-
Notifications
You must be signed in to change notification settings - Fork 0
139 lines (116 loc) · 4.19 KB
/
terraform.yml
File metadata and controls
139 lines (116 loc) · 4.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: 'Terraform Infrastructure'
on:
push:
branches:
- main
paths:
- 'terraform/**'
- '.github/workflows/terraform.yml'
pull_request:
branches:
- main
paths:
- 'terraform/**'
- '.github/workflows/terraform.yml'
workflow_dispatch:
inputs:
action:
description: 'Terraform action'
required: true
default: 'plan'
type: choice
options:
- plan
- apply
- destroy
env:
TF_VERSION: '1.5.0'
GOOGLE_PROJECT: 'radio-485022'
GOOGLE_REGION: 'us-central1'
permissions:
contents: read
id-token: write
pull-requests: write
jobs:
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
environment: production
defaults:
run:
shell: bash
working-directory: ./terraform
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TF_VERSION }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Setup Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Terraform Format Check
id: fmt
run: terraform fmt -check -recursive
continue-on-error: true
- name: Terraform Init
id: init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request' || (github.event_name == 'workflow_dispatch' && github.event.inputs.action == 'plan')
run: |
terraform plan -var-file=environments/production/terraform.tfvars -no-color -input=false
continue-on-error: true
- name: Comment PR with Plan
uses: actions/github-script@v7
if: github.event_name == 'pull_request'
env:
PLAN: "${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`terraform
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply
id: apply
if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.action == 'apply'))
run: terraform apply -var-file=environments/production/terraform.tfvars -auto-approve -input=false
- name: Terraform Destroy
if: github.event_name == 'workflow_dispatch' && github.event.inputs.action == 'destroy'
run: terraform destroy -var-file=environments/production/terraform.tfvars -auto-approve -input=false
- name: Output Infrastructure Info
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: |
echo "### 🚀 Infrastructure Deployed Successfully!" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "#### Cloud Run Service URL" >> $GITHUB_STEP_SUMMARY
terraform output cloudrun_service_url >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "#### Artifact Registry" >> $GITHUB_STEP_SUMMARY
terraform output artifact_registry_url >> $GITHUB_STEP_SUMMARY