managedkaos · June 7, 2023 21:35
diff --git a/1-pull-request.png b/1-pull-request.png
diff --git a/2-pr-merge.png b/2-pr-merge.png
diff --git a/3-destroy.png b/3-destroy.png
diff --git a/terraform-pipeline.yml b/terraform-pipeline.yml
 name: 00-Terraform Pipeline

 on:
  push:
  pull_request:
    types: [opened, reopened, synchronize]
  workflow_dispatch:

 permissions:
  contents: read
  issues: write
  pull-requests: write

 jobs:
  check:
    name: Check Configuration
    runs-on: ubuntu-latest
    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ vars.AWS_REGION }}

      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2
        with:
          terraform_version: 1.4.6

      - name: Terraform Init
        id: init
        run: terraform init

      - name: Terraform Validate
        id: validate
        run: |
          terraform validate
          if [ $? -ne 0 ];
          then
            echo "## :bangbang: Validation failed.  Check the logs" >> $GITHUB_STEP_SUMMARY
          else
            echo "## :white_check_mark: Success! The configuration is valid." >> $GITHUB_STEP_SUMMARY
          fi
  plan:
    needs: [check]
    name: Terraform Plan
    runs-on: ubuntu-latest

    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ vars.AWS_REGION }}

      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2
        with:
          terraform_version: 1.4.6

      - name: Terraform Init
        id: init
        run: terraform init

      - name: Terraform Plan
        continue-on-error: true
        id: plan
        run: |
          terraform plan -input=false -no-color -out=tfplan
          terraform show -no-color tfplan > plan.txt
      - name: Display the plan summary
        id: display
        run: |
          {
            awk '/No changes. Your infrastructure matches the configuration./ {
              print "## " $0
              print "Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed."
              exit
            }' plan.txt

            awk '/Terraform will perform the following actions:/ {
              print "## Terraform will perform the following actions:"
              print "|Action|Resource|"
              print "|------|--------|"
              exit
            }' plan.txt

            awk '/Terraform used the selected/{ next } /will be/ || /must be/ {print "|" $5 "|" $2 "|"; next} /Plan:/{ print "## " $0; next }' plan.txt \
              | sed -e 's/created/:white_check_mark: create/' -e 's/destroyed/:bangbang: destroy/' -e 's/replaced/:recycle: replace/'
          } > plan.md
          cat plan.md >> $GITHUB_STEP_SUMMARY

      - name: Update PR comments
        if: github.event_name == 'pull_request'
        id: comment
        uses: peter-evans/create-or-update-comment@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          issue-number: ${{ github.event.number }}
          body-path: plan.md

  apply:
    needs: [plan]
    if: github.ref == 'refs/heads/main'
    name: Terraform Apply
    runs-on: ubuntu-latest
    environment: Production
    concurrency: Production

    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ vars.AWS_REGION }}

      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2
        with:
          terraform_version: 1.4.6

      - name: Terraform Init
        id: init
        run: terraform init

      - name: Terraform Apply
        id: apply
        run: terraform apply -no-color -auto-approve -input=false | tee apply.txt

      - name: Display the apply summary
        id: display
        run: |
          {
            awk '/::debug::stdout:/{ next } /Apply complete!/ { print "## " $0; exit }' apply.txt
            awk '/::debug::stdout:/{ next } /compute.amazonaws.com/ {print "- [" $1 "](http://" $3 ")"}' apply.txt | sed 's/"//g'
          } > apply.md

          cat apply.md >> $GITHUB_STEP_SUMMARY
	name: 00-Terraform Pipeline

	on:
	push:
	pull_request:
	types: [opened, reopened, synchronize]
	workflow_dispatch:

	permissions:
	contents: read
	issues: write
	pull-requests: write

	jobs:
	check:
	name: Check Configuration
	runs-on: ubuntu-latest
	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ vars.AWS_REGION }}

	- name: Checkout
	uses: actions/checkout@v3

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: 1.4.6

	- name: Terraform Init
	id: init
	run: terraform init

	- name: Terraform Validate
	id: validate
	run: \|
	terraform validate
	if [ $? -ne 0 ];
	then
	echo "## :bangbang: Validation failed. Check the logs" >> $GITHUB_STEP_SUMMARY
	else
	echo "## :white_check_mark: Success! The configuration is valid." >> $GITHUB_STEP_SUMMARY
	fi
	plan:
	needs: [check]
	name: Terraform Plan
	runs-on: ubuntu-latest

	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ vars.AWS_REGION }}

	- name: Checkout
	uses: actions/checkout@v3

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: 1.4.6

	- name: Terraform Init
	id: init
	run: terraform init

	- name: Terraform Plan
	continue-on-error: true
	id: plan
	run: \|
	terraform plan -input=false -no-color -out=tfplan
	terraform show -no-color tfplan > plan.txt
	- name: Display the plan summary
	id: display
	run: \|
	{
	awk '/No changes. Your infrastructure matches the configuration./ {
	print "## " $0
	print "Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed."
	exit
	}' plan.txt

	awk '/Terraform will perform the following actions:/ {
	print "## Terraform will perform the following actions:"
	print "\|Action\|Resource\|"
	print "\|------\|--------\|"
	exit
	}' plan.txt

	awk '/Terraform used the selected/{ next } /will be/ \|\| /must be/ {print "\|" $5 "\|" $2 "\|"; next} /Plan:/{ print "## " $0; next }' plan.txt \
	\| sed -e 's/created/:white_check_mark: create/' -e 's/destroyed/:bangbang: destroy/' -e 's/replaced/:recycle: replace/'
	} > plan.md
	cat plan.md >> $GITHUB_STEP_SUMMARY

	- name: Update PR comments
	if: github.event_name == 'pull_request'
	id: comment
	uses: peter-evans/create-or-update-comment@v3
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	issue-number: ${{ github.event.number }}
	body-path: plan.md

	apply:
	needs: [plan]
	if: github.ref == 'refs/heads/main'
	name: Terraform Apply
	runs-on: ubuntu-latest
	environment: Production
	concurrency: Production

	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ vars.AWS_REGION }}

	- name: Checkout
	uses: actions/checkout@v3

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: 1.4.6

	- name: Terraform Init
	id: init
	run: terraform init

	- name: Terraform Apply
	id: apply
	run: terraform apply -no-color -auto-approve -input=false \| tee apply.txt

	- name: Display the apply summary
	id: display
	run: \|
	{
	awk '/::debug::stdout:/{ next } /Apply complete!/ { print "## " $0; exit }' apply.txt
	awk '/::debug::stdout:/{ next } /compute.amazonaws.com/ {print "- [" $1 "](http://" $3 ")"}' apply.txt \| sed 's/"//g'
	} > apply.md

	cat apply.md >> $GITHUB_STEP_SUMMARY