-
Notifications
You must be signed in to change notification settings - Fork 39
75 lines (65 loc) · 2.28 KB
/
Copy pathterraform-plan.yml
File metadata and controls
75 lines (65 loc) · 2.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: Terraform Plan
on:
pull_request:
paths:
- 'infra/terraform/**'
- '.github/workflows/terraform-plan.yml'
permissions:
id-token: write
contents: read
pull-requests: write
jobs:
plan:
name: plan-${{ matrix.env }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
env: [dev]
defaults:
run:
working-directory: infra/terraform/envs/${{ matrix.env }}
env:
TF_VERSION: '1.9.8'
AWS_REGION: ${{ vars.AWS_REGION }}
TF_STATE_BUCKET: ${{ vars.TF_STATE_BUCKET }}
TF_LOCK_TABLE: ${{ vars.TF_LOCK_TABLE }}
steps:
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TF_VERSION }}
- name: Terraform fmt
run: terraform fmt -check -recursive ../..
- name: Terraform init
run: |
terraform init \
-backend-config="bucket=${TF_STATE_BUCKET}" \
-backend-config="key=envs/${{ matrix.env }}/terraform.tfstate" \
-backend-config="region=${AWS_REGION}" \
-backend-config="dynamodb_table=${TF_LOCK_TABLE}" \
-backend-config="encrypt=true"
- name: Terraform validate
run: terraform validate
- name: Terraform plan
id: plan
run: |
terraform plan -var "region=${AWS_REGION}" -no-color -out=tfplan
terraform show -no-color tfplan > plan.txt
- name: Comment plan on PR
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const plan = fs.readFileSync('infra/terraform/envs/${{ matrix.env }}/plan.txt', 'utf8');
const truncated = plan.length > 60000 ? plan.slice(0, 60000) + '\n... (truncated)' : plan;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `### Terraform plan — \`${{ matrix.env }}\`\n<details><summary>Show plan</summary>\n\n\`\`\`hcl\n${truncated}\n\`\`\`\n\n</details>`
});