-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
139 lines (121 loc) · 4.36 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Terraform Plan Custom Action
description: Performs a Terraform plan and returns the output
inputs:
tfDir:
description: The directory where the Terraform templates are located
required: false
default: ""
tfArgs:
description: Extra arguments to pass to terraform
required: false
default: ""
tfWorkspace:
description: The Terraform workspace to select
required: false
default: "default"
gitUser:
description: The Git user used to clone repositories
required: true
gitToken:
description: The Git user token used to clone repositories
required: true
commentPrNumber:
description: Pull Request ID to add the TF Plan comment
required: false
commentTitle:
description: Main title for TF Plan comment on Pull Request
required: false
default: Terraform Plan Results
commentSubTitle:
description: Sub title for TF Plan comment on Pull Request
required: false
default: Terraform Plan
outputs:
tfplan:
description: The Terraform plan output
value: ${{ steps.plan.outputs.plan_output }}
message:
description: Friendly message that shows if there are changes to review
value: ${{ steps.plan.outputs.plan_msg }}
result:
description: The return code of the plan. 0 = no changes, 1 = error, 2 = changes
value: ${{ steps.plan.outputs.plan_result }}
runs:
using: "composite"
steps:
- name: Terraform formatting
shell: bash
working-directory: ${{inputs.tfDir}}
run: |
terraform fmt -check -recursive -diff
- name: Setup Git
shell: bash
env:
GIT_USER: ${{inputs.gitUser}}
GIT_TOKEN: ${{inputs.gitToken}}
run: |
git config --global credential.helper store
echo "https://$GIT_USER:GIT_TOKEN@github.com" >> ~/.git-credentials
- name: Terraform Init
shell: bash
working-directory: ${{inputs.tfDir}}
run: |
terraform init -input=false
terraform workspace select ${{ inputs.tfWorkspace }} || terraform workspace new ${{ inputs.tfWorkspace }}
- name: Terraform Plan
shell: bash
id: plan
working-directory: ${{ inputs.tfDir }}
run: |
PLAN_OUTPUT="$(terraform plan -no-color -detailed-exitcode -out=tfplan ${{ inputs.tfArgs }})" || PLAN_RESULT=$?
echo "plan_result=$PLAN_RESULT" >> $GITHUB_OUTPUT
if [ "${#PLAN_OUTPUT}" -gt 131071 ]; then
PLAN_OUTPUT="The plan output was too big to comment. Please view the actions output for the plan results.";
fi
# echo "plan_output=$PLAN_OUTPUT" >> $GITHUB_OUTPUT
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "plan_output<<$EOF" >> $GITHUB_OUTPUT
echo "$PLAN_OUTPUT" >> $GITHUB_OUTPUT
echo "$EOF" >> $GITHUB_OUTPUT
case $PLAN_RESULT in
1)
exit 1
;;
2)
MSG="Changes to review! :warning:"
;;
*)
MSG="No changes :white_check_mark:"
;;
esac
echo "plan_msg=$MSG" >> $GITHUB_OUTPUT
terraform show -json tfplan > tfplan.json
terraform show tfplan
- name: Add TF Plan comment to PR
if: ${{ inputs.commentPrNumber != '' && steps.plan.outcome == 'success'}}
shell: bash
working-directory: ${{ inputs.tfDir }}
run: |
echo "## ${{ inputs.commentTitle }} 📃" > comment.txt
echo "### ${{ inputs.commentSubTitle }}" >> comment.txt
echo "${{ steps.plan.outputs.plan_msg }}" >> comment.txt
echo "<details><summary>Show Plan</summary>" >> comment.txt
echo "" >> comment.txt
echo "\`\`\`terraform" >> comment.txt
echo "${{ steps.plan.outputs.plan_output }}" >> comment.txt
echo "\`\`\`" >> comment.txt
echo "</details>" >> comment.txt
PR_PAYLOAD="$(echo '{}' | jq --arg body "$(cat comment.txt)" '.body = $body')"
curl -sS \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}"\
-H "X-GitHub-Api-Version: 2022-11-28" \
-L "https://api.github.com/repos/${{ github.repository }}/issues/${{ inputs.commentPrNumber }}/comments" \
--data "$PR_PAYLOAD"
- name: Cleanup
shell: bash
run: rm ~/.git-credentials
branding:
icon: 'award'
color: 'green'