-
-
Save cheeyeo/942360bb9a8a5f19320ec71c3a43cd89 to your computer and use it in GitHub Desktop.
A GitHub Actions workflow that displays the Terraform plan in the workflow summary...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 00-Terraform Pipeline | |
| on: | |
| push: | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| check: | |
| name: Check Configuration | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: 1.4.6 | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init | |
| - name: Terraform Validate | |
| id: validate | |
| run: | | |
| terraform validate | |
| if [ $? -ne 0 ]; | |
| then | |
| echo "## :bangbang: Validation failed. Check the logs" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "## :white_check_mark: Success! The configuration is valid." >> $GITHUB_STEP_SUMMARY | |
| fi | |
| plan: | |
| needs: [check] | |
| name: Terraform Plan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: 1.4.6 | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init | |
| - name: Terraform Plan | |
| continue-on-error: true | |
| id: plan | |
| run: | | |
| terraform plan -input=false -no-color -out=tfplan | |
| terraform show -no-color tfplan > plan.txt | |
| - name: Display the plan summary | |
| id: display | |
| run: | | |
| { | |
| awk '/No changes. Your infrastructure matches the configuration./ { | |
| print "## " $0 | |
| print "Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed." | |
| exit | |
| }' plan.txt | |
| awk '/Terraform will perform the following actions:/ { | |
| print "## Terraform will perform the following actions:" | |
| print "|Action|Resource|" | |
| print "|------|--------|" | |
| exit | |
| }' plan.txt | |
| awk '/Terraform used the selected/{ next } /will be/ || /must be/ {print "|" $5 "|" $2 "|"; next} /Plan:/{ print "## " $0; next }' plan.txt \ | |
| | sed -e 's/created/:white_check_mark: create/' -e 's/destroyed/:bangbang: destroy/' -e 's/replaced/:recycle: replace/' | |
| } > plan.md | |
| cat plan.md >> $GITHUB_STEP_SUMMARY | |
| - name: Update PR comments | |
| if: github.event_name == 'pull_request' | |
| id: comment | |
| uses: peter-evans/create-or-update-comment@v3 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| issue-number: ${{ github.event.number }} | |
| body-path: plan.md | |
| apply: | |
| needs: [plan] | |
| if: github.ref == 'refs/heads/main' | |
| name: Terraform Apply | |
| runs-on: ubuntu-latest | |
| environment: Production | |
| concurrency: Production | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: 1.4.6 | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init | |
| - name: Terraform Apply | |
| id: apply | |
| run: terraform apply -no-color -auto-approve -input=false | tee apply.txt | |
| - name: Display the apply summary | |
| id: display | |
| run: | | |
| { | |
| awk '/::debug::stdout:/{ next } /Apply complete!/ { print "## " $0; exit }' apply.txt | |
| awk '/::debug::stdout:/{ next } /compute.amazonaws.com/ {print "- [" $1 "](http://" $3 ")"}' apply.txt | sed 's/"//g' | |
| } > apply.md | |
| cat apply.md >> $GITHUB_STEP_SUMMARY |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment