@@ -3,7 +3,6 @@ name: Terraform Apply from PR
33on :
44 push :
55 branches : [main]
6-
76env :
87 TF_VAR_aws_account_id : ${{ secrets.AWS_ACCOUNT_ID }}
98 TF_VAR_aws_region : ${{ secrets.AWS_REGION }}
@@ -39,42 +38,26 @@ jobs:
3938
4039name : Detect changed Terraform directories from PR
4140 if : steps.get_pr.outputs.pr_number
42- id : set-matrix
41+ id : detect_changes
4342 run : |
44- set -x # Enable shell tracing for debug
4543 PR_NUMBER=${{ steps.get_pr.outputs.pr_number }}
4644
4745 FILES=$(gh pr view $PR_NUMBER --json files --jq '.files[].path')
4846 echo "Changed files from PR $PR_NUMBER:"
4947 echo "$FILES"
5048
51- MATRIX="[]"
52-
5349 # Check for dev environment changes (terraform/env/dev/)
5450 if echo "$FILES" | grep -q "^terraform/env/dev/"; then
55- echo "Detected changes in terraform/env/dev/"
56- MATRIX=$(echo "$MATRIX" | jq -c '. + [{"dir":"terraform/env/dev","env":"dev","pr":"'$PR_NUMBER'"}]')
51+ echo "has_dev=true" >> $GITHUB_OUTPUT
5752 fi
5853
5954 # Check for shared infrastructure changes (top-level terraform/, excluding terraform/env/)
6055 if echo "$FILES" | grep "^terraform/" | grep -v "^terraform/env/" | grep -q .; then
61- echo "Detected changes in shared terraform/ (excluding env/)"
62- MATRIX=$(echo "$MATRIX" | jq -c '. + [{"dir":"terraform","env":"shared","pr":"'$PR_NUMBER'"}]')
63- fi
64-
65- echo "matrix={\"include\":$MATRIX}" >> $GITHUB_OUTPUT
66- echo "Matrix: {\"include\":$MATRIX}"
67-
68- # Set has_changes flag based on matrix length
69- if [ "$(echo "$MATRIX" | jq 'length')" -gt 0 ]; then
70- echo "has_changes=true" >> $GITHUB_OUTPUT
71- else
72- echo "has_changes=false" >> $GITHUB_OUTPUT
56+ echo "has_shared=true" >> $GITHUB_OUTPUT
7357 fi
7458
7559apply :
76- needs : detect
77- if : needs.detect.outputs.has_changes == 'true'
60+ needs : detect_changes
7861 runs-on : ubuntu-latest
7962 steps :
8063 - uses : actions/checkout@v5
@@ -87,113 +70,16 @@ jobs:
8770 aws-region : ${{ env.TF_VAR_aws_region }}
8871 role-session-name : TerraformApplySession
8972
90- - name : Parse environments
91- id : parse
92- run : |
93- set -x # Enable shell tracing for debug
94- MATRIX='${{ needs.detect.outputs.matrix }}'
95- echo "Parsed matrix: $MATRIX"
96-
97- # Check if shared exists in matrix
98- SHARED=$(echo "$MATRIX" | jq -c '.include[] | select(.env == "shared")')
99- if [ -n "$SHARED" ]; then
100- echo "has_shared=true" >> $GITHUB_OUTPUT
101- echo "shared_dir=$(echo "$SHARED" | jq -r '.dir')" >> $GITHUB_OUTPUT
102- echo "shared_pr=$(echo "$SHARED" | jq -r '.pr')" >> $GITHUB_OUTPUT
103- echo "Shared entry: $SHARED"
104- else
105- echo "has_shared=false" >> $GITHUB_OUTPUT
106- fi
107-
108- # Check if dev exists in matrix
109- DEV=$(echo "$MATRIX" | jq -c '.include[] | select(.env == "dev")')
110- if [ -n "$DEV" ]; then
111- echo "has_dev=true" >> $GITHUB_OUTPUT
112- echo "dev_dir=$(echo "$DEV" | jq -r '.dir')" >> $GITHUB_OUTPUT
113- echo "dev_pr=$(echo "$DEV" | jq -r '.pr')" >> $GITHUB_OUTPUT
114- echo "Dev entry: $DEV"
115- else
116- echo "has_dev=false" >> $GITHUB_OUTPUT
117- fi
118-
11973 - name : Apply Shared Infrastructure
120- if : steps.parse.outputs.has_shared == 'true'
121- run : |
122- set -euxo pipefail
123- echo "Dumping environment variables for debug:"
124- env | sort
125-
126- echo "========================================="
127- echo "Applying Terraform for: shared"
128- echo "========================================="
129-
130- cd ${{ steps.parse.outputs.shared_dir }}
131-
132- terraform init -input=false -upgrade=false
133-
134- aws s3 cp s3://${{ env.TFPLAN_S3_BUCKET }}/shared/${{ steps.parse.outputs.shared_pr }}/tfplan tfplan
135-
136- terraform plan -input=false -out=tfplan-new
137-
138- terraform show -no-color tfplan > plan-old.txt
139- terraform show -no-color tfplan-new > plan-new.txt
140-
141- echo "--- plan-old.txt ---"
142- head -40 plan-old.txt || true
143- echo "--- plan-new.txt ---"
144- head -40 plan-new.txt || true
145-
146- if ! diff -q plan-old.txt plan-new.txt > /dev/null; then
147- echo "ERROR: Plans differ for shared - state has changed since PR"
148- diff plan-old.txt plan-new.txt || true
149- exit 1
150- fi
151-
152- if grep -q "No changes" plan-old.txt; then
153- echo "No changes detected in plan for shared, skipping apply"
154- else
155- echo "Applying changes for shared..."
156- terraform apply -input=false tfplan
157- echo "✅ Apply completed for shared"
158- fi
74+ if : steps.detect_changes.outputs.has_shared == 'true'
75+ uses : ./.github/actions/tf_apply
76+ with :
77+ working-directory : " terraform"
78+ env : shared
15979
16080 - name : Apply Dev Environment
161- if : steps.parse.outputs.has_dev == 'true'
162- run : |
163- set -euxo pipefail
164- echo "Dumping environment variables for debug:"
165- env | sort
166-
167- echo "========================================="
168- echo "Applying Terraform for: dev"
169- echo "========================================="
170-
171- cd ${{ steps.parse.outputs.dev_dir }}
172-
173- terraform init -input=false -upgrade=false
174-
175- aws s3 cp s3://${{ env.TFPLAN_S3_BUCKET }}/dev/${{ steps.parse.outputs.dev_pr }}/tfplan tfplan
176-
177- terraform plan -input=false -out=tfplan-new
178-
179- terraform show -no-color tfplan > plan-old.txt
180- terraform show -no-color tfplan-new > plan-new.txt
181-
182- echo "--- plan-old.txt ---"
183- head -40 plan-old.txt || true
184- echo "--- plan-new.txt ---"
185- head -40 plan-new.txt || true
186-
187- if ! diff -q plan-old.txt plan-new.txt > /dev/null; then
188- echo "ERROR: Plans differ for dev - state has changed since PR"
189- diff plan-old.txt plan-new.txt || true
190- exit 1
191- fi
192-
193- if grep -q "No changes" plan-old.txt; then
194- echo "No changes detected in plan for dev, skipping apply"
195- else
196- echo "Applying changes for dev..."
197- terraform apply -input=false tfplan
198- echo "✅ Apply completed for dev"
199- fi
81+ if : steps.detect_changes.outputs.has_dev == 'true'
82+ uses : ./.github/actions/tf_apply
83+ with :
84+ working-directory : " terraform/env/dev"
85+ env : dev
0 commit comments