.github/.github/workflows/shared-terraform-component.yml at main · cloudposse-terraform-components/.github · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: "Shared terraform module"
on:
  workflow_call:
    inputs:
      runs-on:
        description: "Overrides job runs-on setting (json-encoded list)"
        type: string
        required: false
        default: '["ubuntu-latest"]'
    secrets:
      REPO_ACCESS_TOKEN:
        description: "GitHub API token"
        required: false

permissions:
  id-token: write
  contents: write
  pull-requests: write

concurrency:
  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
  cancel-in-progress: false

jobs:
  # Define context job as a start point to solve problem with event races of concurrent jobs lead to stucked statuses
  # https://github.com/orgs/community/discussions/141213
  context:
    if: ${{ github.event_name == 'merge_group' || github.event_name == 'push' || github.event.pull_request.state == 'open' }}
    runs-on: ${{ fromJSON(inputs.runs-on) }}
    steps:
      - uses: cloudposse-github-actions/get-pr@v2
        id: pr

      - name: Get labels
        if: ${{ steps.pr.outputs.json != '' }}
        id: labels
        run: |-
          echo "${{ fromJSON(steps.pr.outputs.json).labels.*.name }}"
          echo "${{ contains( fromJSON(steps.pr.outputs.json).labels.*.name, 'no-release') }}"
          echo "no-release=${{ contains( fromJSON(steps.pr.outputs.json).labels.*.name, 'no-release') }}" >> $GITHUB_OUTPUT

    outputs:
      no-release: ${{ steps.labels.outputs.no-release }}

  terraform:
    uses: cloudposse-terraform-components/.github/.github/workflows/shared-ci-terraform.yml@main
    if: ${{ github.event_name == 'merge_group' || github.event_name == 'push' || github.event.pull_request.state == 'open' }}
    needs: [context]
    with:
      # Workaround for https://github.com/community/community/discussions/9099
      # We should switch to nofilter once it's fixed
      filter-mode: ${{ github.event_name == 'pull_request' && 'diff_context' || 'nofilter' }}
      suggestions: "${{ github.event_name == 'pull_request' }}"
      runs-on: ${{ inputs.runs-on }}

  readme:
    uses: cloudposse-terraform-components/.github/.github/workflows/shared-readme.yml@main
    if: ${{ github.event_name == 'push' }}
    needs: [context]
    with:
      runs-on: ${{ inputs.runs-on }}
      pr_labels: |
        auto-update
        readme
        ${{ needs.context.outputs.no-release == 'true' && 'no-release' || '' }}
    secrets: inherit

  codeowners:
    uses: cloudposse/.github/.github/workflows/shared-codeowners.yml@main
    if: ${{ github.event_name == 'merge_group' || github.event_name == 'push' || github.event.pull_request.state == 'open' }}
    needs: [context]
    with:
      is_fork: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }}
      runs-on: ${{ inputs.runs-on }}

  labels:
    runs-on: ${{ fromJSON(inputs.runs-on) }}
    if: ${{ github.event_name == 'push' || github.event.pull_request.state == 'open' }}
    needs: [context]
    steps:
      - uses: cloudposse/github-action-release-label-validator@v1

  mergequeue:
    if: ${{ github.event_name == 'merge_group' }}
    uses: cloudposse-terraform-components/.github/.github/workflows/shared-terratest-queue.yml@main
    needs: [terraform]
    with:
      runs-on: ${{ inputs.runs-on }}
      mock: true
    secrets: inherit

  ci:
    runs-on: ${{ fromJSON(inputs.runs-on) }}
    if: ${{ always() && (github.event_name == 'merge_group' || github.event_name == 'push' || github.event.pull_request.state == 'open') }}
    steps:
      - run: |
          echo '${{ toJSON(needs) }}'  # easier debug
          ! ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
    needs: [ terraform, readme, codeowners, labels, mergequeue ]

  release:
    needs: [ci, readme]
    uses: cloudposse-terraform-components/.github/.github/workflows/shared-auto-release.yml@main
    if: ${{ always() && github.event_name == 'push' && needs.ci.result == 'success' && needs.readme.result == 'success' }}
    with:
      runs-on: ${{ inputs.runs-on }}
      publish: ${{ needs.readme.outputs.changes_detected == 'false' }}
    secrets: inherit