diff --git a/.github/workflows/terraform_deployments_preprod_plan.yaml b/.github/workflows/terraform_deployments_preprod_plan.yaml index d08a845..97e2a53 100644 --- a/.github/workflows/terraform_deployments_preprod_plan.yaml +++ b/.github/workflows/terraform_deployments_preprod_plan.yaml @@ -58,9 +58,9 @@ jobs: issue_number: context.issue.number, }); const botComment = comments.find(comment => { - return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Deployments Plan Output') + return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Deployments Preprod Plan Output') }); - const output = `#### Terraform Cloud Deployments Plan Output + const output = `#### Terraform Cloud Deployments Preprod Plan Output \`\`\` Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. \`\`\` diff --git a/.github/workflows/terraform_deployments_prod_apply.yaml b/.github/workflows/terraform_deployments_prod_apply.yaml new file mode 100644 index 0000000..4a15f85 --- /dev/null +++ b/.github/workflows/terraform_deployments_prod_apply.yaml @@ -0,0 +1,47 @@ +# https://developer.hashicorp.com/terraform/tutorials/automation/github-actions + +name: "Terraform Deploying Prod Apply" + +on: + push: + branches: + - main + workflow_dispatch: + +env: + TF_CLOUD_ORGANIZATION: "devops-boot" + TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" + TF_WORKSPACE: "deployments-prod" + CONFIG_DIRECTORY: "./" + +jobs: + terraform: + name: "Terraform Deploying Prod Apply" + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Upload Configuration + uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.1.1 + id: apply-upload + with: + workspace: ${{ env.TF_WORKSPACE }} + directory: ${{ env.CONFIG_DIRECTORY }} + + - name: Create Apply Run + uses: hashicorp/tfc-workflows-github/actions/create-run@v1.1.1 + id: apply-run + with: + workspace: ${{ env.TF_WORKSPACE }} + configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }} + + - name: Apply + uses: hashicorp/tfc-workflows-github/actions/apply-run@v1.1.1 + if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable + id: apply + with: + run: ${{ steps.apply-run.outputs.run_id }} + comment: "Apply Run from GitHub Actions CI ${{ github.sha }}" \ No newline at end of file diff --git a/.github/workflows/terraform_deployments_prod_plan.yaml b/.github/workflows/terraform_deployments_prod_plan.yaml new file mode 100644 index 0000000..31679d0 --- /dev/null +++ b/.github/workflows/terraform_deployments_prod_plan.yaml @@ -0,0 +1,82 @@ +# https://developer.hashicorp.com/terraform/tutorials/automation/github-actions + +name: "Terraform Deploying Prod Plan" + +on: + pull_request: + workflow_dispatch: + +env: + TF_CLOUD_ORGANIZATION: "devops-boot" + TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" + TF_WORKSPACE: "deployments-prod" + CONFIG_DIRECTORY: "./" + +jobs: + terraform: + name: "Terraform Deploying Prod Plan" + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Upload Configuration + uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.1.1 + id: plan-upload + with: + workspace: ${{ env.TF_WORKSPACE }} + directory: ${{ env.CONFIG_DIRECTORY }} + speculative: true + + - name: Create Plan Run + uses: hashicorp/tfc-workflows-github/actions/create-run@v1.1.1 + id: plan-run + with: + workspace: ${{ env.TF_WORKSPACE }} + configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} + plan_only: true + + - name: Get Plan Output + uses: hashicorp/tfc-workflows-github/actions/plan-output@v1.1.1 + id: plan-output + with: + plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} + + - name: Update PR + uses: actions/github-script@v7.0.1 + id: plan-comment + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + // 1. Retrieve existing bot comments for the PR + const { data: comments } = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + }); + const botComment = comments.find(comment => { + return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Deployments Prod Plan Output') + }); + const output = `#### Terraform Cloud Deployments Prod Plan Output + \`\`\` + Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. + \`\`\` + [Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }}) + `; + // 3. Delete previous comment so PR timeline makes sense + if (botComment) { + github.rest.issues.deleteComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: botComment.id, + }); + } + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }); \ No newline at end of file diff --git a/.github/workflows/terraform_provisioning_preprod_plan.yaml b/.github/workflows/terraform_provisioning_preprod_plan.yaml index 272dac4..f85e617 100644 --- a/.github/workflows/terraform_provisioning_preprod_plan.yaml +++ b/.github/workflows/terraform_provisioning_preprod_plan.yaml @@ -58,9 +58,9 @@ jobs: issue_number: context.issue.number, }); const botComment = comments.find(comment => { - return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output') + return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Provisioning Preprod Plan Output') }); - const output = `#### Terraform Cloud Plan Output + const output = `#### Terraform Cloud Provisioning Preprod Plan Output \`\`\` Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. \`\`\` diff --git a/.github/workflows/terraform_provisioning_prod_apply.yaml b/.github/workflows/terraform_provisioning_prod_apply.yaml new file mode 100644 index 0000000..3b31661 --- /dev/null +++ b/.github/workflows/terraform_provisioning_prod_apply.yaml @@ -0,0 +1,47 @@ +# https://developer.hashicorp.com/terraform/tutorials/automation/github-actions + +name: "Terraform Provisioning Prod Apply" + +on: + push: + branches: + - main + workflow_dispatch: + +env: + TF_CLOUD_ORGANIZATION: "devops-boot" + TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" + TF_WORKSPACE: "provisioning-prod" + CONFIG_DIRECTORY: "./" + +jobs: + terraform: + name: "Terraform Provisioning Prod Apply" + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Upload Configuration + uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.1.1 + id: apply-upload + with: + workspace: ${{ env.TF_WORKSPACE }} + directory: ${{ env.CONFIG_DIRECTORY }} + + - name: Create Apply Run + uses: hashicorp/tfc-workflows-github/actions/create-run@v1.1.1 + id: apply-run + with: + workspace: ${{ env.TF_WORKSPACE }} + configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }} + + - name: Apply + uses: hashicorp/tfc-workflows-github/actions/apply-run@v1.1.1 + if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable + id: apply + with: + run: ${{ steps.apply-run.outputs.run_id }} + comment: "Apply Run from GitHub Actions CI ${{ github.sha }}" diff --git a/.github/workflows/terraform_provisioning_prod_plan.yaml b/.github/workflows/terraform_provisioning_prod_plan.yaml new file mode 100644 index 0000000..acf0956 --- /dev/null +++ b/.github/workflows/terraform_provisioning_prod_plan.yaml @@ -0,0 +1,82 @@ +# https://developer.hashicorp.com/terraform/tutorials/automation/github-actions + +name: "Terraform Provisioning Prod Plan" + +on: + pull_request: + workflow_dispatch: + +env: + TF_CLOUD_ORGANIZATION: "devops-boot" + TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" + TF_WORKSPACE: "provisioning-prod" + CONFIG_DIRECTORY: "./" + +jobs: + terraform: + name: "Terraform Provisioning Prod Plan" + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Upload Configuration + uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.1.1 + id: plan-upload + with: + workspace: ${{ env.TF_WORKSPACE }} + directory: ${{ env.CONFIG_DIRECTORY }} + speculative: true + + - name: Create Plan Run + uses: hashicorp/tfc-workflows-github/actions/create-run@v1.1.1 + id: plan-run + with: + workspace: ${{ env.TF_WORKSPACE }} + configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} + plan_only: true + + - name: Get Plan Output + uses: hashicorp/tfc-workflows-github/actions/plan-output@v1.1.1 + id: plan-output + with: + plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} + + - name: Update PR + uses: actions/github-script@v7.0.1 + id: plan-comment + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + // 1. Retrieve existing bot comments for the PR + const { data: comments } = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + }); + const botComment = comments.find(comment => { + return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Provisioning Prod Plan Output') + }); + const output = `#### Terraform Cloud Provisioning Prod Plan Output + \`\`\` + Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. + \`\`\` + [Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }}) + `; + // 3. Delete previous comment so PR timeline makes sense + if (botComment) { + github.rest.issues.deleteComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: botComment.id, + }); + } + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + });