-
Notifications
You must be signed in to change notification settings - Fork 0
81 lines (66 loc) · 1.95 KB
/
ci.yml
File metadata and controls
81 lines (66 loc) · 1.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
name: CI
on:
workflow_dispatch:
pull_request:
branches:
- main
paths:
# All tf files
- '**/*.tf'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
statuses: write
id-token: write
env:
ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
GITHUB_TOKEN: ${{ secrets.PAT }}
ARM_USE_OIDC: true
jobs:
CI:
name: CI
runs-on: ubuntu-latest
environment: prod
steps:
- name: Generate app token
uses: actions/create-github-app-token@v2
id: authenticate
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PEM }}
- uses: actions/checkout@v6
- run: terraform init
- name: Create a speculative plan
id: tfplan
shell: pwsh
run: |
# Create a speculative plan
$plan = terraform plan -lock=false -no-color
Set-Content -Path 'tfplan' -Value $plan -Encoding utf8
terraform plan -lock=false
- name: Write plan in pr comment
uses: actions/github-script@v8
if: github.event_name == 'pull_request'
env:
plan: ${{ steps.tfplan.outputs.plan }}
with:
github-token: ${{ steps.authenticate.outputs.token }}
script: |
const fs = require('fs')
const fileContent = fs.readFileSync('tfplan', 'utf8')
const body = `
Here is the plan for the changes in this PR:
<details>
<summary>Terraform Plan</summary>
\`\`\`terraform
${fileContent}
\`\`\`
`
github.rest.issues.createComment({
...context.repo,
issue_number: context.issue.number,
body
})