Skip to content
Pull request workflow

repo-agnostic provisioning guide #12

Sign in to view logs

repo-agnostic provisioning guide

repo-agnostic provisioning guide #12

Workflow file for this run

.github/workflows/pr-workflow.yaml at bc61266
name: Pull request workflow
on:
pull_request
env:
tofu_version: 1.8.2
tg_version: 0.67.10
working_dir: .infra/gcp-gha-gcp-opentofu
# All PR jobs should be listed in required_status_checks https://github.com/rcwbr/gha-gcp-opentofu/blob/1414227daae1579b2c382652e31ca1eba0d18fab/.github/settings.yml#L55
jobs:
check-hcl:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/[email protected]
- name: Check terragrunt HCL
uses: gruntwork-io/[email protected]
with:
tofu_version: ${{ env.tofu_version }}
tg_version: ${{ env.tg_version }}
tg_dir: .
tg_command: 'hclfmt --terragrunt-check --terragrunt-diff'
check-tf:
runs-on: ubuntu-24.04
container:
image: ghcr.io/opentofu/opentofu:1.8.2
steps:
- name: Checkout
uses: actions/[email protected]
- name: Check OpenTofu .TF
run: tofu fmt -diff -check
plan:
runs-on: ubuntu-24.04
needs: [ check-hcl, check-tf ]
permissions:
id-token: 'write' # Needed for the google-github-actions/auth step
pull-requests: 'write' # Needed to post plan results comment to PR
steps:
- name: Checkout
uses: actions/[email protected]
- id: plan-auth
name: GCP auth
uses: google-github-actions/[email protected]
with:
export_environment_variables: false
create_credentials_file: false
token_format: access_token
workload_identity_provider: projects/918666231212/locations/global/workloadIdentityPools/github-actions/providers/github-actions
service_account: [email protected]
- name: Terragrunt plan
uses: gruntwork-io/[email protected]
with:
tofu_version: ${{ env.tofu_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.working_dir }}
tg_comment: 1
tg_command: plan
env:
GOOGLE_OAUTH_ACCESS_TOKEN: ${{ steps.plan-auth.outputs.access_token }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}