Skip to content

Commit

Permalink
Merge pull request #68 from jonhoo/terraform-ci
Browse files Browse the repository at this point in the history 
Add Terraform CI steps
  • Loading branch information
@jonhoo
jonhoo authored Jan 2, 2024
2 parents 5049af4 + 42ecdbc commit c17c7e5
Show file tree
Hide file tree
Showing 2 changed files with 227 additions and 0 deletions.
88 changes: 88 additions & 0 deletions .github/workflows/terraform-apply.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# This template is pre-configured to create an applyable run in Terraform Cloud.
# If the plan phase is successful, the run will be applied for the specified workspace.
#
# This workflow is configured to trigger when a push against your `main` branch occurs,
# **IF** the set paths contain files that have changed.
#
# Copied from
# https://github.com/hashicorp/tfc-workflows-github/blob/4e91ea58dde1e255e6cecdfd7a19c5f395538393/workflow-templates/terraform-cloud.apply-run.workflow.yml
---
name: Terraform Cloud Apply Run

on:
push:
branches:
- main
## RECOMMENDED: Specify to only run this workflow file when terraform configuration has changed.
paths:
- <<INPUT REQUIRED>> ## Example: 'terraform/**.tf'

## RECOMMENDED: Limit apply runs job / workflow to a single concurrency group at a time.
## link: https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency: production

## Add shared Environment Variables across jobs here ##
env:
NODE_VERSION: 18
TF_CLOUD_ORGANIZATION: ${{ vars.TF_CLOUD_ORGANIZATION }}
TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }}
TF_WORKSPACE: ${{ vars.TF_WORKSPACE }}
CONFIG_DIRECTORY: "./infra"
## Additional env variables
# TF_LOG: DEBUG ## Helpful for troubleshooting
# TF_MAX_TIMEOUT: "30m" ## If you wish to override the default "1h"

jobs:
terraform-cloud-apply-run:
name: "Terraform Apply"
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4

- name: Install Node ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: client/package-lock.json

- run: npm ci
working-directory: ./client

- run: npm run build
working-directory: ./client

- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable

- name: cargo install cargo-lambda
uses: taiki-e/install-action@v2
with:
tool: cargo-lambda@1

- name: Install zig for cargo-lambda
run: sudo snap install zig --classic --beta

- run: cargo lambda build --release --arm64
working-directory: ./server

- uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: upload
with:
workspace: ${{ env.TF_WORKSPACE }}
# directory: ${{ env.CONFIG_DIRECTORY }}

- uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: create-run
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ steps.upload.outputs.configuration_version_id }}

- uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: apply
if: ${{ fromJSON(steps.create-run.outputs.payload).data.attributes.actions.IsConfirmable }}
with:
run: ${{ steps.create-run.outputs.run_id }}
comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"
139 changes: 139 additions & 0 deletions .github/workflows/terraform-plan.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
# This template is pre-configured to run what's known as a speculative plan in Terraform Cloud.
# Speculative plans are plan-only runs to test changes to configuration. Perfect for code reviews on a Pull Request.
#
# This workflow is configured to trigger when a pull request is opened against your `main` branch,
# **IF** the set paths contain files that have changed. If the workflow runs, the included steps will upload your terraform configuration, create a new run, and output the plan information to a PR comment.
#
# NOTE: The last step in this template includes a script that will upsert a PR comment. (REQUIRES `Read and write permissions`)
#
# Copied from
# https://github.com/hashicorp/tfc-workflows-github/blob/4e91ea58dde1e255e6cecdfd7a19c5f395538393/workflow-templates/terraform-cloud.speculative-run.workflow.yml
---
name: Terraform Cloud Speculative Run

on:
pull_request:
branches:
- main
paths:
# Only plan if TF has changed, even though we may _apply_ regardless
# to re-push client/ or server/ artifacts.
- "infra/**.tf"
- ".github/workflows/terraform-plan.yml"

## Add shared Environment Variables across jobs here ##
env:
NODE_VERSION: 18
TF_CLOUD_ORGANIZATION: ${{ vars.TF_CLOUD_ORGANIZATION }}
TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }}
TF_WORKSPACE: ${{ vars.TF_WORKSPACE }}
CONFIG_DIRECTORY: "./infra"
## Additional env variables
# TF_LOG: DEBUG ## Helpful for troubleshooting
# TF_MAX_TIMEOUT: "30m" ## If you wish to override the default "1h"

jobs:
terraform-cloud-speculative-run:
name: "Terraform Plan"
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4

- name: Install Node ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: client/package-lock.json

- run: npm ci
working-directory: ./client

- run: npm run build
working-directory: ./client

- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable

- name: cargo install cargo-lambda
uses: taiki-e/install-action@v2
with:
tool: cargo-lambda@1

- name: Install zig for cargo-lambda
run: sudo snap install zig --classic --beta

- run: cargo lambda build --release --arm64
working-directory: ./server

- uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: upload
with:
workspace: ${{ env.TF_WORKSPACE }}
# directory: ${{ env.CONFIG_DIRECTORY }}
speculative: true

- uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: run
## run may fail, if so continue to output PR comment
## step.terraform-cloud-check-run-status will fail job after pr comment is created/updated.
continue-on-error: true
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ steps.upload.outputs.configuration_version_id }}
plan_only: true
message: "Triggered From GitHub Actions CI ${{ github.sha }}"

- uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-output
with:
plan: ${{ steps.run.outputs.plan_id }}

- uses: actions/github-script@v6
if: github.event_name == 'pull_request'
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
})
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output')
})
const output = `#### Terraform Cloud Plan Output
\`\`\`\n
Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy.
\`\`\`
[Terraform Cloud Plan](${{ steps.run.outputs.run_link }})
`
// 3. If we have a comment, update it, otherwise create a new one
if (botComment) {
github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: output
})
} else {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
}
## Check Run Status, if not planned_and_finished fail the job
- id: terraform-cloud-check-run-status
if: ${{ steps.run.outputs.run_status != 'planned_and_finished'}}
run: |
echo "Terraform Cloud Run Failed or Requires Further Attention"
echo "Run Status: '${{ steps.run.outputs.run_status }}'"
echo "${{ steps.run.outputs.run_link }}"
exit 1

0 comments on commit c17c7e5

Please sign in to comment.