Skip to content
Feature Deploy Push

Merge pull request #10 from pingidentity/PDI-2112-opa-pipeline #29

Sign in to view logs

Merge pull request #10 from pingidentity/PDI-2112-opa-pipeline

Merge pull request #10 from pingidentity/PDI-2112-opa-pipeline #29

Workflow file for this run

.github/workflows/push.yml at d72aca1
name: Feature Deploy Push
on:
push:
jobs:
fmt:
runs-on: ubuntu-latest
env:
TERRAFORM_ENV_BASE64: ${{ secrets.TERRAFORM_ENV_BASE64 }}
steps:
- uses: actions/checkout@v4
- name: fmt-check
run: |
terraform fmt -recursive -check .
lint:
needs: [fmt]
runs-on: ubuntu-latest
env:
TERRAFORM_ENV_BASE64: ${{ secrets.TERRAFORM_ENV_BASE64 }}
steps:
- uses: actions/checkout@v4
- uses: terraform-linters/setup-tflint@v4
name: Setup TFLint
with:
tflint_version: latest
davincilint:
needs: [lint]
# The type of runner that the job will run on
runs-on: ubuntu-latest
name: davinci lint
steps:
- uses: actions/checkout@v4
- name: Run linting rules and tests
uses: actions/setup-node@v4
with:
node-version: 20
- run: |-
DVLINT_RULE_PACK='@ping-identity/dvlint-base-rule-pack'
DVLINT_EXCLUDE_RULES='dv-rule-logo-001'
DVLINT_INCLUDE_RULES=''
DVLINT_IGNORE_RULES='dv-rule-annotations-001,dv-rule-empty-flow-001'
_tfdir="./terraform"
npm install -g @ping-identity/dvlint
npm install -g ${DVLINT_RULE_PACK}
find ${_tfdir} -name "*.json" | while read -r file; do
if jq -e -r '.companyId' "${file}" >/dev/null; then
dvlint -f "${file}" \
--rulePacks "${DVLINT_RULE_PACK}" \
--excludeRule "${DVLINT_EXCLUDE_RULES}" \
--ignoreRule "${DVLINT_IGNORE_RULES}" \
--includeRule "${DVLINT_INCLUDE_RULES}" \
|| exit 1
fi
done
validate:
needs: [lint]
name: validate
runs-on: ubuntu-latest
timeout-minutes: 5
env:
TERRAFORM_ENV_BASE64: ${{ secrets.TERRAFORM_ENV_BASE64 }}
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- run: |-
echo $TERRAFORM_ENV_BASE64 | base64 -d > tfvars
source tfvars
_tfdir=terraform
_branch=$(echo "${GITHUB_REF}" | sed -e "s#refs/heads/##g")
export TF_VAR_pingone_environment_name=${_branch}
case $_branch in
prod)
_stateKey="${TF_VAR_tf_state_key_prefix}/prod/terraform.tfstate"
;;
qa)
_stateKey="${TF_VAR_tf_state_key_prefix}/qa/terraform.tfstate"
;;
*)
_stateKey="${TF_VAR_tf_state_key_prefix}/dev/${_branch}/terraform.tfstate"
;;
esac
echo "_stateKey: ${_stateKey}"
terraform -chdir=${_tfdir} init \
-backend-config="bucket=$TF_VAR_tf_state_bucket" \
-backend-config="region=$TF_VAR_tf_state_region" \
-backend-config="key=${_stateKey}"
echo "***Running terraform validate***"
terraform -chdir=${_tfdir} validate
deploy:
if: ${{ !contains(github.event.commits[0].message, '[skip ci]')}}
name: Deploy
needs: [validate]
runs-on: ubuntu-latest
timeout-minutes: 5
env:
TERRAFORM_ENV_BASE64: ${{ secrets.TERRAFORM_ENV_BASE64 }}
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- run: |-
echo $TERRAFORM_ENV_BASE64 | base64 -d > tfvars
source tfvars
_tfdir=terraform
_branch=$(echo "${GITHUB_REF}" | sed -e "s#refs/heads/##g")
export TF_VAR_pingone_environment_name=${_branch}
case $_branch in
prod)
_stateKey="${TF_VAR_tf_state_key_prefix}/prod/terraform.tfstate"
export TF_VAR_pingone_target_environment_id="${PINGONE_TARGET_ENVIRONMENT_ID_PROD}"
;;
qa)
_stateKey="${TF_VAR_tf_state_key_prefix}/qa/terraform.tfstate"
export TF_VAR_pingone_target_environment_id="${PINGONE_TARGET_ENVIRONMENT_ID_QA}"
;;
*)
echo "Local feature branch detected, skipping deployment"
exit 0
;;
esac
echo "_stateKey: ${_stateKey}"
terraform -chdir=${_tfdir} init \
-backend-config="bucket=$TF_VAR_tf_state_bucket" \
-backend-config="region=$TF_VAR_tf_state_region" \
-backend-config="key=${_stateKey}"
echo "_stateKey: ${_stateKey}"
echo "***Running terraform apply***"
terraform -chdir=${_tfdir} apply --auto-approve