Skip to content
pre-commit-check-and-autocommit-changes

github-oidc-role component #2350

Sign in to view logs

github-oidc-role component

github-oidc-role component #2350

Workflow file for this run

.github/workflows/pre-commit-check-and-autocommit-changes.yaml at 91807a0
name: pre-commit-check-and-autocommit-changes
on:
pull_request_target:
types: [labeled, opened, synchronize, unlabeled]
jobs:
run-pre-commit-checks-and-autocommit-changes:
runs-on: ubuntu-latest
if: github.event.pull_request.state == 'open'
steps:
- name: Privileged Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
# Check out the PR commit, not the merge commit
# Use `ref` instead of `sha` to enable pushing back to `ref`
ref: ${{ github.event.pull_request.head.ref }}
- name: Get List of Modified files
id: get-modified-files
shell: bash -x -e -o pipefail {0}
env:
BASE_REF: ${{ github.base_ref }}
HEAD_REF: ${{ github.head_ref }}
run: |
MODIFIED_FILES=$(git diff --name-only origin/${BASE_REF} origin/${HEAD_REF})
if [ -z "$MODIFIED_FILES" ]; then
echo "No changed files detected on this branch? This must be an error."
exit 1
else
echo "Running checks on the following files: ${MODIFIED_FILES}"
echo "::set-output name=modified_files::$(echo $MODIFIED_FILES)"
fi
- name: Get Terraform Version
id: get-terraform-version
shell: bash -x -e -o pipefail {0}
env:
BASE_REF: ${{ github.base_ref }}
LABELS: ${{ join(github.event.pull_request.labels.*.name, '\n') }}
MODIFIED_FILES: ${{ steps.get-modified-files.outputs.modified_files }}
DEFAULT_TERRAFORM_VERSION: ${{ secrets.DEFAULT_TERRAFORM_VERSION }}
run: |
# Match labels like `terraform/0.12` or nothing (to prevent grep from returning a non-zero exit code)
# Use [0-9] because \d is not standard part of egrep
echo "PR labels: ${LABELS}"
TERRAFORM_VERSION=$(grep -Eo 'terraform/[0-9]+\.[x0-9]+|' <<<${LABELS} | cut -d/ -f2)
# Go through all the possible cases: one compliant label, no compliant labels, and multiple compliant labels
if grep -Ez '^\W*[0-9]+\.[x0-9]+\W*$' <<<${TERRAFORM_VERSION}; then
echo "Terraform version ${TERRAFORM_VERSION} will be used to check the formatting of files that have been modified since this branch diverged from ${BASE_REF}."
elif [ -z "${TERRAFORM_VERSION}" ]; then
TERRAFORM_VERSION="${DEFAULT_TERRAFORM_VERSION:-1.x}"
echo "No Terraform version found in the PR labels. Using the default Terraform version ${TERRAFORM_VERSION}."
else
echo "You have either chosen terraform labels with malformed versions or, more likely, you have chosen multiple terraform version labels."
echo "Please select a single terraform version label that matches the following regular expression: terraform/[0-9]+\.[x0-9]+"
exit 2
fi
# Construct the actual semver expression that will be passed to Terraform
if grep -q 'x$' <<<${TERRAFORM_VERSION}; then
TERRAFORM_SEMVER=$TERRAFORM_VERSION
else
TERRAFORM_SEMVER=~$TERRAFORM_VERSION
fi
# Create GitHub Actions step output
echo "::set-output name=terraform_semver::$(echo $TERRAFORM_SEMVER)"
# Install terraform to ensure we're using our expected version
- uses: hashicorp/setup-terraform@v1
with:
terraform_version: ${{ steps.get-terraform-version.outputs.terraform_semver }}
# Install terraform-docs for pre-commit hook
- name: Install terraform-docs
shell: bash
env:
INSTALL_PATH: "${{ github.workspace }}/bin"
run: |
make init
mkdir -p "${INSTALL_PATH}"
make packages/install/terraform-docs
echo "$INSTALL_PATH" >> $GITHUB_PATH
# python setup, in preparation for pre-commit run
- uses: actions/setup-python@v2
# pre-commit checks: fmt + terraform-docs
# We skip tf_validate as it requires an init
# of all root modules, which is to be avoided.
- uses: cloudposse/github-action-pre-commit@v2.1.2
env:
SKIP: tf_validate
with:
token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
git_user_name: cloudpossebot
git_user_email: cloudpossebot@users.noreply.github.com
extra_args: --files ${{ steps.get-modified-files.outputs.modified_files }}