-
Notifications
You must be signed in to change notification settings - Fork 0
109 lines (94 loc) · 3.71 KB
/
apply.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
---
name: apply
on:
workflow_call:
secrets:
gh_token:
required: false
gh_app_id:
required: false
gh_app_private_key:
required: false
tfe_token:
required: false
terraform_private_module_ssh_key: # This isn't needed if you don't use SSH key to checkout private Terraform Modules
required: false
secrets:
required: false
env:
GITHUB_TOKEN: ${{ secrets.gh_token }}
TFACTION_IS_APPLY: 'true'
jobs:
setup:
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.list-targets.outputs.targets }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
with:
aqua_version: v2.17.1
- uses: suzuki-shunsuke/tfaction/list-targets@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
id: list-targets
apply:
name: "apply (${{matrix.target.target}})"
runs-on: ${{matrix.target.runs_on}}
needs: setup
# if services is empty, the build job is skipped
if: "join(fromJSON(needs.setup.outputs.targets), '') != ''"
strategy:
fail-fast: false
matrix:
target: ${{fromJSON(needs.setup.outputs.targets)}}
env:
TFACTION_TARGET: ${{matrix.target.target}}
TFACTION_JOB_TYPE: ${{matrix.target.job_type}}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.gh_app_id }}
private_key: ${{ secrets.gh_app_private_key }}
- uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
with:
aqua_version: v2.17.1
- uses: suzuki-shunsuke/tfaction/export-secrets@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
with:
secrets: ${{secrets.secrets}}
# This is required to download private modules in `terraform init`
- run: gh auth setup-git
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
- run: tfaction get-or-create-drift-issue
shell: bash
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
- uses: suzuki-shunsuke/tfaction/setup@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
with:
github_app_token: ${{ steps.generate_token.outputs.token }}
ssh_key: ${{ secrets.TERRAFORM_PRIVATE_MODULE_SSH_KEY }} # This isn't needed if you don't use SSH key to checkout private Terraform Modules
env:
TFE_TOKEN: ${{secrets.tfe_token}}
TF_TOKEN_app_terraform_io: ${{secrets.tfe_token}}
- uses: suzuki-shunsuke/tfaction/apply@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
with:
github_app_token: ${{ steps.generate_token.outputs.token }}
env:
TFE_TOKEN: ${{secrets.tfe_token}}
TF_TOKEN_app_terraform_io: ${{secrets.tfe_token}}
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
- uses: suzuki-shunsuke/tfaction/create-follow-up-pr@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
if: failure()
with:
github_app_token: ${{ steps.generate_token.outputs.token }}
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
- uses: suzuki-shunsuke/tfaction/update-drift-issue@5731fade20e41c1905c04095f0e3d68fac14a636 # v0.7.3
if: always()
with:
status: ${{job.status}}
github_token: ${{steps.generate_token.outputs.token}}
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}