it-ae-actions-pullrequest-tfplan/action.yaml at main · tamu-edu/it-ae-actions-pullrequest-tfplan · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: 'Terraform Plan to Pull Request'
description: 'This workflow will generate and post a terraform plan to a pull request.'
inputs:
  debug:
    description: Debug workflow with tmate if an error occurs
    required: false
    default: "false"
  GITHUB_TOKEN:
    description: GitHub token for access to the pull request
    required: true
  save-artifact:
    description: Save the terraform plan as an artifact (May contain sensitive data)
    required: false
    default: "false"
  working-directory:
    description: Working directory for the `run` actions
    required: false
    default: ''
  terraform-version:
    description: Version of terraform to install
    required: false
    default: latest
  terraform-workspace:
    description: Terraform workspace to select. Must already exist
    required: false
    default: default
  terraform-init-flags:
    description: CLI flags to use with terraform init
    required: false
    default: ""
  terraform-plan-flags:
    description: CLI flags to use with terraform plan
    required: false
    default: ""
  workflow-artifact-name:
    description: Provides a unique name to append to the plan artifact attached to this workflow run. Default tfplan
    required: false
    default: "tfplan"


outputs:
  plan:
    description: 'The plan output'
    value: ${{ format('{0}{1}', steps.init.outputs.stdout, steps.init.outputs.stderr) }}
  artifact:
    description: 'The file name of the terraform plan artifact'
    value: "pr-${{ github.event.pull_request.number }}-tfplan"
runs:
  using: "composite"
  steps:
    - name: setup Terraform
      uses: hashicorp/setup-terraform@v3
      with:
        terraform_version: ${{ inputs.terraform-version }}

    - name: install terraform-plan-summary
      shell: bash
      run: |
        REPO="dineshba/terraform-plan-summary"
        curl -LO https://github.com/$REPO/releases/latest/download/tf-summarize_linux_amd64.tar.gz
        tmpDir=$(mktemp -d -t tmp.XXXXXXXXXX)
        mv tf-summarize_linux_amd64.tar.gz $tmpDir
        cd $tmpDir
        tar -xzf tf-summarize_linux_amd64.tar.gz
        chmod +x tf-summarize
        echo $PWD >> $GITHUB_PATH

    - name: Terraform Init
      id: init
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      run: terraform init ${{ inputs.terraform-init-flags }}

    - name: Post Init
      if: ${{ github.event_name == 'pull_request' }}
      uses: tamu-edu/it-ae-actions-terraform-pr-commenter@dev
      with:
        commenter_type: init
        commenter_input: ${{ format('{0}{1}', steps.init.outputs.stdout, steps.init.outputs.stderr) }}
        commenter_exitcode: ${{ steps.init.outputs.exitcode }}
      env:
        GITHUB_TOKEN: ${{ inputs.GITHUB_TOKEN }}
        TF_WORKSPACE: ${{ inputs.terraform-workspace }}

    - name: Terraform Plan
      id: plan
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      env:
        TF_WORKSPACE: ${{ inputs.terraform-workspace }}
        TF_IN_AUTOMATION: "true"
      run: |
        terraform plan -out=tfplan -input=false ${{ inputs.terraform-plan-flags }}
      continue-on-error: true

    - name: generate tf-summarize table
      id: summary
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      env:
        TF_WORKSPACE: ${{ inputs.terraform-workspace }}
      run: |
        EOF=$(openssl rand -hex 8)

        echo "table<<$EOF" >> $GITHUB_OUTPUT
        terraform-bin show -json tfplan | tf-summarize -md >> $GITHUB_OUTPUT
        echo "$EOF" >> $GITHUB_OUTPUT

    - name: Post terraform plan
      if: ${{ github.event_name == 'pull_request' }}
      uses: tamu-edu/it-ae-actions-terraform-pr-commenter@dev
      with:
        commenter_type: plan
        commenter_input: ${{ format('{0}{1}', steps.plan.outputs.stdout, steps.plan.outputs.stderr) }}
        commenter_exitcode: ${{ steps.plan.outputs.exitcode }}
        comment_prepend: ${{ steps.summary.outputs.table }}
      env:
        GITHUB_TOKEN: ${{ inputs.GITHUB_TOKEN }}
        TF_WORKSPACE: ${{ inputs.terraform-workspace }}

    - name: Save Artifact
      id: save-artifact
      if: ${{ inputs.save-artifact == 'true' }}
      uses: actions/upload-artifact@v4
      with:
        name: pr-${{ github.event.pull_request.number }}-${{ inputs.workflow-artifact-name }}
        path: ${{ github.workspace }}/${{ inputs.working-directory }}/tfplan
      env:
        GITHUB_TOKEN: ${{ inputs.GITHUB_TOKEN }}

    - name: Debug with TMATE if the debug environment variable is set to "true" and something failed
      if: ${{ (failure() || steps.plan.outcome == 'failure') && inputs.debug == 'true' }}
      uses: mxschmitt/action-tmate@v3

    - name: Workflow Run Status
      shell: bash
      if: steps.plan.outcome == 'failure'
      run: exit 1