destroy
# if: always()
run: terraform destroy -auto-approve
- name: Check how was the workflow run
id: check-trigger
if: ${{ failure() }}
run: |
if [ "${{ github.event_name }}" == "schedule" ]; then
echo "run-by=Automation" >> $GITHUB_OUTPUT
else
echo "run-by=${{ github.actor }}" >> $GITHUB_OUTPUT
fi
# Send job failure to Slack
- name: Send Slack When Failure
run: |
curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*Prod automation Failed*\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Please check the job!>\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#dsfkit-prod"}' ${{ secrets.SLACK_WEBHOOK_URL }}
if: ${{ failure() }}