Add Terraform CI steps #12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This template is pre-configured to run what's known as a speculative plan in Terraform Cloud. | |
| # Speculative plans are plan-only runs to test changes to configuration. Perfect for code reviews on a Pull Request. | |
| # | |
| # This workflow is configured to trigger when a pull request is opened against your `main` branch, | |
| # **IF** the set paths contain files that have changed. If the workflow runs, the included steps will upload your terraform configuration, create a new run, and output the plan information to a PR comment. | |
| # | |
| # NOTE: The last step in this template includes a script that will upsert a PR comment. (REQUIRES `Read and write permissions`) | |
| # | |
| # Copied from | |
| # https://github.com/hashicorp/tfc-workflows-github/blob/4e91ea58dde1e255e6cecdfd7a19c5f395538393/workflow-templates/terraform-cloud.speculative-run.workflow.yml | |
| --- | |
| name: Terraform Cloud Speculative Run | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| # Only plan if TF has changed, even though we may _apply_ regardless | |
| # to re-push client/ or server/ artifacts. | |
| - "infra/**.tf" | |
| - ".github/workflows/terraform-plan.yml" | |
| ## Add shared Environment Variables across jobs here ## | |
| env: | |
| NODE_VERSION: 18 | |
| TF_CLOUD_ORGANIZATION: ${{ vars.TF_CLOUD_ORGANIZATION }} | |
| TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }} | |
| TF_WORKSPACE: ${{ vars.TF_WORKSPACE }} | |
| CONFIG_DIRECTORY: "./infra" | |
| ## Additional env variables | |
| # TF_LOG: DEBUG ## Helpful for troubleshooting | |
| # TF_MAX_TIMEOUT: "30m" ## If you wish to override the default "1h" | |
| jobs: | |
| terraform-cloud-speculative-run: | |
| name: "Terraform Plan" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Node ${{ env.NODE_VERSION }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: client/package-lock.json | |
| - run: npm ci | |
| working-directory: ./client | |
| - run: npm run build | |
| working-directory: ./client | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: cargo install cargo-lambda | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-lambda@1 | |
| - name: Install zig for cargo-lambda | |
| run: sudo snap install zig --classic --beta | |
| - run: cargo lambda build --release --arm64 | |
| working-directory: ./server | |
| - uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: upload | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| # directory: ${{ env.CONFIG_DIRECTORY }} | |
| speculative: true | |
| - uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: run | |
| ## run may fail, if so continue to output PR comment | |
| ## step.terraform-cloud-check-run-status will fail job after pr comment is created/updated. | |
| continue-on-error: true | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| configuration_version: ${{ steps.upload.outputs.configuration_version_id }} | |
| plan_only: true | |
| message: "Triggered From GitHub Actions CI ${{ github.sha }}" | |
| - uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-output | |
| with: | |
| plan: ${{ steps.run.outputs.plan_id }} | |
| - uses: actions/github-script@v6 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| // 1. Retrieve existing bot comments for the PR | |
| const { data: comments } = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }) | |
| const botComment = comments.find(comment => { | |
| return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output') | |
| }) | |
| const output = `#### Terraform Cloud Plan Output | |
| \`\`\`\n | |
| Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. | |
| \`\`\` | |
| [Terraform Cloud Plan](${{ steps.run.outputs.run_link }}) | |
| ` | |
| // 3. If we have a comment, update it, otherwise create a new one | |
| if (botComment) { | |
| github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: botComment.id, | |
| body: output | |
| }) | |
| } else { | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) | |
| } | |
| ## Check Run Status, if not planned_and_finished fail the job | |
| - id: terraform-cloud-check-run-status | |
| if: ${{ steps.run.outputs.run_status != 'planned_and_finished'}} | |
| run: | | |
| echo "Terraform Cloud Run Failed or Requires Further Attention" | |
| echo "Run Status: '${{ steps.run.outputs.run_status }}'" | |
| echo "${{ steps.run.outputs.run_link }}" | |
| exit 1 |