Reattempt w Azure Crednetials secret #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Terraform' | |
on: [push, pull_request] | |
env: | |
TF_LOG: INFO | |
jobs: | |
terraform: | |
name: 'Terraform' | |
runs-on: ubuntu-latest | |
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
# Set the working directory to main for the config files | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./main | |
steps: | |
- name: Azure Login | |
uses: Azure/login@v1 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
# Checkout the repository to the GitHub Actions runner | |
- name: Checkout | |
uses: actions/checkout@v2 | |
# Install the preferred version of Terraform CLI | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.5.3 | |
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. | |
- name: Terraform Init | |
id: init | |
env: | |
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }} | |
STORAGE_ACCOUNT: ${{ secrets.STORAGE_ACCOUNT }} | |
CONTAINER_NAME: ${{ secrets.CONTAINER_NAME }} | |
run: terraform init -backend-config="storage_account_name=$STORAGE_ACCOUNT" -backend-config="container_name=$CONTAINER_NAME" -backend-config="resource_group_name=$RESOURCE_GROUP" | |
# Run a terraform plan for pull requests only | |
- name: Terraform Plan | |
id: plan | |
env: | |
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
if: github.event_name == 'pull_request' | |
run: terraform plan -no-color | |
# Add a comment to pull requests with plan results | |
- name: add-plan-comment | |
id: comment | |
uses: actions/github-script@v3 | |
if: github.event_name == 'pull_request' | |
env: | |
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | |
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | |
#### Terraform Validation 🤖${{ steps.validate.outputs.stdout }} | |
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
<details><summary>Show Plan</summary> | |
\`\`\`${process.env.PLAN}\`\`\` | |
</details> | |
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; | |
github.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: output | |
}) | |
# On push to main, build or change infrastructure according to Terraform configuration files | |
- name: Terraform Apply | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
env: | |
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
run: terraform apply -auto-approve |