-
Notifications
You must be signed in to change notification settings - Fork 5
129 lines (116 loc) · 4.71 KB
/
publish-terraform-plan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Publish Terraform Plan
on:
workflow_call:
inputs:
tf-fmt-outcome:
type: string
required: true
tf-init-outcome:
type: string
required: true
tf-plan-outcome:
type: string
required: true
tf-plan-summary:
type: string
required: true
tf-validate-outcome:
type: string
required: true
tf-validate-output:
type: string
required: true
pr-number:
type: string
required: false
write-summary:
type: boolean
default: true
write-comment:
type: boolean
default: false
permissions:
contents: read
pull-requests: write
jobs:
publish:
name: Publish Terraform Plan
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- name: Write the report markdown file
run: |
REPORT_FILE=$(mktemp -t summary.md.XXXXX)
echo "REPORT_FILE=$REPORT_FILE" >> $GITHUB_ENV
cat >> $REPORT_FILE << 'ENDOFREPORT'
## Terraform Summary
*Pusher: @${{ env.GH_ACTOR }}, Action: `${{ env.GH_ACTION }}`, Workflow: [`${{ env.GH_WORKFLOW }}`](${{ env.GH_SERVER}}/${{ env.GH_REPO }}/actions/runs/${{ env.GH_RUN_ID }})*
| Step | Result |
|:-----------------------------|:-------:|
| 🖌 Terraform Format & Style | ${{ (env.TF_FMT_OUTCOME == 'success' && '✅') || (env.TF_FMT_OUTCOME == 'skipped' && '➖') || '❌' }} |
| ⚙️ Terraform Initialization | ${{ (env.TF_INIT_OUTCOME == 'success' && '✅') || (env.TF_INIT_OUTCOME == 'skipped' && '➖') || '❌' }} |
| 🤖 Terraform Validation | ${{ (env.TF_VALIDATE_OUTCOME == 'success' && '✅') || (env.TF_VALIDATE_OUTCOME == 'skipped' && '➖') || '❌' }} |
| 📖 Terraform Plan | ${{ (env.TF_PLAN_OUTCOME == 'success' && '✅') || (env.TF_PLAN_OUTCOME == 'skipped' && '➖') || '❌' }} |
_**Hint:** If "Terraform Format & Style" failed, run `terraform fmt -recursive` from the `terraform/` directory and commit the results._
### Output
<details>
<summary>Validation Output</summary>
```
${{ env.TF_VALIDATE_OUTPUT }}
```
</details>
<details>
<summary>Plan Summary</summary>
${{ env.TF_PLAN_SUMMARY }}
</details>
ENDOFREPORT
env:
TF_FMT_OUTCOME: ${{ inputs.tf-fmt-outcome }}
TF_INIT_OUTCOME: ${{ inputs.tf-init-outcome }}
TF_VALIDATE_OUTCOME: ${{ inputs.tf-validate-outcome }}
TF_VALIDATE_OUTPUT: ${{ inputs.tf-validate-output }}
TF_PLAN_OUTCOME: ${{ inputs.tf-plan-outcome }}
TF_PLAN_SUMMARY: ${{ inputs.tf-plan-summary }}
GH_ACTOR: ${{ github.actor }}
GH_ACTION: ${{ github.event_name }}
GH_WORKFLOW: ${{ github.workflow }}
GH_SERVER: ${{ github.server_url }}
GH_REPO: ${{ github.repository }}
GH_RUN_ID: ${{ github.run_id }}
- name: Write the step summary
if: inputs.write-summary
run: cat $REPORT_FILE | head -c 65500 >> $GITHUB_STEP_SUMMARY # Observe GitHub's 65535 character limit
- name: Write the comment body
id: comment-body
run: |
CONTENT=$(cat $REPORT_FILE)
echo "REPORT_CONTENT<<ENDOFREPORT" >> $GITHUB_OUTPUT
echo "$CONTENT" >> $GITHUB_OUTPUT
echo "ENDOFREPORT" >> $GITHUB_OUTPUT
- name: Warn on missing comment requirements
if: inputs.write-comment && inputs.pr-number == ''
run: "echo 'WARNING: Cannot write a comment because pr-number is not set'"
- name: Find previous report comment
id: find-comment
if: inputs.write-comment && inputs.pr-number != ''
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
with:
issue-number: ${{ inputs.pr-number }}
comment-author: 'github-actions[bot]'
body-includes: Terraform Summary
- name: Create or update comment
if: inputs.write-comment && inputs.pr-number != ''
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ steps.find-comment.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: ${{ steps.comment-body.outputs.REPORT_CONTENT }}
edit-mode: replace