Merge pull request #36 from PythonFloripa/add-s3-bucket-dev #46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Apply from PR | |
| on: | |
| push: | |
| branches: [main] | |
| env: | |
| TF_VAR_aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} | |
| TF_VAR_aws_region: ${{ secrets.AWS_REGION }} | |
| TF_VAR_github_actions_role_arn: ${{ secrets.GH_ACTIONS_ROLE_ARN }} | |
| TF_VAR_service_url_registration_api_solana: ${{ secrets.SERVICE_URL_REGISTRATION_API_SOLANA }} | |
| TF_VAR_service_api_key_registration_api_solana: ${{ secrets.SERVICE_API_KEY_REGISTRATION_API_SOLANA }} | |
| TF_VAR_tech_floripa_certificate_validate_url: ${{ secrets.TECH_FLORIPA_CERTIFICATE_VALIDATE_URL }} | |
| TF_VAR_api_key_value: ${{ secrets.API_KEY_VALUE }} | |
| TFPLAN_S3_BUCKET: tech-floripa-plan-artifacts | |
| GH_TOKEN: ${{ github.token }} | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| id-token: write | |
| jobs: | |
| apply: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - uses: hashicorp/setup-terraform@v3 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.TF_VAR_github_actions_role_arn }} | |
| aws-region: ${{ env.TF_VAR_aws_region }} | |
| role-session-name: TerraformApplySession | |
| - name: Get PR Number | |
| id: get_pr | |
| run: | | |
| PR_NUMBER=$(gh pr list --state merged --json number,mergeCommit --jq ".[] | select(.mergeCommit.oid == \"${{ github.sha }}\") | .number") | |
| if [ -z "$PR_NUMBER" ]; then | |
| echo "No PR found for this commit." | |
| exit 0 | |
| fi | |
| echo "Found PR number: $PR_NUMBER" | |
| echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT | |
| - name: Detect changed Terraform directories from PR | |
| id: detect | |
| if: steps.get_pr.outputs.pr_number | |
| run: | | |
| PR_NUMBER=${{ steps.get_pr.outputs.pr_number }} | |
| FILES=$(gh pr view $PR_NUMBER --json files --jq '.files[].path') | |
| echo "Changed files from PR $PR_NUMBER:" | |
| echo "$FILES" | |
| # Check for dev environment changes (terraform/env/dev/) | |
| if echo "$FILES" | grep -q "^terraform/env/dev/"; then | |
| echo "setting has_dev=true" | |
| echo "has_dev=true" >> $GITHUB_OUTPUT | |
| fi | |
| # Check for shared infrastructure changes (top-level terraform/, excluding terraform/env/) | |
| if echo "$FILES" | grep "^terraform/" | grep -v "^terraform/env/" | grep -q .; then | |
| echo "setting has_shared=true" | |
| echo "has_shared=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Apply Shared Infrastructure | |
| if: steps.detect.outputs.has_shared == 'true' | |
| uses: ./.github/actions/tf_apply | |
| with: | |
| working-directory: "terraform" | |
| env: shared | |
| - name: Apply Dev Environment | |
| if: steps.detect.outputs.has_dev == 'true' | |
| uses: ./.github/actions/tf_apply | |
| with: | |
| working-directory: "terraform/env/dev" | |
| env: dev | |