Skip to content

Commit

Permalink
Update actions for node 20 (#10)
Browse files Browse the repository at this point in the history 
* Update actions versions for node20

* Ensure state file is created if not exist on /plan comment
  • Loading branch information
@reijoh
reijoh authored Apr 23, 2024
1 parent a97124e commit b009add
Show file tree
Hide file tree
Showing 2 changed files with 78 additions and 98 deletions.
76 changes: 33 additions & 43 deletions .github/workflows/terraform-init.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ jobs:
if: >
github.event_name == 'issue_comment' &&
contains(github.event.comment.body, '/apply')
uses: innofactororg/check-pull-request@v1
uses: innofactororg/check-pull-request@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
require_codeowners_file: ${{ inputs.require_codeowners_file_for_apply }}
Expand Down Expand Up @@ -451,7 +451,7 @@ jobs:
-o tsv)
if [ "${rg_exists}" == 'true' ]; then
echo "Found resource group ${state_resource_group_name}"
elif [[ '${{ github.event_name }}' == 'pull_request'* ]]; then
elif [[ "${GITHUB_EVENT_NAME}" == 'pull_request'* || $COMMENT_BODY == *'/plan'* ]]; then
echo "Create resource group ${state_resource_group_name}"
+cmdstd az group create \
--name $state_resource_group_name \
Expand Down Expand Up @@ -513,7 +513,7 @@ jobs:
typeset -l state_storage_account_name
state_storage_account_name=$(echo '${{ steps.az_state_rg.outputs.state_resource_group_name }}${{ inputs.level }}x${{ steps.az_state_rg.outputs.rg_random }}' | sed -E 's/[^ a-zA-Z0-9]//g' | head -c 24)
fi
if [[ '${{ github.event_name }}' == 'pull_request'* ]]; then
if [[ "${GITHUB_EVENT_NAME}" == 'pull_request'* || $COMMENT_BODY == *'/plan'* ]]; then
if [ -n '${{ steps.find_az_state_sa.outputs.state_storage_account_id }}' ]; then
state_storage_account_id='${{ steps.find_az_state_sa.outputs.state_storage_account_id }}'
else
Expand Down Expand Up @@ -628,7 +628,7 @@ jobs:
typeset -l state_key_vault_name
state_key_vault_name="$(echo '${{ steps.az_state_rg.outputs.state_resource_group_name }}${{ inputs.level }}x${{ steps.az_state_rg.outputs.rg_random }}' | sed -E 's/[^ a-zA-Z0-9\-]//g' | head -c 21 | sed -E 's/-+$//g')-kv"
fi
if [[ '${{ github.event_name }}' == 'pull_request'* ]]; then
if [[ "${GITHUB_EVENT_NAME}" == 'pull_request'* || $COMMENT_BODY == *'/plan'* ]]; then
if [ -n '${{ steps.login.outputs.state_key_vault_id }}' ]; then
state_key_vault_id='${{ steps.login.outputs.state_key_vault_id }}'
else
Expand Down Expand Up @@ -719,7 +719,7 @@ jobs:
eval "$@" 2> >(tee -a $log_file >&2)
return ${PIPESTATUS[0]}
}
if [[ '${{ github.event_name }}' == 'pull_request'* ]]; then
if [[ "${GITHUB_EVENT_NAME}" == 'pull_request'* || $COMMENT_BODY == *'/plan'* ]]; then
query="\"where type =~ 'microsoft.dataprotection/backupvaults' and name == '${{ steps.az_state_rg.outputs.state_resource_group_name }}-bv' | project id\""
if [[ '${{ inputs.log_severity }}' == 'DEBUG' || '${{ inputs.log_severity }}' == 'TRACE' ]]; then
echo "Run query: ${query}"
Expand Down Expand Up @@ -990,7 +990,7 @@ jobs:
github.event_name == 'pull_request' ||
github.event_name == 'pull_request_target'
) && steps.saved_plan.outputs.sha != ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
path: src
ref: ${{ inputs.pull_request_head_ref }}
Expand Down Expand Up @@ -1085,7 +1085,7 @@ jobs:
- name: Parse terraform command and arguments
id: parse_command
uses: actions/github-script@v6
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
result-encoding: string
Expand Down Expand Up @@ -1152,7 +1152,7 @@ jobs:
- name: Comment when done
id: comment_when_done
if: always()
uses: actions/github-script@v6
uses: actions/github-script@v7
env:
VERIFY_PERMISSION_MESSAGE: ${{ steps.verify_permission.outputs.message }}
with:
Expand Down Expand Up @@ -1234,46 +1234,36 @@ jobs:
- name: Upload logs
id: upload_logs
if: always()
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: init_logs
path: logs/
if-no-files-found: ignore
retention-days: 0

- name: Dump github context
id: dump_github_context
- name: Show debug info
if: >
failure() || (
success() &&
!contains(
fromJSON('["ERROR", "WARN"]'), inputs.log_severity
)
)
env:
GH_CONTEXT: ${{ toJson(github) }}
run: echo "${GH_CONTEXT}"

- name: Dump steps context
id: dump_steps_context
if: >
failure() || (
success() &&
!contains(
fromJSON('["ERROR", "WARN"]'), inputs.log_severity
)
)
env:
STEPS_CONTEXT: ${{ toJson(steps) }}
run: echo "${STEPS_CONTEXT}"

- name: Print variables and event
id: dump_env
if: >
failure() || (
(
success() &&
!contains(
fromJSON('["ERROR", "WARN"]'), inputs.log_severity
)
)
uses: hmarr/debug-action@v2
inputs.log_severity != 'ERROR'
) || failure()
uses: actions/github-script@7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const event = JSON.parse(fs.readFileSync(process.env['GITHUB_EVENT_PATH']));
console.log('::group::environment variables');
console.log('::stop-commands::77e6a57ef9854574');
for (const [key, value] of Object.entries(process.env).sort()) {
if (key != 'INPUT_SCRIPT') {
console.log(`${key}=${value}`);
}
}
console.log('::77e6a57ef9854574::');
console.log('::endgroup::');
console.log('::group::github event');
console.log('::stop-commands::77e6a57ef9854574');
console.log(JSON.stringify(event, null, 2));
console.log('::77e6a57ef9854574::');
console.log('::endgroup::');
100 changes: 45 additions & 55 deletions .github/workflows/terraform-job.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,7 @@ jobs:
steps:
- name: Checkout head ref (src)
id: checkout_src
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
path: src
ref: ${{ inputs.pull_request_head_ref }}
Expand All @@ -272,7 +272,7 @@ jobs:
- name: Get library 01 token
id: library_01
if: inputs.library_01_repo != '' && inputs.library_01_app_id != ''
uses: innofactororg/github-app-token@v1
uses: innofactororg/github-app-token@v2
with:
app_id: ${{ inputs.library_01_app_id }}
private_key: ${{ secrets.LIBRARY_01_PRIVATE_KEY }}
Expand All @@ -285,7 +285,7 @@ jobs:
- name: Checkout library 01 (private)
id: checkout_library_01
if: inputs.library_01_repo != '' && steps.library_01.outputs.token != ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_01_repo }}
path: ${{ inputs.library_01_path }}
Expand All @@ -296,7 +296,7 @@ jobs:
- name: Checkout library 01 (public)
id: checkout_library_01_pub
if: inputs.library_01_repo != '' && steps.library_01.outputs.token == ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_01_repo }}
path: ${{ inputs.library_01_path }}
Expand All @@ -306,7 +306,7 @@ jobs:
- name: Get library 02 token
id: library_02
if: inputs.library_02_repo != '' && inputs.library_02_app_id != ''
uses: innofactororg/github-app-token@v1
uses: innofactororg/github-app-token@v2
with:
app_id: ${{ inputs.library_02_app_id }}
private_key: ${{ secrets.LIBRARY_02_PRIVATE_KEY }}
Expand All @@ -319,7 +319,7 @@ jobs:
- name: Checkout library 02 (private)
id: checkout_library_02
if: inputs.library_02_repo != '' && steps.library_02.outputs.token != ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_02_repo }}
path: ${{ inputs.library_02_path }}
Expand All @@ -330,7 +330,7 @@ jobs:
- name: Checkout library 02 (public)
id: checkout_library_02_pub
if: inputs.library_02_repo != '' && steps.library_02.outputs.token == ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_02_repo }}
path: ${{ inputs.library_02_path }}
Expand All @@ -340,7 +340,7 @@ jobs:
- name: Get library 03 token
id: library_03
if: inputs.library_03_repo != '' && inputs.library_03_app_id != ''
uses: innofactororg/github-app-token@v1
uses: innofactororg/github-app-token@v2
with:
app_id: ${{ inputs.library_03_app_id }}
private_key: ${{ secrets.LIBRARY_03_PRIVATE_KEY }}
Expand All @@ -353,7 +353,7 @@ jobs:
- name: Checkout library 03 (private)
id: checkout_library_03
if: inputs.library_03_repo != '' && steps.library_03.outputs.token != ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_03_repo }}
path: ${{ inputs.library_03_path }}
Expand All @@ -364,7 +364,7 @@ jobs:
- name: Checkout library 03 (public)
id: checkout_library_03_pub
if: inputs.library_03_repo != '' && steps.library_03.outputs.token == ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_03_repo }}
path: ${{ inputs.library_03_path }}
Expand All @@ -374,7 +374,7 @@ jobs:
- name: Get library 04 token
id: library_04
if: inputs.library_04_repo != '' && inputs.library_04_app_id != ''
uses: innofactororg/github-app-token@v1
uses: innofactororg/github-app-token@v2
with:
app_id: ${{ inputs.library_04_app_id }}
private_key: ${{ secrets.LIBRARY_04_PRIVATE_KEY }}
Expand All @@ -387,7 +387,7 @@ jobs:
- name: Checkout library 04 (private)
id: checkout_library_04
if: inputs.library_04_repo != '' && steps.library_04.outputs.token != ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_04_repo }}
path: ${{ inputs.library_04_path }}
Expand All @@ -398,7 +398,7 @@ jobs:
- name: Checkout library 04 (public)
id: checkout_library_04_pub
if: inputs.library_04_repo != '' && steps.library_04.outputs.token == ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_04_repo }}
path: ${{ inputs.library_04_path }}
Expand All @@ -408,7 +408,7 @@ jobs:
- name: Get library 05 token
id: library_05
if: inputs.library_05_repo != '' && inputs.library_05_app_id != ''
uses: innofactororg/github-app-token@v1
uses: innofactororg/github-app-token@v2
with:
app_id: ${{ inputs.library_05_app_id }}
private_key: ${{ secrets.LIBRARY_05_PRIVATE_KEY }}
Expand All @@ -421,7 +421,7 @@ jobs:
- name: Checkout library 05 (private)
id: checkout_library_05
if: inputs.library_05_repo != '' && steps.library_05.outputs.token != ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_05_repo }}
path: ${{ inputs.library_05_path }}
Expand All @@ -432,7 +432,7 @@ jobs:
- name: Checkout library 05 (public)
id: checkout_library_05_pub
if: inputs.library_05_repo != '' && steps.library_05.outputs.token == ''
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: ${{ inputs.library_05_repo }}
path: ${{ inputs.library_05_path }}
Expand Down Expand Up @@ -1079,14 +1079,14 @@ jobs:
- name: Setup infrastructure cost tool
id: infracost_setup
if: contains(inputs.terraform_command, 'plan')
uses: infracost/actions/setup@v2
uses: infracost/actions/setup@v3
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}

- name: Checkout base ref (main)
id: checkout_base
if: contains(inputs.terraform_command, 'plan')
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
path: main
ref: ${{ inputs.pull_request_base_ref }}
Expand Down Expand Up @@ -1171,7 +1171,7 @@ jobs:
id: auto_merge
if: >
github.event_name == 'issue_comment' && steps.terraform.outputs.applied == 'true' && contains(fromJSON('["merge", "squash", "rebase"]'), inputs.merge_method)
uses: actions/github-script@v6
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down Expand Up @@ -1228,7 +1228,7 @@ jobs:
- name: Comment when done
id: comment_when_done
if: always()
uses: actions/github-script@v6
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down Expand Up @@ -1489,46 +1489,36 @@ jobs:
- name: Upload logs
id: upload_logs
if: always()
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: terraform_logs
path: logs/
if-no-files-found: ignore
retention-days: 0

- name: Dump github context
id: dump_github_context
- name: Show debug info
if: >
failure() || (
(
success() &&
!contains(
fromJSON('["ERROR", "WARN"]'), inputs.log_severity
)
)
env:
GH_CONTEXT: ${{ toJson(github) }}
run: echo "${GH_CONTEXT}"

- name: Dump steps context
id: dump_steps_context
if: >
failure() || (
success() &&
!contains(
fromJSON('["ERROR", "WARN"]'), inputs.log_severity
)
)
env:
STEPS_CONTEXT: ${{ toJson(steps) }}
run: echo "${STEPS_CONTEXT}"

- name: Print variables and event
id: dump_env
if: >
failure() || (
success() &&
!contains(
fromJSON('["ERROR", "WARN"]'), inputs.log_severity
)
)
uses: hmarr/debug-action@v2
inputs.log_severity != 'ERROR'
) || failure()
uses: actions/github-script@7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const event = JSON.parse(fs.readFileSync(process.env['GITHUB_EVENT_PATH']));
console.log('::group::environment variables');
console.log('::stop-commands::77e6a57ef9854574');
for (const [key, value] of Object.entries(process.env).sort()) {
if (key != 'INPUT_SCRIPT') {
console.log(`${key}=${value}`);
}
}
console.log('::77e6a57ef9854574::');
console.log('::endgroup::');
console.log('::group::github event');
console.log('::stop-commands::77e6a57ef9854574');
console.log(JSON.stringify(event, null, 2));
console.log('::77e6a57ef9854574::');
console.log('::endgroup::');

0 comments on commit b009add

Please sign in to comment.