Merge pull request hashicorp#22 from hashicorp/apply

Implement apply action

Author: lkysow

README.md

@@ -1,6 +1,5 @@
 # Terraform GitHub Actions
-These official Terraform GitHub Actions allow you to run `terraform fmt`, `validate`
- and `plan` on your pull requests to help you review and validate Terraform changes.
+These official Terraform GitHub Actions allow you to run `terraform fmt`, `validate`, `plan` and `apply` on your pull requests to help you review, validate and apply Terraform changes.
 
 ## Getting Started
 To get started, check out our documentation: [https://www.terraform.io/docs/github-actions/getting-started/](https://www.terraform.io/docs/github-actions/getting-started/).
@@ -18,3 +17,7 @@ Runs `terraform validate` and comments back on error.
 ### Plan Action
 Runs `terraform plan` and comments back with the output.
 <img src="./assets/plan.png" alt="Terraform Plan Action" width="80%" />
+
+### Apply Action
+Runs `terraform apply` and comments back with the output.
+<img src="./assets/apply.png" alt="Terraform Apply Action" width="80%" />

apply/Dockerfile

@@ -0,0 +1,15 @@
+FROM hashicorp/terraform:0.12.0
+
+LABEL "com.github.actions.name"="terraform apply"
+LABEL "com.github.actions.description"="Run Terraform Apply"
+LABEL "com.github.actions.icon"="play-circle"
+LABEL "com.github.actions.color"="purple"
+
+LABEL "repository"="https://github.com/hashicorp/terraform-github-actions"
+LABEL "homepage"="http://github.com/hashicorp/terraform-github-actions"
+LABEL "maintainer"="HashiCorp Terraform Team <[email protected]>"
+
+RUN apk --no-cache add jq curl
+
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

apply/README.md

@@ -0,0 +1,4 @@
+# Terraform Apply Action
+Runs `terraform apply` and comments back on the pull request with the apply output.
+
+See [https://www.terraform.io/docs/github-actions/actions/apply.html](https://www.terraform.io/docs/github-actions/actions/apply.html).

apply/entrypoint.sh

@@ -0,0 +1,76 @@
+#!/bin/sh
+
+# wrap takes some output and wraps it in a collapsible markdown section if
+# it's over $TF_ACTION_WRAP_LINES long.
+wrap() {
+  if [[ $(echo "$1" | wc -l) -gt ${TF_ACTION_WRAP_LINES:-20} ]]; then
+    echo "
+<details><summary>Show Output</summary>
+
+\`\`\`
+$1
+\`\`\`
+
+</details>
+"
+else
+    echo "
+\`\`\`
+$1
+\`\`\`
+"
+fi
+}
+
+set -e
+
+cd "${TF_ACTION_WORKING_DIR:-.}"
+
+if [[ ! -z "$TF_ACTION_TFE_TOKEN" ]]; then
+  cat > ~/.terraformrc << EOF
+credentials "${TF_ACTION_TFE_HOSTNAME:-app.terraform.io}" {
+  token = "$TF_ACTION_TFE_TOKEN"
+}
+EOF
+fi
+
+if [[ ! -z "$TF_ACTION_WORKSPACE" ]] && [[ "$TF_ACTION_WORKSPACE" != "default" ]]; then
+  terraform workspace select "$TF_ACTION_WORKSPACE"
+fi
+
+set +e
+OUTPUT=$(sh -c "TF_IN_AUTOMATION=true terraform apply -no-color -auto-approve -input=false $*" 2>&1)
+SUCCESS=$?
+echo "$OUTPUT"
+set -e
+
+# If PR_DATA is null, then this is not a pull request event and so there's
+# no where to comment.
+PR_DATA=$(cat /github/workflow/event.json | jq -r .pull_request)
+if [ "$TF_ACTION_COMMENT" = "1" ] || [ "$TF_ACTION_COMMENT" = "false" ] || [ "$PR_DATA" = "null" ]; then
+    exit $SUCCESS
+fi
+
+# Build the comment we'll post to the PR.
+COMMENT=""
+if [ $SUCCESS -ne 0 ]; then
+    OUTPUT=$(wrap "$OUTPUT")
+    COMMENT="#### \`terraform apply\` Failed
+$OUTPUT
+
+*Workflow: \`$GITHUB_WORKFLOW\`, Action: \`$GITHUB_ACTION\`*"
+else
+    # Call wrap to optionally wrap our output in a collapsible markdown section.
+    OUTPUT=$(wrap "$OUTPUT")
+    COMMENT="#### \`terraform apply\` Success
+$OUTPUT
+
+*Workflow: \`$GITHUB_WORKFLOW\`, Action: \`$GITHUB_ACTION\`*"
+fi
+
+# Post the comment.
+PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
+COMMENTS_URL=$(cat /github/workflow/event.json | jq -r .pull_request.comments_url)
+curl -s -S -H "Authorization: token $GITHUB_TOKEN" --header "Content-Type: application/json" --data "$PAYLOAD" "$COMMENTS_URL" > /dev/null
+
+exit $SUCCESS

assets/apply.png

@@ -0,0 +1,15 @@
+FROM alpine:latest
+
+LABEL "com.github.actions.name"="base branch filter"
+LABEL "com.github.actions.description"="Filters pull request events based on their base branch."
+LABEL "com.github.actions.icon"="filter"
+LABEL "com.github.actions.color"="purple"
+
+LABEL "repository"="https://github.com/hashicorp/terraform-github-actions"
+LABEL "homepage"="http://github.com/hashicorp/terraform-github-actions"
+LABEL "maintainer"="HashiCorp Terraform Team <[email protected]>"
+
+RUN apk --no-cache add jq
+
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

base-branch-filter/Dockerfile

@@ -0,0 +1,32 @@
+# Base Branch Filter
+Filters pull request events depending on the base branch
+The base branch is the branch that the pull request will be merged into.
+
+To use, set `args` to a regular expression that
+will be matched against the destination branch.
+
+Note: This action only works on pull request events.
+
+## Example
+Filter on pull requests that have been merged into `master`:
+```hcl
+workflow "example" {
+  resolves = "base-branch-filter"
+  # Must be used on pull_request events.
+  on = "pull_request"
+}
+
+# First we use another filter to filter to only merged events.
+action "merged-prs-filter" {
+  uses = "actions/bin/filter@master"
+  args = "merged true"
+}
+
+# Then we use this filter to ensure the branch matches "master".
+action "base-branch-filter" {
+  uses = "hashicorp/terraform-github-actions/base-branc-filter@master"
+  # We set args to our regex.
+  args = "^master$"
+  needs = "merged-prs-filter"
+}
+```

base-branch-filter/README.md

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+regex="$*"
+base_branch=$(jq -r .pull_request.base.ref "$GITHUB_EVENT_PATH")
+
+if "$actual" | grep -q "$regex"; then
+  echo "base branch \"$base_branch\" does not match \"$regex\""
+  exit 78
+fi

base-branch-filter/entrypoint.sh

@@ -2,7 +2,7 @@ FROM hashicorp/terraform:0.12.0
 
 LABEL "com.github.actions.name"="terraform init"
 LABEL "com.github.actions.description"="Run terraform init"
-LABEL "com.github.actions.icon"="play-circle"
+LABEL "com.github.actions.icon"="download"
 LABEL "com.github.actions.color"="purple"
 
 LABEL "repository"="https://github.com/hashicorp/terraform-github-actions"

init/Dockerfile

@@ -54,6 +54,7 @@ if [ $SUCCESS -ne 0 ]; then
     OUTPUT=$(wrap "$OUTPUT")
     COMMENT="#### \`terraform plan\` Failed
 $OUTPUT
+
 *Workflow: \`$GITHUB_WORKFLOW\`, Action: \`$GITHUB_ACTION\`*"
 else
     # Remove "Refreshing state..." lines by only keeping output after the
@@ -72,6 +73,7 @@ else
 
     COMMENT="#### \`terraform plan\` Success
 $OUTPUT
+
 *Workflow: \`$GITHUB_WORKFLOW\`, Action: \`$GITHUB_ACTION\`*"
 fi