Skip to content

Terraform: GitHub resources #3156

Terraform: GitHub resources

Terraform: GitHub resources #3156

name: "Terraform: GitHub resources"
on:
push:
paths:
- 'terraform/github/**'
- '!**.md'
- '.github/workflows/terraform-github.yml'
- 'environments/**.json'
- '.github/workflows/reusable_terraform_plan_apply.yml'
branches:
- main
pull_request:
paths:
- 'terraform/github/**'
- '!**.md'
- '.github/workflows/terraform-github.yml'
- 'environments/**.json'
- '.github/workflows/reusable_terraform_plan_apply.yml'
branches:
- main
types: [opened, edited, reopened, synchronize]
schedule:
# * is a special character in YAML so you have to quote this string
# trigger every Saturday at 12:00am
- cron: '0 12 * * 6'
workflow_dispatch:
defaults:
run:
shell: bash
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
pull-requests: write
jobs:
github-plan-and-apply:
uses: ./.github/workflows/reusable_terraform_plan_apply.yml
with:
working-directory: "terraform/github"
workflow_id: "github"
secrets:
modernisation_platform_environments: ${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }}
gh_workflow_token: ${{ secrets.TERRAFORM_GITHUB_TOKEN }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
create-github-environments:
runs-on: ubuntu-latest
needs: [ github-plan-and-apply ]
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0 # or "2" To retrieve the preceding commit.
- name: Create GitHub member environments plan
run: bash ./scripts/git-create-environments.sh
env:
DRY_RUN: true
TERRAFORM_GITHUB_TOKEN: ${{ secrets.TERRAFORM_GITHUB_TOKEN }}
- name: Create GitHub member environments apply
if: github.event.ref == 'refs/heads/main'
run: bash ./scripts/git-create-environments.sh
env:
TERRAFORM_GITHUB_TOKEN: ${{ secrets.TERRAFORM_GITHUB_TOKEN }}
- name: Slack failure notification
if: ${{ failure() }}
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
webhook-type: incoming-webhook
payload: |
{"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}