chore(deps): update terraform cloudflare to v4.50.0 (#590) #1512
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: terraform | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| pull-requests: write | |
| jobs: | |
| check-diff: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| target: ${{ steps.changes.outputs.target == 'true' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: changes | |
| with: | |
| filters: | | |
| target: | |
| - 'terraform/**/*' | |
| - '.github/workflows/terraform.yml' | |
| - 'aqua.yaml' | |
| terraform-fmt: | |
| runs-on: ubuntu-24.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install aqua | |
| uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0 | |
| with: | |
| aqua_version: v2.42.2 | |
| - name: Run terraform fmt | |
| working-directory: "./terraform" | |
| run: terraform fmt -check -recursive | |
| terraform-validate: | |
| name: terraform-validate (${{ matrix.dir }}) | |
| runs-on: ubuntu-24.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| strategy: | |
| matrix: | |
| include: | |
| - { dir: cdn.koyashiro.net, prefix: CDN_KOYASHIRO_NET } | |
| - { dir: vpm.koyashiro.net, prefix: VPM_KOYASHIRO_NET } | |
| - { dir: koyashi.ro, prefix: KOYASHI_RO } | |
| - { dir: koyashiro.com, prefix: KOYASHIRO_COM } | |
| - { dir: koyashiro.dev, prefix: KOYASHIRO_DEV } | |
| - { dir: koyashiro.jp, prefix: KOYASHIRO_JP } | |
| - { dir: koyashiro.live, prefix: KOYASHIRO_LIVE } | |
| - { dir: koyashiro.me, prefix: KOYASHIRO_ME } | |
| - { dir: koyashiro.net, prefix: KOYASHIRO_NET } | |
| - { dir: koyashiro.sh, prefix: KOYASHIRO_SH } | |
| env: | |
| TF_WORKSPACE: ${{ secrets[format('TF_WORKSPACE_{0}', matrix.prefix)] }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install aqua | |
| uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0 | |
| with: | |
| aqua_version: v2.42.2 | |
| - name: Export secrets | |
| uses: koyashiro/export-secrets@97186061e694b133f51a120945a687cc7844c771 # v0.6.0 | |
| with: | |
| secrets: ${{ toJSON(secrets) }} | |
| downcase-tf-var: true | |
| downcase-tf-token: true | |
| - name: Run terraform init | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| run: terraform init | |
| - name: Run terraform validate | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| run: terraform validate | |
| tflint: | |
| runs-on: ubuntu-24.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install aqua | |
| uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0 | |
| with: | |
| aqua_version: v2.42.2 | |
| - name: Cache tflint plugin dir | |
| uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
| with: | |
| path: ~/.tflint.d/plugins | |
| key: tflint-${{ hashFiles('terraform/.tflint.hcl') }} | |
| - name: Init TFLint | |
| working-directory: "./terraform" | |
| run: tflint --init | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run TFLint | |
| working-directory: "./terraform" | |
| run: tflint --recursive | |
| trivy: | |
| runs-on: ubuntu-24.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install aqua | |
| uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0 | |
| with: | |
| aqua_version: v2.42.2 | |
| - name: Run Trivy | |
| run: trivy config . | |
| terraform-plan: | |
| name: terraform-plan (${{ matrix.dir }}) | |
| runs-on: ubuntu-24.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| strategy: | |
| matrix: | |
| include: | |
| - { dir: cdn.koyashiro.net, prefix: CDN_KOYASHIRO_NET } | |
| - { dir: vpm.koyashiro.net, prefix: VPM_KOYASHIRO_NET } | |
| - { dir: koyashi.ro, prefix: KOYASHI_RO } | |
| - { dir: koyashiro.com, prefix: KOYASHIRO_COM } | |
| - { dir: koyashiro.dev, prefix: KOYASHIRO_DEV } | |
| - { dir: koyashiro.jp, prefix: KOYASHIRO_JP } | |
| - { dir: koyashiro.live, prefix: KOYASHIRO_LIVE } | |
| - { dir: koyashiro.me, prefix: KOYASHIRO_ME } | |
| - { dir: koyashiro.net, prefix: KOYASHIRO_NET } | |
| - { dir: koyashiro.sh, prefix: KOYASHIRO_SH } | |
| env: | |
| TF_WORKSPACE: ${{ secrets[format('TF_WORKSPACE_{0}', matrix.prefix)] }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install aqua | |
| uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0 | |
| with: | |
| aqua_version: v2.42.2 | |
| - name: Export secrets | |
| uses: koyashiro/export-secrets@97186061e694b133f51a120945a687cc7844c771 # v0.6.0 | |
| with: | |
| secrets: ${{ toJSON(secrets) }} | |
| downcase-tf-var: true | |
| downcase-tf-token: true | |
| - name: Run terraform init | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| run: terraform init | |
| - name: Run terraform plan | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: tfcmt -var target:${{ matrix.dir }} plan -patch -- terraform plan -no-color | |
| terraform-apply: | |
| name: terraform-apply (${{ matrix.dir }}) | |
| runs-on: ubuntu-24.04 | |
| needs: [check-diff, terraform-plan] | |
| if: needs.check-diff.outputs.target == 'true' && github.ref == 'refs/heads/main' | |
| strategy: | |
| matrix: | |
| include: | |
| - { dir: cdn.koyashiro.net, prefix: CDN_KOYASHIRO_NET } | |
| - { dir: vpm.koyashiro.net, prefix: VPM_KOYASHIRO_NET } | |
| - { dir: koyashi.ro, prefix: KOYASHI_RO } | |
| - { dir: koyashiro.com, prefix: KOYASHIRO_COM } | |
| - { dir: koyashiro.dev, prefix: KOYASHIRO_DEV } | |
| - { dir: koyashiro.jp, prefix: KOYASHIRO_JP } | |
| - { dir: koyashiro.live, prefix: KOYASHIRO_LIVE } | |
| - { dir: koyashiro.me, prefix: KOYASHIRO_ME } | |
| - { dir: koyashiro.net, prefix: KOYASHIRO_NET } | |
| - { dir: koyashiro.sh, prefix: KOYASHIRO_SH } | |
| env: | |
| TF_WORKSPACE: ${{ secrets[format('TF_WORKSPACE_{0}', matrix.prefix)] }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install aqua | |
| uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0 | |
| with: | |
| aqua_version: v2.42.2 | |
| - name: Export secrets | |
| uses: koyashiro/export-secrets@97186061e694b133f51a120945a687cc7844c771 # v0.6.0 | |
| with: | |
| secrets: ${{ toJSON(secrets) }} | |
| downcase-tf-var: true | |
| downcase-tf-token: true | |
| - name: Run terraform init | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| run: terraform init | |
| - name: Run terraform apply | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: tfcmt -var target:${{ matrix.dir }} apply -- terraform apply -auto-approve -no-color |