diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml
index 13dcdbe..a46cc96 100644
--- a/.github/workflows/terraform_plan.yaml
+++ b/.github/workflows/terraform_plan.yaml
@@ -3,10 +3,11 @@ name: Terraform Plan
# Controls when the workflow will run
on:
- pull_request:
- # Allows you to run this workflow manually from the Actions tab
+ push:
+ branches: [ "main" ]
+ # Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
-
+
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
@@ -14,103 +15,47 @@ jobs:
# The type of runner that the job will run on
runs-on: [ "229685449397" ]
env:
- AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
- AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}"
- AWS_DEFAULT_REGION: "${{ vars.AWS_SESSION_TOKEN }}"
GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
+ GITHUB_OWNER: CSVD
+ GITHUB_BASE_URL: https://github.e.it.census.gov
+ TF_WORKSPACE: ${{ vars.terraform_workspace }}
-
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- - uses: CSVD/gh-actions-checkout@v3
- with:
- github-server-url: https://github.e.it.census.gov
- ref: ${{ github.head_ref }}
- token: ${{ secrets.GH_TOKEN }}
-
+ - uses: actions/checkout@v3
- uses: CSVD/gh-actions-setup-node@v3
with:
node-version: 16
- - uses: CSVD/gh-actions-setup-terraform@v2
- with:
- terraform_version: ${{ vars.terraform_version }}
-
- - name: Set output
- id: vars
- run: echo ::set-output name=short_ref::${GITHUB_REF#refs/*/}
-
- - name: Terraform Format
- id: fmt
- run: |
- terraform fmt
- if ! git diff-index --quiet HEAD; then
- git config --global user.name '${{ vars.REPO_OWNER }}'
- git config --global user.email '${{ vars.REPO_OWNER_EMAIL }}'
- git commit -am "Autoformatting TF Code"
- git push
- echo "auto_format=true" >> $GITHUB_ENV
- fi
-
- - name: Autoformat Halt
- if: env.auto_format == 'true'
- run: exit 0
+ - name: blow up .terraform
+ run: rm -rf ${{ github.workspace }}/.terraform || echo "nope"
+ - name: Setup AWS Credentials
+ id: aws_credentials
+ run: |
+ curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json
+ aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json`
+ echo AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` >> $GITHUB_ENV
+ aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json`
+ echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV
+ aws configure set aws_session_token `jq -r '.Token' aws_credentials.json`
+ echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV
+
- name: Terraform Init
id: init
- run: terraform init -upgrade
+ run: /opt/tfenv/bin/terraform init -upgrade
- name: Terraform Validate
id: validate
- run: terraform validate -no-color
+ run: /opt/tfenv/bin/terraform validate
- name: Terraform Plan
id: plan
- if: github.event_name == 'pull_request'
- run: terraform plan -out plans/${{ github.sha }}
- continue-on-error: true
+ run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars
- - name: Terraform Plan
- id: show_plan
- if: github.event_name == 'pull_request'
- run: terraform show -no-color plans/${{ github.sha }}
- continue-on-error: true
-
- - uses: CSVD/gh-actions-github-script@v6
- if: github.event_name == 'pull_request'
- env:
- PLAN: "terraform\n${{ steps.show_plan.outputs.stdout }}"
- with:
- github-token: ${{ secrets.GH_TOKEN }}
- script: |
- const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
- #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
- #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
- Validation Output
-
- \`\`\`\n
- ${{ steps.validate.outputs.stdout }}
- \`\`\`
-
- Show Plan
-
- \`\`\`\n
- ${process.env.PLAN}
- \`\`\`
-
-